vRealize Automation - my first blueprint

So if you are following me along, you have vRA installed, it is configured and connected with vSphere and outstanding we have only - to do our first provision of a VM - which is a blueprint as well and test it out..  So that is what we are going to do here.

  • Install and and configuration of vRA – this article
  • Adding vSphere to vRA – article
  • Create your first vSphere blueprint – this article

So lets get started.  We need to access a Design tab but I was not able too.  That may be true for you if you have been following along.  So we log in (as an admin) and change to the Administration tab, followed by Users and Group, and Custom Groups. Use the green + to create a group.


Note that I have made it obvious that this is a super admin group.  I did in fact check all the boxes as seen above and not seen too (the one we needed was infrastructure architect).  I like how you can see what the checked boxes do in the box below. Once you have done what you need to, do Next.

Now add your account to the members list.  You should now log out, and log back in.  It will look a little different when you log in.

Creating a blueprint

Note that we have the Design tab now?  Lets go there.

As you might guess, lets use the green + sign to start a new blueprint.

My blueprint it to deploy a Centos VM, or two. Note how I say a max of 12 days, but when it is cleaned up we will have a 1 day archive. I like the propagate checkbox as I see value with it. When you do OK it brings you to a blueprint that we are going to work in. I did not visit the NSX or Properties tags as we are not working with them.

The first thing we do is drag a vSphere (vCenter) machine to the blueprint.

Now the magic is starting.  We have an amazing amount of power that can be flexed now in the bottom of the screen.

I am doing a CentOS VM so I called it that.  Reservation Policy is not covered at this time - not sure if I need it and I know it is complex.  The machine prefix is set to group default which is quite handy if you have multiple business groups as this way the proper scheme would be used at provision time.  But we only have one so no big deal. Min and Max here means in the provision only 1 is allowed.

We change now to the Build Information tab.

Note how I filled it in? I am going to clone from a template and customize it with a customer spec. The template, and the spec need to be in the vCenter that vRA is connected too. When your list of templates is empty and you know there should be some, check your fabric, and do a data sync if necessary.

Next we change to Machine Resources.

The info on this comes from our template and we can tweak it if we want. Since we have a min and max for memory the end users requesting can change or pick within the range.

Next we move to the Storage tab.

We can leave it as it is normally but we can also change disk size or add disk.

Network is next.

I find this screen a little misleading.  It does not show the network adapter that is in the template.  You can add additional adapters if necessary but I am just going to the Security tab. It is for NSX and I am not doing NSX so no screenshot. The Properties tab is also one we are not using so no screenshot.

So we can Finish. To make it possible to be entitled we need to Publish it. If we forget to do that we will not see it when we entitle. So highlight what you just created and use the green Publish button.

We now have a blueprint! It will build out a CentOS VM when it is provisioned.

Service Setup

Log in as a tenant admin and look for Administration / Catalog Management and Services. Yes, it is time to click on the green + again.

I used an icon out of the icon pack you can find via the links section below.  I also did a Desktop Service too with a different random icon.  This way they will look better in the catalog I think.


Change to the Entitlements are in Catalog Management. Then use the green +.

This entitlement will let essentially everyone access whatever it entitles. You could deselect the blue checkbox and specific people but I am in a small lab so no need.  As well, if you had multiple Business Groups you could select the appropriate one but again small lab and only one. Now you hit Next.

We have entitled the Services we just did, and there were some logical Actions I enabled - like RDP, SSH, and power actions.

Hit Finish when you are done.

Catalog Management

We now change to the Catalog Items area. We select our blueprint and the Configure button.

Once you hit the Configure button …

I select a new icon, again from the package you can find via the Links below, and connected the catalog item to the Service we just created called Servers. If you look on the Entitlements tab you can see that we have already done that.

Once you are done hit OK.


We do not always need approvals especially when you have guard rails like we do, but sometimes you do.  So I am going to cover it here. Remember if you are doing approvals not everything needs to be approved.

So as a tenant admin, log in, and change to the Administration tab, followed by Approval Polices and select the green +.

We chose the first one - Service Catalog - Catalog Item Request.

The first bit is easy to fill out. Next we want to do the Pre Approval which is better than Post as post will build the machine and can waste resources.

Some very powerful functionality is in this form.  Require based on conditions has a lot of power and the use of multiple people who can approve and saying anyone is very flexible. There was no options or config in the System and Custom properties.

Once we hit OK, we can see how this simple approval by one person fits in.

We could add multiple layers of approval but I suspect that will be irritating for people and lengthen the process of provision too. But an example would be your boss and IT operations.

Now we hit OK.

We want to put approvals into action so we change to Catalog Management, Entitlements. We use Edit on our entitlement followed by changing to Items & Approvals.

Near each of the services is a drop down list which you can use to modify the policy and add policy.

As you can see above I changed the services to need approval, but not the actions.  I figured once they have the VMs - meaning we approved - those actions were mostly normal and useful.

Test Time

I log in as my John Doe user to get a CentOS to test out my new vRA environment.

I can see that my Centos blueprint is actually available.  So pretty good news.

I use the Request button.

I use the Submit button once I have filled in the empty fields.

You can see in the screenshot above that it is pending approval.  Which is what we designed! Now I log in as the admin to see the approval request.

It is a little hard to see, but you need to hit the blue number on the far left.

Now you can enter your approval reason or justification and the Approve button. Once that is done, you log back in as the user.

We can see we are now past the approval message.  We are now waiting for the clone to be done.

If you want more info, you can click on the In Progress that you seen in the screenshot above.

I do not have the fastest storage so things take a few minutes. But we can see the progress in the vSphere Client.

When vRA is finished with the deployement, and the VM has started up we will see the screen change.

Do you see the Actions on the far right?

We just got our VM so we do not want to destroy it but select the View Details.

Now that we see a little more info, including the VM name, we also see the gear icon.  This gear icon is important as it provides the tools in the form of Actions we added previously.

I should note that all the other tools you may know like RDP, SSH, VMRC all work.  But the idea of vRA is to keep people in vRA and their apps.

So click on the VM, and select the gear icon to see what choices we have.

Those options were my choice, and it could be a smaller or bigger list depending on your decisions.


We have installed, and configured vRealize Automation.  A fair bit of work!  Especially the configuration.  And it was a little complex too.  But we now have a system where people that have no vCenter access can deploy a Linux VM and work on it too. It even has a single layer of approval. And while it was only one VM it should normally be organized as applications with whatever number of VMs they have or need. So we could use this as a way for developer to get what they need to test a patch, or application owners to use to test an update maybe.

But if you have done the work in the lab with me, that we both have a good reason to smile.  We got something useful, power and complex working!


Want some cool icons?  Find them here - http://www.vmtocloud.com/vravcac-icon-pack/

Thanks Kim for all the help, much appreciated!


=== END ===

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.