Gotta Love the new Software Components in vRealize Automation 7


You gotta love the new software components feature in vRA 7.  It enables the easy deployment, configuration, and removal of software/applications and makes them reusable across multiple platforms such as vSphere, AWS, and vCloud Air.  I was recently working on a POC with a customer and they were testing out the full VMware stack.  This included vROPs, vRA, NSX, VSAN, etc.  One of the things I proposed is that we use the new software components features to hand the install and initial configuration of the vROPs End Point Operations agent during the deployment of workloads and also make sure to remove the agent when the workload is destroyed.  They are primarily a Windows shop, so the software component I created is based on Windows but if there is enough interest I can also create one for Linux builds.  The software package can be downloaded from the VMware Sample Exchange here.

Once you have downloaded the software component zip, the cloudclient can be used to import the software package.  If you don’t have the cloudclient you can download it from here, along with the documentation on how to setup and configure it.

Login to the cloudclient:

Screen Shot 2016-02-26 at 10.47.32 PMvra login userpass –user username for the tenant –password password for the tenant username –server vRA appliance FQDN –tenant name of tenant you want to import content into

Run the import command to import the software component package:

Screen Shot 2016-02-26 at 11.03.40 PMYou basically run the following command:

vra content import –path Path to Sotware Component .zip package –dry-run false –resolution OVERWRITE –precheck WARN

You could use true option with –dry-run first.  This will test the import and let you know if there were any errors.

Next you add the software component to a Windows vRA blueprint and provide values for the properties:

Screen Shot 2016-02-26 at 11.12.26 PM


Below are the details of the properties:

securePort – The secure port used to connect to vROPS, this is not required and would default to 443

serverCertificateThumbprint- This the the server certificate thumbprint of your vRealize Operations Manager server.  This is required to install the EPO agent.

installer- Name of the installer package to be used for the install

passwordUNC- Password used for account to used to connect to share containing the installer package

installerPath- UNC path to the share that contains the installer package

usernameOps- Username used with vROPs to register the agent

serverAddress – FQDN or IP of the vRealize Operations Manager server

usernameUNC- Username to be used for connecting to the share

paswordOps- Password for unsernameOps account used to register agent with vROPs


These property values are used in some windows cmd line scripts that execute for installing the EPO agent and removing it when the workload is destroyed.  These are defined in the software component like below:

Screen Shot 2016-02-26 at 11.30.51 PM

Screen Shot 2016-02-26 at 11.31.18 PM









Upgrading vCould Automation Center 6.0 to 6.1


Wow, its been way too long since I have posted something.  The upgrade from vCAC 6.0.1 to 6.1 is fairly straight forward but I figured it would be a good to get my feet wet again.  The first thing to make sure of is you have all the prerequisites full filled.


1) You will need to be up to 6.0.1 before completing the upgrade

2) Like anything is always good to back things up, well this upgrade is no different.  You should backup the following:

  • The configuration files in /etc/vcac.  The config files that are in this location include configs around SSO admin credentials, vCAC Services that need to be registered at boot,  vPostgres DB details aka JDBC connection info, the vCAC key store, and vCO Endpoint config.  So its all pretty important, BACK IT UP!  In my case, I used WinSCP to connect to the vCAC Appliance, browsed to the location, and backed up the folder to my local box.

vcac folder

  •  The configuration files in /etc/vco.  The config files in this location include vCO password/connection info, web/tomcat configs, etc.  Yet again it pretty in important so back it up.  Used the same process via WinSCP to back it up.
  • All databases, this includes the vPostgres and MS SQL DBs.  Make sure to back up the vCAC DBs, to do this use whatever methods you normally use internally to do backups.

3) Snapshot all the virtual appliances and IaaS Servers.  So obviously if you have a distributed install this means all the distributed components.

4) If you’re using the vSphere SSO, make sure its a supported version.  You can check this on the vCloud Automation Center Support Matrix

5) If you have the old school vCAC Designer Installed, uninstall it.  You will install the newest version after the upgrade is complete. There isn’t an upgrade process for this, uninstall/install is the path forward.

6) If you and only IF you have a highly available setup deployed with multiple vCAC appliance behind a load balancer, you need to make sure the vco-server services is disabled.  Another thing to note is during the upgrade of the appliances you need to also stop the vcac-server serivce on all the appliances but the one currently be upgraded.  Make sure to not start back up any of these services until all the appliances are upgraded.

  • SSH to the appliance and log in
  • Run the following commands:
    • service vco-server stop
    • chkconfig vco-server off
  • If this isn’t the instance you are currently upgrading run the following:
    • service vcac-server stop
  • Once you are completed with the appliance upgrades you should SSH back into the appliance, run chkconfig vco-server on, and start the vco-server service back up.  This will insure that it starts back up appropriately on reboots.

7) Shut down the vCAC services on your IaaS Windows Server.  If its a distributed install these services/roles will be spread out across several IaaS servers.

  • Log in to the IaaS Server
  • Go to Start–>Administrative Tools–>Services
  • Stop the services in the following order:
    • All vCAC Agents
    • All vCAC DEM workers
    • All vCAC DEM Orchestrators
    • vCAC Manager Service

 Upgrading the Identity Appliance

If your running the Identity appliance, the next step is to upgrade it.

1) Log into to the identity appliance management interface by browsing to https://FQDN:5480

Identity login

2) Select the Update tab and then click Check Updates

Identity check updates

3) Once it updates you should see the new appliance version show up  Click Install Updates.

Identity Install Updates

4) Once the update is completed you will be see a message stating the appliance needs to be rebooted.  Click on the System tab and then Reboot.

Note: If your appliance doesn’t have access to download the file you can use one of to methods. 

  • Download the update .zip, great a local http: repository, and pull the update from there
  • Download the update .iso, add a CD-ROM to the appliance, mount the .iso, and update from there.  In my lab, I did this as I only allow a few ports inbound. 

Upgrading the vCAC Appliance

Most of the process here is very similar to that of the identity appliance. Please remember there are additional steps that need to happen here if you are upgrading a highly available install, these steps are listed above under Prerequisites.

1)Log into to the vCAC appliance management interface by browsing to https://FQDN:5480

vcac login

2) Select the Update tab and then click Check Updates

vcac update

3) Once it updates you should see the new appliance version show up  Click Install Updates.

vCAC Install update

4) Once the update is completed you will be see a message stating the appliance needs to be rebooted.  Click on the System tab and then Reboot.

vcac update complete

Note: If your appliance doesn’t have access to download the file you can use one of to methods. 

  • Download the update .zip, great a local http: repository, and pull the update from there
  • Download the update .iso, mount the .iso, and update from there.  In my lab, I did this as I only allow a few ports inbound. 

Upgrading the IaaS servers

There are a couple of prerequisites that need to be in place for this part of the install.

  • The box you are running the Database Upgrade from must have the 64-bit Java version 1.7 installed.  32-bit versions are not supported.  Environment variable JAVA_HOME is set to the Java install folder.  %JAVA_HOME%\bin\java.exe must be available.
  • .NET Framework 4.5.1 is required on the IaaS installation machine.  One thing to note is that you can not do a straight upgrade from 6.0 to 6.1.  You do have to be up to 6.0.1 before you can upgrade to 6.1.

Upgrading the Database

You can run this update from another server on the network long as there is appropriate access.  I went ahead and ran this from another box I had in my lab as I already had the Java components installed and configured.  One thing I did run into is that box that you run DBUpgrade from also needs to have .Net 4.x on it.  I received an error message saying it needed 4.0 but 4.5.1 worked fine.

1) Browse to https://vcac-appilance-FQDN:5480/installer

2) The fourth bullet down is a link to download the “database upgrade scripts” Click the link and download the file.

DB Install Script

3) Extract the file.

4) Open up a windows command prompt and change directories to the location you unzipped the file to

db changes directory

5) Run the following command:

DBUpgrade -S FQDN\Instance Name -d DB Name -E Forces Windows Auth  | -U DB owner username -l logfile location


DBUpgrade -S IaaS.JonsDomains.local\SQLEXPRESS -d vCAC -E

DBUprade Success

 Upgrading the IaaS components

When performing the upgrade of the IaaS components if you have them distributed they should be upgraded in the following order: Websites, Manager Service, DEM Orchestrator and Workers, and finally the agents.  If there are multiple of any of the components do them one at a time.

1) Browse to https://vcac-appilance-FQDN:5480/installer

2) If you haven’t installed .NET Framework 4.5.1, download it from this page and install it. After the install you might be prompted to reboot the server.  If so please do, also remember to stop the vCAC services again when the server reboots.

2) The first bullet down is a link to download the “IaaS Installer” Click the link and download the setup_FQDN-of-vCAC-applinance@5480.exe.  Do not change the name of the file, it is needed during the install to pull down the appropriate packages.

3) Run the install, setup_FQDN-of-vCAC-applinance@5480.exe.  The installation wizard will launch, click next.

4) Accept the EULA and click next

5) Provide credentials to the vCAC Appliance and click next.

VCAC Appliance creds

6) Upgrade will be selected, click next.

7) What you will notice on the next screen is the installer detects what components are installed on the box.  This is nice, and I love how the installation/upgrades have gotten better and better with vCAC versions.  It will prompt for the service account password, DB instance, and DB name.  Click next and then Upgrade.

service upgrade detect

Another cool thing is there is a link to the installer log folder at the bottom of the install progress screen.  This is nice as you can click on it and look at logs to get progress or if you get an error.

vcac upgrade logs

Sit back and relax, it’s going to take a bit.  :) Once it completes click next and finish.  The you are done!

vcac Upgrade complete

So now you think your done, well think again.  The following KB was published:

Cannot find VMware vSphere virtual machines by unique identifier using the vCenter Orchestrator Plug-in for VMware vCloud Automation Center 6.1, or directly in vSphere API (2088838)

Basically there is an issue with version 6.1 and some of the vCO workflows that came with imbedded vCO.  The KB has you download a workflow package import it into the imbedded vCO appliance.

Keep a look out here on the blog, I will have one covering upgrading Application Director and ITBM Std shortly.


And a new chapter in my career begins


For years now I have wanted to work for VMware and been interested in a role there.  The biggest challange has been my location.  I am currently based out of New Mexico and there just isn’t enough business here for VMware to justify having an SE based here.  So I finally got the family on board and applied for SE role that focuses on the VMware Cloud Infrastructure Managment products. I figured I could do well in this role with all my recent, in-depth knowledge around vCAC.  To be honest, I didn’t expect to get a call back, I had applied for positions in the past and not even gotten as much as an email stating I wasn’t selected.  So I was quite surprised when a recruiter called and stated they were interested.  So its official and I have accepted a postion with VMware as an SE-Cloud Infrastructure Management Specialist in Broomfield, CO and will be starting with VMWare on 11/4.  The family and I will be relocating to Denver area around the begining of the year.  I am quite excited to have the opportunity to work for such an awesome company and I believe its going to be a wonderfull place to grow.  Its also a postion where I will be able to continue to enage the communtiy and share my knowledge, something I have come to love more and more over the years.  Looking forward to starting and hitting the ground running!

Migrating to vCAC 5.2…No its not a simple upgrade.


It’s been awhile since I have posted anything but I figured the new version of vCAC, 5.2, going GA was worthy of a post.  As you all know, I have been knee-deep in implementing vCAC at my current employer and this new release is very exciting to me.  There are several new features added, the ones I am most excited about are the Enhanced vCloud Director Integration and added support for vCNS.  In the previous version of vCAC, 5.1, there was very limited support for vCD.  You could clone vApps but there was no built-in functionality to customize VMs that were a part of the vApp during provisioning.  The work around for this was, you could add vCenter Orchestrator instance as an Endpoint and call workflows to accomplish the customizations.  In, 5.2, the concept of “vApp component blueprints”, is added.  These allow you to customize the VMs within a vApp.  This is a very welcome feature in my opinion.  As far as vCNS goes a vCNS Manager can now be added as an Endpoint.  This allows vCAC to discover network resources and now that the network resources are there they can tied to blueprints.  Pay-as-You-Go- Allocation model and support for KVM were also added.

Ok, now that I have rambled on about the new features on to the meat of the post.  I am going to cover the migration vCAC 4.5/5.1 to 5.2.  Only these releases are supported in migrating to 5.2 so the first step is to verify your version.  This can be done by browsing to the vCAC web portal at https://FQDN/DCAC .  Once their click on the “About” in the upper right hand corner.


Next, make sure you have all the appropriate trusted SSL certs created and imported.  vCAC uses SSL/443 for a lot of the communications between all the components by default.  If you’re migrating, it’s almost a given you already have these in place, but if not you should.  It uses IIS and there really isn’t anything special, but if you need some direction on this refer to the “vCloud Automation Center Installation Guide” SSL Configuration section for more details.  You also need to make sure that there are no active machine provisioning /operations and that all data collections are completed.

Next you need to document the info on all the DEMs, Agents, and Endpoints.  This is done because during the migration, all these components will need to be uninstalled.  To gather info on your DEMs, from the web portal, click on vCAC Administrator==>Distributed Execution Status.

menuagent config

You will presented with a screen that lists all the DEMs.  Document their Name, Host Name/Machine, Role, and Skills (if any).



Next document the agents.  To do this RDP into the vCAC server and navigate to the agent installation location.  This is usually %SystemDrive%\Program Files (x86)\DynamicOps\DCAC Agents.  For each of the directory note the name.  Then open a command prompt, navigate to the agent’s directory, and issue the following command: DynamicOps.Vrm.VRMencrypt.exe VRMAgent.exe.config get.  Document the value of managmentEndPointName. Do this for all the agents listed in the directory.


Next record all service account user credentials.  While on the Windows box go to Start -> Run -> Services.msc .  Find the following services and notate the service account that is being used.

  • Each VMware vCloud Automation Center Agent – agentname service (DynamicOps Cloud Automation Center Agent if upgrading from DCAC 4.5)
  • Each VMware DEM-role – instancename service (DynamicOps Cloud Automation Center DEM if upgrading from DCAC 4.5)
  • The VMware vCloud Automation Center service (DynamicOps Cloud Automation Center if upgrading from DCAC 4.5) — Manager Service host only
  • Repeat these steps for any other host on which agents or DEMs may be installed.

You will need to also record the service accounts that are being used for the Application Pools in IIS.  To do this go to Start–>Run–>inetmgr.exe.  Click on the IIS Server name à then Application pools.


Off to the right hand side you will see Application Pools with an Identity associated with them.  Document the Identity.




In my opinion, if you documented your install you should already have the info but it can’t hurt to verify.  In my demo environment I have all the components on one box, if this were production these would be separated.  For more info one were how to separate the services in a production environment reference the following doc:  vCloud Automation Center Reference Architecture

If you used any customization via the vCAC extensibility toolkits, they will need to be uninstalled.  For more details on this refer to the vCloud Automation Center Extensibility Guide.


Once all of the above is completed, RDP to the vCAC server and stop all the services.  Again, in my demo environment I have all the components on one box, but in production you they would be separated.  You should be able to look back at the info on the DEMs and see where they are installed and stop the services on those boxes.



Next it is suggested that you back up the following customization related files.

Application configuration files, including:

  • ManagerService.exe.config, located in %SystemDrive%\Program Files (x86)\Dynami- cOps\DCAC Server
  • DynamicOps.DEM.exe.config, located in %SystemDrive%\Program Files (x86)\Dynam- icOps\Distributed Execution Manager\instance_name
  • VRMAgent.exe.config, located in %SystemDrive%\Program Files (x86)\Dynami- cOps\Agents\instance_name

Email templates located in %SystemDrive%\Program Files (x86)\DynamicOps\DCAC Server\Templates

Workflow configuration XML files located in %SystemDrive%\Program Files (x86)\Dynami- cOps\DCAC Server\ExternalWorkflow\xmldb

I just created a folder on another disk and copied them over.  VMware also suggests that you take a backup or snapshot (if it’s virtual) of all the vCAC component hosts.  In my case everything was on one host so I snapshotted the VM.  They also recommend you backup the DB and AzMan store.  To be honest with you at this point I was getting pretty concerned as they add you backing up so many things.  Didn’t give me too much confidence in the migration to 5.2.

Ok, finally now on to actually updating vCAC to 5.2.  The first part is to update the database.  This is done through running DBUpgrade.exe.  To get info on the arguments and switches that can be used with it, run it without any.




Since I was local to the box that had the DB on it and logged in with the vCAC service account I ran the following:




As you can see above, the first time I attempted to run the DBupgrade while specifying the I got an error message stating that:

There is no upgrade script to execute from release to release

There is no upgrade script that has its starting version matches the installed database version

So next I tried did a change directory to the location that DBUpgrade is located and ran the same command without any issue:




DBUpgrade.exe must look in the current directory for the script and not the path that is specified to run it.

Uninstall the following components DEMs, Agents, vCAC Designer, vCAC Self Service Portal, and WinPEBuilder.  Make sure not to uninstall the Manger Service, this will cause you to have to do a fresh install of vCAC.  So basically everything but the Manager Service and the default portal.  Obviously this is done through Start à Control Panel à Programs and Features.  In my demo environment I had DEMS, a vCenter Agent, the Self Service portal, and designer.




Next order of business is to make sure you install .Net 4.5 because it is required.  Once this is complete its best to good ahead and install the vCAC Prerequisite Checker, its part of the vCAC 5.2 installation zip and is in the tools folder.  Truth is that if you’re doing a migration you must likely have everything you need installed, but when I first installed the product I missed some pieces.  Can’t hurt to do a sanity check before proceeding.  Once you have installed it, open it up.  In my test environment I have all the components on one server, if there were production you would install the vCAC Prerequisite Checker on all servers.  As you see you have the ability to scan based on the installed components.  Once you have selected all the needed components click Run Checker.




Next you will run the vCAC-Server-Setup.exe install from the vCAC 5.2 installation zip, its in the Setups folder.  Make sure all the options but the Database are selected.  Since the install detects a pervious install this should be the default.




Click Next, Install, and then Finish.


The vCAC Configuration Wizard will auto launch.




Next you will be prompted for license keys.  Add the required keys and click next.



Then you will be prompted for the DB instance and DB name.  If the currently logged in user has the appropriate permissions to DB then leave the box checked to use the currently logged in user.  If not uncheck the box and provide a user with the appropriate permissions.




Then click next.  Next you will be asked to provide a Security Passphrase.




Click Next.  You will next have you will be presented with a screen to verify your IIS settings.  You can click the Test Binding to verify that the port is available.  You should already have a certificate set.  Click Next.




You will then be prompted to provide the username and password that you documented previously that is being used for IIS Application Pools.



The next screen will be already populated and will have authorization store selected,  Click Next.




The Model Manager Service configuration screen will already populated verify the settings and click next.




The Manager Service Screen will be already populated.  Verify the settings and click next.  If this were a failover host you would select the Disaster Recovery cold standby node.




The vCAC Web Configuration screen will already be populated, verify your settings and click next,




On the Ready to Configure screen, click Configure.  Then click next and finish.

Once you are done with the configuration wizard, you need to run vcacMigrationCleanUp.exe.  The executable is part of the install zip.  It’s located in Installation\Database\DBUpgrade\vcacMigrationCleanUp.   You need edit the configuration file before you run it.  Edit the following 2 lines:

<add name=”DB” connectionString=”Integrated Security=SSPI;Data Source=localhost;Initial Catalog=DCAC”/>

<add key=”repositoryAddress” value=”https://localhost/repository/”/>

Change local host to the FQDN of the Model Manager host.  For Data Source use the SQL instance, and for Initial Catalog us the DB name.  Next run vcacMigrationCleanUp.exe à Select Migration Clean Up–>vSphere Agent.  Click Yes, Yes, and then OK.   Exit the migration clean up tool.


Next it’s time to reinstall the DEMs.  I am going to start with the DEM Orchestrator.  First launch the vcac-Dem-Setup.exe and click next.  Accept the End user agreement and click next.  On the DEM instance Configuration screen, from the documentation you gathered, provide the DEM Instance Name, DEM Description and select Orchestrator Role.

On the Custom Setup screen take the defaults and click next.


Dem config2



On the Manager Service and Model Manager Web Service Host configuration screen provide the FQDN for the Model Manager Service, Model Manager Web Services, Model Manager Username/password, and click next.


Dem config3


Next provide a username and a password for the DEM service.


Dem config4


Click Install


Dem config5


Click Finish.


Dem config6


Repeat the above steps form and DEM Workers you might have.  In a production environment their could be several.  Obviously select the Worker Role.  Next you will reinstall the agents, in my case this was a vSphere Agent.  Launch the vCAC-Agent-Setup.exe which is part of the vCAC installation zip in the Setups folder and click next.




Accept the End-User Agreement:



Next you will need to look back in your documentation and provide the Agent Name, FDN for the vCAC Server:port, and Model Manager Web Service Host:port.




Next you will be prompted to select the agent type.  As you can see people there are quite a few.  In my case I selected the vSphere Agent.




Again look back at your documentation and provide the service account info for the vSphere Agent.




Next provide the Model Manager Username and password.  You should have documented this before the upgrade.




You should have documented the name of your vSphere Endpoint, provide that in the screen below.  Endpoints provide the credentials for the agents so this is pretty important.




Click Install



Click Finish




If you have any other agents that need to be reinstalled go through the process again, select the appropriate agent type, provider the agent name, credentials, and endpoint.

If you were using the Self Service portal which is part of the extensibility pack, it’s time to reinstall it.  Download and extract the install bundle.  Then run the vCAC-SelfService-Setup.exe and click next




Accept the License Agreement.




If you’re installing in the default location click next.  If not change the location.




Click Install.




Click Finish and the vCAC Software Configuration wizard will launch. Click Next.




You will then be asked to provide the DB instance and DB Name. Then click next.




The configuration will detect your setting, click next.




On the screen below you need to provide credentials for a service account, the Model Manager FQDN:port, and credentials for the Model Manager.




Click Configure.  Then click next.




Click Finish.




If you uninstalled vCAC Designer or have a need for it run the installer.  It is also a part of the vCAC 5.2 extensibility pack.  It’s a pretty basic install wizard and I am not going to go through all the details here.  You will need the Model Manager Web Service FQDN:port, username, and password.  vCAC Designer is only needed if you are modifying or creating workflows.


Go to Top