VMware Cloud Expert

Lab 03 - Provisioning Automation and Day-2 Operations with vRealize Automation Cloud



Big enterprises are heterogeneous and different teams use different tools. The skills and knowledge required to manage each ‘toolset silo’ are very different. And while each team should be allowed to choose the tools that make them the most productive, every additional cloud account becomes an extra challenge for the IT operations team. Complexity increases exponentially, the cloud bill sky-rockets and the company finds itself exposed to security and operational risks. Someone needs to keep tabs and establish the guardrails that will get this situation under control.

vRealize Automation Cloud consists of VMware Cloud Assembly, VMware Service Broker and VMware Code Stream. vRealize Automation Cloud makes it easy and efficient for IT developers to get what they need to build and deploy applications.

It provides a unified management solution across clouds, whether VMware powered or public. Based on modern Infrastructure-as-Code (IaC) and DevOps principles, it empowers agility and collaboration across tenant teams and functions while supplying providers with checks and controls to contain cost and risk exposure. It offers capabilities on service brokerage, cloud governance, workload orchestration, topology composition, workflow automation and CI/CD pipelines for infrastructure and application delivery

Cloud Assembly
Cloud Assembly is VMware’s approach to building a declarative blueprinting and automation solution-enabling, Infrastructure-as-Code first experience between public (AWS / VMware Cloud on AWS, Azure, GCP) and private (vSphere) cloud endpoints. It is designed to act as a conduit to consuming services from multiple cloud environments, with public cloud given more priority within the platform. Its interface for Cloud Assembly is primarily focused on providing an ‘administrator’ view of the platform

Service Broker
It enables providers to aggregate native content from multiple clouds and platforms into a single catalog with role-based policies. It is focused on exposing service provisioning to end users: primarily blueprints from Cloud Assembly and Amazon CloudFormation templates. Its interface is focused on the ‘User’ view of the platform

Code Stream
It allows providers to help tenants speed software delivery and streamline troubleshooting with release pipelines and analytics. They can integrate development tools and automate code release. There are many possibilities to interact with virtually any system to make advanced pipelines for application and infrastructure delivery. Code Stream is mainly focused on the SRE/DevOps lead use cases.

Teams face several multi-cloud challenges that must be solved to achieve faster time-to-market and improved customer satisfaction, as well as increased throughput and business innovation capabilities. These challenges include*:

  • Application and Infrastructure Automation: The proliferation, integration and growth of a distributed development footprint of traditional and modern applications across clouds as well as growth in the use of software-defined infrastructure
  • Multi-cloud Service Brokering: The ability to manage services that originate from various cloud environments into a single, unified view; pre-existing compliance requirements and growing global security threats that seek entry points across large multi-cloud environments
  • CI/CD Problem Identification and Resolution: Streamline problem identification across the automated CI/CD pipeline with analytics


Task 1 - Create a Cloud Account & Cloud Zone for VMware Cloud on AWS

Before beginning this lab, please ensure you still have the API key you created in Lab 2, Task 3. If you didn't create this key, or cannot locate it follow the steps outlined in Lab 2 Task 3 steps  2 - 10 to create and save it, before proceeding with this lab.

  1. From your Virtual Desktop, launch the Web Browser (Google Chrome Preferred) to access the Cloud Console, if the window/tab is currently closed or you authentication has timed out. https://vmc.vmware.com/console/sddcs
    You can also use the browser bookmark you created in the previous lab

NOTE: For instructions on accessing your Virtual Desktop please see "Lab 1 - Accessing the Environment"

  1. Login with your VMC on AWS console credentials provided by your instructor.
  2. Type <Your Assigned login Credentials> in the email address field i.e. vmcexpert#-XX@vmware-hol.com (where # is your Environment ID, and XX is your assigned student number)
  3. Click NEXT
  4. Type VMware1! in the Password field
  5. Click SIGN IN
  6. Click the stacked squares in the upper right-hand
  7. Click VMware Cloud Assembly
    If Prompted again, login.
  8. Bookmark this page for quick access in the future
  1. On the Guided setup Diagram page, Click Continue
  2. At the bottom of the left pane, Click Infrastructure
  3. In the left pane, scroll down, Click Cloud Proxies
  4. Click New
  5. Copy the Key and save it
  6. Click Done

You would typically download the OVA from here and deploy it into vCenter. In the case of this lab the OVA has been pre-staged in a content library in vCenter so we will use that for the deployment. We will however need this (OTK) key.

We will now deploy the Cloud Proxy into vCenter from the content library.

  1. Click your vCenter Brower tab. If the tab is no longer open or the authentication has timed out, open a new browser tab, click the vSphere - vCenter bookmark you created in lab 2 and login using the cloudadmin@vmc.local account
  2. In the Host and Clusters Inventory View, right-click Compute-ResourcePool
  3. Click New Virtual Machine
  4. Choose Deploy from template, Click Next
  5. Select vRealize Automation, Click Next
  6. Name the virtual Machine {Your_Login_Name}_vra-proxy (I.E. vmcexpert3-31_vra-proxy)
  7. Expand SDDC-Datacenter, Select CloudProxies, and click Next
  8. Click Next, on the Select a Compute Resource page
  9. Click Next on the Review details  page
  10. Check I accept all license agreements on the license agreement page and click Next
  11. Select WorkloadDatastore on the select storage page and click Next
  12. Confirm sddc-cgw-network-1 network is selected and click Next on the Select network page
  1. On the Customize template page input the following values:
    • VMware Cloud Service OTK: Paste in the OTK you copied in steps 12 - 14. If you no longer have the key repeat steps 2 - 14, where appropriate
    • Cloud Proxy Display Name: vRA-Proxy_{your student numberI.E. vRA-Proxy_3-31
    • Root Password: VMware1!
    • Re-enter Root Password: VMware1!
    • Leave all other fields blank
  1. Click Next
  2. Click Finish
  3. Allow the Appliance to deploy, and once completed, right-click it and Click Power --> Power-On
  1. Return to your Cloud Assembly Browser tab, if the tab is no longer available, open an new tab and click the Cloud assembly bookmark.
    Log in if prompted
  2. In the Upper right-hand section of the page, Click Guided Setup, to view the setup step. You'll notice that the setup for Cloud Assembly begins with adding your Cloud Account(s) through Creating Cloud Template(s)
  1. In the Left pane under Connections Click Cloud Accounts
  2. Click Add Cloud Account
  3. Click VMware Cloud on AWS
  1. Input the following values/selections to configure your cloud account:
    • Name: {Your_Login_Name}_VMConAWS I.E. vmcexpert3-31_VMConAWS
    • VMC API Token: Paste in the API Token you generated and save in lab 2
    • Click Apply API Token
    • SDDC Name: Select Your SDDC Note: Your SDDC Matched your Username
    • vCenter Server Password: Paste in the vCenter Password
    • Cloud Proxy: Choose the Cloud Proxy you deployed earlier
    • Click Validate
    • Allow Provisioning for theses Datacenters: Check the checkbox next to your SDDC (SDDC-Datacenter)
  1. Click Add.

This adds your VMC on AWS SDDC as a cloud account. Because the "Create a cloud zone for the selected datacenters" was checked. This process also created the cloud zone.

Cloud zones are specific to a region, you must assign them to a project. There is a many to many relationship between cloud zones and projects. Cloud Assembly supports deployment to the most popular public clouds including Azure, AWS and GCP as well as to vSphere.

  1. In the left pane under Configure, click Cloud Zones
  2. Identify your cloud zone tile and click Open
  1. Review the setting of the Summary tab
  2. In the Capabilities tags Field, Type platform:vmc and select it /Press Enter
  3. Click Save
  4. On your cloud zone tile and click Open
  5. Click the Compute tab, and review the settings
  6. Click the drop-down, choose Manually select compute
  7. Click Add
  8. Select Cluster-1/Compute-ResourcePool
  9. Click Add
  10. Click Save
  1. Identify your AWS cloud zone tile and click Open.  If your AWS cloud zone doesn't exist, proceed to step 57 below.
  2. In the Capabilities tags Field, Type platform:aws and select it
  3. Click the Compute tab, and review the settings
  4. Click the drop-down, choose Manually select compute
  5. Click Add
  6. Add the following Availability Zone:
    • us-west-2a
  7. Click Save
  8. If your AWS cloud zone does not exist and you were unable to complete steps 50-56, only then proceed with the following steps.  
  9. Select Configure -> Cloud Zones
  10. Click New Cloud Zone
  11. Enter your Account/Region as AWS Cloud Account/us-west-2
  12. In the Name filled, Type {Your_Login_Name}_AWS  i.e. vmcexpert3-31_AWS
  13. In the Capabilities tags Field, Type platform:aws
  14. Select the Compute tab
  15. Change the selector menu from "Include all unassigned compute" to Manually select compute
  16. Click ADD
  17. If your student number is Even, select the US-west-2a Availability Zone.  If your student number is Odd, select US-west-2b.
  18. Click ADD
  19. Click Create

At this point we have successfully created our Cloud Account, which instructs vRealize automation cloud to use your VMC on AWS SDDC as a possible provisioning endpoint, and configured our Cloud Zone which further instructs vRealize Automation Cloud where in the SDDC (Folders, Clusters, Resource-Pools, etc...) It can provision to as well as any provisioning constraints. In the next task we will create a Project.

Task 2 - Create a Project

You create a project to which you add members and cloud zones so that the project members can deploy their cloud templates to the associated zones. As the Cloud Assembly administrator, you create a project for a development team. You can then assign a project administrator or you can operate as the project administrator.

When you create a cloud template, you first select the project to associate it with. The project must exist before you can create the cloud template

Prerequisites for a Project include:

  • Configured Cloud Zone(s)
  • Identify a designated Project Administrator
  • If using Active Directory verify it has been configured
  1. In your VDI Desktop, return to your Cloud Assembly Browser tab, if the tab is no longer available, open an new tab and click the Cloud assembly bookmark.
    Log in if prompted
  2. Under Infrastructure tab, Click Projects in the left pane
  3. Click New Project
  4. Name the Project {Your_Login_Name}_Multi-Cloud I.E. vmcexpert3-31_Multi-Cloud
  5. Click the Users tab
  6. Click Add Users
  7. Type in and select {Your Username} (e.g. vmcexpert3-31@vmware-hol.com)
  8. Check Administrator to assign the administrator role
  9. Click Add
  1. Click the Provisioning tab
  2. Click Add Zone --> Cloud Zone
  3. Select {Your_VMC-on-AWS_Cloud_Zone}
  4. Leave all other fields with their default value and click Add
  1. Repeat the steps 11 - 13 to Add your AWS Cloud Zone
  2. Click Create to create the your Project
Task 3 - Create Flavor, Image Mappings, Network Profiles, & Storage Profiles

Flavor mapping - Groups a set of target deployment sizings for a specific cloud account/region in vRealize Automation Cloud using natural language naming.

Flavor mapping lets you create a named mapping that contains similar flavor sizings across your account regions. For example, a flavor map named standard_small might contain a similar flavor sizing (such as 1 CPU, 2 GB RAM) for some or all available account/regions in your project. When you build a cloud template, you pick an available flavor that fits your needs.

Image mapping - Groups a set of predefined target operating system specifications for a specific cloud account/region in vRealize Automation Cloud by using natural language naming.

Cloud vendor accounts such as Microsoft Azure and Amazon Web Services use images to group a set of target deployment conditions together, including OS and related configuration settings. vCenter and NSX-based environments, including VMware Cloud on AWS, use a similar grouping mechanism to define a set of OS deployment conditions. When you build and eventually deploy and iterate a cloud template, you pick an available image that best fits your needs.

Task 3.1 - Create Flavor Mapping

  1. In your VDI Desktop, return to your Cloud Assembly Browser tab, if the tab is no longer available, open an new tab and click the Cloud assembly bookmark.
  2. Log in if prompted
  3. Under Infrastructure tab, Click Flavor Mapping in the left pane
  4. Click New Flavor Mapping
  5. Define a Small Flavor Mapping to AWS and VMC on AWS as follows:
Key Value
{Your_Login_User_Name}_Small  I.E. vmcexpert3-31_Small
Account / Region Value
{Your_VMCExpert_AWS_Region} /us-west-2 t2.small
{Your_VMConAWS_Cloud _Zone} CPU Count: 1; Memory: 2GB
  1. Click Create

Task 3.2 - Create Image Mappings

  1. Under Infrastructure tab, Click Image Mapping in the left pane
  2. Click New Image Mapping
  3. Define an Ubuntu Mapping to VMC on AWS as follows:
Key Value
Account / Region Image
{Your_VMConAWS_Cloud _Zone} {Your_User_Name_Content_Library} / Ubuntu-21_Desktop
  1. Click Create
  2. Click New Image Mapping
  3. Define another Ubuntu Mapping to VMC on AWS and Native AWS as follows:
Key Value
Account / Region Image
{Your_AWS_Cloud _Zone} ami-074251216af698218
{Your_VMC_AWS_Cloud _Zone} vmc-content-library / Ubuntu
  1. Click Create

Task 3.3 - Create Network Profiles

  1. Under Infrastructure tab, Click Network Profiles in the left pane
  2. Click New Network Profile
  3. Define an Existing SDDC Network to VMC on AWS as follows:
Account / Region
{Your_VMConAWS_Cloud _Zone}
Key Value
  1. In the Capability Tag field type platform:vmc, select it
  2. Click the Networks Tab
  3. Click Add Network
  4. Select Your SDDC Network (sddc-cgw-network-1)
  5. Click Add
  6. Click Create

We will now create a network profile for AWS

  1. Click New Network Profile
  2. Define an Existing SDDC Network to AWS as follows:
Account / Region
{Your_AWS_Cloud _Zone}
Key Value
  1. In the Capability Tag field type:
    • platform:aws, select it
    • network:vmcexpert#-xx, where # is your workshop environment number and xx is your student number (i.e network:vmcexpert2-31) Press the Return Key.
  2. Click the Networks Tab
  3. Click Add Network
  4. Select Your AWS Subnet (I.E. VMCEXPERT2-31) which matches the Zone that you selected previously.  Ignore any other Network, if present.
  5. Click Add
  6. Click Create

Task 3.4 - Create Storage Profile

 Storage Profiles describe the kind of storage to be deployed. Storage is usually profiled according to characteristics such as service level or cost, performance, or purpose, such as backup.

A storage profile defines cloud-specific properties used to customize a disk. Tags in the profile describe disk storage capabilities.

Storage profiles are regional settings. Establish baseline storage configurations in each cloud.

Consume Storage Based Policy Management (SBPM) for vSAN. Establish IOPS expectations in public cloud environments.

  1. Under Infrastructure tab, Click Storage Profiles in the left pane
  2. Click New Storage Profile
  3. Define an Existing SDDC Network to VMC on AWS as follows:
Field Value/Selection
Account/Region {Your_VMC _on_AWS Region} 
Name {Your_User_Name}_SDDC_StorageProfile I.E. vmcexpert2-31_SDDC_StorageProfile

Storage Policy

VMC Workload Storage Policy - Cluster-1
Datastore / Cluster WorkloadDatastore

  1. Click Create
Task 4 - Create Cloud Templates

Deployments begin with cloud templates, formerly called blueprints, which are encoded specifications that define machines, applications, and services to create on cloud resources by way of Cloud Assembly.

Templates can target specific cloud vendors or be cloud agnostic. The cloud zones assigned to your project determine which approach you might take. Check with your cloud administrator so that you know what kind of resources make up your cloud zones.

Cloud Assembly template creation is an infrastructure-as-code process. You start by adding resources in the design canvas. Then, you complete the details using the code editor. The code editor allows you to type code directly or enter values in a form.

  1. In your VDI Desktop, return to your Cloud Assembly Browser tab, if the tab is no longer available, open an new tab and click the Cloud assembly bookmark.
  2. Log in if prompted
  3. Under Design tab, Click New From --> Blank Canvas in the left pane
  4. Define the Cloud template as follows:
    • Name: {Your_User_Name}_Linux-Desktop
    • Project: {Select_Your_Project}
  5. Click Create
  1. From the left pane drag the following items onto the Canvas:
    • Under vSphere - Machine
    • Under NSX - Network
  2. Mouse over the left edge on the vSphere Machine on the canvas. When a dot appears,
    select and drag it to the cloud_vSphere network to connect the Machine to the Network
  3. In the right pane make the following changes:
    • Under resources rename Cloud_vSphere_Machine_1 to {Your-Username}-Desktop
    • Click in the Image block and select {Your_User_Name}_Linux-desktop
    • If the Flavor property is also visible set its value to {Your_User_Name}_Small
  1. Click Test to validate the template
  2. Click Deploy
  3. Name the Deployment {Your_User_Name}_Ubuntu-Test
  4. Click Deploy
  1. After about 60 second the VM should begin it's deployment in vCenter
  2. Switch over to your vCenter browser tab or open an new tab to vCenter and login as cloudadmin@vmc.local if required
  3. In the Inventory you should see the Machine being provisioned
  4. Continue monitoring the deployment in vRealize Automation and wait until it is successful
  5. In vSphere, feel free to open console to the Virtual Machine and poke around
  1. Back in the Cloud Assembly Browser tab, Click Close
  2. Click the Design Tab and Click Close
  3. Click the Infrastructure Tab, then Requests in the left pane
  4. Click your Machine Provisioning request to view its details
  5. Review the Steps of the Machine provisioning process
  6. Move the Dev Mode Slider, to view the individual tasks

Click Close


VMware Cloud Assembly is used to connect to your public and private cloud providers so that you can deploy machines, applications, and services that you create to those resources. You and your teams develop cloud-templates-as-code in an environment that supports an iterative workflow, from development to testing to production. At provisioning time, you can deploy across a range of cloud vendors. The service is a managed VMware SaaS and NaaS-based framework.

Cloud Assembly is a cloud template development and deployment service. You and your teams use the service to deploy machines, applications, and services to your cloud vendor resources.

As a Cloud Assembly administrator, generally referred to as a cloud administrator, you set up the provisioning infrastructure and create the projects that group users and resources.


Add your comment

E-Mail me when someone replies to this comment

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.