Behold! The folks at Cloud Management Business Unit (CMBU) within VMware have provided a gift! vRealize Automation 7.3 is now Generally Available (GA)!
It's no secret that my love of vRealize Automation is one of the things that made working at VMware a bit more exciting. I truly believe in the product; and as a customer I watched as feature requests came from the drawing board to be a reality (some faster than others). That being said, I'll be the first to admit there we're some huge gaps still clinging to the product from the DynamicOps days. Manual disaster recovery, shared management of machines from a user perspective, curious placement logic at times…etc…The list goes on.
This release has brought about some huge changes in a positive way. It's typical for employees to blog about new releases; but not all employees used to be customers. I dealt with these pains as a customer. I raged at briefing center meetings, cried at product managers, begged at VMworld. For this blog post; I'm primarily putting back on my “Customer Hat” to celebrate, and call out some of the big things that our customer base needs to know about this version. I highly recommend you reach out to your account teams, and get either a knowledgeable SE (Hi!) or one of the Cloud specialists to come out and give you a walk-through specific to your environment.
At a high level; the marquee features for this release are…
- Enhanced API's for Deploying/Upgrading/Migrating
- Audit Logging Framework (logging for Workflow subscriptions, Fabric Groups, and Endpoints; send to Log Insight)
- Parameterized Blueprints (Framework for parameters in blueprints; Size and Image to start)
- Shared Access Role (Shared view of deployed systems and Day 2 actions)
- Intelligent Workload Placement (Integration with vRealize Operations to drive workload placement)
- Enhanced Integrations with vRealize Business (vRB as a single point of truth for all costing data; no vRB = no costing information)
- Integrated Health Check Service (Check the health of your vRA services and deployment)
- DBaaS (Cloning production databases via linked clones for Dev/Test)
- Huge NSX Integration Changes (NSX First Class Citizen; no more plugin. Huge enhancements across the board for NSX)
- Puppet as a First Class Citizen (Same as above for Puppet)
- Numerous Software Authoring Enhancements (Custom property usage, syntax highlighting, etc…)
- Admiral Interface (Container) Enhancements (Docker Volume, vSphere Integrated Containers)
- Software Authoring for Azure Cloud (Deploy software components designed in vRA to Azure systems)
- Enhanced Service Now Plugin (2.0)
- Force Destroy Deployments (When a deployment fails and stalls in the system, or won't fully delete - force a purge)
- vRO RBAC Capabilities (Role Based Access Control for vRO; No more root account for everything in Control Center required!)
- Automated Postgres DB Failover (OMG THE DR THINGS)
- Automated Manager Failover (OMG THE MORE DR THINGS)
With that…lets jump in!
API Enhancements for Upgrades/Migrations
The vRealize Automation API is a frequently overlooked thing of glory. I'll be doing a post very soon about interacting with the API for some really cool IoT “stuff”; but in this round we're talking specifically about the upgrade/migrate processes.
I ran the upgrade twice in my lab; one against at 7.1 instance, and another against a 7.2 instance. The 7.2 instance was a distributed install with 2 appliances, 2 managers (IaaS), 2 DEM/DEO's and 2 Agent servers.
The upgrade process was smooth; and for the first time - I didn't have to touch the downstream boxes at all. The upgrade process on the appliance upgraded all of them. This meant that all I needed to do was initiate the upgrade on the appliances and go play with my kids while the process ran. Easy stuff. Now; there are still other components that aren't automated; specifically the custom plugins in vRO. That being said; this is still pretty incredible from a lifecycle perspective.
Disaster Recovery Enhancements - Automated Fail over for vPostgres and Manager Services
This one is absolutely huge. One of my biggest gripes (being a guy who spent many years focused on building “good” DR) was that the process to fail over between primary/secondary infrastructure in vCAC (yeah I went there) and vRA had significant manual points. Not even really super simple manual points either. I would've accepted a “Hay fail over the vRA stuff” button even; but alas - nothing. Now; that's all gone! Rejoice in the glory of an automatic fail over for both the postgres and manager service components. In my testing; this fail over was pretty quick; and painless! Also important to note; they aren't mutually exclusive. If you lose just one of your appliances; only the postgres will fail over. If you lose just your manager service; only one will fail over. This was a huge pain point.
Shared Access Role - Business Groups
Imagine there are 2 admins, we shall call them Tim and Tom. Tim provisions a 20 of systems for a business group in vRA as a user. Tim rage quits the company. Tom now has to manage those systems. Tom is a user; and has no administrative credentials within vRA. He can't see other users systems and as such, he can't see Tim the rage-quitters systems either. In Pre-vRA 7.3 world, Tim would need to have a cloud administrator reassign all the systems to him as an owner; or elevate his permissions to a manager/support level to be able to see the systems. Not great.
vRA 7.3 introduces the “Shared Access Role”. Shared Access allows for added members to see the deployments other users have done within that business group as well as perform entitled Day-2 Operations against them. Tom, in our example, wouldn't be able to request systems under Tim's rage-quitted ID; but he would still be able to effect those systems.
That example is pretty weak though; because ultimately you'd want to reassign systems from an employee that had left the company…but I didn't think the example through that far. Ouch.
Drastic NSX Enhancements - First Class Citizen
Historically, the majority of NSX functionality has been enabled because of a plug-in within vRO. The vRA GUI looked and felt like it was doing a lot of the heavy lifting; but if you dug into the covers it as pretty clear that the plugin was the hero here. Thats not in itself a bad thing; it just required that any actions being taken be supported by the plugin via vRO workflows.
vRA 7.3 has made NSX a “first class citizen” of vRealize Automation; meaning it's natively supported within the platform. No vRO plugin is required for the operation and consumption of NSX. On top of this; because we're leveraging the API directly now - we're exposing a ton of new features directly into vRA. Things such as.
An entire blog post in the future will be done around the feature set of NSX integrating with vRA; but from this release my favorite is the enhancements that have gone into the load balancer deployments. Deploying an on-demand load balancer is now fully featured. Check out the screenshots to see some details!
Intelligent Workload Placement
vRealize Operations Manager is an amazing tool. Tons of customers are leveraging vROPs reports and dashboards every day to make intelligent decisions regarding their infrastructure. We've integrated vRealize Automation with vROPs metrics gathering mojo to improve the way that workloads are placed within a cluster. vROPs makes recommendations; and vRA says “You know this better than me, lets do it!". With this feature hitting the floor; you can really start to see what the future enhancement possibilities are within this space. I'll let your imagination wander on that :)
I worked a TON with XaaS in my previous role. A huge amount of that XaaS work was based around how I could make “decisions” based on property choices selected within a menu. Parameterized Blueprints bring A LOT of that functionality into the “native” screen. The idea of being able to build out your own T-Shirt size within a blueprint that'll override the traditional values is a pretty cool concept and will go a long way to get customers away from feeling like they HAVE to customize everything to meet their business needs. This one will get another deep dive later on but the idea of using parameterized values to drive standardization is pretty compelling!
Puppet as a First Class Citizen
Yet another one I spent a ton of hours building customization around. The ability to tie blueprints directly into Puppet (App Director anyone?) is something I've been missing. Yes, I know this could be done with clever workflows; but the fact that I can drag and drop puppet onto the Blueprint Canvas now and very easily assign manifests to individual servers is pretty darn cool. It's a bit of a downer that it requires Puppet Enterprise though!
Similar to the NSX First Class Citizen comment, this enables us to directly consume Puppet data without managing a separate plugin.
Software Authoring Enhancements
A couple of nice things to note here. 1) Syntax Highlighting for Software Component design is in place now and 2) Ability to leverage custom properties within scripts. Not a lot of fluff to be had; just sexy stuff all around for the coder in all of us :)
Container Management Improvements
The Admiral interface has gotten some great love in this release. The ability to manage volumes is an extremely welcome sight. Direct support for vSphere Integrated Containers is huge and something I'm a huge fan of given my previous post here. Various UI/UX improvements to just generally make Admiral a happier place to be. I think adoption of containers is going to be huge in the 12 months - and this will be something i'll be talking with a lot of customers about.
And much much more!
As I mentioned at the beginning; this was a HUGE release. I could do entire blog posts about the individual bullets I've called out. It's an extremely mature release. Internal doc's show more than 20 spotlight features, 24 feature requests, 68 customer defects repaired, and 1166 total bugs squashed. Look forward to a lot of content about living in a vRA 7.3 world in the coming months!