With this article I would like to start a series to introduce vRealize Lifecycle Manager (vRLCM). I will start from zero, but at the end of the series you will be able to deploy and configure vRLCM, the Identity Manager (IDM) and vRealize Log Insight (vRLI)
What is vRealize Lifecycle Manager? vRLCM is a management platform for vRealize products. vRealize products can be deployed, updated and maintained from this single applications.
Do not mix it up with vSphere Lifecycle Manager, which is the new version of Upgrade Manager in vSphere 7.
This article outlines the deployment of vRLCM and IDAM, while in next parts I will cover the certification replacement, the appliance configuration and its upgrade. At last, I will deploy a Log Insight cluster.
In this section, I will cover the vRealize Lifecycle Manager 8.1 (vRCLM) and the vRealize Identity Manager 3.3 (vRIDM) installation. Through the setup process, we will connect to the target vCenter with our admin credentials, choose our resources, enter network configurations, and submit build requests to the VMware vCenter.
Before beginning, download the latest vRealize Easy Installer ISO from my.vmware.com.
1) Open the downloaded ISO, launch the vRealize Easy Installer with the setup.exe in the ‘\vrlcm-ui-installer\win32’ folder, and click ‘Next’.
2) Accept the EULA and click Next
3) Enter the vCenter details where the deployment should be targeted, click Next, and accept the certificate warning. In most of the cases I’m using administrator user for deployment. It could be the email@example.com or any other user with admin role (i.e. yours).
4) Select the folder location to deploy the VA and click Next. The next couple of steps (storage, network) are unique in every environment, so I could skip it, but I didn’t. If you would like to, just jump to task 7.
5) Select the cluster compute resource on which to target the deployment and click Next.
6) Select the best datastore location and choose Enable Thin Disk Mode if required. My recommendation is always thick (Eager Zeroed if possible) but you should choose the one fits for your environment. Then click Next.
7) Enter the necessary network configuration information and click Next.
8) Enter the password for both products (vRLCM and IDM) and click Next.
9) Enter the name of the VM, the IP address, and FQDN of the vRealize Lifecycle Manager and click Next.
10) Select ‘Install New VMware Identity Manager’, enter the name of the VM, the IP address, FQDN, and local admin account for the vRealize Identity Manager; and click Next.
11) Toggle the ‘Skip vRealize Automation Installation’ switch and click Next.
12) Review the Summary, fix where nevessary. If all good, thena click the Submit button.
13) The installation process begins…
14) After a few minutes the installation process completes, a separate installation is initiated from vRLCM to deploy the IDM appliance. Click the provided link to be taken to the vRLCM to review the request status.
15) Once we logon to the vRLCM, we can see the Request Details.
16) Wait for the successful completion of the request and if it fails, you will be provided an opportunity to fix any inputs.
The installation is complete!
Next, we configure our Directories and synchronize users and groups for access control in IDM.
Before we can manage the vRealize Suite of products deployed in our SDDC with vRealize Lifecycle Manager (vRLCM), we must configure the identity management service on the IDAM appliance with Active Directory, import our solution groups/users, and add application entitlements for ease of access.
Identity & Access Management
In the followings, we will configure our IDAM server, which require Active Directory access and information. If you don’t have this, contact your AD admin first and get the required details! Without an account with search for users permissions in AD this cannot be performed.
1) Logon to your vRealize LCM appliance with the user ‘admin‘
2) Click on the ‘Identity & Access Management‘ tab.
3) Click Add Directory, select add Active Directory over LDAP/IWA, accept the defaults, enter the required fields, test the connection, and click Save & Next if the connection was successful.
NOTE: When VMware Identity Manager is used with vRealize Suite Lifecycle Manager, only Active Directory over LDAP and Active Directory with IWA are used to sync users and groups to the VMware Identity Manager service. Active Directory over LDAP and Active Directory with IWA are the only supported directory integration.
4) Check the domain check box in the next screen and click next.
5) On the next page, ‘Map User Attributes page, you may need to update the user attribute for ’email’ to ‘userPrincipalName’ and ‘lastName’ to ‘name’ as the email field is in many accounts and would result in complete synchronization failure. Otherwise, the defaults are sufficient.
6) Click next, and add the DN. Select all VMware related groups which are used to manage any of the vRealize Suite appliances, and click ‘Next’.
7) Specify the user DN from which to sync the users accounts and click next.
8) Check for any errors and alerts on the next page and click ‘Sync Directory‘ if there are no issues.
9) Click on ‘Users & Groups‘ to confirm that the users were imported successfully.
vRLCM Administration Group Entitlements
1) Select the Groups tab, choose the group, click the users tab and click ‘Sync Users’
2) choose Apps, and click ‘Add Entitlement’
3) Next add an entitlement for that group in order to access the vRealize Lifecycle Manger, so check the box, accept the defaults, and select save.
4) Go to Roles, select the ‘Super Admin’ role, and add your admin group.
Users with entitlements are now able to launch any applications from the identity manager by going to the ‘User Portal‘ from the drop-down menu under the logged on account.
Next, we update vRLCM to ensure the latest content is available as described in the indroduction.