Creating new vRA Workloads in a specific AD OU

This week, I’ve had several customers individually approach me with this question – how can they specify the OU which a Windows VM should land in when it’s created via vRA?

This is a great question and a very important operational task to accomplish – OU membership determines so much vital configuration for a Windows machine.

It seems like most of these customers have a tendency to assume they are going to create the VM first, and relocate it to a new OU later. But there’s a much more streamlined way to do it. By binding a workflow to the IaaS BuildingMachine lifecycle stage, you can pre-stage the computer object in AD before it’s even provisioned. That way, when it first adds to the domain it will already be present in the correct OU. This also has the added benefit of ensuring all group policies are inherited right away, rather than requiring additional reboots.

I’ve put together a quick example here that should help you see how to do just this.

To use the example workflow attached above, you must already have your vRO instance registered with vRA and the extensibility customizations installed. We also assume that you have correctly configured the Active Directory plugin, and that the example vRA blueprint you will deploy has a vSphere Customization Specification attached which adds the VM to your AD domain.

First, import the workflow into a vRO folder of your choosing.

Then, browse to it in the workflow tree and select it. On the General tab, you can see there are two Attributes that must be updated for your own envirionment. Enter the AD Domain Name as the value for domainName and select the parent OU you want new OUs to be created in  for ou1. You can see in my example, the domain is lab.virtualwin.org and the Parent OU is Lab Machines.

Configure_Workflow
(Click for larger image)

Next, use the Assign a state change workflow to a blueprint and its virtual machines workflow to attach the new workflow to the BuildingMachine stage of a test blueprint. This workflow is located under root > Library > vCloud Automation Center > Infrastructure Administration > Extensibility in the Workflow tree.

To do this, right-click the workflow and select Start Workflow.

Start_Workflow

Choose BuildingMachine as the stub to enable and choose your IaaS host. Remember that we are assuming your IaaS Plugin is already configured. If you don’t see any hosts in this list, you still need to do that! Click Next.

Select_Stub_and_vRA_Host

Now,  select the blueprint(s) you wish to add this workflow to. In this example the selected blueprint is “Add to OU Test” and click Next.

Select_Blueprints

On the last screen, you will be prompted to select the workflow and some final options. Choose the new workflow you just imported (in this example, it is Create OU and Stage Machine). Be sure to choose Yes for Add vCO workflow inputs as blueprint properties and then click Submit.

Add_vRO_Workflow_Inputs

The workflow will complete. Now, switch to your vRealize Automation console and edit the blueprint which you just attached the workflow to. Select the Properties tab. You will be presented with a list of properties, some of which need to be adjusted. The total list of properties you see may vary from environment to environment. Here, we need to delete the following 4 properties:

  • ExternalWFStubs.BuildingMachine.vCACHost
  • ExternalWFStubs.BuildingMachine.vCACVm
  • ExternalWFStubs.BuildingMachine.vCenterVm
  • ExternalWFStubs.BuildingMachine.virtualMachineEntity

And also edit the one named ExternalWFStubs.BuildingMachine.ouName so that Prompt User is checked.

Blueprint_Custom_Properties_Before

When you’re done, the properties should look more like this:

Blueprint_Custom_Properties_After

Now, let’s make that variable a little more friendly. Open the Property Dictionary from the menu on the left. Click on New Property Definition and fill in the data as follows:

  • Name: ExternalWFStubs.BuildingMachine.ouName
  • Display Name: Create New OU to host new VM
  • Control Type: Textbox
  • Required: Yes

Property_Dictionary

That’s it! Now, if you navigate to your vRA Catalog and request the blueprint you’ve been working on, you should see something similar to this.

Request_New_Item

Click Submit and wait for provisioning to complete. When you’re done, you will see the new machine in your Items tab as usual:

Deployed_Items

But if you check out your Active Directory, you should also see that the new OU you selected was created, and the new machine was created inside it!

AD_Properties

Now, this example workflow is a very quick demonstration of concept. It doesn’t have any error handling (and suffice it to say, should NOT be used in any production environments and is provided without support or warranty of any kind) – but it should show you how a seemingly complex  task like this can be accomplished relatively easily. The logic in the workflow could easily be amended to remove the OU creation step. ASD and vRO Dynamic Types could be leveraged to provide the user a list of OUs to choose from, rather than a free-form textbox. The sky’s the limit when it comes to vRA extensibility!

Today’s spicy orchestration experience was brought to you by the Habanero Mojito at Havana, Walnut Creek. Jon_Kate_Havana

I hope this post has been useful.

Creating new vRA Workloads in a specific AD OU

Have you taken a VMware Hands-On Lab lately?

The title really sort of says it all!

For those of you who don’t know, the VMware Hands-On Labs program is a truly unique offering in the industry, allowing customers anywhere to test drive any of VMware’s products in live environments. From anywhere, at any time. For free.

We provide you with the environment, the infrastructure, and all the software – pre-installed and configured. You just bring your imagination and willingness to learn. You don’t have to be a paying customer or be tied to a VMware software account of any kind. Just head on over to http://labs.hol.vmware.com/ and register.

Once there, you can choose from the catalog of more than 50 labs (with 40 new or updated ones to be released at VMworld 2015) spanning our entire portfolio. Whether you’re interested in learning what’s new in vSphere 6, how to deploy advanced vRealize Automation integrations, get some stick time with an EVO:RAIL or see how to start moving your business to vCloud Air,the Hands-On Labs provides a safe and free place to do it.

But (shameless plug alert!) the best part about the Labs are the guidance, manuals and use cases that have been prepared to go along with them. Each lab is carefully designed by customer facing subject matter experts like yours truly, so that you can be sure the use cases are relevant and represent real world questions or situations that our customers ask about daily. Small teams of dedicated VMware employees each take great pride in investing hundreds of hours every year to make sure you have the most seamless, robust, amazing experience possible.

If you’d like to see an example of my work,  HOL-SDC-1421 (Using vRealize Automation to Build and Deploy Services and Applications) is a 101-level vRealize Automation lab my team wrote last year. It’s available in the public catalog now.

At VMworld this year, my dream team and I will be pleased to release HOL-SDC-1632 (vRealize Automation Advanced: Integration and Extensibility) – our most advanced Automation lab ever. You won’t want to miss this one.

Big thanks go out to Burke Azbill (@TechnicalValues), Kim Delgado (@KCDAutomate), Shawn Kelly (@shawnmkelly), and Grant Orchard (@grantorchard) for making up 4/5 of the most collaborative, open-minded, hardest working HOL team in the whole company.

So head on over to the portal and register, follow @VMwareHOL on Twitter, or better yet – join us at VMworld 2015 and take a few labs in person with our expert staff!

Did I mention that the Labs are completely free? I think I might have.

VMware_Hands_On_Labs_Logo

A thank you to all my peers and customers

I’ve been with VMware for just about 18 months now. It’s been one of the most rewarding, challenging, utterly fantastic experiences of my life. We work hard – and we play almost as hard. I’ve taken great pride  in my work with my customers and with my peers throughout the company.

This past week, I received a call from my manager informing me that this work had been recognized and rewarded with a promotion from a Senior SE to a Staff SE. This is a real honor for me, and one that reminds me that while I may have come a long way, I still have a long way to go.

I’m also reminded that none of this would have been possible without all the great and honest feedback from my customers and the various teams throughout VMware that I work with every day. It’s with that that I send out a thank you to all my peers and customers for placing your trust in me. In return, you have my commitment that I will continue to provide the best possible service and support that I can!

Track_Seven_Panic_IPA

Of course, it wouldn’t be a complete post without some kind of celebratory beverage. This photo was taken at a local establishment just a few minutes after I received the good news. Track Seven’s Panic IPA is a stellar brew, made with Amarillo and Simcoe hops front and center, rather than the more common Citra and Cascade varieties. The result is a high-hop flavor (70 IBU) without the face-shredding pucker factor. Lots of citrus and floral notes explode with every sip. Don’t let the can fool you, this is a top-shelf local craft beer. Check out Track Seven next time you visit me in Sacramento!

Cheers, and thanks again.