As we saw in Part 69 (adding vCenter/vSphere endpoints), adding an endpoint to vCAC requires credentials to be setup, and then a path/FDQN or URL to be specified in order to gain access to the resource. The same principle backs adding a vCloud Director instance into the system. I’ve have a number of public vCloud Director systems to access (Stratogen, iland and VMware’s very own vCloud Evaluation Service). Each one has different credentials and URLs to be specified.
Step1: Add vCloud Director Credentials
In vCloud Director (in case you don’t know this already!) the system is divided into Organizations. This creates an environment where each tenant is represented by an Organization and possess their own unique credentials which they do not share with others.
I think its highly likely that your “provisioning” groups are likely to map very closely to these Organizations – so that the right people get to see the right contents – and they don’t wind up seeing or accessing the Organization contents of another business, business unit or application group. In my case in my previous part of my journey I created Organizations called COIG, CorpHQ, iStoxs and Quark – based around a made-up holding company called CorpHQ. In my case ask I ask owner of the CorpHQ Organization (rmoorcroft) to create an account in their Organization (corphq-orgadmin) used for this purpose.
vCAC Credentials for my vCloud Director instance can be added like so under vCAC Administrator and Credentials
Step2: Add vCloud Director Endpoint
Under vCAC Administrator and Endpoints, you can add “vCloud” as endpoint from the “New Endpoint” pull-down list:
I think most of this is pretty straightforward – the “address” portion is the URL for your vCloud Director instance. In this field you just input the raw FQDN with https. There’s no need specify the complete path to the organization which would be normally – https://mycloud.corp.com /cloud /org /corphq. All that is need is for the “Organization” field to be completed with the name of the Organization, and vCAC will do the rest. It is possible to give vCAC access to the entire vCloud Director instance – which would allow access to the catalogs of all Organizations. To do that the credentials would be the System Admin account of vCD, and in vCAC you would leave the Organization field blank.
I repeated and rinsed this configuration for my access to Stratogen, iLand and the VMware Cloud Evaluation as well:
TIP: If your using the VMware vCloud Evaluation I would recommend creating a dedicated account in vCloud Director for that access. The eval has its own method of tying your public login admin1234 to an “admin” account in vCloud Director itself. To bypass that I merely created an OrgAdmin. Even if your using the eval, you can still create users in the vCloud Director directly.
TIP: If you finding that that when adding blueprints you find zilch from your cloud provider (either public or private) it could be that you’ve merely not authenticated to vCloud Director correctly OR you have fat-fingered the URLs. Check out the “Workflow History” for events which indicate some kind of setup problem with the endpoint itself. The “Workflow History” is visible in the vCAC Administrator node. Here I filter on “Failed” events.
TIP: The “friendly name” of your Organization “CorpHQ Organization” is not what your looking for – the best thing is to look at the URL of the vCloud Director portal – the name of the Org should be https://mycloud.corp.com/cloud/org/ORGNAME
Step3: Creating an Enterprize Group
The next step is creating an enterprize group(s) to represent your new resources. That’s again done under VCAC Administrator and Enterprize Group. In my case I’ve obscured the vCloud Director Organization names…
Step4: Allocate Resources to Provisioning Group
The next step is sub-allocating resource from the Enterprise Group to the Provisioning Group.
1. Reservations can be defined under Enterprize Administrator and Reservations, and select Virtual
(Again, you might think it more logically to use “cloud” but remember how vCloud resources are definied under the “virtual” catagory
2. From the Compute Resource pull-down list – select the Virtual Datacenters, available from your vCloud Director Organizations:
The “Resources” tab should allow you to select what networks are available…
Step5: Create new vCAC BluePrint based on vCloud Director Catalog
One thing you will notice about this step, is how we have skipped a step that we went through with creation of the vSphere endpoint. The vSphere Endpoint currently requires a DEM Agent to be installed to the vCAC for it work whereas with vCloud Director endpoint that is not necessary. When creating BluePrints based on vApps in the vCloud Director catalog the catalog needs to be “published” for items to appear.
1. We need to create vCloud Director based BluePrint. That’s done under the Provisioning Manager node, and BluePrints – and clicking New BluePrints.
It would be logical to assume that you would select “cloud” under the pull-down list. But you’d be wrong. Actually, the option for setting vCloud Director as the compute resource is held under “Virtual“. If you select the pull-down list under “Build Information” for “Platform” you will see vCloud listed along side Hyper-V, Hyper-V (SCVMM), vSphere (vCenter), XenServer and Generic.
Whereas selecting “Cloud” grants access to configuring vCAC Blueprints for Amazon:
2. So select Virtual!
3. Under Blueprint you can indicate what type of VM you want to create – in my case I decided to create a TurnKey Media Wiki blueprint. TurnKey is a popular Wiki platform that ships as virtual appliance.
4. Under Build Information set the:
Platform Type: vCloud
Blueprint type: Server
Provisioning Workflow: Clonework flow
When you click the … next to “Clone From” you should see the contents of the catalogs in each of your vCloud Director clouds:
By filtering on “Media” and “Public – VMware” I was able to bring the list down to what I was looking for:
IMPORTANT: Unlike vSphere VMs, vCAC cannot change the machine resources allocated via vCloud Director.
Once your done the Blueprint should appear in the list like so – the different icon indicates its only available to the assigned Provisioning Group:
Step 6: Deploy
Now that the credentials, endpoint and blueprint are in place the members of my Provisioning Group (CorpHQ – Production) can deploy the wiki VM using the self-service portal I setup previously.