vRealize Suite Lifecycle Manager 8.

6
Installation, Upgrade, and Management
Guide

VMware vRealize Suite Lifecycle Manager 8.6

vRealize Suite Lifecycle Manager 8.6 Installation, Upgrade, and Management Guide

You can find the most up-to-date technical documentation on the VMware website at:

https://docs.vmware.com/

VMware, Inc.
3401 Hillview Ave.
Palo Alto, CA 94304
www.vmware.com

©
Copyright 2021 VMware, Inc. All rights reserved. Copyright and trademark information.

VMware, Inc. 2
 Contents

About vRealize Suite Lifecycle Manager Installation, Upgrade, and Management

Guide 8

1 Installing vRealize Suite Lifecycle Manager 9

System Requirements 9
vRealize Suite Lifecycle Manager Ports 11
Installing VMware vRealize Suite Lifecycle Manager Easy Installer 13
How to run the vRealize Suite Lifecycle Manager Easy Installer for vRealize Automation and
VMware Identity Manager 14
How do I use vRealize Suite Lifecycle Manager Easy Installer for vRealize Automation and
VMware Identity Manager to install my applications 17
How do I use Easy Installer for vRealize Automation and VMware Identity Manager to
migrate vRealize Suite Lifecycle Manager 23
How to run vRealize Suite Lifecycle Manager Easy Installer 25
How do I use Easy Installer to install vRealize Suite Lifecycle Manager 25
How do I use Easy Installer to migrate vRealize Suite Lifecycle Manager 27
Log In to vRealize Suite Lifecycle Manager 27
Accessing the vRealize Suite Lifecycle Manager Dashboard 28
Notifications in vRealize Suite Lifecycle Manager 29
Configuring SMTP for Email Outbound Notifications 29
Creating Incoming Webhooks for Slack and Teams Channels 30
Configuring Outbound Notifications 31

2 Configuring vRealize Suite Lifecycle Manager 32

Configure Your vRealize Suite Lifecycle Manager Settings 32
Authentication Provider in vRealize Suite Lifecycle Manager 33
Configure Your System 34
Configure NTP Servers 39
Configure DNS Servers 40
Data Source Using SNMP Configurations for vRealize Network Insight 41
Replace Certificate for vRealize Suite Lifecycle Manager 42
Working with Product Support 42
Configure Certificate Within Locker 47
Configure License Within Locker 49
Configure Your Password Within Locker 50
Password Management Within Locker 50
Add a Data Center to vRealize Suite Lifecycle Manager 51
Assign a User Role in vCenter Server 52
vRealize Suite Lifecycle Manager on VMware Cloud on AWS Environment 55

VMware, Inc. 3
vRealize Suite Lifecycle Manager 8.6 Installation, Upgrade, and Management Guide

Creating Roles for Specific Access 55

Assign Roles for Certificate Operations 55
Identity and Tenant Management With VMware Identity Manager 56
Manage Your Directory in Identity Management 57
Configuring User Attribute Definition 58
Assign User Roles with User Management 59
Add Active Directory Over LDAP 60
Add Active Directory with Integrated Windows Authentication 63
Tenant Management in vRealize Suite Lifecycle Manager 65
Using Tenant Migration 78

3 Creating an Environment in vRealize Suite Lifecycle Manager 82

Create a New Private Cloud Environment Using the Installation Wizard 82
Install VMware Identity Manager in vRealize Suite Lifecycle Manager 86
Configure Environment Settings for a New Private Cloud 87
Install vRealize Suite Products 88
Accept EULA and License Selection 88
Configure Certificate Details 88
Configure Infrastructure Details 90
Configure Network Details 92
Configure Product Details 93
Configure vRealize Suite Products for Installation 97
Validate Private Cloud Environment Details 101
Confirm Environment and Installation Settings 104
Import an Existing Environment using Installation Wizard 105
Import VMware Identity Manager Environment 106
Import vRealize Business for Cloud Environment 106
Import vRealize Automation Environment 107
Import VMware vRealize Salt Stack Config Standalone 108
Import vRealize Network Insight Environment 109
Import vRealize Operations Manager Environment 110
Import vRealize Log Insight Environment 110
Create a Private Cloud Environment Using a Configuration File 111
Creating Environments in vRealize Cloud 112
Configuring Environment Settings for a New Cloud Proxy 112
Installing Cloud Proxy Products 113
Configuring Cloud Proxy Product Details 113
Onboarding vRealize Cloud Universal Subscriptions 114

4 Managing Environments in vRealize Suite Lifecycle Manager 116

Day 2 Operations for Global Environment in vRealize Suite Lifecycle Manager 116

VMware, Inc. 4
vRealize Suite Lifecycle Manager 8.6 Installation, Upgrade, and Management Guide

Re-Size Hardware Resources for VMware Identity Manager 118

Day 2 Operations with Other Products in vRealize Suite Lifecycle Manager 118
Reconfigure Internal Pods and Service Subnets 120
Add a Product to an Existing Private Cloud Environment 121
Add a Data Source to an Existing Private Cloud Environment 121
Data Operations Supported by vRealize Network Insight 121
Import Data sources in vRealize Suite Lifecycle Manager 122
Manage a Data Source in an Existing Private Cloud Environment 122
Update Bulk Passwords for Data Source 123
Scale-Out VMware Identity Manager 124
Scheduled Health Check 125
Scale-Out Tenant Enabled VMware Identity Manager 126
Scale-Out Windows Connector 126
Scale-Out vRealize Suite Products 127
Scale-Out Tenant Enabled vRealize Automation 129
Scale-Up vRealize Suite Products 129
Export a Private Cloud Environment Configuration File 131
Download Private Cloud Product Logs 132
Delete an Environment 132
Managing vRealize Suite Products in a Private Cloud 134
Creating and Managing a Product Snapshot 134
Inventory Sync in vRealize Suite Lifecycle Manager 136
Product References 136
Change your Password for vRealize Products 137
Delete a Product from an Environment 138
Add Licenses for vRealize Suite Products 139
Configure Health Monitoring for the vRealize Suite Management Stack 140
Health Status in vRealize Suite Lifecycle Manager 141
View the SDDC Health Overview Dashboard in VMware vRealize Operations Manager 142
Enable or Disable Health Check for Products in vRealize Suite Lifecycle Manager 142
Adding and Managing Content from Marketplace 143
Find and Download Content from Marketplace 143
View and Upgrade Downloaded Marketplace Content 144
Install a Downloaded Marketplace Content 145
Delete Content Downloaded from the Marketplace 145

5 Managing Content Lifecycle in vRealize Suite Lifecycle Manager 147

Working with Content Endpoints 149
Add a vRealize Orchestrator Content Endpoint 150
Add a vRealize Automation Content Endpoint 152
Add a vRealize Automation Cloud Endpoint 153

VMware, Inc. 5
vRealize Suite Lifecycle Manager 8.6 Installation, Upgrade, and Management Guide

Add a Source Control Endpoint 154

Add a vCenter Server Content Endpoint 155
Add a vRealize Operations Manager Endpoint 156
Delete a Content Endpoint 158
Edit a Content Endpoint 158
Managing Content 159
Add Content 160
Delete Multiple Content 162
Working with Captured Content 162
Content Actions 163
Content Types Available for Products 163
Searching Content 167
Test Content 167
Source Control with vRealize Suite Lifecycle Manager Content Lifecycle Management 170
Deploy a Content Package 176
Multi Release of Content Package 177
Delete a Content Package 179
Content Issues You might Encounter 179
Access Source Control 180
Managing Source Control Server Endpoints 180
Add a Source Control Server Endpoint 180
Delete a Source Control Server Endpoint 181
Working with Content Settings 182
Configure Pipeline Stub 183
Map Your Proxy Setting 184
Content Pipelines Settings 184
Content Pipelines 186

6 Upgrading vRealize Suite Lifecycle Manager and vRealize Suite Products 188
Upgrade vRealize Suite Lifecycle Manager 8.x 188
Support for Additional Product Versions 190
Upgrade VMware Identity Manager 190
Migrating Windows Connector 192
Upgrade vRealize Automation 8.x with vRealize Suite Lifecycle Manager 193
Upgrade Functionality of vRealize Automation 195
Upgrade a vRealize Suite Product 196
Upgrade Existing Products Using Pre-Upgrade Checker 198
Upgrade vRealize Operations Manager 200
Upgrade vRealize Automation 7.x 201
Upgrade vRealize Network Insight 202
Upgrade vRealize Log Insight 203

VMware, Inc. 6
vRealize Suite Lifecycle Manager 8.6 Installation, Upgrade, and Management Guide

Upgrade vRealize Business for Cloud 204

Upgrade vRealize Automation Salt Stack Config 204

7 Performing a Disaster Recovery Plan for vRealize Suite Lifecycle Manager 206

8 Managing vRealize Cloud Licenses in vRealize Suite Lifecycle Manager 208

Managing vRealize Cloud Licenses in Locker 208
Downloading Usage Report for vRealize Cloud Licenses 210
Activating vRealize Cloud Universal Subscription Licenses 210
Day 2 Operations for vRealize Cloud Universal 211
Day 2 Operations for vRealize Cloud Licenses 211

9 Troubleshooting vRealize Suite Lifecycle Manager 213

Unexpectedly Large vRealize Operations Manager Virtual Machine Fails to Power On Due to
Resource Limitations 215
Environment Deployment Fails During vRealize Log Insight Clustering and VMware Identity
Manager Registration 215
Change in DNS Server 216
Wrong IP Details During vRealize Suite Lifecycle Manager Deployment 216
Binary Mappings Are Not Populated 217
Content Capture Fails with Secure Field 217
Fix Errors Using Log Files 218
Blueprint Capture Fails 218
Component Profile Deployment Fails 219
Update vRealize Suite Lifecycle Manager Hostname 219
Resource Not Found in Directory Management 220
vRealize Automation UI Does Not Display New License Keys 220
Capture, Test, or Release Fails in vRealize Orchestrator Content 221
Non-Responsive State of License-Related Operations in vRealize Automation 7.6 221
Import or Inventory Sync of vRealize Suite Product Fails 222
VMware Identity Manager Day 2 Operations Fail When the Root Password Expires 222
Enable Log Rotation for pgpool Logs on Postgres Clustered VMware Identity Manager 222
VMware Identity Manager Postgres Cluster Outage Due to Loss of Delegate IP 223
Importing vRealize Automation invRealize Suite Lifecycle Manager Fails 224
vRealize Suite Lifecycle Manager Displays Older Version After an Upgrade 225
Licenses Disconnected as Day-2 Operation in Cloud Universal UI Are Not Listed for Reconnect
225

VMware, Inc. 7
About vRealize Suite Lifecycle Manager
Installation, Upgrade, and Management
Guide

The vRealize Suite Lifecycle Manager Installation and Management guide provides instructions
for installing VMware vRealize Suite Lifecycle Manager and using vRealize Suite Lifecycle
Manager to install and manage vRealize Suite products.

Intended Audience
This information is intended for anyone who wants to use vRealize Suite Lifecycle Manager to
deploy and manage the vRealize Suite products to monitor and manage a software-defined data
center (SDDC). The information is written for experienced virtual machine administrators who are
familiar with enterprise management applications and data center operations.

Participating in the Customer Experience Improvement

Program for vRealize Suite Lifecycle Manager
This product participates in VMware's Customer Experience Improvement Program (CEIP). The
CEIP provides VMware with information that enables VMware to improve its products and
services, to fix problems, and to advise you on how best to deploy and use our products.

Details regarding the data collected through CEIP and the purposes for which it is used by
VMware are set forth at the Trust & Assurance Center at http://www.vmware.com/trustvmware/
ceip.html.

To join or leave the Customer Experience Improvement Program (CEIP), see Configure
Environment Settings for a New Private Cloud

VMware, Inc. 8
Installing vRealize Suite Lifecycle
Manager 1
vRealize Suite Lifecycle Manager helps you to install the vRealize Suite products in a shorter time
frame than installing individual products. You can also manage and upgrade your vRealize Suite
products through vRealize Suite Lifecycle Manager.

n System Requirements
The following hardware and operating system requirements are required for vRealize Suite
Lifecycle Manager.

n vRealize Suite Lifecycle Manager Ports

This section provides a list of ports used by vRealize Suite Lifecycle Manager for product
and integration communication.

n Installing VMware vRealize Suite Lifecycle Manager Easy Installer

You can use one of our installers to install the required vRealize Suite products.

n Log In to vRealize Suite Lifecycle Manager

Log in to the vRealize Suite Lifecycle Manager UI to create and manage cloud environments
with vRealize Suite Lifecycle Manager.

n Accessing the vRealize Suite Lifecycle Manager Dashboard

vRealize Suite Lifecycle Manager includes dashboard which acts as a single pane of glass
comprising of all the functionality as applications.

n Notifications in vRealize Suite Lifecycle Manager

You can view the available updates for the products in the environment and overall health
vRealize Suite Lifecycle Manager under notifications.

System Requirements
The following hardware and operating system requirements are required for vRealize Suite
Lifecycle Manager.

VMware, Inc. 9
vRealize Suite Lifecycle Manager 8.6 Installation, Upgrade, and Management Guide

Requirements vRealize Suite Lifecycle Manager

Minimum Software Requirements n vCenter Server 6.0

n ESXi version 6.0

Minimum Hardware Requirements n 6 GB memory

n 78 GB storage - Thick Provision

Virtual CPU 2

Supported vRealize Products for Greenfield Installation, Scale Out,

and Upgrade
vRealize Suite Lifecycle Manager supports the following vRealize Suite products:

n vRealize Automation

n vRealize Automation Salt Stack Config: Standalone

n vRealize Automation Salt Stack Config: vRA-Integrated

n vRealize Business for Cloud

n vRealize Operations Manager

n vRealize Log Insight

n vRealize Network Insight

n VMware Identity Manager

The VMware Product Interoperability Matrix provides details about the supported product
versions and the compatibility matrix of vRealize Suite Lifecycle Manager with vRealize Suite
products.

For more information about vRealize Suite, see vRealize Suite Overview. You can onboard a
supported vRealize product version that supports import in vRealize Suite Lifecycle Manager, and
then can upgrade the same to a supported product versions by vRealize Suite Lifecycle Manager.

Supported vRealize Versions for Imported Products in vRealize Suite

Lifecycle Manager
vRealize Suite Lifecycle Manager supports the following vRealize products and product versions.

VMware, Inc. 10
vRealize Suite Lifecycle Manager 8.6 Installation, Upgrade, and Management Guide

Product Supported Versions

vRealize Automation 7.2, 7.3.0, 7.3.1, 7.4, 7.5.0, 7.6.0, 8.0.0, 8.0.1, 8.1.0, 8.2.0, 8.3.0, 8.4.0, 8.4.1, 8.5, 8.5.1, and 8.6.0
vRealize Automation 8.4.1 is supported with vRealize Suite Lifecycle Manager 8.4.1.
vRealize Automation 8.4.2 is supported with vRealize Suite Lifecycle Manager 8.4.1 Patch 1.
vRealize Automation 8.5.0 is supported with vRealize Suite Lifecycle Manager 8.4.1 product
support pack 3.
vRealize Automation 8.5.1 is supported with vRealize Suite Lifecycle Manager 8.4.1 product
support pack 4.

vRealize Automation 8.4.0, 8.4.1, 8.5, 8.5.1, and 8.6.0

Salt Stack Config: vRealize Automation Salt Stack Config 8.4.2 is supported with vRealize Suite Lifecycle Manager
Standalone 8.4.1 Patch 1.
vRealize Automation vRealize Automation Salt Stack Config 8.5.0 is supported with vRealize Suite Lifecycle Manager
SaltStack Config: vRA- 8.4.1 product support pack 3.
Integrated vRealize Automation 8.5.1 is supported with vRealize Suite Lifecycle Manager 8.4.1 product
support pack 4.

vRealize Business for 7.2, 7.3.0, 7.3.1, 7.4, 7.5.0, and 7.6.0
Cloud

vRealize Operations 6.3, 6.4, 6.5.0, 6.6.0, 6.6.1, 6.7.0, 7.0.0, 7.5.0, 8.0.0, 8.0.1, 8.1.0, 8.1.1, 8.2.0, 8.3.0, 8.4.0, 8.5.0,
Manager and 8.6.0
vRealize Operations Manager 8.5.0 is supported with vRealize Suite Lifecycle Manager 8.4.1
product support pack 2.

vRealize Log Insight 4.5.1, 4.6.0, 4.6.1, 4.7.0, 4.7.1, 4.8.0, 8.0.0, 8.1.0, 8.1.1, 8.2.0, 8.3.0, 8.4.0, 8.4.1, 8.5.0, 8.6.0
vRealize Log Insight 8.4.1 is supported with vRealize Suite Lifecycle Manager 8.4.1 product
support pack 1.

VMware Identity 3.3.1 and later.

Manager

vRealize Network 4.0, 4.1, 4.1.1, 4.2.0, 5.0, 5.1.0, 5.2.0, 5.3.0, 6.0.0, 6.1.0, 6.2.0, 6.3.0 and 6.4.0 vRealize Network
Insight Insight 6.3.0 is supported with vRealize Suite Lifecycle Manager 8.4.1 Product Support Pack 2.

For the product interoperability, see Interoperability Matrix. For more information about vRealize
Suite, see vRealize Suite Overview.

Supported Browsers
n Google Chrome

n Internet Explorer

n Mozilla Firefox

vRealize Suite Lifecycle Manager Ports

This section provides a list of ports used by vRealize Suite Lifecycle Manager for product and
integration communication.

VMware, Inc. 11
vRealize Suite Lifecycle Manager 8.6 Installation, Upgrade, and Management Guide

Table 1-1. Required Ports and Endpoints for Integration and Communication with VMware
Services in Cloud

Service TCP Port URL

My VMware 443 https://apigw.vmware.com

Cloud Marketplace 443 https://

gtw.marketplace.cloud.vmware.com

Updates 443 https://vapp-updates.vmware.com

Compatibility 443 https://simservice.vmware.com

Patch and policy refresh repository 443 https://vrealize-updates.vmware.com

VMware Cloud 443 https://console.cloud.vmware.com

VMware Cloud API 443 https://api.mgmt.cloud.vmware.com

Subscriptions API 443 https://vconnect.vmware.com

My VMware API Host Market Place API Host

Names Names Market Place API Host URLs

apigw.vmware.com marketplace.vmware.com https://gtw.marketplace.cloud.vmware.com

download2.vmware.com drd6c1w7be.execute-api.us- n https://cspmarketplacemainbuck.s3.us-

download3.vmware.com west-1.amazonaws.com west-2.amazonaws.com
(*.amazonaws.com) n https://
cspmarketplaceproductiondownloadable.s3.us-
west-2.amazonaws.com and https://
cspmarketplacemainbuck.s3.us-
west-2.amazonaws.com

*.akamaiedge.net

Note
n vRealize Suite Lifecycle Manager always initiates the communication to retrieve or to send
data to the VMware services in Cloud. You can configure your network to permit outbound
traffic and block inbound traffic to the specified port without impacting the vRealize Suite
Lifecycle Manager features that integrate with the VMware services in Cloud.

n Ensure that any downloads or API host URLs that are redirected from Market Place are
allowed.

Table 1-2. Required Ports for Integration and Communication with VMware Products On-Premise

Product or Integration TCP Port Number

vRealize Automation Appliance 5480, 443, 22

vRealize Automation IaaS Server Nodes 443

vRealize Automation Proxy 443

VMware, Inc. 12
vRealize Suite Lifecycle Manager 8.6 Installation, Upgrade, and Management Guide

Table 1-2. Required Ports for Integration and Communication with VMware Products On-Premise
(continued)

Product or Integration TCP Port Number

vRealize Business for Cloud Server/Collector Appliances 5480, 443, 22

vRealize Operations Manager Analytics Cluster Appliances 443, 22

vRealize Operations Manager Remote Collector 443, 22

Appliances

vRealize Log Insight Appliances 443, 9543, 16520, 22

vRealize Network Insight 443, 22

Identity Manager Appliances 8443, 443,

9999, 9898, 9000, 9694 (Use these for a cluster)

vRealize Orchestrator Appliances n 8281 - vRealize Orchestrator 7.x version only.

n 443 - Starting with vRealize Orchestrator 8.x.

vCenter Server Instances 443

ESXi Host Instances 443

Content Management Host (GitLab) 443

Note For vRealize Suite Lifecycle Manager 8.x and later, ICMP protocol must be enabled
between vRealize Suite Lifecycle Manager and products that are being managed.

Note For more information on ports, see vRealize Suite Lifecycle Manager 8.x Security
Hardening Guide and VMware Ports and Protocol tool.

Installing VMware vRealize Suite Lifecycle Manager Easy

Installer
You can use one of our installers to install the required vRealize Suite products.

n VMware vRealize Suite Lifecycle Manager Easy Installer for vRealize Automation and
VMware Identity Manager: This installer helps to install vRealize Suite Lifecycle Manager,
vRealize Automation, and VMware Identity Manager (also known as VMware Workspace ONE
Access). The OVA bundle of this package contains the binaries of vRealize Suite Lifecycle
Manager, vRealize Automation, and VMware Identity Manager.

n VMware vRealize Suite Lifecycle Manager Easy Installer: This installer helps to install only
vRealize Suite Lifecycle Manager. This package contains the OVA bundle of only vRealize
Suite Lifecycle Manager.

You can download the executable file of one of these installers from the My VMware download
page.

VMware, Inc. 13
vRealize Suite Lifecycle Manager 8.6 Installation, Upgrade, and Management Guide

How to run the vRealize Suite Lifecycle Manager Easy Installer for
vRealize Automation and VMware Identity Manager
The vRealize Suite Lifecycle Manager Easy Installer for vRealize Automation and VMware Identity
Manager is downloadable from the My VMware download page.

Procedure

1 Download the vRealize Suite Lifecycle Manager Easy Installer for vRealize Automation and
VMware Identity Manager executable file from the My VMware download page.

2 After you download the file, mount the vra-lcm-installer.iso file.

3 Browse to the folder vrlcm-ui-installer inside the CD-ROM.

4 The folder contains three subfolders for three operating systems. Based on your operating
system, browse to the corresponding operating system folder inside the vrlcm-ui-
installer folder.

5 Click the installer file in the folder.

Operating System File Path

Windows lcm-installer\vrlcm-ui-installer\win32

Linux a Log in to Linux VM.

b Run apt-get install p7zip-full.
c Run 7z x vra-lcm-installer.iso.
d Run chmod +x vrlcm-ui-installer/lin64/installer
e Run chmod +x ./vrlcm/ovftool/lin64/ovftool*
f Run apt install libnss3 (required only if the libnss3 component is
not installed.)
g Run vrlcm-ui-installer/lin64/installer.

Mac vrlcm-ui-installer/mac/Installer

The vRealize Suite Lifecycle Manager Easy Installer for vRealize Automation and VMware
Identity Manager UI is specific to the operating system. Ensure that you are using the valid UI
folder path to run the installer.

Results

You can now install your applications using the vRealize Suite Lifecycle Manager Easy Installer for
vRealize Automation and VMware Identity Manager.

If the vRealize Suite Lifecycle Manager Easy Installer for vRealize Automation and VMware
Identity Manager fails to launch, and you see this error message "A problem occurred during
installation.Check the installer logs and retry", it is because:

n A host rebooted during installation. Select the Host to return to a healthy state.

n The datastore was 100% full during installation. Clear the datastore memory and retry
launching the Easy Installer.

VMware, Inc. 14
vRealize Suite Lifecycle Manager 8.6 Installation, Upgrade, and Management Guide

n The vRealize Suite Lifecycle Manager Easy Installer for vRealize Automation and VMware
Identity Manager could not connect to the ESXI host. Add target vCenter Server
and all cluster associated ESXI servers DNS FQDN entries to the system host's file:
C:\Windows\System32\drivers\etc\hosts. For Linux and Mac, /etc/hosts.

Install and Configure vRealize Identity Manager

You can install a new instance of vRealize Identity Manager or import an existing instance when
you are configuring vRealize Suite Lifecycle Manager Easy Installer for vRealize Automation and
vRealize Identity Manager.

If you want to customize your VMware Identity Manager configuration, which can include
deployment of VMware Identity Manager in a standard or a cluster mode, customized mode of
Network, storage, you can skip the installation of VMware Identity Manager. If you have skipped,
you are still prompted to configure the VMware Identity Manager on the vRealize Suite Lifecycle
Manager UI. With vRealize Suite Lifecycle Manager Easy Installer for vRealize Automation and
VMware Identity Manager, you either import an existing VMware Identity Manager into vRealize
Suite Lifecycle Manager or a new instance of VMware Identity Manager can be deployed. For
more information on Hardware re-sizing for VMware Identity Manager, see Re-sizing Hardware.

Prerequisites

Verify that you have a static IP address before you begin your configuration.

Procedure

1 To install a new instance, select Install new vIDM.

2 Enter the required text boxes under Virtual Machine Name, IP Address, Hostname, and
Default Configuration Admin.

Note The vRealize Suite Lifecycle Manager Easy Installer for vRealize Automation and
VMware Identity Manager creates the Default Configuration Admin user as a local user in
VMware Identity Manager and the same user is used to integrate products with VMware
Identity Manager.

3 To import an existing instance, select Import Existing vIDM.

a Enter the Hostname, Admin Password, System Admin Password, SSH User Password,
Root Password, Default Configuration Admin, and Default Configuration Password.

b Select the Sync group members to the Directory when user want to sync group
member while adding a group for the global configuration of VMware Identity Manager.

VMware, Inc. 15
vRealize Suite Lifecycle Manager 8.6 Installation, Upgrade, and Management Guide

With vRealize Easy Installer for vRealize

Automation and VMware Identity Manager VMware Identity Manager
8.6 supported version Description

New installation of vRealize Suite Lifecycle 3.3.5 only

Manager

Import vRealize Suite Lifecycle Manager 3.3.1, 3.3.2, 3.3.4, or 3.3.5

Deploy vRealize Automation 3.3.2 Note If you import VMware

Identity Manager 3.3.1 and install
vRealize Automation 8.2 or later, the
installation fails.

Note VMware Identity Manager will be supported if the scenarios are one of the following:

n Single or cluster instance with embedded Postgres database.

n VMware Identity Manager 3.3.2 and 3.3.3 with the given deployment type.

Note VMware Identity Manager will not be supported if the scenarios are one of the
following:

n Single or cluster instance having external Database (Postgres/MSSQL and so on).

n Single or cluster instance with additional connectors (Windows and external connectors)
other than the embedded ones.

n Earlier versions of VMware Identity Manager. (3.3.0 and earlier version)

Note If the older version of vRealize Suite Lifecycle Manager does not have VMware Identity
Manager, it can either be installed or imported.VMware Identity Manager Lifecycle and
extended day-2 functionalities are not supported from the vRealize Suite Lifecycle Manager if
the imported VMware Identity Manager not in supported form factor:

Upgrade support from an older VMware Identity Manager version (3.3.0 and earlier) to the
latest is only available if it is a single instance or a node vRealize Identity Manager with
embedded postgres database.

Else you can upgrade outside vRealize Suite Lifecycle Manager. Once upgraded, it can any
time be reimported by triggering Inventory Sync in vRealize Suite Lifecycle Manager .

4 Click Next.

If you cannot deploy vRealize Suite Lifecycle Manager VMware Identity Manager or vRealize
Automation in VMC vCenter Server using vRealize Suite Lifecycle Manager Easy Installer for
vRealize Automation and VMware Identity Manager, then use the vCenter Server that has an
administrator privilege to deploy products.

VMware, Inc. 16
vRealize Suite Lifecycle Manager 8.6 Installation, Upgrade, and Management Guide

How do I use vRealize Suite Lifecycle Manager Easy Installer for

vRealize Automation and VMware Identity Manager to install my
applications
You can install vRealize Suite Lifecycle Manager, VMware Identity Manager, and vRealize
Automation using vRealize Suite Lifecycle Manager Easy Installer for vRealize Automation and
VMware Identity Manager.

Install and Configure Products

You can deploy and configure vRealize Suite Lifecycle Manager using vRealize Suite Lifecycle
Manager Easy Installer for vRealize Automation and VMware Identity Manager when a
deployment is completed.

Lifecycle Manager can be installed and configured using vRealize Suite Lifecycle Manager
Easy Installer for vRealize Automation and VMware Identity Manager. You can refer to the
Installing vRealize Automation using vRealize Suite Lifecycle Manager Easy Installer for vRealize
Automation and VMware Identity Manager.

Prerequisites

n Verify if a vCenter Server is available for deploying Lifecycle Manager and products.

n A static IPv4 with accurate FQDN is used for a Lifecycle Manager deployment.

n To prevent unwanted internal ports outside after vRealize Suite Lifecycle Manager Virtual
appliance reboot, login to vRealize Suite Lifecycle Manager Virtual appliance through SSH and
run the command rm -rf /etc/bootstrap/everyboot.d/10-start-services, after deploying
vRealize Suite Lifecycle Manager Virtual appliance from the easy installer.

Procedure

1 Deploy Lifecycle Manager using vRealize Suite Lifecycle Manager Easy Installer for vRealize
Automation and VMware Identity Manager.

Note By default, you can find:

n default_datacenter (datacenter name provided in the Easy Installer)

n default_vCenter (vCenter Name provided in Easy Installer)

n DNS servers and NTP servers

n Data Disk Extended (Disk size provided in Easy Installer)

n globalenvironment. (VMware Identity Manager - Based on product selection)

n vRealize Automation environment (Based on product selection)

n VMware Identity Manager and vRealize Automation passwords in the locker

n Source mapping for vRealize Automation and VMware Identity Manager

VMware, Inc. 17
vRealize Suite Lifecycle Manager 8.6 Installation, Upgrade, and Management Guide

2 To deploy a new product, after you log in to vRealize Suite Lifecycle Manager, click Lifecycle
Operations on the Dashboard - My Services.

3 Click Datacenter and navigate to ADD DATACENTER.

4 Add a vCenter Server to the Data Center.

5 Create a valid certificate in the vRealize Suite Lifecycle Manager Locker.

6 Add the required license keys for future use in vRealize Suite Lifecycle Manager Locker.

7 Extend the Lifecycle Manager appliance disk space to accommodate product binaries and
other necessary components to be used in future.

8 (Optional) Configure the proxy settings in Lifecycle Manager for an internal network
connectivity.

Installing vRealize Suite Lifecycle Manager with Easy Installer for vRealize
Automationand VMware Identity Manager
You can install vRealize Suite Lifecycle Manager using vRealize Suite Lifecycle Manager Easy
Installer for vRealize Automation and VMware Identity Manager.

Watch the vRealize Suite Lifecycle Manager Installation with Easy Installer video.

Prerequisites

You must meet these prerequisites before you can install vRealize Suite Lifecycle Manager:

n Ensure you have a vCenter Server set up and access to the credentials.

n Ensure you have the network configuration details for vRealize Automation

n Ensure you know the Lifecycle VA deployment details

Procedure

1 Click Install on the vRealize Easy Installer window.

2 Click Next after reading the introduction.

3 Accept the License Agreement and click Next. Read the Customer Experience Improvement
Program and select the checkbox to join the program.

4 To specify vCenter Server details, enter these details on the Appliance Deployment Target
tab.

a Enter the vCenter Server Hostname.

b Enter the HTTPs Port number.

c Enter the vCenter Server Username, and Password.

5 Click Next and you are prompted with a Certificate Warning, click Accept to proceed.

VMware, Inc. 18
vRealize Suite Lifecycle Manager 8.6 Installation, Upgrade, and Management Guide

6 You must specify a location to deploy virtual appliances.

a Expand the vCenter Server tree.

b Expand to any data center and map your deployment to a specific VM folder.

7 Specify a resource cluster on the Select a Compute Resource tab.

a Expand the data center tree to an appropriate resource location and click Next.

8 On the Select a Storage Location tab, select a datastore to store your deployment and click
Next.

9 On the Network Configuration and Password Configuration tabs, set up your Network and
Password configuration by entering the required fields, and clicking Next.

a For a vRealize Suite Lifecycle Manager VM, enter the NTP Server for the appliance and
click Next.

The network configurations provided for all products are a one time entry for your
configuration settings. The password provided is also common for all products and you need
not enter the password again while you are installing the products.

Password should have minimum one upper case, one lower case, one number and one
special character. Special characters can be !@#$%^&*(). Colon(:) is not supported in the
password for vRealize Automation 8.0 and 8.0.1.

10 Set up vRealize Suite Lifecycle Manager configuration settings,

a Enter a Virtual Machine Name, IP Address, and Hostname.

b Provide configuration information. Enter the Data Center Name, vCenter Name and
Increase the Disk Space fields.

c Enable or disable the FIPS Mode Compliance, as required.

d Click Next.

What to do next

You can now start installing vRealize Identity Manager.

VMware, Inc. 19
vRealize Suite Lifecycle Manager 8.6 Installation, Upgrade, and Management Guide

Install VMware Identity Manager

You can install a new instance of VMware Identity Manager or import an existing instance when
you are configuring vRealize Suite Lifecycle Manager Easy Installer for vRealize Automation and
VMware Identity Manager.

Note
n Without installing or importing a VMware Identity Manager, you cannot access any other
environment from vRealize Suite Lifecycle Manager.

n If you are installing vRealize Automation, ensure that you deploy VMware Identity Manager
with the recommended size for vRealize Automation.

n Refer to the vRealize Suite Lifecycle Manager Easy Installer for vRealize Automation and
VMware Identity Manager documentation for the software and hardware requirements to
deploy VMware Identity Manager.

Prerequisites

n Verify that you have a static IP address and Active Directory details before you begin your
configuration.

n Verify that an external load balancer is installed with a valid certificate and the requirements
are met. For load-balancing specific information for VMware Identity Manager, see the
VMware Identity Manager Load Balancing documentation.

Procedure

1 To install a new instance, select the Install vIDM.

a Enter the required text boxes under Virtual Machine Name, IP Address, Hostname, and
Default Configuration Admin.

2 To import an existing instance, select Import Existing vIDM.

a Enter the Hostname, Admin Password, System Admin Password, SSH User Password,
Root Password, Default Configuration Admin, and Default Configuration Admin
Password.

Note This is a local user that you create on the default tenant in VMware Identity
Manager and provide the admin access in the default tenant. The same user is used for all
product integration with VMware Identity Manager and the admin role is assigned in the
corresponding product. For example, when vRealize Automation 8.x is getting registered
with VMware Identity Manager, this default configuration user is made the organization
admin and is given with appropriate roles. Once vRealize Automation 8.x is deployed, the
configuration user is the initial user to log in with. With other products when they are
integrated with VMware Identity Manager, the same user is assigned an admin role in the
product. More of SSO use-case where the default configuration admin has access to all
deployed products.

3 Click Next.

VMware, Inc. 20
vRealize Suite Lifecycle Manager 8.6 Installation, Upgrade, and Management Guide

Catalog Applications for vRealize Suite Products

You can deploy a catalog application to access vRealize Suite products that are managed in
VMware Workspace ONE Access (formerly called VMware Identity Manager).

When you install vRealize Suite products in VMware vRealize Suite Lifecycle Manager, integrate
the desired product with VMware Identity Manager (optional) to create a catalog application in
the VMware Workspace ONE Access. With a single sign-on to VMware Workspace ONE Access,
view the list of catalogs that are created for the vRealize Suite products. You can choose to open
any product from the catalog with the catalog single sign-on feature.

The vRealize Suite products that support the use of catalog applications are vRealize Automation,
vRealize Log Insight, vRealize Network Insight, vRealize Operations Manager, vRealize Business
for Cloud, and vRealize Suite Lifecycle Manager.

Note
n When installing a single node vRealize Automation 8.x, the catalog application directs you to
the vRealize Automation primary host name.

n When installing a clustered vRealize Automation 8.x, the catalog application directs you to
the vRealize Automation Load Balancer host name.

n When scaling out a single node vRealize Automation 8.x to a clustered setup, the catalog
application directs you to the newly added vRealize Automation Load Balancer host name.

Install and Configure vRealize Automation Using vRealize Suite Lifecycle

Manager Easy Installer for vRealize Automation and VMware Identity Manager
The vRealize Suite Lifecycle Manager Easy Installer for vRealize Automation and VMware Identity
Manager provides you with a functionality to install vRealize Automation with minimum steps.

VMware, Inc. 21
vRealize Suite Lifecycle Manager 8.6 Installation, Upgrade, and Management Guide

The installer provides you with minimal or a clustered deployment options before you start your
vRealize Automation configuration. Manual installation of vRealize Automation through OVA or
ISO is not supported.

Note The master node is now referred to as the primary node. The master replica node is now
referred to as the primary replica node.

Prerequisites

n Verify that you have the primary vRealize Automation credentials before installing vRealize
Automation. vRealize Automation 8.4 requires an external VMware Identity Manager 3.3.2 or
later.

n Verify that an external load balancer is installed and the requirements are met. For more
information, see vRealize Automation Load Balancing.

Procedure

1 Enter the vRealize Automation Environment Name.

2 Under vRealize Automation license, enter the License Key.

3 After configuring your VMware Identity Manager settings, you can opt to install vRealize
Automation.

4 For a standard deployment with a primary node, perform the following steps.

a Enter the Virtual Machine Name, IP Address, and FQDN Hostname of vRealize
Automation.

b Provide configuration information. Enter the Data Center Name, vCenter Name and
Increase the Disk Space fields. For more information, refer to the vRealize Suite Lifecycle
Manager Easy Installer for vRealize Automation and VMware Identity Manager.

c Enable or disable the FIPS Mode Compliance, as required.

d Skip to Step 6.

5 For a cluster deployment with three nodes, enter the Load Balancer IP address and
Hostname.

6 For a cluster deployment, create a primary node by using step 4 as a guideline.

7 For a cluster deployment, create secondary nodes, enter the required text boxes, and
proceed.

8 Under Advanced Configuration for vRealize Automation, you can either choose the Use
Default option to enable the default values for internal pods and services configuration in
CIDR format, or use the Use Custom option to enter the values for K8S Cluster IP Range and
K8S Service IP Range in CIDR format.

9 Click Next.

VMware, Inc. 22
vRealize Suite Lifecycle Manager 8.6 Installation, Upgrade, and Management Guide

10 Read the Summary page with the entered data and click Submit.

After submitting your details, the installer takes about 30 minutes to install the Lifecycle
Manager, copy binaries and then start the installation process. You can enable the multi-
tenancy for vRealize Automation, refer to Tenant Management in vRealize Suite Lifecycle
Manager.

How do I use Easy Installer for vRealize Automation and VMware

Identity Manager to migrate vRealize Suite Lifecycle Manager
This topic discusses how vRealize Suite Lifecycle Manager Easy Installer for vRealize Automation
and VMware Identity Manager helps to migrate the older versions of vRealize Suite Lifecycle
Manager to the latest versions.

Migrating 2.x Version to vRealize Suite Lifecycle Manager 8.x

You can migrate the earlier versions of Lifecycle Manager to the latest versions.

You can migrate vRealize Suite Lifecycle Manager 2.1 to 8.x or later. The migration also requires
inputs, such as legacy vRealize Suite Lifecycle Manager hostname, user name, password, and
SSH password. For more information, watch the Migration of vRealize Suite Lifecycle Manager
with Easy Installer video:
Migration of vRealize Suite Lifecycle Manager with Easy Installer
(http://link.brightcove.com/services/player/bcpid2296383276001?
bctid=ref:video_LCM_migrate)

Prerequisites

n Verify that you have vRealize Suite Lifecycle Manager 2.1 version or later.

n Legacy vRealize Suite Lifecycle Manager must have SSH enabled for the root user.

Procedure

1 From the Easy Installer wizard, click Migrate.

2 Enter the vCenter details where the new vRealize Suite Lifecycle Manager 8.x is installed.

3 Select the data center in the vCenter Server, Compute Resource, and Storage.

4 Enter the network configuration details.

5 In the Password configration, enter the password which can be set to the vRealize Suite
Lifecycle Manager root and admin password.

6 If you want to deploy Identity Manager, then enter the password for admin, sshuser, and
root credential.

7 Enter the vRealize Suite Lifecycle Manager 8.x VMname, Hostname, and the IP details.

8 Enter the legacy vRealize Suite Lifecycle Manager Hostname, Username, and Password.

VMware, Inc. 23
vRealize Suite Lifecycle Manager 8.6 Installation, Upgrade, and Management Guide

9 Select New Identity Manager Installation or Import Existing Identity Manager.

If you have selected to install New Identity Manager, then it is deployed in the same vCenter
Server mentioned in step 2. If you import an existing Identity manager, verify that the identity
manager is already registered in the vRealize Suite Lifecycle Manager legacy VM and identity
manager SSH is enabled for the root user.

Note A new installation of vRealize Suite Lifecycle Manager 8.x supports only VMware
Identity Manager 3.3.4. The earlier versions of VMware Identity Manager will be supported
only for an existing vRealize Suite Lifecycle Manager instance that is being migrated to
vRealize Suite Lifecycle Manager 8.x and later. Upgrade support from earlier VMware
Identity Manager version to the latest is only available if they conform to the vRealize
Suite Lifecycle Manager supported criteria. Any earlier versions of vRealize Suite Lifecycle
Manager 8.x allows only single instance of VMware Identity Manager to be deployed with
the embedded connector and embedded postgresql database. Upgrade of VMware Identity
Manager withinvRealize Suite Lifecycle Manager 8.x to the latest versions will be supported if
it conforms to the mentioned criteria. Else the upgrade has to be performed outside vRealize
Suite Lifecycle Manager. After you upgrade, it can any time be reimported by triggering
Inventory Sync in vRealize Suite Lifecycle Manager 8.x.

10 Click Submit.

11 When the migration is successful, click the vRealize Suite Lifecycle Manager URL or the
migration request to view the progress by logging in with admin@local with the password
given in step 5.

12 All the environments with data centers, vCenter Servers, Settings (such as NTP, DNS, and so
on), content endpoints that are managed by older Lifecycle Manager are migrated and the
environments are imported to the latest version.

Results

As part of migration, create a global environment based on installation or import when you
import legacy vRealize Suite Lifecycle Manager VMware Identity Manager to vRealize Suite
Lifecycle Manager 8.x. If there is a failure in the global environment, it can be due to the missing
ssh user password in the legacy vRealize Suite Lifecycle Manager. Enter the SSH password
details by selecting the correct password on retry and submit the changes to create a global
environment. Once a global environment is created, you can resume the migration operation.

With migration you can create environments, settings, certificate and so on. You can check the
status of migration on the Request status.

Note If you import an existing VMware Identity Manager and if the admin password is different
from the SSH user for the VMware Identity Manager, then the global environment request fails.
In this case, add the SSH password in the locker app manually and retry the request with this
password.

VMware, Inc. 24
vRealize Suite Lifecycle Manager 8.6 Installation, Upgrade, and Management Guide

How to run vRealize Suite Lifecycle Manager Easy Installer

You can download the executable file from the My VMware download page.

Procedure

1 Download the vRealize Suite Lifecycle Manager Easy Installer executable file from the My
VMware download page.

2 After you download the file, mount the lcm-installer.iso file.

3 Browse to the folder vrlcm-ui-installer inside the CD-ROM.

4 The folder contains three subfolders for three operating systems. Based on your operating
system, browse to the corresponding operating system folder inside the vrlcm-ui-
installer folder.

5 Click the installer file in the folder.

Operating System File Path

Windows lcm-installer\vrlcm-ui-installer\win32

Linux a Log in to Linux VM.

b Run apt-get install p7zip-full.
c Run 7z x vra-lcm-installer.iso.
d Run chmod +x vrlcm-ui-installer/lin64/installer
e Run apt install libnss3 (required only if the libnss3 component is
not installed.)
f Run vrlcm-ui-installer/lin64/installer.

Mac vrlcm-ui-installer/mac/Installer

6 The vRealize Suite Lifecycle Manager Easy Installer UI is specific to the operating system.
Ensure that you are using the valid UI folder path to run the installer.

Results

You can now install vRealize Suite Lifecycle Manager using the vRealize Suite Lifecycle Manager
Easy Installer.

How do I use Easy Installer to install vRealize Suite Lifecycle Manager

You can install vRealize Suite Lifecycle Manager using vRealize Suite Lifecycle Manager Easy
Installer.

Prerequisites

n Ensure you have a vCenter Server set up and access to the credentials.

n Ensure you know the Lifecycle VA deployment details.

VMware, Inc. 25
vRealize Suite Lifecycle Manager 8.6 Installation, Upgrade, and Management Guide

Procedure

1 Click Install on the vRealize Suite Lifecycle Manager Easy Installer window.

2 Click Next after reading the introduction.

3 Accept the End User License Agreement and click Next. Read the Customer Experience
Improvement Program and select the checkbox to join the program.

4 To specify vCenter Server details, enter these details on the Appliance Deployment Target
tab.

a Enter the vCenter Server Hostname.

b Enter the HTTPs Port number.

c Enter the vCenter Server Username, and Password.

5 Click Next and you are prompted with a Certificate Warning, click Accept to proceed.

6 You must specify a storage location to deploy virtual appliances.

a Expand the vCenter Server tree.

b Expand to any data center and map your deployment to a specific VM folder.

7 Specify a resource cluster on the Select a Compute Resource tab.

a Expand the data center tree to an appropriate resource location and click Next.

8 On the Select a Storage Location tab, select a datastore to store your deployment and click
Next.

9 On the Network Configuration and Password Configuration tabs, set up your Network and
Password configuration by entering the required fields, and clicking Next.

a For a vRealize Suite Lifecycle Manager VM, enter the NTP Server for the appliance and
click Next.

The network configurations provided for all products are a one-time entry for your
configuration settings. The password provided is also common for all products and you
need not enter the password again while you are installing the products.

Password should have minimum one upper case, one lower case, one number and one
special character. Special characters can be !@#$%^&*(), and colon(:) is not supported in
the password.

10 Set up vRealize Suite Lifecycle Manager configuration settings.

a Enter a Virtual Machine Name, IP Address, and Hostname.

b Provide configuration information. Enter the Data Center Name, vCenter Name and
Increase the Disk Space fields.

c Enable or disable the FIPS Mode Compliance, as required.

d Click Next.

VMware, Inc. 26
vRealize Suite Lifecycle Manager 8.6 Installation, Upgrade, and Management Guide

e Verify the details in the Summary page and click Submit.

How do I use Easy Installer to migrate vRealize Suite Lifecycle

Manager
You can use vRealize Suite Lifecycle Manager Easy Installer to migrate from older versions of
vRealize Suite Lifecycle Manager.

Prerequisites

n Verify that you have vRealize Suite Lifecycle Manager 2.1 version or later.

n Legacy vRealize Suite Lifecycle Manager must have SSH enabled for the root user.

Procedure

1 From the vRealize Suite Lifecycle Manager Easy Installer, click Migrate.

2 Enter the vCenter details where the new vRealize Suite Lifecycle Manager 8.4 is installed.

3 Select the data center in the vCenter Server, Compute Resource, and Storage.

4 Enter the network configuration details.

5 In the Password configuration, enter the password which can be set to the vRealize Suite
Lifecycle Manager root and admin password.

6 Enter the vRealize Suite Lifecycle Manager VMname, Hostname, and the IP details.

7 Enter the legacy vRealize Suite Lifecycle Manager Hostname, Username, and Password.

8 Click Submit.

9 When the migration is successful, click the vRealize Suite Lifecycle Manager URL or the
migration request to view the progress by logging in with admin@local with the password
given in step 5.

10 All the environments with data centers, vCenter Servers, Settings (such as NTP, DNS, and so
on), content endpoints that are managed by older Lifecycle Manager are migrated and the
environments are imported to the latest version.

Note During migration, installing or importing VMware Identity Manager is optional. Select
Skip VMware Identity Manager install and import where the VMware Identity Manager
integrated with Legacy vRLCM would not be imported toggle bar to enable this option.

Log In to vRealize Suite Lifecycle Manager

Log in to the vRealize Suite Lifecycle Manager UI to create and manage cloud environments with
vRealize Suite Lifecycle Manager.

Prerequisites

Deploy the vRealize Suite Lifecycle Manager appliance.

VMware, Inc. 27
vRealize Suite Lifecycle Manager 8.6 Installation, Upgrade, and Management Guide

Procedure

1 Use a supported Web browser (Chrome, IE or Mozilla FireFox) to connect to your vRealize
Suite Lifecycle Manager appliance by using the appliance's IP address or host name.

https://IP address/vrlcm

Note You can also access vRealize Suite Lifecycle Manager using the URL https://IP address.
The URL http://IP address does not successfully redirect to vRealize Suite Lifecycle Manager.

2 Enter the administrator user name.

admin@local

3 Enter the default administrator password.

Admin password will be the default password given in the Easy installer while deploying
vRealize Suite Lifecycle Manager.

4 Click Log In.

What to do next

If you are logging in to vRealize Suite Lifecycle Manager for the first time, set the vRealize Suite
Lifecycle Manager root password. If you want to reset the password, go to Settings tab to make
the change.

Configure a new administrator password and other vRealize Suite Lifecycle Manager settings,
such as SSH settings.

Accessing the vRealize Suite Lifecycle Manager Dashboard

vRealize Suite Lifecycle Manager includes dashboard which acts as a single pane of glass
comprising of all the functionality as applications.

The dashboard consists of the applications:

Lifecycle Operations

Use this application on the dashboard to access the vRealize Suite Lifecycle Manager to
manage the Day 0 to Day N operations of the vRealize Suite Products, including vRealize
Network Insight.

Locker

Use this application to manage certificates, licenses, and passwords. You can create and
import certificate including CSR. You can also validate the certificates before applying or
replacing the certificates.

Identity and Tenant Management

You can manage active directories and tenants, and assign roles to users or groups.

Content Management

VMware, Inc. 28
vRealize Suite Lifecycle Manager 8.6 Installation, Upgrade, and Management Guide

You can use this application to access the content lifecycle in vRealize Suite Lifecycle
Manager to manage software-defined data center (SDDC) content, including capturing,
testing, and release to various environments, and source control capabilities through GitLab
or bit bucket integration. You can capture multiple contents from a source control and check
in those contents to another source-control or a different branch.

Marketplace

Use the vRealize Suite Lifecycle Manager to add and manage content from Marketplace.

vRealize Cloud

You can use this application to manage your Cloud subscriptions and Cloud proxies.

Notifications in vRealize Suite Lifecycle Manager

You can view the available updates for the products in the environment and overall health
vRealize Suite Lifecycle Manager under notifications.

The following types of notifications are available in vRealize Suite Lifecycle Manager:

n License Health

n Certificate Health

n Product Upgrade

n Product Patch

n vRealize Suite Lifecycle Manager Self Upgrade

n vRealize Suite Lifecycle Manager Self Patch

n vRealize Suite Lifecycle Manager Product Support Pack

n VCF notifications

n Health Notifications for vRealize Suite Products

n Identity Manager Health Notification

To view the notifications, navigate to Home Page and click Bell icon. To list all the notifications,
click on the View List icon on the right corner of the Notification window.

Note vRealize Suite Lifecycle Manager should be connected to internet to get notifications from
online source.

Configuring SMTP for Email Outbound Notifications

SMTP server is required to send emails, so you must configure SMTP server prior to configuring
outbound notifications.

VMware, Inc. 29
vRealize Suite Lifecycle Manager 8.6 Installation, Upgrade, and Management Guide

Procedure

1 Navigate to Settings from the Lifecycle Operations dashboard.

2 Select SMTP from Server & Accounts.

3 Enter the sender's email ID under SMTP Configuration Details.

4 Enter the SMTP Hostname/IP Address, and then select Encryption from the list.

5 Select the SMTP Port Number.

6 If you select the Requires Authentication toggle, you must provide the authentication details.
Select the plus (+) sign or the key symbol to add the password details.

7 Select an option from the available SMTP Credentials.

8 Click Save.

9 After a successful SMTP configuration, click SEND TEST EMAIL to validate if the configured
SMTP server is correct. Enter your email ID to start receiving email notifications.

What to do next

You can configure email outbound notifications.

Creating Incoming Webhooks for Slack and Teams Channels

When you create an Incoming Webhook, you receive a unique URL. You must add this unique
URL in the Outbound Notifications page to receive alerts and outbound notifications.

Procedure

1 To create an Incoming Webhook on Teams, go to the channel where you want to add the
webhook and select the More Options ellipsis (...).

2 Click Connectors from the drop-down menu.

3 Search for Incoming Webhook, and then select Add.

4 Select Configure, and provide a name. You can also upload an image for the webhook, if
required.

5 A unique URL is generated that maps to the channel. Copy and save the webhook URL, and
then click Done.

6 To create an Incoming Webook on Slack, create your Slack app, and then select the
Incoming Webhooks feature.

7 Select the Activate Incoming Webhooks toogle.

8 Click Add New Webhook to Workspace, and then click Authorize.

9 A unique Webhook URL is generated for your use.

VMware, Inc. 30
vRealize Suite Lifecycle Manager 8.6 Installation, Upgrade, and Management Guide

Configuring Outbound Notifications

Outbound Notifications is introduced to help you configure your email ID, Slack, and Teams
channels. After you configure Outbound Notifications, you would start receiving notifications in
your registered email ID or supported Slack and Teams integrations. You can also view the health
status of your vRealize Suite products and license details. Outbound Notifications are critical or
consolidated. You would receive instant alerts for critical notifications. You can choose daily,
weekly, or monthly alerts for consolidated notifications. Consolidated notifications provides a list
of critical, moderate, and other relevant updates.

Prerequisites

n Ensure that SMTP server is configured prior to configuring email outbound notifications.

n Create incoming webhooks for Slack and Teams channels.

Procedure

1 Navigate to Settings from the Lifecycle Operations dashboard.

2 Select Outbound Notifications from System Administration.

3 Enter the Integration Name, and then select the Frequency.

4 Enter the Webhooks URL that you created for the Slack and Teams channels, and then enter
the recipient's email IDs.

5 Select the applicable check boxes for Notification Triggers.

6 Click Save.

VMware, Inc. 31
Configuring vRealize Suite
Lifecycle Manager 2
After you install vRealize Suite Lifecycle Manager, you can perform certain post-installation
tasks, such as configuring your settings, licenses, and passwords in the vRealize Suite Lifecycle
Manager UI.

This chapter includes the following topics:

n Configure Your vRealize Suite Lifecycle Manager Settings

n Configure Certificate Within Locker

n Configure License Within Locker

n Configure Your Password Within Locker

n Add a Data Center to vRealize Suite Lifecycle Manager

n Creating Roles for Specific Access

n Identity and Tenant Management With VMware Identity Manager

Configure Your vRealize Suite Lifecycle Manager Settings

You can access the Lifecycle Operations from the My Service dashboard. You can modify the
settings for vRealize Suite Lifecycle Manager, such as passwords, and SSH settings in Lifecycle
Operations.

The first time you view the settings page, you must provide data for all available settings to save
any settings. Only a user admin has access to the System Admin Applications. The settings page
contains the following applications.

System Administration Servers & Accounts

System Details NTP Servers

Logs SNMP

System Patches DNS

Product Support Pack My VMware

System Upgrade Binary Mapping

Time Settings SMTP

VMware, Inc. 32
vRealize Suite Lifecycle Manager 8.6 Installation, Upgrade, and Management Guide

System Administration Servers & Accounts

Change Password

Proxy

Change Certificate

Authentication Provider

Outbound Notifications

Note The UI session inactivity timeout value is now configurable. If you are inactive for a certain
period, you can select the time out in minutes before getting logged out of the session.

n Authentication Provider in vRealize Suite Lifecycle Manager

You can view the authentication provider details under the Settings tab in vRealize Suite
Lifecycle Manager.

n Configure Your System

Configure your system after installing the vRealize Suite Lifecycle Manager appliance.

n Configure NTP Servers

Add the NTP servers in vRealize Suite Lifecycle Manager so that they can be referred
while deploying vRealize Suite products. The NTP servers added in vRealize Suite Lifecycle
Manager can be used to set for the system that is with vRealize Suite Lifecycle Manager. The
NTP servers can also be used as input to vRealize Suite product deployment schema.

n Configure DNS Servers

Configure your DNS servers for configuring vRealize Suite Lifecycle Managerappliance to
resolve Host names and IPs from the domain name server.

n Data Source Using SNMP Configurations for vRealize Network Insight

The vRealize Suite Lifecycle Manager supports vRealize Network Insight. vRealize Network
Insight consists of data sources and are recognized by the vRealize Suite Lifecycle Manager
appliance.

n Replace Certificate for vRealize Suite Lifecycle Manager

If you use the custom certificate for vRealize Suite Lifecycle Manager instead of default
self-signed certificate, you replace the vRealize Suite Lifecycle Manager certificate.

n Working with Product Support

After configuring your vRealize Suite Lifecycle Manager system information, you can check
and apply updates or patches that are available in your existing environment.

Authentication Provider in vRealize Suite Lifecycle Manager

You can view the authentication provider details under the Settings tab in vRealize Suite
Lifecycle Manager.

VMware, Inc. 33
vRealize Suite Lifecycle Manager 8.6 Installation, Upgrade, and Management Guide

The Authentication Provider Information section displays the type of the existing authentication
provider, the authentication provider endpoint, the registered FQDN of the application, client ID,
and the name of the catalog application.

The Authentication Provider Action section offers syncing and re-registering capabilities. When
you change or update the host name or FQDN of vRealize Suite Lifecycle Manager, the
authentication provider must sync with the host name. The Sync button ensures that the current
host name or FQDN of vRealize Suite Lifecycle Manager is synced with VMware Identity Manager.
After syncing, you can verify the target URL and the redirect URI in the Catalog tab of VMware
Identity Manager.

The RE-REGISTER button allows re-registering of vRealize Suite Lifecycle Manager with VMware
Identity Manager by creating new OAuth clients and catalog applications. The re-registering
occurs when VMware Identity Manager is present in globalenvironment of vRealize Suite
Lifecycle Manager.

When upgrading vRealize Suite Lifecycle Manager 8.1 and earlier releases, the catalog application
ID for updating the existing catalog application is not saved, so a duplicate catalog application is
created. The new hostname and catalog application ID is saved in the inventory which is used for
the subsequent operations.

Configure Your System

Configure your system after installing the vRealize Suite Lifecycle Manager appliance.

Procedure

1 In the My Services dashboard, click Lifecycle Operations, and then click Settings.

2 To extend the disk space for vRealize Suite Lifecycle Manager, navigate to System Details,
click Extend Storage.

a Enter the vCenter Host Name, User Name, and Password for the first time.

b Enter the Disk Size in GB and click Extend.

You cannot edit the Network Information fields.

3 To reboot the server, click Reboot System.

a To schedule a weekly server restart, toggle the Schedule a restart and select the day of
the week, and time for the weekly restart.

4 Click Save.

Enable or Disable SSH on vRealize Suite Lifecycle Manager

You can enable SSH for troubleshooting purposes.

VMware, Inc. 34
vRealize Suite Lifecycle Manager 8.6 Installation, Upgrade, and Management Guide

As a best practice, disable SSH in a production environment, and activate it only to troubleshoot
problems that you cannot resolve by other means. Leave it enabled only while needed for
a specific purpose and in accordance with your organization's security policies. If content
management is enabled, then SSH is enabled automatically and it cannot be disabled. Force
disablement of SSH causes failure of Content Lifecycle Management functionality.

Procedure

1 From the vRealize Suite Lifecycle Manager dashboard, click Lifecycle Operations and click
Settings.

2 Click System Details, under Network Information, enter the Host Name, IP Address, IP
Address Type, Netmask and Gateway fields.

3 Enter the Preferred DNS and Alternate DNS address.

Note SSH is enabled by default.

4 Click SAVE.

Work with vRealize Suite Lifecycle Manager Logs

You can configure the vRealize Suite Lifecycle Manager log files and download log
files for troubleshooting purposes. vRealize Suite Lifecycle Manager logs are entered in
vmware_vrlcm.log and /blackstone-spring.log

Generate Log Bundle in vRealize Suite Lifecycle Manager

You can configure the level of information vRealize Suite Lifecycle Manager collects in log files
and the number of log files for vRealize Suite Lifecycle Manager.

In the vRealize Suite Lifecycle Manager user interface, perform the following steps.

1 Select Lifecycle Operations, and then select Settings, and navigate to System
Administration > Logs.

2 To create a vRealize Suite Lifecycle Manager log bundle, click GENERATE LOG BUNDLE.

3 To download logs, click DOWNLOAD THE LOGS.

In the command line interface, perform the following steps.

1 Connect Secure Shell (SSH) to vRealize Suite Lifecycle Manager VA using root credentials.

2 Create a vRealize Suite Lifecycle Manager log bundle directory using the command mkdir
-p /data/lcm-logbundle.

3 Generate a vRealize Suite Lifecycle Manager log bundle directory using the
command /var/lib/vlcm-common/vlcm-support -w /data/lcm-logbundle.

4 Download /data/lcm-logbundle/<file-name> with secure copy.

VMware, Inc. 35
vRealize Suite Lifecycle Manager 8.6 Installation, Upgrade, and Management Guide

Configure Log Insight Agent

vRealize Suite Lifecycle Manager 8.0.0 and later supports vRealize Log Insight for log analysis.
The content pack in vRealize Log Insight for vRealize Suite Lifecycle Manager is supported with
version 8.0.1(Patch 1) and later. vRealize Log Insight agent is pre-installed on the vRealize Suite
Lifecycle Manager virtual appliance. You can configure the vRealize Suite Lifecycle Manager
appliance to forward cfapi or system logs, and events to the vRealize Log Insight instance.
To use the vRealize Suite Lifecycle Manager content pack dashboards and widgets, the
configuration should be done on cfapi only.

Prerequisites

Verify that you already have the vRealize Log Insight server details before you set the properties
of the Log Insight agent.

VMware, Inc. 36
vRealize Suite Lifecycle Manager 8.6 Installation, Upgrade, and Management Guide

Procedure

1 Log in to the vRealize Suite Lifecycle Manager virtual appliance.

a Open a Web browser and go to https://vRSLCMIP/vrlcm and log in with your user
credentials.

b Click to Lifecycle Operations and from the Home page, click Settings > Logs > Logs
Insight Agent Configuration.

c Update the following parameters in the vRealize Suite Lifecycle Manager UI section and
save your changes.

[server]
hostname= vRealize Log Insight hostname proto=cfapi port=9000 SSL=no

When vRealize Log Insight Server is not configured to accept an SSL connection, enabling
SSL for Log Insight Agents in vRealize Suite Lifecycle Manager is optional.

Or

hostname=vRealize Log Insight hostname proto=cfapi port=9543 SSL=yes

When vRealize Log Insight Server is configured to accept an SSL connection, Log Insight
Agents must be configured to use the SSL connection in vRealize Suite Lifecycle Manager.

Or

hostname=vRealize Log Insight hostname proto=syslog port=514

SSL Server Certificates

Set the rules for how the Log Insight client handles the validation of the Log Insight server
certificate. Certificates received by the Log Insight agent are stored locally on the agent
host machine.

Accept Any
Accept Any Trusted
Common Name: (Self-signed server certificate is accepted if its Common Name matches
this value)
Certificates acceptance rules:

VMware, Inc. 37
vRealize Suite Lifecycle Manager 8.6 Installation, Upgrade, and Management Guide

Note Log Insight agents that receive a new self-signed certificate with the same public
key as the existing locally stored self-signed certificate will accept the new certificate. For
instance, a self-signed certificate may be regenerated with an existing private key but
with a new expiration date.

If the Agent has a locally stored self-signed certificate and receives a valid CA-signed
certificate, the Agent silently accepts the CA-signed certificate.

Agents that have a CA-signed certificate will reject self-signed certificates. The agent
accepts self-signed certificates only when it initially connects to the Log Insight server.

If an agent with a locally stored CA-signed certificate receives a valid certificate signed by
another trusted CA, it is rejected by default. You can select Accept Any Trusted to accept
the certificate.

Reconnection Time: 30 min (Time in minutes to force reconnection to the server. This
option mitigates the imbalances caused by long-lived TCP connections).

Max Buffer Size: 200 (Max local storage usage limit(data+logs) in MBs. Valid range:
100-2000 MB. Default: 200 MB).

2 Configure the Linux Agent Group on the Log Insight Administration UI .

a Open a Web browser and go to https://vRealize Log Insight hostname/IP.

b Log in with the credentials - User name as admin and Password as vrli_admin_password.

c Click the configuration drop-down menu icon and select Administration.

Note The content pack is not pre-installed in vRealize Log Insight. You must install the
pack by downloading it from the marketplace and then configure the agents.

d Under Management, click Agents.

e From the drop-down menu on the top, select vRealize Lifecycle Management 8.0.1 from
the Available Templates section.

f Click Copy Template.

g After copying the template provide vRealize Suite Lifecycle Manager Ipv4 or FQDN, and
save the configuration.

h Once the configuration is complete, the vRealize Suite Lifecycle Manager events or logs
start to flow into vRealize Log Insight and the relevant widgets displays the data.

Setting your vRealize Suite Lifecycle Manager Time

You can configure time settings and add NTP server or use a host time forvRealize Suite Lifecycle
Manager.

1 To change the time settings, navigate to My services dashboard, click Lifecycle Operations
and click Settings.

2 Click Time Settings.

VMware, Inc. 38
vRealize Suite Lifecycle Manager 8.6 Installation, Upgrade, and Management Guide

3 For Applicable Time Sync Mode, select Use Time Server (NTP) or Use Host Time.

a To add a server, click Add New Server and enter the name, and FQDN address of the
server.

b To edit, click the edit icon on the list of NTP servers. You cannot edit the FQDN/ IP
Address, you can only edit the name of the NTP server.

For more information on adding NTP server, see Configure NTP Servers.

Federal Information Processing Standard 140-2 Support

FIPS 140-2 is a U.S. and Canadian government standard that specifies security requirements for
cryptographic modules. VMware vRealize Suite Lifecycle Manager 8.2 and later releases support
Federal Information Processing Standard (FIPS) 140-2.

FIPS Compliance is a new and secured opt-in mode adhering to the Enterprise Readiness
Initiatives (ERI) in VMware vRealize Suite Lifecycle Manager. To learn more about support for
FIPS 140-2 in VMware products, see FIPS Security Policies and Certifications.

Enable or Disable FIPS Mode Compliance in vRealize Suite Lifecycle Manager

You can enable FIPS Mode Compliance using Easy Installer during vRealize Suite Lifecycle
Manager installation or by selecting the option as a Day-2 operation in the Settings page.
To know more about FIPS Mode Compliance using Easy Installer, see vRealize Automation
documentation.

Procedure

1 From My Service dashboard, select Lifecycle Operations, and then select the Settings page.

2 Under System Administration, click System Details.

3 Enable or disable the FIPS Mode Compliance check box, as required. Click Update. vRealize
Suite Lifecycle Manager restarts when you enable or disable FIPS Mode Compliance.

Note When you enable FIPS Mode Compliance, vRealize Suite Lifecycle Manager does not
upgrade to the next version. You must disable the FIPS Mode Compliance, and upgrade
vRealize Suite Lifecycle Manager, and then re-enable FIPS Mode Compliance.

Configure NTP Servers

Add the NTP servers in vRealize Suite Lifecycle Manager so that they can be referred while
deploying vRealize Suite products. The NTP servers added in vRealize Suite Lifecycle Manager
can be used to set for the system that is with vRealize Suite Lifecycle Manager. The NTP servers
can also be used as input to vRealize Suite product deployment schema.

Prerequisites

Verify that the NTP servers are functioning.

VMware, Inc. 39
vRealize Suite Lifecycle Manager 8.6 Installation, Upgrade, and Management Guide

Procedure

1 On the Lifecycle Operations dashboard and navigate to Settings > NTP Servers.

2 To add an NTP server, click Add NTP Server.

3 Enter a valid Name and FQDN/ IP Address of the NTP server.

4 Click ADD.

Note Starting with vRealize Suite Lifecycle Manager 8.2, NTP servers can be set for vRealize
Automation 8.2 and later.

Configure NTP Settings Post Deployment

vRealize Suite Lifecycle Manager currently does not allow you to configure NTP settings for the
virtual appliance during the OVA deployment. This section covers information on accurate time
synchronization with the infrastructure and the suite products it deploys and manages.

Prerequisites

Verify that the SSH service on the vRealize Suite Lifecycle Manager appliance is enabled.

Procedure

1 Log in to vRealize Suite Lifecycle Manager by using the Secure Shell (SSH) client.

a Open an SSH connection to the FQDN or IP address of the virtual appliance.

b Log in using following credentials, with Setting as value, User Name as root and
Password as root_password for the user.

2 Configure the NTP source for the virtual appliance.

a Open the /etc/systemd/timesyncd.conf file to edit, such as vi.

b Remove the comment for the NTP configuration, add the NTP settings, and save the
changes. For example, NTP=ntp.sfo01.rainpole.local ntp.lax01.rainpole.local

3 Enable the systemd-timesyncd service and verify the status.

a Run the timedatectl set-ntp true command to enable the network time
synchronization.

b Run the systemctl restart systemd-timesyncd to enable the NTP synchronization

c Run the timedatectl status to verify the status of the service.

4 Logout of the session by entering Logout.

Configure DNS Servers

Configure your DNS servers for configuring vRealize Suite Lifecycle Managerappliance to resolve
Host names and IPs from the domain name server.

VMware, Inc. 40
vRealize Suite Lifecycle Manager 8.6 Installation, Upgrade, and Management Guide

Prerequisites

Verify that you have an existing DNS servers.

Procedure

1 On the My Services dashboard, click Lifecycle Operations.

2 Click Settings and navigate to Servers and Protocols > DNS.

3 Click Add DNS Server

4 Enter a DNS Server Name and IP Address .

5 Click Add.

Data Source Using SNMP Configurations for vRealize Network Insight

The vRealize Suite Lifecycle Manager supports vRealize Network Insight. vRealize Network Insight
consists of data sources and are recognized by the vRealize Suite Lifecycle Manager appliance.

You can record SNMP configurations, that are relevant to vRealize Network Insight. Click Add
Configuration to add SNMP for both 2c and 3 SNMP type. The configured SNMP is then used
while you are adding vRealize Network Insight data source for Routers and Switches.

Note From vRealize Network Insight 4.0 and later, a new brick size is introduced in vRealize
Suite Lifecycle Manager, extra large for both platform and collector node. When you have three
nodes in a clustered environment, the brick size should be extra large. All platform nodes in a
clustered environment should be of same brick size either large or extra large. But you cannot
have both large and extra large in the same cluster.

If a clustered environment is deployed with large brick size and if you want to add one more
platform nodes, then you have to manually increase the CPU and the RAM size from vCenter
server. You can then import the environment and scale out with an extra large brick size.

Add SNMP Configuration

You can add the SNMP configuration.

Procedure

1 Navigate to Lifecycle Operations dashboard and navigate to Settings > SNMP.

2 Click Add Configuration.

3 To select the SNMP Version, select v2C or v3.

a If you have selected v3, enter the Username and Context Name.

b When you select the Authentication type, you are then prompted to enter to the Auth
Password and Privacy Type.

4 Click Add.

VMware, Inc. 41
vRealize Suite Lifecycle Manager 8.6 Installation, Upgrade, and Management Guide

Replace Certificate for vRealize Suite Lifecycle Manager

If you use the custom certificate for vRealize Suite Lifecycle Manager instead of default self-
signed certificate, you replace the vRealize Suite Lifecycle Manager certificate.

Prerequisites

n A X509 PEM base-64 encoded certificate and private key. Make sure the private key is not
encrypted.

n A machine with an SSH access to vRealize Suite Lifecycle Manager, and software such as
PuTTY and an SCP software such as WinSCP installed on it.

Procedure

1 Rename the certificate to server.crt and private key to server.key.

2 Open a Secure Shell connection vRealize Suite Lifecycle Manager appliance as root user.

3 Copy the certificate files server.crt and server.key to the /opt/vmware/vlcm/cert folder.
You can use an SCP software like WinSCP on Windows. Make sure to backup the original files
before copying.

4 After copying the certificates, restart the vRealize Suite Lifecycle Manager proxy services to
update the appliance certificate.

a Restart the system services by executing the following command in the SSH session:
systemctl restart nginx.

b Check the status of the system services by executing the following command in the SSH
session: systemctl status nginx.

5 After restarting the services, verify that the certificate is updated on the appliance, open a
browser and go to https://<lcm-server-host>.

6 Verify that you see the new certificate in the browser.

Working with Product Support

After configuring your vRealize Suite Lifecycle Manager system information, you can check and
apply updates or patches that are available in your existing environment.

Configure Product Binaries

You can select a Product Binary to use each vRealize Suite product.

You can download binaries outside of Lifecycle Manager and make them available on the NFS
path.

Prerequisites

To use a Product Binary downloaded from My VMware, verify that you have registered with My
VMware and registered My VMware services with vRealize Suite Lifecycle Manager. See Register
with My VMware.

VMware, Inc. 42
vRealize Suite Lifecycle Manager 8.6 Installation, Upgrade, and Management Guide

Procedure

1 From the My services, navigate to Lifecycle Operations.

2 Click Settings and navigate to Binary Mapping > Product Binaries.

3 Click Add Binaries.

4 Select the Location type.

n Local - You can map the binaries to the vRealize Suite Lifecycle Manager locally
downloaded copy.

n NFS - You can map to a downloaded product binary with products dependent on the
product binary location.

n My VMware Downloads - You can map to product binary downloaded from My VMware.

n Windows ISO - You can map ISO binary which is required for Windows deployment from
Lifecycle Manager.

Note The automatic product OVA mappings are mapped based on the check sum of the
binary files. When you select all the OVA files in the NFS share and try to map the product
binaries, then it takes long time to map and the data disk might fill faster. NFS represents the
local where the OVA files are copied in the NFS shared drive, user should provide the NFS
location in the format, NFS-IP:<nfs hostname/ip>:<folder path>/x/y/z. For example,
10.11.12.134:/path/to/folder.

5 Enter the location of the Product Binary to use in the Base Location text box, and click
Discover.

6 To provide Windows ISO, select the location type as Windows ISO and enter the Windows
ISO Mapping Details.

7 Select the Product Binary file from the Product Binary list.

Note By default, all the My VMware downloads from vRealize Suite are automatically
mapped with no user intervention. If you have already downloaded the product binaries
using vRealize Suite My VMware integration but the mapping does not exist in the list under
Product Binary then you can select My VMware Downloads option under Add Product
Binaries window. To manually copy the OVA files from the vRealize Suite virtual appliance,
you can select Local option from the Add Product Binaries window and provide the location
that is residing within vRealize Suite appliance itself. For either of the scenarios, when you
click Discover, the relevant binaries is listed in the table within the window.

8 Click Add.

VMware, Inc. 43
vRealize Suite Lifecycle Manager 8.6 Installation, Upgrade, and Management Guide

9 With vRealize Suite Lifecycle Manager 2.0 and later, you can also view the list of Patches
available for Products.

a Click Check Patches Online.

b To upload patches, click UPLOAD.

Note You can now delete the unsupported product binaries which are not in use. To delete
the binaries, click Delete Unsupported Binaries, select the binaries, and then click Delete All.

Patching for Products through vRealize Suite Lifecycle Manager

You can search and download available patches for supported products within vRealize Suite
Lifecycle Manager.

You can perform following actions using patches from the notifications icon:

n You can view product deployments that have the patches.

n You can view patch logs.

n You can view patch application status.

Note Starting with vRealize Suite Lifecycle Manager 8.2, if you select vRealize Automation 8.x for
patching, a precheck option is available for validation.

Install a Patch for Products Through vRealize Suite Lifecycle Manager

You can view and click the related patch from the Notification service. You are then directed
to the environment page where you can view a detailed set of information pertaining to all the
patches.

Procedure

1 Click Lifecycle Operations, navigate to Settings > Binary Mappings.

2 Click Patch Binaries.

3 To map a patch offline, download the patch from My VMware portal and place it in the data
folder in vRealize Suite Lifecycle Manager appliance, and then map the offline patch using the
local folder option in vRealize Suite Lifecycle Manager UI.

4 To check if there are patches available on the internet, click CHECK PATCHES ONLINE.

5 Trigger the patch install from the product card in the environment page.

6 Select the patch from the list of downloaded patches.

The patches must be downloaded from the Product Binaries page. Only the downloaded
patches are listed here.

7 Click Next.

8 Review and Install the available patch and click Finish.

The patch install request progress can be tracked under Requests.

VMware, Inc. 44
vRealize Suite Lifecycle Manager 8.6 Installation, Upgrade, and Management Guide

9 To view the history of patches, click Patches > History.

10 To view patch history from Environment Card, click Patch History

The vRealize Log Insight product patch history has no content even when the vRealize Log
Insight patches are applied successfully. This is caused due to the minor version of vRealize
Log Insight after the patch is installed. For example, if patch 1 is applied for vRealize Log
Insight 4.6.0, then the vRealize Log Insight version is changed to vRealize Log Insight 4.6.1,
and the product card is updated to 4.6.1 and no patch history is visible. Installing patch on
vRealize Suite Lifecycle Manager is only supported from the following versions of products.

n vRealize Automation 7.5 and later.

n vRealize Operations Manager 7.0 and later.

n vRealize Business for Cloud 7.5 and later.

n vRealize Log Insight 4.7 and later.

n vRealize Network Insight 3.9 and later.

Configure Your Patched Product Binaries

With 8.1 patch, you can download and map the OVA bundle that is already patched in a
vRealize Automation environment. This operation is useful when you want to scale out a patched
environment. Starting from vRealize Suite Lifecycle Manager 8.6.1, vRealize Log Insight patch
binaries are also supported.

Prerequisites

Ensure the OVA bundle corresponding to the patched product is downloaded from My VMware
Portal to vRealize Suite Lifecycle Manager appliance and is placed in the data folder. For
example: /data/patchovabundles/. For more information on downloading the OVA bundles,
click My VMware portal. You can also see the detailed procedure for vRealize Automation at KB
79105.

Procedure

1 Click Lifecycle Operations and navigate to Settings > Binary Mappings.

2 Click Patched Product Binaries.

3 To download patches, click the link provided on the UI.

You are directed to My VMware page where you can download the required patch or a OVA
bundle.

4 Click ADD PATCHED BINARY.

a Enter the Source Location and click Discover.

Source location is the directory path in the vRealize Suite Lifecycle Manager appliance
where the OVA bundle files are retrieved.

b Select the required OVA bundle from the list and click ADD.

VMware, Inc. 45
vRealize Suite Lifecycle Manager 8.6 Installation, Upgrade, and Management Guide

5 To delete a product patch, click the Delete icon on the selected patch.

Register with My VMware

You can register with My VMware to access licenses, download product binaries and consume
Marketplace content.

Enter your My VMware user name and password to enable vRealize Suite Lifecycle Manager to
download product Binary through My VMware. You can also enter using the proxy server under
My VMware Settings. Configuring My VMware Settings is optional if you do not have internet
connectivity.

Prerequisites

Verify the account details being entered has the following entitlements.

n vRealize Suite 2017 or later or vCloud Suite 2017 or later entitlement with download and view
license permissions to download vRealize Suite products.

n vRealize Network Insight or NSX Data Center Enterprise Plus entitlement with download and
view license permissions to download vRealize Network Insight.

The configured My VMware user must have permissions to download and view licenses.
Download the support pack from the VMware Solution Marketplace.

Procedure

1 Navigate to Servers and Accounts, click My VMware.

2 Click ADD MY VMWARE ACCOUNT.

3 Enter your My VMware user name and password, and click Submit.

After registration, you can download all the required binaries.

Note To download Product Binary, click the download arrow under Actions for the Product
Binary to download. If your network requires proxy settings to access external Websites, you
can provide those details in the Configure Proxy section. For more information on configuring
proxy settings, see Configure Your Proxy Settings.

Configure Your Proxy Settings

If you are using a proxy server in your network, you must configure the proxy server in vRealize
Suite Lifecycle Manager.

Normal Proxy (with or without Credential) and Proxy with AD configuration, are supported by
vRealize Suite Lifecycle Manager.

VMware, Inc. 46
vRealize Suite Lifecycle Manager 8.6 Installation, Upgrade, and Management Guide

Prerequisites

You must have installed and configured a proxy server in your network before using it in vRealize
Suite Lifecycle Manager and the proxy server IP should have a host name that is resolvable from
vRealize Suite Lifecycle Manager appliance console.

Note
n If you are unable to configure proxy in vRealize Suite Lifecycle Manager, ensure that ICMP is
allowed from vRealize Suite Lifecycle Manager to the Proxy host and that there are forward
and reverse DNS entries for the Proxy host.

n If the proxy server does not have a resolvable host name, then the procedure to add proxy
fails.

Procedure

1 Navigate to Lifecycle Operations and click Settings.

2 Click Proxy.

3 Toggle Configure Proxy to use a proxy server for vRealize Suite Lifecycle Manager, or
deselect it to remove an existing proxy server.

vRealize Suite Lifecycle Manager does not save proxy server settings when you disable
proxy.

4 If you are enabling proxy, enter the Server, Port, User name, and Credential.

5 Click Save.

If vRealize Suite Lifecycle Manager is already configured to use a proxy server, those proxy
details are displayed.

Configure Certificate Within Locker

You can generate a new certificate for products that are deployed in vRealize Suite Lifecycle
Manager.

Prerequisites

n Certificates that are about to expire in less than 15 days cannot be imported.

n To manage the certificate for an imported environment, add the certificate in the vRealize
Suite Lifecycle Manager and perform inventory sync so that the certificate is mapped to the
imported environment, after which replace certificate and scale-out wizards will be aware of
the existing certificate.

Procedure

1 To add a certificate, navigate to Lifecycle Manager > Locker.

VMware, Inc. 47
vRealize Suite Lifecycle Manager 8.6 Installation, Upgrade, and Management Guide

2 You can either select Generate Certificate or Import Certificate.

Option Description

Generate a Enter the required text boxes.

b Select the length of the Key.
c Enter the valid Server Domain/Hostname. You can also include the
Wildcard certificate. For example, you can enter *.sql.local.
d Enter the FQDN or IP Address.
e Click Generate.

Import Certificate a Enter a valid certificate name.

b In the Passphrase text box, type <Cert-Password> (if applicable).
c Click Browse File and browse to the saved PEM file.
d When you upload a PEM file, the private key and certificate chain details
are populated automatically.
e Enter the private key and certificate chain details manually.
f Click Import.
The requirements for PEM file are:
n Both certificate chain and key must be in the same file.
n The PEM file that are imported can have 2048 bits key or 4096 bits key.
n If the PEM file certificate is encrypted then the passphrase must be
provided while importing the certificate into vRealize Suite Lifecycle
Manager.

Generate CSR a Enter the required text boxes.

b Select the length of the key.
c Enter a valid domain name. You can also include the Wildcard certificate.
For example, you can enter *.sql.local.
d Enter the IP address in which you are assigning the certificate.

Note Generate CSR downloads a PEM file. This file can be taken to the
certificate authority for signing and can be made as a trusted certificate. The
pem file downloaded will have the private key and certificate request chain.
You must be cautious and share only the CSR part of the pem file but not
the key for the certificate signing.

3 Click Generate.

4 You can click the certificate from the inventory to view the details and its associated
environments with their products.

5 To download or replace the certificate, click the vertical ellipses on the certificate.

Results

vRealize Suite Lifecycle Manager generates a new certificate for the specific domain provided by
the user.

VMware, Inc. 48
vRealize Suite Lifecycle Manager 8.6 Installation, Upgrade, and Management Guide

Configure License Within Locker

Locker is an application like Lifecycle Manager which helps to manage the Certificate, Passwords,
and Licenses from single pane. You can configure licenses at the locker level.

Prerequisites

Verify that a license is already available.

Procedure

1 Navigate to the Lifecycle Operations dashboard, click Locker.

2 On the left, click the License icon.

3 To add a license, click ADD.

4 Enter the alias in the License Alias text box.

5 Enter the License Key and click Validate.

6 After you validate the accuracy of the license, click Add.

Starting with vRealize Suite Lifecycle Manager 8.4.0, vRealize Cloud licenses can be added
directly into the vRealize Suite Lifecycle Manager locker from the user interface.

7 To update an existing license, click any license from the license table.

a Click the vertical ellipses and click Update.

b Read the current license summary and click Next.

c Select an environment from the references table and click Next.

d Select a license from the drop-down menu and click Finish.

8 To delete a license, click the vertical ellipses and click Delete.

a If the Lifecycle Manager is having one or more My VMware accounts configured, then the
corresponding license keys are automatically synced. To sync licenses from My VMware
account, click REFRESH. However, if you have manually added the same license key to
the locker then the corresponding entry from My VMware account cannot be captured.

b When any product is imported into vRealize Suite Lifecycle Manager, the license keys
present in the product is also captured and stored in the Locker under Licenses. If the
same license key is already present, then it cannot be imported.

c If any product is associated to a license in vRealize Suite Lifecycle Manager then the
license entry cannot be deleted from the locker.

d vRealize Suite Lifecycle Manager does not restrict applying multiple licenses to any
product, however, the product behavior does allow to set only one license key as active
at anytime.

e License deletion from vRealize Suite Lifecycle Manager locker does not remove the
license key from the product itself.

VMware, Inc. 49
vRealize Suite Lifecycle Manager 8.6 Installation, Upgrade, and Management Guide

9 License keys can be applied to products managed by vRealize Suite Lifecycle Manager
from Home > Environments under Lifecycle Operations. Select a product from any Lifecycle
Operations managed environment, click the horizontal ellipses on the product name and
select Add License, and follow the steps.

Configure Your Password Within Locker

Locker in vRealize Suite Lifecycle Manager stores all the passwords that are used across
the vRealize Suite Lifecycle Manager. Add the passwords for adding vCenter Server, product
deployments, products import, My VMware, and Product Password Update. You can configure a
password at the locker level and are retrieved from the UI.

Procedure

1 Navigate to Lifecycle Operations, on My Services dashboard, click Locker.

2 On the left panel, click the key icon.

3 To add a Password, click ADD.

4 Enter the Password Alias and Password.

5 To confirm, re-enter the Password and enter Password Description, and a valid User Name.

Note The user name text box is mandatory for adding the vCenter server into vRealize Suite
Lifecycle Manager.

6 Click Add.

Password Management Within Locker

Starting with vRealize Suite Lifecycle Manager 8.2, you can manage passwords that are stored at
the Locker level for vCenter servers, products, and My VMware.

You can add a new password on the Passwords page under Locker. Click Add and enter the alias
and password details to add a new password.

For the existing passwords on the Passwords page, click the ellipsis (...), and then select one of
the following options:

Functionality Description

View Password You can view the selected password in plain text if you are
an Admin user, after you authenticate the vRealize Suite
Lifecycle Manager SSH root password. The view password
is not available for the VMware Identity Manager users.

Copy ID You can copy the password ID and reuse the

password. For example, when exporting JSON for product
deployment, you can copy and reuse the exisiting
password ID.

VMware, Inc. 50
vRealize Suite Lifecycle Manager 8.6 Installation, Upgrade, and Management Guide

Functionality Description

Edit Password You can edit a password that does not have a reference to
an existing password. For example, if you use a password
in an environment, such as vCenter server or MyVMware,
the edit password option for that password is disabled.

Delete Password You can delete a password that is no longer used and
does not have any references. For example, if you use a
password in an environment, such as vCenter server or
MyVMware, the delete password option for that password
is disabled.

If you select an existing password, you can view the password details and the references
for the selected password. The Details tab displays the password identifier, username,
password description, password creation and last updated dates for the selected password. The
References tab displays the references for environments at the product and node level, vCenter
passwords in data centers, and other passwords that are used in the Settings tab.

You can also update a password for products, nodes, MyVMware, proxy, and vCenter servers. To
update the password, click the vertical ellipses (⋮) for the selected password.

Note
n When you update a password that is managed by vRealize Suite Lifecycle Manager, such
as products, nodes, or root user, the password is updated on the Passwords page and the
vRealize Suite Lifecycle Manager inventory.

n When you update a password for vCenter, MyVMware, proxy, or VMware Identity Manager
configuration administrators, the password is updated only in the vRealize Suite Lifecycle
Manager inventory.

Add a Data Center to vRealize Suite Lifecycle Manager

You can add a data center to vRealize Suite Lifecycle Manager to back up your private cloud
environments.

Procedure

1 On the left pane, click Data Centers and click Manage Data Centers.

You can see all the data centers with its products that are associated with them. You can also
click the product icons that directs you to the view details page of that particular product.

2 Click + Add Data Center.

3 Enter the Data Center Name and provide a Location even if the location is not available in the
drop-down menu.

4 Click ADD.

VMware, Inc. 51
vRealize Suite Lifecycle Manager 8.6 Installation, Upgrade, and Management Guide

5 To delete a datacenter, select the delete icon.

Note If there is any INITIATED, IN PROGRESS or COMPLETED requests for an environment,

then you cannot delete a data center. If it has a FAILED request, or request related to
vCenter, such requests are archived.

What to do next

Add a vCenter to the data center. See Add a vCenter to a Data Center.

Assign a User Role in vCenter Server

Create a user role in the vSphere Client with privileges that are required for vRealize Suite
Lifecycle Manager. The same role can be assigned to the user who can add a vCenter Server in
vRealize Suite Lifecycle Manager.

Prerequisites

Verify that you have administrative privileges to add a role to a user or a user group. You must
have administrative privileges to use vCenter Server.

If you are using vCenter deployed on VMC SDDC, then you must use the available CloudAdmin
role. For more information on VMC on vCenter, refer to the VMware Cloud on AWS
documentation. When you deploy a VMC on vCenter, you can use the default CloudAdmin
role. To learn more about cloud administrator privileges, refer to CloudAdmin Privileges
documentation.

Procedure

1 Log in to vCenter Server by using the vSphere Client.

2 On the home page of vSphere Client, click Roles under Administration.

3 Create a role for all system interactions between vRealize Suite Lifecycle Manager and
vCenter Server.

4 Clone Read-only and provide a name to the role.

VMware, Inc. 52
vRealize Suite Lifecycle Manager 8.6 Installation, Upgrade, and Management Guide

5 In the Create Role dialog box, configure the role using the following configuration settings,
and click Next.

Setting Value

Role Name vRealize Suite Lifecycle Manager

Privilege n Datastore
n You can select All privileges.
n Host.Local
n Operations- Add Host to vCenter
n Operations - Create Virtual Machine
n Operations - Delete Virtual Machine
n Operations - Reconfigure Virtual Machine
n Inventory - Modify - Cluster
n Network
n Assign Network
n Resource
n Assign vApp to Resource Pool
n Assign Virtual Machine to Resource Pool
n vApp
n You can select All privileges.
n Virtual Machines
n You can select All privileges.
n Content Library
n You can select All privileges.

This role inherits the System Anonymous, System View, and System Read privileges.

Note You should have permissions to create a content library. Content library uses a
datastore to store all templates, so you require permission to access, read, and write on
the same datastore. Therefore, all privileges under datastore and content library are needed.

6 Provide a name to the new role and click Finish.

7 Select Global Permissions under the Administration and click Manage.

8 To add permissions, click the plus sign.

9 Select the user and role that you have created, and click OK.

Add a vCenter Server to a vRealize Suite Lifecycle Manager Data Center

Add a vCenter Server to a Data Center before using that vCenter Server to create a private cloud
environment.

Prerequisites

Ensure that you have the vCenter Server fully qualified domain name, user name, and password.

Procedure

1 On the left pane, click Datacenters.

VMware, Inc. 53
vRealize Suite Lifecycle Manager 8.6 Installation, Upgrade, and Management Guide

2 To add a vcenter, on the Datacenters page, click + Add vCenter.

3 Enter the vCenter Name and vCenter FQDN.

4 Click Select vCenter Credentials.

a You can either search for an existing vCenter credentials or add new credentials using the
+ sign .

b Click the + sign on the right corner to assign a password for the selected vCenter
credential.

c Enter the Password details and click Add.

5 Enter the vCenter User Name for the vCenter server.

You should have the required vCenter privileges.

6 Select the vCenter Type.

n Management: All VMware SDDC Suite products are managed by this vCenter type.

n Workload: All the payload or business related VMs are managed by this vCenter type.

n Consolidated Management and Workload: Is a vCenter type, where both VMware SDDC
Suite products and payload VMs are managed together.
vCenter Type selection is currently used only for classification; the setting has no associated
product functionality.

7 Click Validate and Save the changes.

8 To import vCenter Servers, click Import.

a Select the .CSV file and click Import. You can upload only one file at a time for a bulk
import of VCs in a selected datacenter.

b Click Submit.

What to do next

Go to the Requests page to see the status of this request. When the status is Completed,
you can use this vCenter Server to create environments. For more information on vCenter user
privileges, see Assign a User Role in vCenter Server

Remove vCenter Server from vRealize Suite Lifecycle Manager Data Center
You can delete a vCenter server from vRealize Suite Lifecycle Manager Data Center that is not
used by the environment.

Prerequisites

Ensure that the vCenter does not have a reference, such as a fully qualified domain name or
a user name associated with an environment. If vCenter is associated with an environment, the
delete option is disabled for the vCenter.

VMware, Inc. 54
vRealize Suite Lifecycle Manager 8.6 Installation, Upgrade, and Management Guide

Procedure

1 On the Data Center page, select the vCenter, and click Delete vCenter.

2 Click Delete to remove the selected vCenter.

vRealize Suite Lifecycle Manager on VMware Cloud on AWS

Environment
vRealize Suite Lifecycle Manager supports VMware Cloud (VMC) on AWS environment. VMC on
AWS is an integrated private cloud offering developed by VMware and Amazon Web Services
(AWS). vRealize Suite Lifecycle Manager supports M11 and M12 versions of VMC.

You can install vRealize Suite Lifecycle Manager on a VMC environment using Easy Installer.
For more information, refer to the Easy Installer documentation. Configure a virtual machine
on the vCenter of a VMC software-defined data center (SDDC) to launch the Easy Installer.
To create cloud SDDC using VMC on AWS and to connect SDDC to the data center of your
product, refer to the Getting Started with VMware Cloud on AWS documentation. After you
have successfully deployed vRealize Suite Lifecycle Manager on VMC, you can also install other
VMware vRealize Suite products, such as VMware Identity Manager and vRealize Automation on
the VMC environment to perform the Day 2 operations.

On a VMC environment, you must add the SDDC vCenter as an endpoint only. Adding any
vCenter external to the SDDC is not recommended. When you deploy a VMC vCenter, ensure
that you have cloud administrator privileges. To learn more about cloud administrator privileges,
refer to CloudAdmin Privileges documentation.

Creating Roles for Specific Access

In vRealize Suite Lifecycle Manager, you can delegate the certificate replacement operations to
any users in a consistent manner across VMware suite products.

With this accessbility, you can also allow non-admin users to perform actions like replace the
certificate.

Assign Roles for Certificate Operations

With this section, you can create a certificate admin who is a user or a group with a specific role
assigned. These users or group of users can have certain privileges to access the certificate for
any vRealize Product.

Prerequisites

n Verify that there are users or group of users available and such users should not have any
prior roles mapped.

Procedure

1 On the Lifecycle Operations, click User Management.

2 Navigate to User Management, click ADD USER/GROUP.

VMware, Inc. 55
vRealize Suite Lifecycle Manager 8.6 Installation, Upgrade, and Management Guide

3 Enter a user or a group name and the user list is auto-populated.

If a user already has a role mapped from the selected user, then select another user.

4 Click Next.

5 Select the Certificate Administrator role and click Next.

6 Click Submit.

7 Log out from vRealize Suite Lifecycle Manager and log in as VMware Identity Manager user to
access the services as an assigned admin.

Change Certificate for vRealize Suite Lifecycle Manager

As an vRealize Suite Lifecycle Manager admin, you can change your certificate for your vRealize
Suite Lifecycle Manager instance.

Prerequisites

Verify that you have an existing vRealize Suite Lifecycle Manager certificate available.

Procedure

1 On the My Services dashboard, click Lifecycle Operations.

2 Navigate to Settings and click Change Certificate.

You can view the certificate details that are used by the vRealize Suite Lifecycle Manager.

3 To replace the certificate, click REPLACE CERTIFICATE.

a Read the summary of the current certificate and click Next.

b Select a certificate from the drop-down menu and click Next.

c Click Run Precheck to validate your certificate details and click Finish.

4 After you click Finish, you can view the progress of the certificate changing on the Request
Details page.

Identity and Tenant Management With VMware Identity

Manager
In User or Identity Management, you can map users present in VMware Identity Manager to
roles available in vRealize Suite Lifecycle Manager. Configuring VMware Identity Manager is a
mandatory process before you install any suite products. If you have not installed when installing
vRealize Suite Lifecycle Manager, you will still be prompted to configure and then proceed.

Deployment of an identity manager through vRealize Suite Lifecycle Manager is either through
a single node or a cluster with an Internal PostgreSQL database embedded in the appliance
and does not support an external database like Microsoft SQL. vRealize Suite Lifecycle Manager
supports scale-out of the VMware Identity Manager. For more information, see Scale-Out
VMware Identity Manager .

VMware, Inc. 56
vRealize Suite Lifecycle Manager 8.6 Installation, Upgrade, and Management Guide

After you deploy a global environment successfully, under Identity and Tenant Management
Service you can view.

n Directory Management

n User Management

n Tenant Management

Following are the available roles.

n LCM Cloud Admin

n Content Developer

n Content Release Manager

n Certificate Administrator

Even though the vRealize Suite Lifecycle Manager Cloud Admin has access to the Lifecycle
Operations service, only a few services in Settings tab like NTP Server Setting, SNMP, DNS,
My VMware, and Binary Mapping are accessed. Only LCM Admin, the admin@local has the
privilege to access all the settings in the Lifecycle Operations service. The default admin@local
user is the only application admin who can access the User Management service, where
Directory Management and Identity Management are handled.

Note With migration from earlier versions of vRealize Suite Lifecycle Manager to the current
vRealize Suite Lifecycle Manager version, the LCM Admin and LCM Cloud Admin roles are
converged into LCM Cloud Admin. All users who were part of LCM Admin in the previous versions
of vRealize Suite Lifecycle Manager would now become LCM Cloud Admin in vRealize Suite
Lifecycle Manager.

Adding VMware Identity Manager is an optional step and by configuring VMware Identity
Manager with single sign-on across vRealize Suite Lifecycle Manager and products can be
achieved.

Note When VMware Identity Manager is used with vRealize Suite Lifecycle Manager, only Active
Directory over LDAP and Active Directory with IWA are used to sync users and groups to the
VMware Identity Manager service. Active Directory over LDAP and Active Directory with IWA are
the only supported directory integration.

Manage Your Directory in Identity Management

With Directory Management, you can integrate your enterprise directory with VMware Identity
Manager to sync users and groups to the VMware Identity Manager service. Starting from
vRealize Suite Lifecycle Manager 8.0, you can create, read, update, and delete directories on
VMware Identity Manager. Any updates made in the directory configuration from vRealize Suite
Lifecycle Manager 8.0, the same are reflected in the VMware Identity Manager.

VMware, Inc. 57
vRealize Suite Lifecycle Manager 8.6 Installation, Upgrade, and Management Guide

Options available under the directory management.

n Directories - You can create and manage Active Directories on vRealize Suite Lifecycle
Manager. You can create one or more directories and sync them with their enterprise
directories. With view directory, you can check sync logs and sync alerts apart from showing
basic directory metadata. The directory edit allows an update for the mapped attributes,
user, and group DNs. You can delete a directory configuration from vRealize Suite Lifecycle
Manager.

n User Attribute Definitions - The user attributes lists the default user attributes that sync
in the directory and you can add other attributes that you can map to Active Directory
attributes.

Note Directory Management is managed by the default vRealize Suite Lifecycle Manager admin
user - admin@local. Directory Management will be available in vRealize Suite Lifecycle Manager
8.0 only if the VMware Identity Manager version available in the global environment is higher than
or equal 3.3.0.

Supported Directories
n Active Directory over LDAP - If you plan to connect to a single Active Directory domain
environment, create this directory type

n Active Directory, Integrated Windows Authentication - Create this directory type if you plan
to connect to a multi-domain or multi-forest Active Directory environment.

n Secure LDAP

Note For a FIPS-enabled VMware Identity Manager version 3.3.5, the bind password must be
of fourteen characters.

To configure your enterprise directory, you perform the following tasks.

n Create a directory of the same type as your enterprise directory and specify the connection
details.

n Map the VMware Identity Manager attributes to attributes used in your Active Directory or
LDAP directory.

n Specify the users and groups to sync.

n Sync users and groups.

After you integrate your enterprise directory and perform the initial sync, you can update the
configuration and resync at any time.

Configuring User Attribute Definition

When you set up the directory to sync with Active Directory, specify the user attributes. Before
setting up the directory, you can specify which default attributes are required and if needed,
additional attributes can be added to map the Active Directory attributes.

VMware, Inc. 58
vRealize Suite Lifecycle Manager 8.6 Installation, Upgrade, and Management Guide

Changing the default attributes from a required to non-required and marking an attribute to be
required can be done only if there are no directories created. Once the directories are created
and synced, they cannot be changed. You can mark the required and non-required attributes
before adding any directory in the directories page. When you add new custom attributes
after the directories are created, to map them you have to edit the directory and update the
directory attribute mapping. The change will be effective when the directory gets synced to
Active Directory next time.

Assign User Roles with User Management

You can map a user role against users and groups present in VMware Identity Manager. On the
User Management page, the user or a group can be selected and a mapping can be edited. You
can delete a role mapping, if necessary. If a group is assigned a role, and if you are a part of
the group, and you log in to vRealize Suite Lifecycle Manager, you can take the same roles that
that group. If you have individual mapping, then it can be consolidation of user role and the roles
assigned towards the group.

Prerequisites

Verify if you have any of the user groups for vRealize Suite Lifecycle Manager.

Role Role Description Add User/ Groups URL

LCM Cloud Admin Cloud administrator for vRealize Suite [email protected]

Lifecycle Manager

Content Release Manager Content Release Manager [email protected]

Content Developer Content Developer [email protected]

Certificate Administrator Developer for performing certificate [email protected]

operations

Procedure

1 Click Identity and Tenant Management on the My Services dashboard.

2 On the left side, navigate and click User Management.

3 To add a user or a group, click +ADD USER/GROUP.

4 To select a user from the populated list in the table, enter an existing user or a group and
click Next.

If a user or a group already has a mapping, then a warning appears and you are then asked
to edit the role mapping rather create again.

5 Select a role for the newly created user and click Next.

6 Read the summary and click Submit.

VMware, Inc. 59
vRealize Suite Lifecycle Manager 8.6 Installation, Upgrade, and Management Guide

Add Active Directory Over LDAP

You can create this directory type when you plan to connect to a single Active Directory domain
environment. For the Active Directory over an LDAP directory type, the connector binds to the
Active Directory using a simple bind authentication.

Prerequisites

n List the Active Directory groups and users to sync from Active Directory.

n Verify that you have specified the required default attributes and add additional attributes on
the User Attributes definition.

n Verify that you have the required user credentials to add a directory.

Procedure

1 Click Identity and Tenant Management on the My Services dashboard.

2 Navigate to Directory Management tab, click Directories.

3 Click Add Directory, and select Add Active Directory Over LDAP.

4 On the Directory Detail tab:

Fields Description

Directory Information Enter a valid Directory Name.

Directory Sync and Authentication Select the connector to sync with Active Directory. Connector is a VMware
Identity Manager service component that synchronizes users and group
data between Active Directory and VMware Identity Manager service.
When used as an identity provider, it also authenticates users. Each VMware
Identity Manager appliance node contains a default connector component.
When required a dedicated connector can also be deployed through a
global environment scale-out.

Authentication Enabled If you want the connector to perform authentication, select Yes.
You can indicate whether the selected connector also performs
authentication. If you are using a third-party identity provider to
authenticate users, click No.

Directory Search Attribute Select an account attribute from the drop-down menu that contains a user
name.

VMware, Inc. 60
vRealize Suite Lifecycle Manager 8.6 Installation, Upgrade, and Management Guide

Fields Description

Server Location Select Directory supports DNS Service Location check box.
n If your Active Directory requires access over SSL/TLS, select the
Directory requires all connections to use STARTTLS or SSL check box
in the Certificates section, and copy and paste the domain controllers
intermediate (if used) and Root CA certificates into the SSL Certificate
text box. Enter the intermediate CA certificate first, then the Root
CA certificate. Ensure that each certificate is in the PEM format and
includes the BEGIN CERTIFICATE and END CERTIFICATE lines. If the
domain controllers have certificates from multiple Intermediate and Root
Certificate Authorities, enter all the Intermediate-Root CA certificate
chains, one after another. If your Active Directory requires access over
SSL/TLS and you do not provide the certificates, you cannot create the
directory.
n If you do not want to use DNS Service Location, verify that the Directory
supports DNS Service Location check box is not selected and enter the
Active Directory server host name and port number.

Certificates If your Active Directory requires access over SSL/TLS, select the Directory
requires all connections to use SSL check box in the Certificates section
and copy and paste the domain controller's Intermediate (if used) and Root
CA certificate into the SSL Certificate text box. Enter the Intermediate CA
certificate first, then the Root CA certificate. Ensure that the certificate is in
the PEM format and includes the BEGIN CERTIFICATE and END CERTIFICATE
lines. If your Active Directory requires access over SSL/TLS and you do not
provide the certificate, you cannot create the directory.

Bind User Details n Base DN - Enter the DN to start account searches. For
example, OU=myUnit,DC=myCorp, DC=com. The Base DN is used for
authentication. Only users under the Base DN can authenticate. Ensure
that the group DNs and user DNs that you specify later for sync are
under this Base DN.
n Bind User DN - Enter the account details. For example,
CN=binduser,OU=myUnit,DC=myCorp, DC=com. Use a Bind user account
with a non-expiring password.
n Bind Password: Click Test Connection to verify that the directory can
connect to your Active Directory.

5 Click Create and Next.

For Active Directory over LDAP, the domains are listed with a check mark.

6 On the Domain Selection Detail tab, select the domain and click Next.

7 To map the directory attribute to the Active Directory, on the Map Attribute tab, select the
required attribute and click Save and Next.

VMware, Inc. 61
vRealize Suite Lifecycle Manager 8.6 Installation, Upgrade, and Management Guide

8 On the Group Selection tab, to sync from Active Directory to the VMware Identity Manager
directory specify the Group DN details and click Next.

You can also select all the active directory groups that are already available in the list to sync
to the directory.
a To select groups, click Add Group Distinguished Name, and specify one or more group
DNs. Select the groups under them. Specify group DNs that are under the Base DN that
you entered in the “Base DN” text box in the Add Directory page. If a group DN is outside
the Base DN, users from that DN will be synced but will not be able to log in.

b Click Find Groups. The Actions column lists the number of groups found in the DN. To
select all the groups in the DN, click Select All, or click the number and select the specific
groups to sync. When you sync a group, any users that do not have Domain Users as
their primary group in Active Directory are not synced.

c Select the Sync Nested Group Members option.

9 On the User Selection tab, enter the User DN details and click Next.

Suite administrators is a user name in the Active Directory who acts as an Admin user for the
deployed suite products, Logs, and AD table.

10 Select the Sync Nested Group Members option and enter the Suite Administrators.

When this option is enabled, all the users that belong directly to the group you select and all
the users that belong to the nested groups under it are synced when the group is entitled.
Note that the nested groups are not synced; only the users that belong to the nested groups
are synced. In the VMware Identity Manager directory, these users will be members of the
parent group that you selected for sync. If the “Sync nested group members” option is
disabled, when you specify a group to sync, all the users that belong directly to that group
are synced. Users that belong to nested groups under it are not synced. Disabling this option
is useful for large Active Directory configurations where traversing a group tree is resource
and time intensive. If you disable this option, ensure that you select all the groups whose
users you want to sync.

11 Click Save and Next. In User Selection page, click Add User and specify the users DNs to
sync. Specify user DNs that are under the Base DN that you entered in the Base DN text box
in the Add Directory page. If a user DN is outside the Base DN, users from that DN will be
synced but will not be able to log in. Click Save and Next.

12 Review the Dry Run Check tab, read the summary, click Sync and Complete to start the sync
to the directory. The connection to Active Directory will be established, and users and group
names are synced from the Active Directory to the VMware Identity Manager directory.

13 Click Submit.

14 To edit, click the Edit icon on the specific active directory in the list of active directories. Any
information added is appended to the configuration on VMware Identity Manager. However,
any removal through editing only removes the configuration from the vRealize Suite Lifecycle
Manager inventory and not from the VMware Identity Manager.

VMware, Inc. 62
vRealize Suite Lifecycle Manager 8.6 Installation, Upgrade, and Management Guide

15 To delete, click the Delete icon on the specific active directory in the list of active directories.
The delete action deletes the active directory only from the vRealize Suite Lifecycle Manager
inventory and not from VMware Identity Manager.

Add Active Directory with Integrated Windows Authentication

You can create this directory type when you plan to connect to a multi-domain Active Directory
environment. The connector binds to Active Directory using Integrated Windows Authentication.

Prerequisites

Verify that you have the required user credentials to add a directory.

Procedure

1 Click Identity and Tenant Management on the My Services dashboard.

2 Navigate to Directory Management tab, click Directories.

3 Click +Add Directory and click Add Active Directory Over IWA.

4 On the Directory Detail tab:

Fields Description

Directory Information Enter a valid Directory Name.

Directory Sync and Authentication Select the connector to sync with Active Directory. Connector is a VMware
Identity Manager service component that synchronizes users and group
data between Active Directory andVMware Identity Manager service. It
authenticates users. Each VMware Identity Manager appliance node contains
a default connector component. If necessary, a dedicated connector can
also be deployed through a global environment scale-out.

Authentication Enabled You can indicate whether the selected connector also performs
authentication. If you are using a third-party identity provider to
authenticate users, click No.

Directory Search Attribute Select a search attribute from the drop-down menu.

Certificates n If your Active Directory requires access over SSL/TLS, select the
Directory requires all connections to use STARTTLS check box in
the Certificates section, and copy and paste the domain controllers
Intermediate (if used) and Root CA certificates into the SSL Certificate
text box. Enter the Intermediate CA certificate first, then the Root
CA certificate. Ensure that each certificate is in the PEM format and
includes the BEGIN CERTIFICATE and END CERTIFICATE lines. If the
domain controllers have certificates from multiple Intermediate and Root
Certificate Authorities, enter all the Intermediate-Root CA certificate
chains, one after the other. If your Active Directory requires access over
SSL/TLS and you do not provide the certificates, you cannot create the
directory.

VMware, Inc. 63
vRealize Suite Lifecycle Manager 8.6 Installation, Upgrade, and Management Guide

Fields Description

Join Domain Details Enter the Domain Name, Domain Admin user name, and Domain Password.

Bind User Details n Enter the Bind Username and Bind Password of the bind user who has
permission to query users and groups for the required domains. Enter
the user name as sAMAccountName@domain, where domain is the fully
qualified domain name. Using a Bind user account with a non-expiring
password.

5 Click Create and Next.

You can select the domains that should be associated with the Active Directory connection.

6 On the Domain Selection Detail tab, select the domain and click Submit and Next.

The Active Directory with IWA populates the list of domains and you can select or edit the
domains as required.

7 To verify that the VMware Identity Manager directory attribute names are mapped to the
correct Active Directory attributes, on the Map Attribute tab, select the required attribute
and click Submit and Next.

8 On the Group Selection tab, specify the Group DN details and click Next.

To select groups, click Add Group Distinguished Name, and specify one or more group DNs
and select the groups under them. Specify group DNs that are under the Base DN that you
entered in the Base DN text box in the Add Directory section. If a group DN is outside the
Base DN, users from that DN will be synced but you cannot log in.

When you sync a group, any users that do not have Domain Users as their primary group in
Active Directory are not synced.
a Select the Sync Nested Group Members option.

9 On the User Selection tab, enter the User DN details and click Next.

Note When this option is enabled, all the users that belong directly to the group you select
and all the users that belong to nested groups under it are synced when the group is entitled.
Note that the nested groups are not synced; only the users that belong to the nested
groups are synced. In the VMware Identity Manager directory, these users are members of
the parent group that you selected for sync. If the Sync nested group members option is
disabled, when you specify a group to sync, all the users that belong directly to that group
are synced. Users that belong to nested groups under it are not synced. Disabling this option
is useful for large Active Directory configurations where traversing a group tree is resource
and time intensive. If you disable this option, ensure that you select all the groups whose
users you want to sync.

Suite administrators is a user name in the Active Directory who acts as an Admin user for the
deployed suite products, Logs, and AD table.

10 On the Dry Run Check tab, read the Summary.

VMware, Inc. 64
vRealize Suite Lifecycle Manager 8.6 Installation, Upgrade, and Management Guide

11 Click Sync and Complete to start the sync to the directory. The connection to Active
Directory will be established and users and group names are synced from the Active
Directory to the VMware Identity Manager directory.

12 Click Submit.

13 To edit, click the Edit icon on the specific active directory in the list of active directories.
Any information added, gets appended to the configuration on VMware Identity Manager.
However, if remove through editing you can only remove the configuration from the vRealize
Suite Lifecycle Manager inventory and not from the VMware Identity Manager.

14 To delete, click the Delete icon on the specific active directory in the list of active directories.
You can delete the active directory only from vRealize Suite Lifecycle Manager inventory and
not from VMware Identity Manager.

Tenant Management in vRealize Suite Lifecycle Manager

Starting from 8.1, vRealize Suite Lifecycle Manager supports creating and managing of tenants.
Tenants are created in VMware Identity Manager and are associated with products that are
tenant-aware. So, apart from managing directories on top of VMware Identity Manager, tenants
are also managed. Tenancy support is only available from VMware Identity Manager 3.3.2. The
previously called User Management is now renamed to Identity and Tenant Management.

Multi-Tenancy Overview
This section describes the key concepts and terminologies required to be understood before
starting with multi-tenancy.

Get Familiar with the Tenant Management Terms

Note The master tenant is now referred to as primary tenant.

n Tenant - It is the highest level in an organizational structure in VMware Identity Manager.

All objects like directories, users, groups, third party IDPs are maintained individually for
each tenant. Each tenant is isolated from the rest of the tenants and they do not share any
resource with each other.

n Primary Tenant - There is always at least one tenant (primary, default or base) present in the
VMware Identity Manager which is called as primary tenant.

For vRealize Automation 7.x users, this is the 'vsphere.local' that was present out of the box
in a vRealize Automation 7.x deployments. The primary tenant in vRealize Automation 7.x
was by default bootstrapped with 'vsphere.local' as its name. But this does not happen in
a standalone deployment of VMware Identity Manager. The primary tenant name is formed
based on the first VMware Identity Manager node that gets deployed and bootstrapped. For
example, if 'idm1.vmwlab.local' is the first VMware Identity Manager node that gets deployed,

VMware, Inc. 65
vRealize Suite Lifecycle Manager 8.6 Installation, Upgrade, and Management Guide

then when you bootstrap VMware Identity Manager, primary tenant is created with name
'idm1'. Nodes further getting scaled-out like 'idm2.vmwlab.local' and 'idm3.vmwlab.local' does
not effect. The primary tenant name is formed only once and remains the same in a single or
clustered instance.

n Primary Tenant Alias - You cannot create sub tenants in VMware Identity Manager under the
primary tenant until a few configurations are set and enabled. Setting an alias name for the
primary tenant is one such important configuration. An alias must be created on the primary
tenant and the primary tenant should always be accessed through the primary tenant alias
FQDN on a single node or a clustered instance.

n Provider Admin - An admin who owns the management infrastructure, that includes VMware
Identity Manager, vRealize Automation and other products. The admin creates and manages
all the tenants and associates products with tenants. The vRealize Suite Lifecycle Manager
admin user, 'admin@local' is the only provider admin and is authorized to perform tenant
management functionalities.

n Tenant Admin - An admin with the highest level of administrative permission in each VMware
Identity Manager tenant. This permission can be assigned to both local VMware Identity
Manager users and Active Directory users present within the VMware Identity Manager
tenant.

n Tenant Aware Products - Products that support multi-tenancy and maintains proper isolation
with each logical tenant instance are tenant aware products. They have one to one mapping
with VMware Identity Manager tenants. As of vRealize Suite Lifecycle Manager 8.1 release,
only vRealize Automation 8.1 is tenant aware.

n vRealize Automation Organization and Organization Owner - In vRealize Automation 8.x,

organization is the top-level construct and it maps 1:1 with VMware Identity Manager tenant.
Organization Owner has administrative permission in the vRealize Automation Organization
or tenant. While adding tenants and associating vRealize Automation with the newly added
tenant, the VMware Identity Manager tenant admin becomes the organization owner for the
new tenant. For more information on adding tenants, see Adding Tenants.

n Directory - Directories are second level of objects in VMware Identity Manager. It represents
an external identity store or provider like Active Directory (AD) or an OpenLDAP server.
There are multiple variants of directory supported in VMware Identity Manager. You can add
Active Directory Over LDAP and Active Directory with IWA in the Directory Management
section.

n Directory Synchronization - While adding directories, configuration options are provided to

filter and synchronize the required users and groups from the Identity Store or provider to
the VMware Identity Manager database. Only after a successful sync, you can integrate the
users and groups with VMware Identity Manager.

n Directories in tenant - Each tenant can contain several directories. The same directory
configuration can be present in multiple tenants, however, it is considered a separate
directory. For example: You have added Directory A in primary tenant with some directory
configurations (User DNs, Group DNs, Sync configurations). And you have two sub-tenants

VMware, Inc. 66
vRealize Suite Lifecycle Manager 8.6 Installation, Upgrade, and Management Guide

named Tenant-1 and Tenant-2. The same directory configurations of directory A can be used
on to add directories A1 and A2 on each of the sub-tenants respectively, so that the same
set of users and groups are synced in sub-tenants - Tenant-1 and Tenant-2. After adding, any
changes to the sync configurations of directory A in primary tenant will not affect directories
A1 and A2 and its synced users and groups in Tenant-1 and Tenant-2. All three directories
and its configurations are independent of each other. All three directories are affected only
if the external identity store or provider changes. For example, if users or groups are getting
removed directly from the Identity provider then it influences all three directories in all three
tenants.

Figure 2-1. Multi-Tenancy Model

VMware, Inc. 67
vRealize Suite Lifecycle Manager 8.6 Installation, Upgrade, and Management Guide

Multi-Tenancy Model
This section describes multi-tenancy model explaining how tenants can be accessed through
tenant FQDNs and the importance of enabling multi-tenancy along with the certificate, and DNS
requirements.

Enabling Multi-Tenancy
The master tenant is now referred to as primary tenant. Even though on day-0, the out-of-the-
box VMware Identity Manager includes a primary tenant already available, this is kept at a
minimal configuration and further creation of tenants below the primary tenant is not possible. A
sequence of configurations and API calls are to be performed on the VMware Identity Manager
to enable multi-tenancy. There must be an alias name created for the primary tenant when you
enable multi-tenancy. For more information on enabling multi-tenancy, see Enable Multi-Tenancy.

For example, a VMware Identity Manager with FQDN 'idm1.vmwlab.local' can already have a
primary tenant with name 'idm1'. Before enabling multi-tenancy, it is mandatory to create an alias
for the primary. For example, 'master-tenant' set and use the same alias name everywhere the
primary tenant is referred.

Tenant FQDNs
By default, tenants created on VMware Identity Manager are accessed through tenant URLs
which are nothing but FQDNs mapped to the VMware Identity Manager server. Every
tenant has its own tenant FQDN. For example, on a single node VMware Identity Manager
with hostnameidm1.vmwlab.local, with the primary tenant name (idm1) and primary tenant
alias (master-tenant), the primary tenant should be accessed through its FQDN master-
tenant.vmwlab.local. If a new tenant (tenant1) is created, then it must be accessed only
through tenant1.vmwlab.local.

Since every tenant requires a dedicated FQDN, creating tenants on VMware Identity Manager
mandatorily requires a A-type DNS record mapping the tenant FQDN to the VMware Identity
Manager server IP address. For a clustered VMware Identity Manager deployment, every tenant
FQDN must be having an A-type record mapping to the VMware Identity Manager load balancer
IP address.

The same model applies to vRealize Automation as well. When vRealize Automation is associated
with a tenant, the vRealize Automation tenant must be accessed by vRealize Automation
tenant FQDNs. For example, VMware Identity Manager with FQDN idm1.vmwlab.local having
a tenant 'tenant1' accessible through tenant1.vmwlab.local and vRealize Automation 8.1

VMware, Inc. 68
vRealize Suite Lifecycle Manager 8.6 Installation, Upgrade, and Management Guide

vra1.vmwlab.local integrated with this VMware Identity Manager and associated with 'tenant1'.
As mentioned, vRealize Automation tenant and VMware Identity Manager tenant maps 1:1, so the
primary tenant vRealize Automation can still be accessed by vra1.vmwlab.local and 'tenant 1'
vRealize Automation must be accessed by tenant1.vra1.vmwlab.local.

Note There is a difference between VMware Identity Manager and vRealize Automation
tenant FQDNs. For a VMware Identity Manager instance, the tenant FQDN format is tenant
name (tenant1) followed by the VMware Identity Manager domain name (vmwlab.local). For
example, tenant1.vmwlab.local. Since it is tenant name followed by domain, it remains the
same even for clustered VMware Identity Manager. For a vRealize Automation, the vRealize
Automation tenant FQDN format is tenant name (tenant1) followed the vRealize Automation
server FQDN (vra1.vmwlab.local) For example, tenant1.vra1.vmwlab.local. For a clustered
vRealize Automation behind a load-balancer vra-lb.vmwlab.local, tenant 1 must be accessed
through tenant1.vra-lb.vmwlab.local.

Similar to VMware Identity Manager, even vRealize Automation tenant FQDNs require DNS
mapping. But for a vRealize Automation it should be CNAME type record mapping the vRealize
Automation tenant FQDNs to the vRealize Automation server FQDN. For a clustered vRealize
Automation deployment, all vRealize Automation tenant FQDNs must be having a CNAME type
DNS record pointing to the vRealize Automation load balancer FQDN.

Apart from having DNS mappings as a mandatory pre-requisite, certificates are also mandatory
for tenancy to work. Both VMware Identity Manager, vRealize Automation servers and its
load balancers depending on the deployment architecture should have their corresponding
certificates holding all the required tenant FQDNs.

Tenant FQDNs on a single node setup

n VMware Identity Manager Node: idm1.vmwlab.local

vRealize Automation Node: vra1.vmwlab.local

Primary tenant alias name: master-tenant

Tenants: tenant-1, tenant-2

VMware Identity Manager Tenant

Tenant Names FQDNs vRealize Automation Tenant FQDNs

master-tenant https://master-tenant.vmwlab.local https://vra1.vmwlab.local

tenant-1 https://tenant-1.vmwlab.local https://tenant-1.vra1.vmwlab.local

tenant-2 https://tenant-2.vmwlab.local https://tenant-2.vra1.vmwlab.local

Tenant FQDNs on a clustered setup

n VMware Identity Manager Load balancer: idm-lb.vmwlab.local

VMware Identity Manager Nodes: idm1.vmwlab.local, idm2.vmwlab.local,

idm3.vmwlab.local

VMware, Inc. 69
vRealize Suite Lifecycle Manager 8.6 Installation, Upgrade, and Management Guide

vRealize Automation Load balancer: vra-lb.vmwlab.local

vRealize Automation Nodes: vra1.vmwlab.local, vra2.vmwlab.local,

vra3.vmwlab.local

Primary tenant alias name: master-tenant

Tenants: tenant-1, tenant-2

VMware Identity Manager Tenant

Tenant Names FQDNs vRealize Automation Tenant FQDNs

master-tenant https://master-tenant.vmwlab.local https:// vra-lb.vmwlab.local

tenant-1 https://tenant-1.vmwlab.local https://tenant-1.vra-lb.vmwlab.local

tenant-2 https://tenant-2.vmwlab.local https://tenant-2.vra-lb.vmwlab.local

Note After you enable multi-tenancy, VMware Identity Manager should only be accessed
through its tenant FQDNs. The old FQDNs and hostnames (idm1.vmwlab.local, idm2.vmwlab.local,
idm3.vmwlab.local & idm-lb.vmwlab.local) becomes invalid.

Mandatory Certificate Requirements

Depending on the deployment type of VMware Identity Manager and vRealize Automation,
their corresponding server certificates should have all the tenant FQDNs present within itself.
Since each tenant forms its own tenant FQDN (both VMware Identity Manager tenant FQDN
and vRealize Automation tenant FQDN), every created tenant requires its tenant FQDN to be

VMware, Inc. 70
vRealize Suite Lifecycle Manager 8.6 Installation, Upgrade, and Management Guide

added as part of both VMware Identity Manager and vRealize Automation certificates. Enabling
multi-tenancy on VMware Identity Manager also requires VMware Identity Manager certificates
updated as the primary tenant gets a new alias name and primary tenant FQDN undergoes a
change.

VMware, Inc. 71
vRealize Suite Lifecycle Manager 8.6 Installation, Upgrade, and Management Guide

Note
n When you change the certificates on VMware Identity Manager to enable multi-tenancy
or creating tenants, this brings down the service and leads to a downtime. If VMware
Identity Manager certificate is changed, then it goes for a service downtime. The products
or services integrated with VMware Identity Manager for their authentication purpose cannot
use VMware Identity Manager auth log-in during the downtime. Also, changing VMware
Identity Manager certificate requires retrust on all product or services which again lead to
a downtime for the products.

n For every new tenant that is created and associated with vRealize Automation, even vRealize
Automation certificates must be changed and this causes service downtime for vRealize
Automation.

n To avoid service down-times on vRealize Automation, VMware Identity Manager and other
products or services integrated with VMware Identity Manager, it is generally recommended
to have wild-card certificates. For a new tenant, any change made in the VMware Identity
Manager certificate or vRealize Automation certificate, can create a downtime in vRealize
Automation.

n If wild-card certificates are not used, then specific SAN entries are to be created for each
tenant FQDN on all required certificates.

n The vRealize Suite Lifecycle Manager locker service helps in managing certificates on
the VMware Identity Manager and vRealize Automation server nodes. With vRealize Suite
Lifecycle Manager, when you replace VMware Identity Manager certificate, the retrust of
VMware Identity Manager certificate on all products is performed automatically.

n Products or services external to vRealize Suite Lifecycle Manager is handled manually. Locker
service does not handle updating load balancer certificates. They are to be done by the user
manually. Whenever load-balancer certificates are changed, the same had to be re-trusted on
the products.

n For VMware Identity Manager, the VMware Identity Manager Certificate update or replace
operation in vRealize Suite Lifecycle Manager internally makes sure the VMware Identity
Manager load balancer certificate is re-trusted before updating the VMware Identity
Manager server certificates. So, it is recommended to first change the VMware Identity
Manager load balancer certificate manually and then do a VMware Identity Manager
certificate to update or replace through vRealize Suite Lifecycle Manager locker service.

n For a vRealize Automation 8.x, when SSL is terminated at vRealize Automation load
balancer and load balancer certificate is changed manually, then make sure to click
'Re-trust Load Balancer' under the vRealize Automation 8.x product card to re-trust the
load-balancer certificate in vRealize Automation. For more details, see Day 2 Operations
with Other Products in vRealize Suite Lifecycle Manager.

VMware, Inc. 72
vRealize Suite Lifecycle Manager 8.6 Installation, Upgrade, and Management Guide

Mandatory DNS Requirements

For a single node VMware Identity Manager, you require A-type DNS records highlighting the
tenant FQDNs to the VMware Identity Manager server IP address. And for a clustered VMware
Identity Manager, A-type DNS records are required pointing the tenant FQDNs to the VMware
Identity Manager load-balancer IP address.

For vRealize Automation, for a single node, CNAME type DNS records are required pointing
vRealize Automation tenant FQDNs to the vRealize Automation server FQDN. And for a clustered
vRealize Automation, CNAME type DNS records pointing vRealize Automation tenant FQDNs to
the vRealize Automation load-balancer FQDN.

Requirements for multi-tenancy

Figure 2-2. Single node VMware Identity Figure 2-3. Both VMware Identity Manager and
Manager and vRealize Automation vRealize Automation Cluster

icm.vmwlab.local idm1.vmwlab.local idm2.vmwlab.local idm3.vmwlab.local vra1.vmwlab.local vra2.vmwlab.local vra3.vmwlab.local Master-Tenant Tenant-1 Tenant-2
192.168.110.49 192.168.110.50 192.168.110.54 192.168.110.55 192.168.110.51 192.168.110.52 192.168.110.53 (master tenant alias = master-tenant)

DNS Requirements S.A.N. Certificate Requirements

icm.vmwlab.local idm.vmwlab.local vra.vmwlab.local Master-Tenant Tenant-1 Tenant-2
192.168.110.49 192.168.110.50 192.168.110.51 (master tenant alias = master-tenant)
Main A Type Records Multi-Tenancy A Type Records vIDM Certificate vIDM LB Certificate (LB Terminated)
icm.vmwlab.local -> 192.168.110.49 master-tenant.vmwlab.local -> 192.168.110.60 Host Name: Host Name:
DNS Requirements S.A.N. Certificate Requirements
idm1.vmwlab.local. -> 192.168.110.50 tenant-1.vmwlab.local -> 192.168.110.60 idm1.vmwlab.local, idm-lb.vmwlab.local,
idm2.vmwlab.local. -> 192.168.110.54 idm2.vmwlab.local, master-tenant.vmwlab.local,
idm3.vmwlab.local. -> 192.168.110.55 tenant-2.vmwlab.local -> 192.168.110.60 idm3.vmwlab.local, tenant-1.vmwlab.local,
master-tenant.vmwlab.local, tenant-2.vmwlab.local
Main A Type Records vIDM Certificate vra1.vmwlab.local. -> 192.168.110.51
Multi-Tenancy CNAME Type Records
tenant-1.vmwlab.local,
vra2.vmwlab.local. -> 192.168.110.52 tenant-2.vmwlab.local
icm.vmwlab.local -> 192.168.110.49 Host Name: vra3.vmwlab.local. -> 192.168.110.53
idm.vmwlab.local. -> 192.168.110.50 tenant-1.vra-lb.vmwlab.local ->
idm-lb.vmwlab.local -> 192.168.110.60 vra-lb.vmwlab.local vRA Certificate vRA LB Certificate (LB Passthrough)
vra.vmwlab.local. -> 192.168.110.51 idm1.vmwlab.local, Host Name: Certifiacte is not required
master-tenant.vmwlab.local, vra-lb.vmwlab.local -> 192.168.110.61 tenant-2.vra-lb.vmwlab.local ->
vra-lb.vmwlab.local vra1.vmwlab.local, • You have the option to use Wildcard for vIDM LB as
tenant-1.vmwlab.local, vra2.vmwlab.local, (*vmwlab.local) and for vRA as (*.vmwlab.local,
tenant-2.vmwlab.local vra3.vmwlab.local, * vralb.vmwlab.local) to make things
vralb.vmwlab.local, simplier to manage.
tenant-1.vralab.vmwlab.local,
Multi-Tenancy A Type Records tenant-2.vralab.vmwlab.local
master-tenant.vmwlab.local -> 192.168.110.50
tenant-1.vmwlab.local -> 192.168.110.50
tenant-2.vmwlab.local -> 192.168.110.50 vRA Certificate
Host Name:
vra.vmwlab.local,
tenant-1.vra.vmwlab.local,
Multi-Tenancy CNAME Type Records tenant-2.vra.vmwlab.local

tenant-1.vra-lb.vmwlab.local -> vra.vmwlab.local • You have the option to use Wildcard for vIDM LB as
tenant-2.vra-lb.vmwlab.local -> vra.vmwlab.local (*vmwlab.local) and for vRA as (*.vmwlab.local, * vralb.vmwlab.local)
to make things simplier to manage.

Figure 2-4. vIDM Single and vRA Clustered Figure 2-5. VMware Identity Cluster and
vRealize Automation Single
icm.vmwlab.local icm.vmwlab.local vra1.vmwlab.local vra2.vmwlab.local vra3.vmwlab.local Master-Tenant Tenant-1 Tenant-2
192.168.110.49 192.168.110.50 192.168.110.51 192.168.110.52 192.168.110.53 (master tenant alias = master-tenant)

DNS Requirements S.A.N. Certificate Requirements

icm.vmwlab.local idm1.vmwlab.local idm2.vmwlab.local idm3.vmwlab.local vra.vmwlab.local Master-Tenant Tenant-1 Tenant-2
192.168.110.49 192.168.110.50 192.168.110.54 192.168.110.55 192.168.110.51 (master tenant alias = master-tenant)
Main A Type Records Multi-Tenancy A Type Records vIDM Certificate
icm.vmwlab.local -> 192.168.110.49 master-tenant.vmwlab.local -> 192.168.110.50 Host Name:
• You have the option to use Wildcard for vIDM as
(*vmwlab.local) and for vRA as (*.vmwlab.local, DNS Requirements S.A.N. Certificate Requirements
idm.vmwlab.local. -> 192.168.110.50 tenant-1.vmwlab.local -> 192.168.110.50 idm.vmwlab.local,
* vralb.vmwlab.local) to make things
master-tenant.vmwlab.local,
simplier to manage.
vra1.vmwlab.local. -> 192.168.110.51 tenant-2.vmwlab.local -> 192.168.110.50 tenant-1.vmwlab.local,
vra2.vmwlab.local. -> 192.168.110.52
Main A Type Records Multi-Tenancy A Type Records vIDM Certificate vIDM LB Certificate (LB Terminated)
tenant-2.vmwlab.local
vra3.vmwlab.local. -> 192.168.110.53 icm.vmwlab.local -> 192.168.110.49 master-tenant.vmwlab.local -> 192.168.110.60 Host Name: Host Name:
Multi-Tenancy CNAME Type Records
idm1.vmwlab.local. -> 192.168.110.50 tenant-1.vmwlab.local -> 192.168.110.60 idm1.vmwlab.local, idm-lb.vmwlab.local,
vra-lb.vmwlab.local -> 192.168.110.61 vRA Certificate vRA LB Certificate (LB Passthrough)
tenant-1.vra-lb.vmwlab.local -> Host Name: Certifiacte is not required idm2.vmwlab.local. -> 192.168.110.54 idm2.vmwlab.local, master-tenant.vmwlab.local,
vra-lb.vmwlab.local idm3.vmwlab.local. -> 192.168.110.55 tenant-2.vmwlab.local -> 192.168.110.60 idm3.vmwlab.local, tenant-1.vmwlab.local,
idm-lb.vmwlab.local. -> 192.168.110.60 master-tenant.vmwlab.local, tenant-2.vmwlab.local
vra1.vmwlab.local,
tenant-2.vra-lb.vmwlab.local -> vra2.vmwlab.local, tenant-1.vmwlab.local,
vra-lb.vmwlab.local vra.vmwlab.local. -> 192.168.110.51 Multi-Tenancy CNAME Type Records tenant-2.vmwlab.local
vra3.vmwlab.local,
vralb.vmwlab.local,
tenant-1.vra.vmwlab.local ->
tenant-1.vralab.vmwlab.local,
vra.vmwlab.local Host Name: • You have the option to use
tenant-2.vralab.vmwlab.local
Wildcard for vIDM LB as
tenant-2.vra.vmwlab.local -> vra.vmwlab.local, (*vmwlab.local) and for vRA as
vra.vmwlab.local tenant-1.vra.vmwlab.local, (*.vmwlab.local, * vra.vmwlab.local)
tenant-2.vra.vmwlab.local to make things simplier to manage.

Enable Multi-Tenancy
Multi-tenancy feature is not enabled out-of-the-box. You can opt-in for enabling multi-tenancy.

Prerequisites

n The VMware Identity Manager global environment version should be 3.3.2 or later.

VMware, Inc. 73
vRealize Suite Lifecycle Manager 8.6 Installation, Upgrade, and Management Guide

n Verify if the inventories are synchronized for all the environments in vRealize Suite Lifecycle
Manager and all environments and products are up to date. This is to discover all the VMware
Identity Manager-product integrations required for VMware Identity Manager re-register.

n Verify if the VMware Identity Manager global environment certificate is managed through the
vRealize Suite Lifecycle Manager Locker service.

n Ensure to take a snapshot of VMware Identity Manager. It is recommended, since enabling

multi-tenancy transforms VMware Identity Manager to be accessed through tenant FQDNs
and existing VMware Identity Manager URLs will not be accessible.

n For a clustered VMware Identity Manager, verify VMware Identity Manager cluster health
status is green by triggering cluster health. For more information, Day 2 Operations with
Other Products in vRealize Suite Lifecycle Manager

n Verify the VMware Identity Manager certificate is updated with the primary tenant alias
FQDN. Also ensure that the A-type DNS record is added mapping the primary tenant alias
FQDN. For more information about Mandatory Certificate and DNS requirements, see Multi-
Tenancy Model.

Procedure

1 Click Identity and Tenant Management and navigate to Tenant Management.

2 Read the Opt-in message and click Enable Tenancy.

3 Enter the primary tenant Alias name.

Ensure such a hostname or FQDN does not already exist. While enabling multi-tenancy, this
FQDN is assigned to the primary tenant.
Ensure all products currently integrated with global environment VMware Identity Manager
are already listed and selected for re-registration against the new primary tenant alias FQDN
in the 'Product Re-registration' table. For more information on Product References, see
Product References.

4 Click Submit, after you validate the entries.

After you enable multi-tenancy on the VMware Identity Manager, it can only be accessed
through its tenant FQDNs, and at this point as the primary tenant is the only available tenant,
primary tenant alias FQDN is the only endpoint through which VMware Identity Manager
can be accessed. Once the vRealize Suite Lifecycle Manager enable multi-tenancy request is
completed, create tenants from the Tenant Management tab.

Tenant Management
This section describes all the tenant management functionalities available for vRealize Suite
Lifecycle Manager.

While you are managing your tenants, you can add, delete, search and manage your tenants
also.

VMware, Inc. 74
vRealize Suite Lifecycle Manager 8.6 Installation, Upgrade, and Management Guide

Add Tenants
Add Tenant allows you to add tenants to VMware Identity Manager along with creating a tenant
admin and optionally add directories to the created tenant and associate tenant-aware products
to the newly created tenant.

When you add a tenant, the workflow also contains a pre-check step which validates all the given
inputs and selected environments to make sure tenant creation and product associations work
seamlessly.

Prerequisites

n Verify that you have DNS configured in both vRealize Automation and VMware Identity
Manager. To access a tenant, the DNS server must be configured correctly before starting
the vRealize Suite Lifecycle Manager flow 'Add Tenant' flow.

n Ensure that the A-type DNS record is added for the new tenant FQDN. For a multi-SAN
environment, ensure that VMware Identity Manager certificate is updated with the new tenant
FQDN that is to be created. For more details, see Multi-Tenancy Model. For all the vRealize
Automation instances that are to be associated with the new tenant ensure that the CNAME
type DNS records are added and certificate requirements are met.

n For all the vRealize Automation instances that are to be associated with the new tenant
ensure that the CNAME type DNS records are added and certificate requirements are
entered.

Procedure

1 On the My Services dashboard, click Identity and Tenant Management.

2 Navigate to Tenant Management, click ADD TENANT.

3 Enter a tenant name and under the Administrator Details, enter Username, First Name, Last
name, Email ID, and Password of the Tenant Admin.

4 Click Next.

5 (Optional) On the Directory Details tab, choose the directories from primary tenant that are
to be migrated to the new tenant being created.

You can find the existing directory names listed in the directory column.

6 You can select any directories and click Next.

a Opt-in for migrate directories lists all the existing directories from the primary tenant. Only
AD Over LDAP and AD with IWA directories is listed.

b To migrate, select the directories.

c Enter the passwords that are required for validation

d Click Validate. Once validation is successful, click Save and Next.

VMware, Inc. 75
vRealize Suite Lifecycle Manager 8.6 Installation, Upgrade, and Management Guide

7 Select that products that are should be associated with the new tenant. For vRealize Suite
Lifecycle Manager 8.1 and later releases, vRealize Automation 8.1 and later releases can be
listed.

Note Verify that you have considered the recommendation given for both certificate and
DNS.

8 Click Save and Next.

9 Click Run a Precheck to the validate the tenant details and certificate details.

n Tenant Name validation Check – To validate the entered tenant name matches criteria.

n Tenant Name Existence Check – To validate a tenant already exists.

n VMware Identity Manager Tenant FQDN Reachability and Resolvability Check

n VMware Identity ManagerTenant FQDN Certificate Check

n vRealize Automation Tenant FQDN Reachability and Resolvability Check

n vRealize Automation Tenant FQDN Certificate Check

a If the validations are not successful and if you want to make some changes, and resume
the tenant creation operation, click Save and Exit. The same wizard can be opened
anytime to re-run the precheck to complete and proceed.

b If the pre-check validations are green, click Save and Next. A summary of the whole
selection appears.

10 Click Next and Create Tenant changes after reading the summary.

You can view the tenant creation under the Request Details page. Both VMware Identity
Manager and vRealize Automation tenants can be accessed through its tenant FQDNs. For
more information, see Tenant Management in vRealize Suite Lifecycle Manager. You can log
in to both VMware Identity Manager tenant FQDN and vRealize Automation tenant FQDN
with the tenant admin credentials. The VMware Identity Manager tenant admin is also made
the organization owner in new tenant vRealize Automation.

Delete a Tenant
Delete tenant operation deletes the tenant from VMware Identity Manager including the
resources crated under that tenant. As of vRealize Suite Lifecycle Manager 8.1, delete tenant
option is only available for a tenant if there are no product associations.

Managing Tenants on Day 2

This section describes the Day 2 operations of a tenant. All operations that are available in the
'Add Tenant' wizard are available as an individual day-2 operation.
Manage Tenant Admins
When tenants are first created, only one local VMware Identity Manager user is created and that
user is given tenant admin permissions. You can add and manage tenants admin at later stage
when required.

VMware, Inc. 76
vRealize Suite Lifecycle Manager 8.6 Installation, Upgrade, and Management Guide

Manage Tenant Admins - Add Tenant Admins

This option is used to add a new local user in VMware Identity Manager and assign tenant admin
permission to that user.

1 Navigate to Identity and Tenant Management service and click Tenant Management.

2 To add an admin, select the tenant.

3 Click ADD TENANT ADMIN. The create tenant admin page loads

4 Enter the details for the new tenant admin and click Create Tenant Admin.

After you submit, a request is created that can be tracked for completion and user is listed in the
tenant admin list.
Manage Tenant Admins - Search and Assign
This option is used when there are users already present in the VMware Identity Manager under
the concerned tenant and requires tenant admin permission. The search can find both local
VMware Identity Manager users and Active Directory Users that are synced in the concerned
tenant. Multiple users can be searched and assigned with tenant admin permission. To search
users.

1 Navigate to Identity and Tenant Management service and click Tenant Management.

2 To add an admin, select the tenant.

3 Click SEARCH AND ASSIGN.

4 When all the users are selected, click Assign Tenant Admin.

After you submit, a request is created that can be tracked for completion and user is listed in the
tenant admin list
Associate Products
When the tenants are created, as a day-2 operation at any point, you can associate more
products. For vRealize Suite Lifecycle Manager 8.1 and later releases, only vRealize Automation
8.1 and later releases can be associated. Product Associations lists the current products that are
associated with the tenant. To add more association, click Add Product Association. Select the
product and check the recommendations given. For vRealize Automation 8.x, ensure that the
Certificate and DNS requirements are entered. Select the tenant admins from the list available.
The tenant admin is made the organization owner for the new tenant vRealize Automation. Run
pre-check to validate your entries and click Submit. Once the request completes, the associated
product is listed under the Product Association list.
Migrate Directories
Migrate directories day-2 is similar to the Add Tenant wizard. The directories tab inside the
tenant view lists the current directories that are present in the tenant.

Note These directories are read-only. vRealize Suite Lifecycle Manager does not allow complete
directory management for subtenant directories. Directory management is only available for
directories present in the primary tenant.

VMware, Inc. 77
vRealize Suite Lifecycle Manager 8.6 Installation, Upgrade, and Management Guide

When you click Add Directories, all the directories from the primary tenant are retrieved. Select
directories that are to be migrated, validate them, and then submit.

Using Tenant Migration

Tenant Migration is introduced to migrate tenants and specific tenant data for VMware Identity
Manager (now renamed as VMware Workspace ONE Access) using vRealize Suite Lifecycle
Manager.

Tenant Migration is supported for vRealize Suite Lifecycle Manager 8.2 Patch 1 and later releases.
It involves close coordination between VMware Identity Manager, vRealize Suite Lifecycle
Manager, and vRealize Automation.

vRealize Suite Lifecycle Manager migrates the following data of VMware Identity Manager for
vRealize Automation 7 environment to Global Environment of VMware Identity Manager version
3.3.3 and later releases:

n Tenants

n Directories

n Custom groups

n Roles and rule set

n User attributes

n Access policies

n Network ranges

n Third-party IDP configurations

Migrating VMware Identity Manager

Using vRealize Suite Lifecycle Manager, you can migrate VMware Identity Manager.

Prerequisites

n The SMTP information of the source tenant must be configured on the Global Environment of
VMware Identity Manager. This information is required to receive email instructions to reset
the password for all local users. Prior to tenant migration, all local users in the source tenant
must have valid email IDs.

n For custom group migration, you must enable remote connection from the Global
Environment of VMware Identity Manager to the vRealize Automation 7.x database. Refer
to KB 81219 for more information on enabling remote connection.

n Ensure that you have DNS configured in vRealize Automation and VMware Identity Manager.

n Ensure that the source vRealize Automation 7.x environment is in a healthy state and
directories are synced before tenant migration.

VMware, Inc. 78
vRealize Suite Lifecycle Manager 8.6 Installation, Upgrade, and Management Guide

Procedure

1 On the My Services dashboard of vRealize Suite Lifecycle Manager, click Identity and Tenant
Management.

2 Select Tenant Management, and then click Tenant Migrations.

3 Read the information on VMware Identity Manager Tenant Migration and vRealize Automation
Tenant Mapping, and then click Continue.

4 On the Environment Selection tab, select the Source Environment and Target Environment.

Based on your source and the target environment selection, you can view a tabular
representation of the available tenants on the source vRealize Automation. You can also view
the status of the migrated or merged tenants on the vRealize Automation 8 environment.

5 Click Next.

6 On the Tenant Migration Workflow page, you can view the workflow of Tenant Migration and
Tenant Merge, and understand the correlation between the two operations.

vRealize Suite Lifecycle Manager also creates 7.x endpoint when adding a new tenant on
vRealize Automation 8 environment. In Tenant Merge, the directories and tenants are already
created on the source vRealize Automation 8 environment. vRealize Suite Lifecycle Manager
creates the 7.x endpoint to the existing tenants on vRealize Automation 8 environment,
so that you can migrate the business groups, infrastructure, and other specific tenants on
vRealize Automation.

7 Click SAVE AND NEXT and read the list of manual steps which must be performed to
proceed with the migration. Select the check box to confirm that you have read and verified
the prerequisites and limitations.

8 To specify the Tenant Migration Workflow, enter these details on the Tenant Details tab.

a Select the Source Tenant.

The source tenants listed are not the migrated or merged tenants.

b Enter the Tenant Name.

c Under Target Tenant administrator details, enter the Target Tenant Username, First
Name, Last Name, valid Email ID, and Password.

Note To migrate a directory is a one-time operation, select all the directories which must
be migrated. If the required directories are not selected during migration, you have to
perform this operation manually.

d Click SAVE AND NEXT.

9 To specify a directory that must be migrated from the source vRealize Automation 7 version
to vRealize Automation 8 version tenant, select one of these directories on the Directory
Migration tab.

n System Directory: Connector selection and password creation are not required.

VMware, Inc. 79
vRealize Suite Lifecycle Manager 8.6 Installation, Upgrade, and Management Guide

n JIT directory: Connector selection and password creation are not required.

n Active Directory over LDAP: Select a Windows or Linux target Connector and enter the
Bind Password.

n OpenLDAP: Select a Windows or Linux target Connector and enter the Bind Password.

n Active Directory with IWA: You can only select a Windows target Connector for the
VMware Identity Manager version 3.3.3. Enter the Bind Password and Domain Admin
Password that is required for migration.

Note
n For a FIPS-enabled VMware Identity Manager version 3.3.5, the AD users and bind
user password should be of length fourteen characters.

n To migrate a directory is a one-time operation, select all the directories which must
be migrated. If the required directories are not selected during migration, you have to
perform this operation manually.

10 Click Validate. After a successful validation, click SAVE AND NEXT.

11 Click Run Precheck to validate the tenant details and certificate details. Click SAVE AND
NEXT.

12 On the Summary Step tab, you can view the summary of your selections.

13 Click SUBMIT if your validations are successful.

If the validations are not successful and you want to make changes, and then resume the
tenant migration operation, click SAVE AND EXIT. The same wizard can be opened anytime
to rerun the precheck to proceed.

You can view the tenant migration details under the Request Details page. Both VMware
Identity Manager and vRealize Automation tenants can be accessed through its tenant
FQDNs.

Merging Tenants
In the Tenant Merge operation, the directories and tenants are already created on the target
vRealize Automation 8 environment.

vRealize Suite Lifecycle Manager creates the vRealize Automation 7.x endpoints to the
existing tenants on vRealize Automation 8 environment. You can migrate the business groups,
infrastructure, and other specific tenants on vRealize Automation.

Prerequisites

n vRealize Automation 8.1 did not require you to accept a source certificate during migration
assessment. To merge or manage the tenant using vRealize Suite Lifecycle Manager, you can
delete the manually added source environment from vRealize Automation.

n Ensure that the VMware Identity Manager specific data is migrated to the target data in the
Global Environment.

VMware, Inc. 80
vRealize Suite Lifecycle Manager 8.6 Installation, Upgrade, and Management Guide

Procedure

1 On the My Services dashboard of vRealize Suite Lifecycle Manager, click Identity and Tenant
Management.

2 Select Tenant Management, and then click Tenant Migrations.

3 Read the information on VMware Identity Manager Tenant Migration and vRealize Automation
Tenant Mapping, and then click Continue.

4 On the Environment Selection tab, select the Source Environment and Target Environment.

Based on your source and the target environment selection, you can view a tabular
representation of the available tenants on the source vRealize Automation. You can also view
the status of the migrated or merged tenants on vRealize Automation 8 environment.

5 Click Next and on the Tenant Migration Workflow page, you can view the workflow of Tenant
Migration and Tenant Merge.

6 On the Merge Details tab, you can select one or multiple tenant mappings for vRealize
Automation 7.x and merge it with the same or different destination tenants for vRealize
Automation 8.x.

If you cannot view the target tenant, perform an inventory sync, or perform a product
association for the tenant.

7 Click Next and you can view the summary of your selections on the Summary Step tab.

8 Click SUBMIT if your validations are successful.

Note If the validations are not successful and you want to make changes, and then resume
the tenant merge operation, click SAVE AND EXIT. The same wizard can be opened anytime
to rerun the precheck to proceed.

VMware, Inc. 81
Creating an Environment in
vRealize Suite Lifecycle Manager 3
You can create an environment and install vRealize Suite products.

For more information on the supported vRealize Suite products and versions, see System
Requirements.

This chapter includes the following topics:

n Create a New Private Cloud Environment Using the Installation Wizard

n Import an Existing Environment using Installation Wizard

n Create a Private Cloud Environment Using a Configuration File

n Creating Environments in vRealize Cloud

Create a New Private Cloud Environment Using the

Installation Wizard
You can use the installation wizard to create a private cloud environment and install vRealize
Suite products.

Prerequisites

n Configure Product Binaries for the products to install. See Configure Product Binaries.

n Ensure that you have added a vCenter server to the data center with valid credentials and
the request is complete.

n Generate a single SAN certificate with host names for each product to install from the
Certificate tab in the UI.

n Verify that your system meets the hardware and software requirements for each of the
vRealize Suite products you want to install. See the following product documentation for
system requirements.

n vRealize Automation documentation

n vRealize Business for Cloud documentation

n vRealize Operations Manager documentation

n vRealize Log Insight documentation

VMware, Inc. 82
vRealize Suite Lifecycle Manager 8.6 Installation, Upgrade, and Management Guide

n vRealize Automation SaltStack Config (formerly known as Salt Stack Enterprise) offers two
setup options:

n vRealize Automation SaltStack Config vRA-Integrated: This setup is introduced as a

part of vRealize Automation 8.3.0. SaltStack Config (SSC) is a single node setup,
which does not support multiple node setup or vertical scale up options. Prior to
installing SaltStack Config vRA-Integrated, ensure that the supported version of vRealize
Automation is installed. After vRealize Automation is installed, if multiple tenancy is not
enabled, the SaltStack instance associates with the base tenant of vRealize Automation.
When multi-tenancy is enabled in vRealize Automation, SaltStack Config vRA-Integrated
associates with the newly added tenants, and then proceeds with the installation. When
vRealize Automation is imported, the SaltStack Config vRA-Integrated instances which are
associated with vRealize Automation are also imported.

n vRealize Automation SaltStack Config Standalone: This setup has no dependency on

vRealize Automation.

For more information on installing and configuring Salt Stack in an vRealize Automation
environment, refer to the Salt Stack documentation.

When installing vRealize Automation SaltStack Config, you require the following licenses.

n vRealize Automation SaltStack Config vRA-Integrated: vRealize Automation

Enterprise, vRealize Automation Advanced or Suite license.

n vRealize Automation SaltStack Config Standalone: vRealize Automation Standard Plus

license.

n If you are installing vRealize Automation, you must meet the following additional
prerequisites.

n Configure the vRealize Automation load balancer. See vRealize Automation Load
Balancing.

n Disable the second member of each pool in the vRealize Automation load balancer. You
can re-enable these members after installation is complete.

n The cloud administrator has added all IaaS nodes and the Windows database server to
the domain.

n The Windows database server and IaaS meet all vRealize Automation prerequisites. See
IaaS Windows Servers.

Add the domain user as part of User Rights Assignment under Local Security Policies for
Log on as a Service and Log on as a batch job.

n The domain user has added the SQL server to the domain.

n Add the domain user as part of the SQL DB user Logins list with the sysadmin privilege.

n Install latest JRE (Java 1.8 or later) and create a JAVA_HOME environment variable on all
Windows nodes.

VMware, Inc. 83
vRealize Suite Lifecycle Manager 8.6 Installation, Upgrade, and Management Guide

n Install Microsoft .NET Framework 3.5.

n Install Microsoft .NET Framework 4.5.2 or later.

n A copy of .NET is available from any vRealize Automation appliance:https://vrealize-

automation-appliance-fqdn:5480/installer/

If you use Internet Explorer for the download, verify that Enhanced Security
Configuration is disabled. Navigate to res://iesetup.dll/SoftAdmin.htm on the
Windows server.

n Set User Access Control settings to Never Notify on both Windows and database server
virtual machines.

n Take a snapshot of the database machine and all Windows IaaS machines after
configuration and before triggering the deployment in vRealize Suite Lifecycle Manager.

n Configure one NSX Edge as Active and one as Passive for the Windows machine. For
detailed information on how to configure the NSX Load Balancer, see Load Balancing the
Cloud Management Platform in Region A.

n On all of the windows IaaS machines used in vRealize Automation deployment, log in to
windows machine at least once as a domain user. If you do not login at least once to the
IaaS machines, then the following error appears:

Private key is invalid: Error occurred while decoding private key. The computer must
be trusted for delegation
and the current user must be configured to allow delegation.

n Ensure that the IaaS nodes do not have any vRealize Automation components already
installed. Follow the steps in the KB article 58871 to uninstall any vRealize Automation
components in the IaaS node.

n Update the registry key on both Windows and database server virtual machines.

1 Use the default PowerShell and run the following command as administrator
on all Windows and database server virtual machines: Set-ItemProperty -Path
"HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\System" -Name
"EnableLUA" -Value "0"

2 Reboot the Windows virtual machine.

n Verify that the TLS 1.0 and 1.1 values are not
present in the IaaS windows machine registry path HKLM
SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols.

n Alternatively, vRealize Automation install precheck provides a script, which can be

executed in all Windows and database server to perform the above operations.

VMware, Inc. 84
vRealize Suite Lifecycle Manager 8.6 Installation, Upgrade, and Management Guide

n If you are importing an existing vRealize Operations Manager installation, set a root password
for that installation.

Procedure

1 Install VMware Identity Manager in vRealize Suite Lifecycle Manager

Starting with vRealize Suite Lifecycle Manager 8.4.1, Federal Information Processing
Standard (FIPS) and non-FIPS mode are supported during a fresh installation of VMware
Identity Manager version 3.3.5. However, you cannot toggle the FIPS mode after the
VMware Identity Manager installation. During an upgrade of VMware Identity Manager, only
non-FIPS mode is supported. For vRealize Suite Lifecycle Manager 8.4 and later releases,
VMware Identity Manager installation is optional when creating an environment.

2 Configure Environment Settings for a New Private Cloud

Configure environment settings, such as name, password, and data center for a private
cloud environment.

3 Install vRealize Suite Products

Select which vRealize Suite products to install in the private cloud environment.

4 Accept EULA and License Selection

Accept the VMware end-user license agreement and enter the license key.

5 Configure Certificate Details

To create an environment you can use the existing certificate.

6 Configure Infrastructure Details

You can configure the infrastructure details when you create an environment.

7 Configure Network Details

You can configure an environment by establishing a network connection within an
environment.

8 Configure Product Details

You can view and configure the products that were selected environment creation.

9 Configure vRealize Suite Products for Installation

Configure the product details for each vRealize Suite product that you are installing in the
private cloud environment.

10 Validate Private Cloud Environment Details

Configure vCenter server, cluster, network, datastore, and certificate details for a new
private cloud environment.

11 Confirm Environment and Installation Settings

Verify that the environment and installation settings are accurate.

VMware, Inc. 85
vRealize Suite Lifecycle Manager 8.6 Installation, Upgrade, and Management Guide

Install VMware Identity Manager in vRealize Suite Lifecycle Manager

Starting with vRealize Suite Lifecycle Manager 8.4.1, Federal Information Processing Standard
(FIPS) and non-FIPS mode are supported during a fresh installation of VMware Identity Manager
version 3.3.5. However, you cannot toggle the FIPS mode after the VMware Identity Manager
installation. During an upgrade of VMware Identity Manager, only non-FIPS mode is supported.
For vRealize Suite Lifecycle Manager 8.4 and later releases, VMware Identity Manager installation
is optional when creating an environment.

In the previous releases, VMware Identity Manager installation was mandatory prior to creating
an environment in vRealize Suite Lifecycle Manager. If an VMware Identity Manager instance was
not created, then you were automatically directed to install it on the vRealize Suite Lifecycle
Manager UI.

Now, you can either enable or disable the VMware Identity Manager toggle button.

Note Prior to installing or importing vRealize Automation 8.x, ensure that globalenvironment
for VMware Identity Manager is present in vRealize Suite Lifecycle Manager. If globalenvironment
is not installed, you cannot proceed with the vRealize Automation 8.x deployment. To install
globalenvironment, enable the toggle button in the Create Environment page.

Procedure

1 Navigate to My Services dashboard, and click Lifecycle Operations.

2 Enable the Install Identity Manager toggle button to install VMware Identity Manager. Disable
the Install Identity Manager toggle button to proceed with any other vRealize Suite product
installation.

3 Click Create Environment, and enter the environment details.

a The environment name remains as global environment by default.

b (Optional) Enter the environment description, which can be a maximum of 1024

characters.

c Add the Password details.

Note If there is no password listed, then navigate to Locker to add a password.

d Select the Datacenter name.

e Enable or disable the JSON Configuration toggle bar, as required. When you enable the
JSON configuration, you can paste the JSON file text manually or you can import the file
from your local system.

f Click Next.

4 If you enabled Install Identity Manager in step 2, select the New Install option to install
VMware Identity Manager. If the toggle is disabled, select the New Install option for other
vRealize Suite products.

5 Select the required supported version for VMware Identity Manager and click Next.

VMware, Inc. 86
vRealize Suite Lifecycle Manager 8.6 Installation, Upgrade, and Management Guide

Results

For more information on configuring VMware Identity Manager, see sections under Install
vRealize Suite Products.

Configure Environment Settings for a New Private Cloud

Configure environment settings, such as name, password, and data center for a private cloud
environment.

Procedure

1 Log in to vRealize Suite Lifecycle Manager as an administrator and click Create Environment.

2 In the Environment Name, enter a descriptive name for the new private cloud environment.

This name must be unique among environments on this instance of vRealize Suite Lifecycle
Manager.

3 (Optional) Enter the Environment Description, which can be a maximum of 1024 characters.

4 Enter a Default Admin Password and confirm the Password.

The default password must be a minimum of eight characters.

Note The default password is not applied to vRealize Business for Cloud application
password if vRealize Business for Cloud is deployed in a standalone mode. In standalone
mode, vRealize Business for Cloud application credentials remain as admin/admin. To
integrate vRealize Business for Cloud with vRealize Automation, add vRealize Automation
to the private cloud environment before or at the same time you add vRealize Business for
Cloud.

5 From Data Center, select an existing data center for this environment, or click + to add a data
center to vRealize Suite Lifecycle Manager.

For information on adding a data center, see Add a Data Center to vRealize Suite Lifecycle
Manager .

6 Enable or disable the JSON Configuration toggle bar, as required. When you enable the
JSON configuration, you can paste the JSON file text manually or you can import the file from
your local system.

7 (Optional) Select Join the VMware Customer Experience Program to join CEIP for this
environment.

This product participates in the VMware Customer Experience Program (CEIP). Details
regarding the data collected through CEIP and the purposes for which it is used by VMware
are set forth at the Trust & Assurance Center at http://www.vmware.com/trustvmware/
ceip.html.

8 Click Next.

VMware, Inc. 87
vRealize Suite Lifecycle Manager 8.6 Installation, Upgrade, and Management Guide

Install vRealize Suite Products

Select which vRealize Suite products to install in the private cloud environment.

Prerequisites

Verify that you have a data center and environment credentials already created.

Procedure

1 Select whether to install vRealize Suite products by product.

a Select which individual vRealize Suite products to add to the private cloud environment
and whether to do a new install of each product or import and existing installation of the
product. For each new install, select the product Version and Size to deploy.

2 Click Next.

Note Starting with 8.2, vRealize Lifecycle Manager enables continuous availability (CA) for
vRealize Operations Manager. For more information, see Continuous Availability for vRealize
Operations Manager.

Accept EULA and License Selection

Accept the VMware end-user license agreement and enter the license key.

Procedure

1 Read the end-user license agreement, select I agree to the terms and conditions, and click
Next.

2 Under the license section,

a To select the license keys from the locker, click Select to open the list of licenses which
are applicable to the selected products and versions. If not, select all the keys available
from the listing.

b Click Add, to add a new license key to the locker from within the installation flow.

c Click Validate to validate the license. If multiple license keys are available for a product
then this action will suggest to choose one per product selected for the deployment.

You can now view the applicable license keys in the table. The next step will not be enabled
until all the products deployed are having appropriate license selected for them.

Note Valid standalone product licenses or vRealize Suite licenses or a combination of both is
allowed for product deployment in vRealize Suite Lifecycle Manager. License validation does
not check the functionality allowed by the licenses themselves. Therefore, select the license
key considering the combination of products being deployed and their inter connectivity.

Configure Certificate Details

To create an environment you can use the existing certificate.

VMware, Inc. 88
vRealize Suite Lifecycle Manager 8.6 Installation, Upgrade, and Management Guide

Prerequisites

Verify that the imported or created certificate has all the IP addresses and domain or host names
added.

Procedure

1 Under the Certificate Details, select the Certificate from the drop-down menu.

If you want to provide certificate details at product level, you can specifiy the certificate
at the product properties of each product. The action can override the certificates that are
selected at the infrastructure level.

2 To create a certificate, click the plus sign.

In the Add Certificate window, enter the required details.

Fields Description

Certificate Name Enter a valid certificate name.

Common Name To identify the certificate, enter a common name.

Organization Enter the Organization name.

Organizational Unit Enter the Organization Unit.

Country Code Enter a country code which must be in two characters only.

Locality Enter your locality.

State Enter the State.

Key Length Select the length of the key. You can select 2048 or 4096 bits.

Domain Name Enter a valid domain name.

IP Address Enter the IP address in which you are assigning the certificate.

3 Click Generate.

4 To import an existing certificate, select Import Certificate option.

Fields Description

Certificate Name Enter a valid certificate name.

Select File 1 Click Choose File.

2 Browse to the saved PEM file.

Passphrase Enter the Passphrase field, type <Cert- Password> (if applicable).

Enter Private Key When you upload a PEM file, the private key details are populated automatically.

Enter Certificate Chain When you upload a PEM file, the certificate details are populated automatically.

5 Click Import.

6 Click Next.

VMware, Inc. 89
vRealize Suite Lifecycle Manager 8.6 Installation, Upgrade, and Management Guide

Configure Infrastructure Details

You can configure the infrastructure details when you create an environment.

Prerequisites

If the selected data center does not have a vCenter Server associated with it, then you must add
a vCenter Server.

Procedure

1 Select a vCenter Server from the drop-down menu.

Note There should be at least one vCenter Server associated with a data center.

2 Select a Cluster.

3 When you click Select a Folder, all the folders that are associated in the vCenter Server are
listed.

If the folders are not displayed, then refresh the vCenter data collection from the vRealize
Suite Lifecycle Manager settings page.

4 To deploy your VM, click Select a Resource Pool.

All the resource pools that are associated with the selected cluster are listed.

Note You can select a resource pool to deploy your VM. Both folder and resource pool
selection are optional. If you do not specify any resource pool, the VM is deployed in the root
default resource pool of the selected cluster. If you do not specify the folder details for both
vCenter Server and resource pool, the deployment of the VM is saved in the root default VM
folder of the data center inside the vCenter .

5 Select the required Network, DataStore, and Disk Disk Mode.

Note vRealize Operations Manager deployment fails when you provide incorrect
infrastructure details such as wrong DNS or gateway details without running a pre-check
while you create an environment flow. If the deployment fails, you might not see the correct
cause of deployment failure using the error or code message that appears in vRealize Suite
Lifecycle Manager UI, and you cannot proceed further with that deployment. As a result, you
might have to delete the Environment card from vRealize Suite Lifecycle Manager with all the
products or nodes that were deployed as part of that environment. You can run Pre-check so
that the Infrastructure-related issues are detected and can be corrected before triggering the
deployment.

VMware, Inc. 90
vRealize Suite Lifecycle Manager 8.6 Installation, Upgrade, and Management Guide

6 With Lifecycle Manager 8.0, to integrate with VMware Identity Manager, select Integrate with
Identity Manager toggle button.

Note The default configuration admin given while installing VMware Identity Manager (global
environment) will be made the admin for the product as well while integrating with VMware
Identity Manager.

VMware Identity Manager acts as an identity provider and manages SSO for the vRealize
Suite products and vRealize Suite Lifecycle Manager when integrated with vRealize Suite
Lifecycle Manager. SSO provides a single set of credentials to access all vRealize Suite
applications and vRealize Suite Lifecycle Manager. With SSO, you are only required to log
in once, and then you can seamlessly access all vRealize Suite applications.

7 Select the Use Content Library to use OVFs hosted on vCenter's Content Library, if there is a
network latency from vRealize Suite Lifecycle Manager to vCenter server

Copying OVF and VMDK files for deployment from vRealize Suite Lifecycle Manager to
vCenter Server might take more time and lead to a deployment failure if there is a Network
latency from vRealize Suite Lifecycle Manager to target vCenter Server. Content Libraries in
vCenter can be used to host OVFs and the same can be used from vRealize Suite Lifecycle
Manager to deploy products. You can perform the steps before you trigger a vCenter
Inventory Sync in vRealize Suite Lifecycle Manager:

n To create a content library, see Create Library.

n To import a content library, see Import Library.

vRealize Suite Lifecycle Manager supports deployment only from Publisher or Local Content
Libraries.

8 To configure the Binary Mapping, click Next.

Configure Binary Mapping Details

To create an environment, select one or more binaries for the products.

Ensure to map the correct library items for the respective products. If none are selected for a
product then a default binary from vRealize Suite Lifecycle Manager will be used to deploy that
product.

Procedure

1 Click +SELECT CONTENT LIBRARY ITEMS to add a content library item.

2 You can either search for a library item or open the content library tree to select one.

Note You can add multiple content library and associate suite products as per your
requirement.

3 Click Select.

VMware, Inc. 91
vRealize Suite Lifecycle Manager 8.6 Installation, Upgrade, and Management Guide

4 Select a Product corresponding to the selected content library item.

Note vRealize Suite Lifecycle Manager validates the OVF package in the specified content
library item corresponding to the selected product.

5 Click Next.

Note Content Library item for a particular node, if it needs to be deployed into a different
vCenter server, it can be selected in Advanced Settings.

Results

After submitting your binaries maps, click next to configure your network settings.

Configure Network Details

You can configure an environment by establishing a network connection within an environment.

Prerequisites

n Static IP address set is required for any product deployment from vRealize Suite Lifecycle
Manager. This is applicable for starting from vRealize Suite Lifecycle Manager 1.0 and above.

n Verify that you have Domain Name mapped for the IP addresses used for deployed.

Procedure

1 Under the Network page, enter the Default Gateway address.

2 Enter the Netmask IP address.

3 Enter the Domain Name and Domain Search Path.

4 The DNS Servers are automatically listed, if they aren't then click Add New Server or Edit
Server Selection.

5 Select the required Time sync mode:

Option Description

Use Time Server (NTP) When you select the NTP Server, you have to select the assigned time
server from the NTP list. If an NTP server is not added, then to add one, click
Global Settings. You are then directed to the Settings page to add an NTP
server. For more information, see Configure NTP Servers.

Use Host Time When you select the Host time, then the environment proceeds with the
system time.

6 After you have added NTP servers, you can click Select Servers to add an NTP at an
Infrastructure level.

VMware, Inc. 92
vRealize Suite Lifecycle Manager 8.6 Installation, Upgrade, and Management Guide

7 Select the NTP servers from the list and you can reorder the NTP servers based on the
precedence by clicking the arrows.

When you select a vRealize Suite product, you can configure using these Time servers for the
selected component.

Configure Product Details

You can view and configure the products that were selected environment creation.

VMware, Inc. 93
vRealize Suite Lifecycle Manager 8.6 Installation, Upgrade, and Management Guide

Procedure

u Under the Product Details, select the products for a new installation.

Product Function

vRealize Automation a To monitor health of vRealize Automation, select the Monitor with
vROps check box.
b To manage the workload using load balancer and reclaim unused
resources from the resource pool, select the Workload Placement and
Reclamation check box.

Note This is only available for a new installation where in vRealize

Operations Manager monitors health of vRealize Automation. Inter-
product configuration is not supported for an existing environment.

If vRealize Operations Manager is not present, then you can integrate the
products outside of LCM.
Cross-product integration for vRealize Automation with vRealize
Operations Manager is not applicable for an import of vRealize
Automation. And is only applicable if there is a new installation of
vRealize Automation.

You can also perform cross-product configuration when vRealize

Automation is the only product and vRealize Operations Manager is a
part of an environment or when vRealize Automation is deployed with
Import or New Install of vRealize Operations Manager.

Note Starting with 8.2 release, when you newly install vRealize
Automation, select the Configure internal pods and service subsets
checkbox, and then enter the values for K8 Cluster IP Range and K8
Service IP Range.

Note In the 8.3 release, Federal Information Processing Standard 140-2

Support (FIPS) is supported for vRealize Automation.
c Select the Product Certificate from the drop-down menu.
d (Optional) Select ON or OFF to enable or disable the FIPS Compliance
Mode.
e Select the Applicable Time Sync mode.
f Select the Time Server (NTP). For more information, see Configure NTP
Servers.
g If you want to configure cluster virtual IPs, then select the Yes or No
options.
h (Optional) Click Anti-Affinity / Affinity Rule check box to create host
rules in the vCenter for the deployed VM's.

Note For more information on database creation, see Create a New Private
Cloud Environment Using the Installation Wizard.

vRealize Automation Salt Stack a For vRA Integrated vRealize Automation Salt Stack Config, select the
Config Tenant ID from the drop-down menu under Product Properties.
n vRA Integrated
n Standalone

VMware, Inc. 94
vRealize Suite Lifecycle Manager 8.6 Installation, Upgrade, and Management Guide

Product Function

b For vRA Integrated and Standalone vRealize Automation Salt Stack

Config, enter the VM name, FQDN and Virtual IP Address under
Components.

Note
n For vRealize Automation SaltStack Config vRA-Integrated setup, you
can only perform a single node SaltStack Config installation at a time.
For vRealize Automation deployment along with SaltStack Config vRA-
Integrated, the tenant ID is selected by default. Any additional SaltStack
Config deployment can be performed based on the tenant as organic
growth.
n In the 8.4 release, Federal Information Processing Standard 140-2
Support (FIPS) is supported for vRealize Automation SaltStack Config.

vRealize Business for Cloud a Under Product Properties section, enter the VM Name, Hostname, and
IP Address.

vRealize Log Insight Note In the 8.3 release, Federal Information Processing Standard 140-2
Support (FIPS) is supported for vRealize Log Insight. It is also supported as a
Day-2 operation.

a Select the node size from the drop-down menu.

b (Optional) Select ON or OFF to enable or disable the FIPS Compliance
Mode.
c Under Integrated Load Balance Configuration, if you select the
Configure Cluster Virtual IPs, enter the FQDN and Virtual IP Address.
d To add more node, click ADD NODE.
e Select the Applicable Time Sync Mode.
f Under components, enter the vRLI primary node details.
g (Optional) Click Anti-Affinity / Affinity Rule check box to create host
rules in the vCenter for the deployed VM's.
h (Optional) Click Add Components to configure additional settings.
i Enter the required fields.

VMware, Inc. 95
vRealize Suite Lifecycle Manager 8.6 Installation, Upgrade, and Management Guide

Product Function

vRealize Operations Manager Note In the 8.3 release, Federal Information Processing Standard 140-2
Support (FIPS) is supported for vRealize Log Insight.It is also supported as a
Day-2 operation.

a Under Product Properties, select the Disable TLS version from the
drop-down menu.
b (Optional) Select ON or OFF to enable or disable the FIPS Compliance
Mode.
c Select the Certificate from the drop-down menu.
d (Optional) Click Anti-Affinity / Affinity Rule check box to create host
rules in the vCenter for the deployed VMs.
e Add the Product Password.
f (Optional) Click Integrate with Identity Manager check box.
g Select the Applicable Time Sync Mode.
h For Continuous Availability (CA) based deployment, under Components,
enter the Infrastructure and Network details for Witness Domain.
i For Continous Availability (CA) based deployment, enter the
Infrastructure and Network details for Fault Domain 1 and Fault Domain
2.
j If you want to add additional data nodes for a cluster, click the Add
Components tab.

Note If you select Use Global Configuration, the field data is populated
based on the information provided in the Infrastructure tab. You can
select this option for Witness Domain, Fault Domain 1, or Fault Domain
2. Ensure that each domain is in different physical location so that if one
fault domain fails, nodes from the other fault domain remains active.
k If you want to add remote collectors, click Add Collector Group, and
then add the details for the new collector nodes.

VMware, Inc. 96
vRealize Suite Lifecycle Manager 8.6 Installation, Upgrade, and Management Guide

Product Function

vRealize Network Insight a Under the Product Properties, select the node size from the drop-down
menu.
b Select the Applicable Time Sync Mode.
c Under components, enter the vrni platform and vrni collector details.
d (Optional) Click Anti-Affinity / Affinity Rule check box to create host
rules in the vCenter for the deployed VM's.

VMware Identity Manager a Under the Product Properties, select the certificate from drop-down
menu.
b Select the Admin Password from the locker.
c Set Default Configuration Admin Username. This will be created as local
user in VMware Identity Manager and is used for vRealize Suite Product
Integration.
d Select the password for Default Configuration Admin user.
e Check Sync Group Members. When enabled, members of the groups are
synced from the Active Directory. When this is disabled, group names
are synced to the directory, but members of the group are not synced.
f For a cluster deployment, under Cluster Virtual IP enter Cluster VIP
FQDN, this is used to load balance the application.
g For a cluster deployment, enter Database IP used internally for proxying
to the postgres master (primary).

Note This is not same as the one used to load-balance the application
and the IP address should be free, and available.
h Under Components, enter the VMware Identity Manager single or
Cluster Node details.

Configure vRealize Suite Products for Installation

Configure the product details for each vRealize Suite product that you are installing in the private
cloud environment.

Configuration tabs appear only for the products you selected to install. You can access advanced
properties if you want to update the advanced configurations like adding different vCenter,
enabling or disabling the registration withVMware Identity Manager and so on.

VMware, Inc. 97
vRealize Suite Lifecycle Manager 8.6 Installation, Upgrade, and Management Guide

Procedure

1 Click the vRealize Automation check box to configure installation details for vRealize
Automation.

a If you select 8.x, enter the fully qualified domain name in the form and the IP address for
the vRealize Automation appliance.

The Windows user must have administrator rights.

b Enter the fully qualified domain name in the form and the IP address for the vRealize
Automation appliance.

For more information about the vRealize Automation appliance, see the vRealize
Automation Appliance and KB article 55706.

The vRealize Automation 8.x includes Standard and Cluster.

2 When installing vRealize Automation SaltStack Config (formerly known as Salt Stack
Enterprise), you have two setup options:

n vRealize Automation SaltStack Config Standalone: This setup has no dependency on

vRealize Automation and the installation proceeds without VMware Identity Manager
integration.

n vRealize Automation SaltStack Config vRA-Integrated: vRealize Automation SaltStack

Config can be installed for each tenant that is configured in vRealize Automation
performing organic growth. The Day 0 and Day 2 VMware Identity Manager integration
is supported for vRealize Automation SaltStack Config vRA-Integrated version 8.4.2 and
later.

3 Click the vRealize Business for Cloud check box to configure installation details for vRealize
Business for Cloud.

a Select the Currency to use from the drop-down menu.

b (Optional) To add an additional component, click the plus sign to Add components and
select the type of component to add.

c Enter the host name in the form of a fully qualified domain name and the IP address for
each component.

If vRealize Automation is not present in the environment and is not getting deployed along
with vRealize Business for Cloud, then specify the Deploy Standalone vRealize Business for
Cloud property to true in Advanced Properties. If VMware Identity Manager is present in
vRealize Suite Lifecycle Manager, then vRealize Business for Cloud will be registered with
vIDM automatically.

There is only one deployment type with the Standard node cluster in vRealize Business for
Cloud.

VMware, Inc. 98
vRealize Suite Lifecycle Manager 8.6 Installation, Upgrade, and Management Guide

4 Click the vRealize Operations check box to configure installation details for vRealize
Operations Manager.

a Enter the NTP server address.

b (Optional) Click the plus sign to Add components and then select the type of component.

c Enter the host name in the form of a fully qualified domain name and the IP address for
each component.

d Select the Node Count or Node Size for vRealize Operations deployment. vRealize
Operations recommends that the number of analytic nodes available for a selection,
depends on the selected node size.
The default type of deployment for vRealize Operations Manager is a node size and node
count.

5 Click the vRealize Log Insight check box to configure installation details for vRealize Log
Insight.

a (Optional) Click the plus sign to Add components and select the type of component to
add.

b Enter the host name in the form of a fully qualified domain name and the IP address for
each component.

c If you are adding cluster virtual IPS, optionally enter load balancer settings.

d Click Components + icon, to add and enable any of the configuration during the
deployment.
The deployment type available for vRealize Log Insight is Standalone and Cluster.

6 Click the vRealize Network Insight check box to configure installation details for vRealize
Network Insight.

a (Optional) Click the plus sign to Add components and select the type of component to
add.

b Select the License key if registered in My VMware or enter the License key manually.

c Enter the Infrastructure details and select the NTP servers.

d Enter the Network and Certificate details.

e Under the Product Details, click Add component to add a vRealize Network Insight
platform or a collector. This option is dependant on what type of vRealize Network Insight
you are selecting initially. If you have selected a cluster of vRealize Network Insight, then
you can have two platforms and one collector by default.
The deployment type available for vRealize Network Insight is Standard and Cluster.

7 Click Next.

VMware, Inc. 99
vRealize Suite Lifecycle Manager 8.6 Installation, Upgrade, and Management Guide

Points to remember while Configuring vRealize Automation

You might encounter a few issues while performing vRealize Automation 8.0 scale-out,
deployment, replace certificate, and import brownfield.

n When the vRealize Automation 8.x replace certificate fails intermittently at initialize cluster
after replacing the certificate, retry the failed vRealize Automation 8.0 replace certificate.

n vRealize Automation 8.0 HA replace certificate fails at the initial cluster after replacing the
certificate, when SAN certificate has additional hostnames. At this instance, replace the
vRealize Automation HA certificate with SAN certificate which has the required hostnames
like vRealize Automation Load Balancer hostname and three vRealize Automation hostnames.

n When vRealize Automation 8.0 scale out fails at initialize cluster due to liquibase locks then
click the retry option in the failed vRealize Automation 8.0 scale out request to retry the
initialize cluster step.

n Verify if the SAN certificate is used instead of wild card certificate for vRealize Automation
8.0 deployment.

n Verify to provide all four hostname including 3 vRealize Automation nodes hostname and
vRealize Automation Load Balancer hostname in the SAN certificate when the custom
certificate is used.

Continuous Availability for vRealize Operations Manager

Continuous availability (CA) for vRealize Operations Manager prevents loss of data during a node
failure and ensures availability of vRealize Operations during a physical location failure.

Note The master node is now referred to as the primary node. The master replica node is now
referred to as the primary replica node.

CA segregates the vRealize Operations Manager cluster into two fault domains, stretching across
vSphere clusters, and protects the analytics cluster against the loss of an entire fault domain. The
two fault domains are Fault Domain 1 and Fault Domain 2. By default, the primary node and
the replica node are assigned to Fault Domain 1 and Fault Domain 2. If Fault Domain 1 fails, the
functionality is not disrupted as the other pair node ensures that the incident results in no data
loss.

The Witness Node is the third network domain that exists independently and identifies network
partitioning across the two fault domains. If network connectivity between the two fault domains
is lost, the cluster goes into a split-brain situation, which is detected by the Witness Node.
Immediately, one of the fault domains goes offline to avoid data inconsistency problems.

Note A minimum of three pairs of nodes are required to enable CA. You can add a maximum of
16 data nodes, including the primary and replica nodes.

Enable Continuous Availability for vRealize Operations Manager

You can now enable continuous availability (CA) for vRealize Operations Manager.

VMware, Inc. 100

vRealize Suite Lifecycle Manager 8.6 Installation, Upgrade, and Management Guide

Prerequisites

Verify that you have a data center and environment credentials already created.

Procedure

1 Under Select Product, select vRealize Operations Manager, and then select New Install.

2 Select the Version from the drop-down menu.

3 Select CA as the Availability option.

4 Select the Deployment Type from the drop-down menu, and based on the selection of the
Deployment Type, select the number of nodes from the Node Count drop-down menu.

Note For more information about the sizing guidelines for vRealize Operations Continuous
Availability, see KB article 78495.

Validate Private Cloud Environment Details

Configure vCenter server, cluster, network, datastore, and certificate details for a new private
cloud environment.

Procedure

1 Enter the details of the vCenter server where you are installing the vRealize Suite and the
names of the cluster, network, and datastore to use for this environment.

The vCenter server name must be in the form of a fully qualified domain name.

2 Select the disk file format, and click Next.

Option Description

Thin Use for evaluation and testing.

Thick Use for production environments.

3 Enter the default gateway, domain, domain search path, DNS server, and netmask details for
the environment, and click Next.

4 Enter the key passphrase and private key.

5 Enter certificate chain for the SAN certificate to import or select the Generated Certificate
option, and click Next.

For information on generating a SAN certificate, see Configure Certificate Within Locker.

6 Enter the product details for each of the vRealize Suite products that you have selected to
install by providing its Windows hostname and IP Address.

VMware, Inc. 101

vRealize Suite Lifecycle Manager 8.6 Installation, Upgrade, and Management Guide

7 Click the PRE-CHECK to run and validate the properties for each of the vRealize Suite
products.

Note If the Pre-Check fails, you are required to check the recommendations and fix the
issues of the selected product and run the pre-check again.

8 Read the Summary and click Submit.

Pre-Check Validation
Based on the pre-check validation you can change your input anytime in the previous steps and
run the pre-validation check again.

How does Pre-Check Validation Work?

When you click the Run Pre-Check button, a report is generated indicating whether the pre-
validation is in PASS or FAIL state. Therefore, based on the report you can modify your inputs
given in the previous steps and click the RE - RUN PRE CHECK button. The report contains the
following information:

n Status of the Check

n Check Name

n Component/Resource against which the current check is run.

n Result description about the check execution

n Recommendation, if there is FAILURE or WARNING

The report also generates color coded status:

n GREEN SYMBOL - PASSED

n RED SYMBOL - FAILED

n YELLOW SYMBOL - WARNING

n GREEN FIXED SYMBOL - REMEDIATED & FIXED

You cannot go further unless the pre-validation run is successfully complete. The pre-validation
request progress can be tracked in the Request tab through a request that gets created with a
name VALIDATE_CREATE_ENVIRONMENT. Once the pre-validation is run and the NEXT button
is enabled, you can SUBMIT the request for deployment. When you are submitting, you can skip
the pre-validation. By default, this flag is enabled. This verifies pre-validations are anyway run
before deployment is triggered. If you want to skip this, then you can deselect the flag and then
click submit. Pre-validations check does not run again before the deployment begins.

If you click Submit with the pre-validation flag enabled, a request by name
VALIDATE_AND_CREATE_ENVIRONMENT is created. If you click SUBMIT only by deselecting
the pre-validation flag, a request by name CREATE_ENVIRONMENT is created. You can track
the progress of pre-validation requests in the Request tab that vRealize Suite Lifecycle Manager
provides Out of the box. Before you run a pre-check on vRealize Automation, verify all the

VMware, Inc. 102

vRealize Suite Lifecycle Manager 8.6 Installation, Upgrade, and Management Guide

IaaS component VMs are communicating with Lifecycle Manager appliance. After you enable
pre-check and submit the create environment, if the pre-check fails then user can resume the
wizard from the Request page with a request state as PRE_VALIDATION_FAILED. From the
report, if the failure is due to the wrong IaaS credential then rerunning pre-check on updating
the windows password in the Product details page still results in the wrong IaaS credential. To fix
this, update the Windows password in the product details page at each node level and rerun the
Pre-Check.

If the VALIDATE_AND_CREATE_ENVIRONMENT request fails with a status PRE-VALIDATION-

FAILED, then you can validate your inputs by clicking the icon under the action tab. This directs
you to the wizard where you can modify your inputs and run PRE CHECK or click SUBMIT for
deployment. Once the deployment is complete, you can see the last run pre-validation report.
This option is available from the environment page in the Manage Environments page. You can
also view the last run report under View Last Pre Check Result under Environment.

Note Pre-Check in LCM does not take extended storage into account. This means if the
extended storage option is used to deploy vRealize Operations Manager nodes using vRealize
Suite Lifecycle Manager, then the precheck might succeed but the actual deployment can still fail
due to insufficient disk space. For more information, see KB article 56365.

Only Automate checks is automated to run a manual pre-requisite for vRealize Suite in vRealize
Suite Lifecycle Manager 1.2. You can DOWNLOAD SCRIPT and run on all the windows machine.
The zip contains a Readme file, which explains how to run the script. This step is mandatory if you
have selected vRealize Automation as one of the products during an environment creation.

vRealize Suite Lifecycle Manager Agent

The vRealize Suite Lifecycle Manager agent is used for running pre-validations on the IaaS
windows servers even before any of the vRealize Automation components are installed. The
vRealize Suite Lifecycle Manager agent runs as a windows service. It registers the windows
server as an identified node with the vRealize Suite Lifecycle Manager appliance. Every windows
server is registered as a node in vRealize Suite Lifecycle Manager.

When the user initiates pre-validation, the LCM agent gets deployed and bootstrapped on all
the windows servers along with some configuration metadata. The agent binaries are kept at a
default folder C:\Program Files (x86)\VMware\LCMAgent\ in the windows machine.

Once the agent binaries are pushed a service is started with a name vRealize Suite Lifecycle
Manager Agent Service pointing to the binaries which ultimately starts the agent. The agent
works pull-based, where it polls in vRealize Suite Lifecycle Manager appliance to see if there are
any commands tagged for the current node to be executed. After receiving a command, the
agent updates back the command on every status change and finally updates the result after
completion. The agent service is stopped after a complete pre-validation.

VMware, Inc. 103

vRealize Suite Lifecycle Manager 8.6 Installation, Upgrade, and Management Guide

Uninstall vRealize Suite Lifecycle Manager agent

As every Windows server used for pre-check is registered uniquely, to use the same server
on a different instance of the vRealize Suite Lifecycle Manager appliance, the agent has to be
un-installed. To see steps to uninstall, see KB 58871.

Replace the Certificate for vRealize Automation

You can replace the SSL certificate of the management site service if your certificate expires or
if you are using a self-signed certificate and your company security policy requires you to use its
SSL certificates. You secure the management site service on port 5480.

Prerequisites

n New certificates must be in PEM format and the private key cannot be encrypted. By default,
the vRealize Automation appliance management site SSL certificate and private key are
stored in a PEM file located at /opt/vmware/etc/lighttpd/server.pem.

Procedure

1 Log in by using the appliance console or SSH.

2 Back up your current certificate file.

cp /opt/vmware/etc/lighttpd/server.pem /opt/vmware/etc/lighttpd/server.pem-bak

3 Copy the new certificate to your appliance by replacing the content of the file /opt/
vmware/etc/lighttpd/server.pem with the new certificate information.

4 Run the following command to restart the lighttpd server.

service vami-lighttp restart

5 Run the following command to restart the haproxy service.

service haproxy restart

6 Log in to the management console and validate that the certificate is replaced. You might
need to restart your browser.

Note By default, vRealize Log Insight installs a self-signed SSL certificate on the virtual
appliance. vRealize Suite Lifecycle Manager generates custom certificates for products during
environment creation, but custom certificate generation fails for vRealize Log Insight. For
more information, see KB article 55705.

Confirm Environment and Installation Settings

Verify that the environment and installation settings are accurate.

Procedure

1 Verify that the listed environment and installation settings are accurate.

2 (Optional) Click Back or click the relevant page in the navigation pane to change any settings.

VMware, Inc. 104

vRealize Suite Lifecycle Manager 8.6 Installation, Upgrade, and Management Guide

3 (Optional) Click Export to export a configuration file with all the product and user data for this
private cloud.

You can use the exported configuration file to create a private cloud. See Create a Private
Cloud Environment Using a Configuration File. Modify the exported configuration file as
required before using it create another private cloud. The Private and primary key is not
included in the exported config file while deploying an exported file. You need to manually
insert those keys.

Update/modify the exported configuration file as required before using it create another
private cloud.

4 (Optional) Select the Topology tab for a high-level view and integration flow of the available
vRealize Suite products in vRealize Suite Lifecycle Manager. Click on a specific vRealize Suite
product, group, or node to view the product or node properties, such as FQDN, IP address,
network, DNS, and more.

5 Click Finish.

vRealize Suite Lifecycle Manager creates the private cloud environment and begins installing
the selected vRealize Suite products in the background.

What to do next

To monitor product installation progress, click Home. Installation progress appears under Recent
Requests.

Import an Existing Environment using Installation Wizard

You can use the installation wizard to import an existing private cloud environment for a vRealize
Suite product.

Prerequisites

n Verify that you have an existing vRealize Suite instance.

n Verify that you have an existing datacenter.

n Verify that you have created or imported a certificate.

Note Certificate is not required for importing an existing environment, however, it is required
when you select both import and new install in one flow while creating an environment.

Procedure

1 Log in to vRealize Suite Lifecycle Manager as an LCM Admin or LCM Cloud Admin and click
Create Environment.

2 After entering the environment data fields, under each of the required vRealize Suite product,
select Import and click the required vRealize Suite product checkbox on the top of the suite
product name.

VMware, Inc. 105

vRealize Suite Lifecycle Manager 8.6 Installation, Upgrade, and Management Guide

3 Click Next.

4 In the launched Install wizard, under Products Details page, update the details and select all
the vCenters where all product components are installed.

If you select a combination of import and install for two or more products while creating
an environment, then enter the details as a new Install of product. If you are opting for an
organic growth by adding another product after creating an Environment with New Install
or combination of Import and New Install, then the details in Install wizard is already pre-
populated. You can go ahead and click Next. If you are opting for an organic growth by
adding another product after creating an Environment with Import only, then the details in
Install Wizard are not be pre-populated. As you have never provided those details while
creating the environment.

After you import a product for a scale out, you need to add a certificate. To manage a
certificate you need to add the certificate from the settings tab and then import during scale
out.

5 Read the summary and click Submit.

Import VMware Identity Manager Environment

You can import an instance of VMware Identity Manager into vRealize Suite Lifecycle Manager.

Procedure

1 After creating an environment on the Create Environment page, on the products card, select
VMware Identity Manager check box.

2 Select Import and click Next.

3 Enter a valid FQDN address. To import a clustered VMware Identity Manager use load
balancer host name.

4 To import Tenancy Enabled VMware Identity Manager, enter the Default Tenant Alias Host
Name.

5 The System Admin. Admin, SSH User, and Root passwords are listed automatically.

6 Enter the Default Configuration Admin Username.

7 (Optional) Select the Sync Group Members check box and vCenter Server list.

8 Click Next and read the summary.

9 Click Submit.

Import vRealize Business for Cloud Environment

You can import an instance of vRealize Business for Cloud into vRealize Suite Lifecycle Manager.

Prerequisites

Verify that you have the required IP credentials.

VMware, Inc. 106

vRealize Suite Lifecycle Manager 8.6 Installation, Upgrade, and Management Guide

Procedure

1 After creating an environment on the Create Environment, on the products card, select
vRealize Business for Cloud check box.

2 Select Import and click Next.

3 Enter the vRealize Business for Cloud FQDN and select Root Password from the existing
locker entries. If the password does not exist in the locker, then you can create entries in the
locker. Click Add Password from the top-right corner of the window.

4 Select the valid authentication type for the vRealize Business for Cloud instance.

a If an authentication type is Standalone, then proceed to select a valid vCenter Server.

b If an authentication type is VMware Identity Manager, then provide the identity manager
FQDN, admin User Name and select the admin User Password.

c If an authentication type is vRealize Automation, then provide relevant details for the vRA
Cafe FQDN, vRA Cafe SSO Admin User name, and select vRA Cafe SSO Password from
the list of the pre-populated passwords.

5 Select a valid vCenter Server from the list. If the vRealize Business for Cloud instance has
collector nodes spread across multiple vCenters, then all those vCenters should be selected,
else the import operation fails.

6 Click Next and read the summary.

7 Click Submit to import.

Import vRealize Automation Environment

You can import an existing instance of vRealize Automation.

For creating a global environment, you will still be prompted to install VMware Identity Manager
if you have skipped this step when you initally installed vRealize Suite Lifecycle Manager. To
install VMware Identity Manager, see Install VMware Identity Manager in vRealize Suite Lifecycle
Manager. To import the vRealize Automation 8.0 brownfield environment, verify that the VMware
Identity Manager present in vRealize Suite Lifecycle Manager is same as the VMware Identity
Manager registered with vRealize Automation. Ensure to use the same configuration admin user
for both VMware Identity Manager and vRealize Automation in vRealize Suite Lifecycle Manager.

Prerequisites

Verify that you have the required IP credentials.

Procedure

1 After creating an environment on the Create Environment page, on the products card, select
vRealize Automation check box.

2 Click Import and click Next.

VMware, Inc. 107

vRealize Suite Lifecycle Manager 8.6 Installation, Upgrade, and Management Guide

3 Under Products Details, enter the required fileds to configure the vRealize Automation
properties, select the Import version.

4 If you have selected 8.x

a Provide the Primary node Hostname.

b Select Primary Node root Password.

Note If each node has different passwords then the import request fails. You can provide
the correct password in the retry of each failed request.

c Select the vCenter Server where product nodes are residing. For more information on
configuring vRealize Automation, see Points to remember while Configuring vRealize
Automation.

5 If you have selected 7.x

a Select a vCenter Server instance under vCenter Server.

b Click Next and read the summary.

When importing vRealize Automation, you have to enter specific details regarding the
vRealize Automation and application. Default Tenant Administrator Password is one such
input. The default tenant is set to vsphere.local and it is non-editable, you might find it
blocked if in case the vsphere.local tenant is not configured in your vRealize Automation
setup. The cause for this is mainly because you may have opted against configuring out
of the box sample content during installation. You must enter the password for the system
administrator against the field Default Tenant Administrator Password and then proceed
with the import.

6 Click Submit.

Import VMware vRealize Salt Stack Config Standalone

You can import an instance of vRealize SaltStack Config into vRealize Suite Lifecycle Manager.

Prerequisites

Ensure that you have the required IP credentials.

Procedure

1 After creating an environment on the Create Environment page, on the products card, select
the vRealize Automation SaltStack Config check box.

2 Select Import and click Next.

3 Enter the Master Node IP Address, Root, and Admin Password of the vRealize Automation
SaltStack Config.

4 Select a vCenter Server instance under vCenter Servers.

5 Click Next and read the summary.

VMware, Inc. 108

vRealize Suite Lifecycle Manager 8.6 Installation, Upgrade, and Management Guide

6 Click Submit to import.

Import vRealize Network Insight Environment

You can import an existing environment of vRealize Network Insight.

Prerequisites

Verify that there is an instance of vRealize Network Insight along with its user credentials
available.

Procedure

1 After creating an Create Environment page, on the products card, select the vRealize
Network Insight check box.

2 Click Import and click Next.

3 On the Product Details page, enter the vRNI Admin user name.

All authorization token and csrf tokens are generated using admin user name and password.

4 Enter the Console Password and Support Password.

With console user and support user credentials, you can run vRealize Network Insight specific
commands and debug your environment.

Note Support password of all nodes must be same. Although, import of vRNI can
be successful but future operations like upgrade precheck, upgrade, password update,
clustering fails. You have to change the support password of all nodes to one single
password. Similarly, console passwords of all nodes must be same. However, console and
support password can be same across all nodes. If each node has different passwords then
the import request fails. You can provide the correct password in the retry of each failed
request.

5 Enter the vRNI Admin Password and Platform IP address.

6 Select the vCenter Server Instance from the drop-down menu and click Next.

7 Review the Request Summary and click Submit.

Example: Example for Console and Support Password

In a 2 Node cluster

n Platform: support password=VMware1! consoleuser password=Test@123

n Collector: support password=VMware1! consoleuser password=Test@123

In a 3 Node cluster with 1 collector

n Platform1: support password=VMware1! consoleuser password=Test@123

n Platform2: support password=VMware1! consoleuser password=Test@123

n Platform3: support password=VMware1! consoleuser password=Test@123

VMware, Inc. 109

vRealize Suite Lifecycle Manager 8.6 Installation, Upgrade, and Management Guide

n Collector: support password=VMware1! consoleuser password=Test@123

Import vRealize Operations Manager Environment

You can import an instance of vRealize Operations Manager into vRealize Suite Lifecycle
Manager.

Prerequisites

Verify that you have the required IP credentials.

Procedure

1 After creating an environment on the Create Environment page, on the products card, select
vRealize Operations Manager check box.

2 Select Import and click Next.

3 Enter the vRealize Operations Manager, Master Node IP Address, Root, and Admin
Password.

Note The admin password should be for a local user only, not a user with administrator
permissions.

Note If each node has different passwords then the import request fails. You can provide
the correct password in the retry of each failed request.

Note The master node is now referred to as the primary node.

4 Select a vCenter Server instance under vCenter Servers.

5 Click Next and read the summary.

6 Click Submit to import.

Note If you are importing an existing vRealize Operations Manager installation, then SSH
should be enabled for all the vRealize Operations Manager nodes and set root passwords in
all nodes.

Import vRealize Log Insight Environment

You can import an instance of vRealize Log Insight into vRealize Suite Lifecycle Manager.

Prerequisites

Verify that you have the required IP credentials.

Procedure

1 After creating an environment on the Create Environment page, on the products card, select
vRealize Log Insight check box.

2 Select Import and click Next.

VMware, Inc. 110

vRealize Suite Lifecycle Manager 8.6 Installation, Upgrade, and Management Guide

3 Enter the vRealize Log Insight Master Node FQDN, Root, and Admin Password.

Note The admin password should be for a local user only, not a user with administrator
permissions.

Note If each node has different passwords then the import request fails. You can provide
the correct password in the retry of each failed request.

Note The master node is now referred to as the primary node.

4 Select a vCenter Server instance under vCenter Servers.

5 Click Next and read the summary.

6 Click Submit to import.

Create a Private Cloud Environment Using a Configuration

File
You can create a private cloud environment using a product configuration file.

Know more about Private Cloud, before you configure your environment.

When you are creating an environment using a JSON spec, if the Locker ID for the passwords is
used, you must make sure to use respective locker ID from the current vRealize Suite Lifecycle
Manager. Navigate to Locker > Passwords and copy the Password ID, and use in the spec. There
is no action required for a plain text password.

While using JSON spec, ensure to update all the parameters under each node's advanced
settings as required. If you do notupdate, then it takes the original values from the JSON spec.

Prerequisites

n Configure OVA settings for the products to install. See Configure Product Binaries.

n Ensure that you have added a vCenter to the data center with valid credentials and the
request has completed.

Procedure

1 Log in to vRealize Suite Lifecycle Manager as administrator and click Create Environment.

2 From Data Center, select an existing data center for this environment, or click + to add a data
center to vRealize Suite Lifecycle Manager.

For information on adding a data center, see Add a Data Center to vRealize Suite Lifecycle
Manager .

3 Enable or disable the JSON Configuration toggle bar, as required. When you enable the
JSON configuration, you can paste the JSON file text manually or you can import the file from
your local system.

VMware, Inc. 111

vRealize Suite Lifecycle Manager 8.6 Installation, Upgrade, and Management Guide

4 (Optional) Select Join the VMware Customer Experience Program to join CEIP for this
environment.

This product participates in the VMware Customer Experience Program (CEIP). Details
regarding the data collected through CEIP and the purposes for which it is used by VMware
are set forth at the Trust & Assurance Center at http://www.vmware.com/trustvmware/
ceip.html.

5 Click the Use Configuration file toggle feature.

6 Paste the text of the product configuration JSON file into the Product Config JSON text box,
and click Next.

You can download the configuration file from the summary page to create a JSON file for
the product or the solution with the latest inputs that were provided while configuring the
environment.

The create installation wizard is launched and the JSON data is populated. You can validate
the data before you click submit. For more information on getting a sample JSON file, see KB
article 75255.

What to do next

To monitor product installation progress, click the Home button. vRealize Suite Lifecycle Manager
displays installation progress for the environment under Recent Requests and on the Requests
tab.

Creating Environments in vRealize Cloud

When you want to create a hybrid environment, and require the software-as-a-service to
manage your on-premise data, you can use the Cloud Proxy. The Cloud Proxy environment
enables Software-as-a-service and VMware Cloud services to communicate with the on-premise
services.

Configuring Environment Settings for a New Cloud Proxy

Configure environment settings, such as name, password, and data center for a new Cloud Proxy
environment.

Procedure

1 Log in to vRealize Suite Lifecycle Manager as an administrator and click vRealize Cloud.

2 Click Create / Deploy Cloud Proxy.

3 In the Environment Name, enter a descriptive name for the new Cloud Proxy environment.

This name must be unique.

4 Enter the Environment Description, which can be a maximum of 1024 characters.

VMware, Inc. 112

vRealize Suite Lifecycle Manager 8.6 Installation, Upgrade, and Management Guide

5 Enter a Default Admin Password and confirm the password.

The default password must be a minimum of eight characters.

6 From Data Center, select an existing data center for this environment, or click + to add a data
center.

7 Enable or disable the JSON Configuration toggle bar, as required. When you enable the
JSON configuration, you can paste the JSON file text manually or you can import the file from
your local system.

8 Select Join the VMware Customer Experience Program to join CEIP for this environment.

This product participates in the VMware Customer Experience Program (CEIP). Details
regarding the data collected through CEIP and the purposes for which it is used by VMware
are set forth at the Trust & Assurance Center at http://www.vmware.com/trustvmware/
ceip.html.

Installing Cloud Proxy Products

The Cloud Proxy products available are Cloud Extensibility Proxy (AVX Cloud Proxy), VMware
Cloud Services Data Collector (Target Cloud Proxy), and vRNI Cloud Proxy. Select the Cloud
Proxy products to install in the private cloud environment.

Prerequisites

Verify that you have a data center and environment credentials already created.

Procedure

1 Select the Cloud Proxy products to add to the private cloud environment, and then select the
Installation Type. You can perform a fresh installation of a product or import from an existing
installation of the product.

2 Select the Deployment Type.

3 Click Next.

What to do next

After installing the Cloud products, follow the steps listed under Create a New Private Cloud
Environment Using the Installation Wizard for EULA and license selection, configuring your
certificate details, and configuring your network details.

Configuring Cloud Proxy Product Details

You can view and configure the Cloud Proxy products that were selected during environment
creation.

VMware, Inc. 113

vRealize Suite Lifecycle Manager 8.6 Installation, Upgrade, and Management Guide

Product Function

Install Cloud Extensibility Proxy 1 Under Product Properties, enter the Proxy Name.
2 Select the Product Password.
3 Select the Refresh Key.
4 Under Components, enter the VM Name, FQDN, and
IP Address.
5 Click Next.

Install VMware Cloud Services Data Collector 1 Under Product Properties, enter the Proxy Name.
2 Select the Cloud Assembly and Log Insight check
boxes, as applicable.
3 Select the Product Password.
4 Select the Refresh Key.
5 Under Components, enter the VM Name, FQDN, and
IP Address.
6 Click Next.

Install vRNI Cloud Proxy 1 Under Product Properties, enter the Proxy Name.
2 Select the Product Password.
3 Select the Refresh Key.
4 To add a new server, enter the following details.
a Add the server Name and FQDN/IP Address.
b Click Submit.
5 To edit an existing server, enter the following details.
a Select the NTP Servers.
b Click Next.
c Change Server Priority, as required.
d Click Finish.
6 Under Components, enter the VM Name, FQDN, and
IP Address.
7 Click Next.

What to do next

After configuring your Cloud Proxy Product details, follow the steps listed under Create a New
Private Cloud Environment Using the Installation Wizard for validating your Cloud details and to
complete your installation process.

Onboarding vRealize Cloud Universal Subscriptions

vRealize Cloud Universal is a SaaS cloud management suite that combines automation,
operations, and log analytics into one license. You can start using and managing your vRealize
Cloud Universal subscription with the help of vRealize Suite Lifecycle Manager and vRealize Cloud
Subscription Manager.

VMware, Inc. 114

vRealize Suite Lifecycle Manager 8.6 Installation, Upgrade, and Management Guide

Prerequisites

For more information on activating your subscription license and to get started with an express
onboarding experience, see the vRealize Cloud Universal Onboarding guide. To manage your
vRealize Cloud licenses in vRealize Suite Lifecycle Manager, see Managing vRealize Cloud
Licenses in vRealize Suite Lifecycle Manager.

VMware, Inc. 115

Managing Environments in
vRealize Suite Lifecycle Manager 4
You can manage data centers, vCenters Servers, and vRealize Suite products in your private
cloud environments.

This chapter includes the following topics:

n Day 2 Operations for Global Environment in vRealize Suite Lifecycle Manager

n Day 2 Operations with Other Products in vRealize Suite Lifecycle Manager

n Add a Product to an Existing Private Cloud Environment

n Add a Data Source to an Existing Private Cloud Environment

n Manage a Data Source in an Existing Private Cloud Environment

n Update Bulk Passwords for Data Source

n Scale-Out VMware Identity Manager

n Scale-Out vRealize Suite Products

n Scale-Up vRealize Suite Products

n Export a Private Cloud Environment Configuration File

n Download Private Cloud Product Logs

n Delete an Environment

n Managing vRealize Suite Products in a Private Cloud

n Configure Health Monitoring for the vRealize Suite Management Stack

n Adding and Managing Content from Marketplace

Day 2 Operations for Global Environment in vRealize Suite

Lifecycle Manager
A global environment is created after an installation or a migration of vRealize Suite Lifecycle
Manager. A global environment displays the VMware Identity Manager instance and also shows
the version. When you click the View Details on a created environment, you can view the
lists of primary, secondary, and connector information of the VMware Identity Manager that is
used in the vRealize Suite Lifecycle Manager. You can view the product properties for each

VMware, Inc. 116

vRealize Suite Lifecycle Manager 8.6 Installation, Upgrade, and Management Guide

the VMware Identity Manager cluster. To view the list of inter-product configurations, click the
Product References.

After an upgrade, all products currently integrated with global environment VMware Identity
Manager are shown in the list. The global environment VMware Identity Manager View Details
page contains the day-2 operations:

n Topology - The Topology Viewer is introduced to help you view the group and node
structure, vCenter, and product integration details between VMware Identity Manager and
vRealize Suite products.

n Trigger Cluster Health - Triggers instant health check on the VMware Identity Manager cluster
nodes and provides a notification on vRealize Suite Lifecycle Manager UI.

Based on the health status of the cluster nodes, 'vIDM vPostgres Cluster Health' notification is
either marked CRITICAL or OK. For the notification to be precise, verify that VMware Identity
Manager can communicate to all the VMware Identity Manager nodes in the cluster and
the global environment VMware Identity Manager inventory is up-to-date in vRealize Suite
Lifecycle Manager.

The health check includes postgres service status check, pgpool service (responsible for
automatic failover) status check and Delegate IP (database load balancer IP) availability check
apart from basic the VMware Identity Manager service availability checks.

If status is marked CRITICAL, to troubleshoot, a link to the KB article 75080 is provided.

This health check also runs every hour as a scheduled job at the backend and latest health
statuses are updated in the 'vIDM vPostgres Cluster Health' notification.

If VMware Identity Manager is clustered through vRealize Suite Lifecycle Manager, then the
Power ON option can also be used to remediate the critical cluster heath.

n Power ON - Turns up the VMware Identity Manager nodes and ensures all the required
services are bootstrapped. For a clustered instance (vRealize Suite Lifecycle Manager
clustered VMware Identity Manager), this operation fixes any inconsistency in the cluster.
For example, fixing the Delegate IP (database load balancer IP), correcting any replication
delays in the secondary nodes . If VMware Identity Manager is clustered through vRealize
Suite Lifecycle Manager, then use this option for any use case which involves powering on
the cluster like snapshot revert, reboot, power on .

n Power OFF - Brings down all the VMware Identity Manager services by shutting them down
and also brings down the services that are responsible for an automatic failover, and its
related components in a clustered deployment. This option is provided for both single node
and clustered node VMware Identity Manager.

VMware, Inc. 117

vRealize Suite Lifecycle Manager 8.6 Installation, Upgrade, and Management Guide

If VMware Identity Manager is clustered through vRealize Suite Lifecycle Manager, then it
is always recommended to use this option for a scenario which involves bringing down the
cluster, such as reboot and shut down. Creating VMware Identity Manager snapshot through
vRealize Suite Lifecycle Manager stores the snapshot after bringing down the VMware
Identity Manager services gracefully.

Note A change in VMware Identity Manager certificate requires retrust of VMware Identity
Managercertificate on all products or services currently integrated with it. While updating
certificate, you can select all currently referenced products to opt in for retrust. For more
information on product references, see Product References. To know more about the
hardware requirements depending on the number of users in the directory, see System and
Network Configurations Requirements.

Re-Size Hardware Resources for VMware Identity Manager

This topic describes how to re-size the hardware required for VMware Identity Manager when it
is deployed through vRealize Suite Lifecycle Manager.

Procedure

1 On the Global Environment VMware Identity Manager, click the ellipses.

2 Click Cluster Health.

After the cluster health collection is complete, the health status is displayed in the vRealize
Suite Lifecycle Manager under the notification lists on the top right of the UI.

Note If the status is red, to remediate click Power ON or see the KB article 75080.

3 You can scale up to the required size by performing a vertical scale up. For more information
on vertical scale up, see Scale-Up vRealize Suite Products.

Results

For more information on hardware requirements for VMware Identity Manager when integrated
with vRealize Automation, see the hardware requirements in the vRealize Automation 8.1
Reference Architecture. To know more about the hardware requirements depending on the
number of users in the directory, see System and Network Configurations Requirements.

Day 2 Operations with Other Products in vRealize Suite

Lifecycle Manager
You can now perform the Day 2 operations within vRealize Suite Lifecycle Manager.

VMware, Inc. 118

vRealize Suite Lifecycle Manager 8.6 Installation, Upgrade, and Management Guide

Day 2 Operations for all products (Non VMware Identity Manager )

The vRealize Suite products under environments consists of the following capabilities:

n Topology - The Topology viewer is introduced to help you view the node structure and
understand the integration between different vRealize Suite products within vRealize Suite
Lifecycle Manager. You can select the available vRealize Suite product and view the version,
certificate, and license details. You can also select on a primary or secondary node to view
the FQDN, IP address, network, DNS, and other node properties.

n New Collector Group - New collector groups are available for vRealize Operations Manager.
The new collector group enables you to add new collectors, group the new collector nodes,
and move the collector nodes into new collector groups. You can add remote collector and
cloud proxy to the collector group.

Note It is recommended that you do not add cloud proxy to a collector group from remote
collectors. For cloud proxy, a separate cloud proxies group can be created which contains
only cloud proxies.

n Re-Trust With Identity Manager - Whenever VMware Identity Manager certificate changes
there is a need for all products/services currently integrated with VMware Identity Manager
to retrust the VMware Identity Manager certificate. Even though starting from vRealize Suite
Lifecycle Manager 8.1, when replacing or changing VMware Identity Manager certificate all
products integrated with VMware Identity Manager that are linked in Product References are
opted-in for an automatic retrust. This button can be used anytime when you want to retrust
VMware Identity Manager certificate on the product explicitly.

Note This option is only applicable if a product is integrated with global environment
VMware Identity Manager and shows up in the Product References table under global
environment VMware Identity Manager.

n Re-Register With Identity Manager - When products integrate with VMware Identity Manager,
it gets registered against a VMware Identity Manager endpoint which in general is with the
FQDN of VMware Identity Manager. Whenever VMware Identity Manager FQDN changes,
there is a need for products or services currently integrated with VMware Identity Manager to
re-register with the new VMware Identity Manager FQDN.

n Enable FIPS Compliance Mode – Starting with vRealize Suite Lifecycle Manager 8.3, FIPS
Compliance Mode is available for vRealize Log Insight and vRealize Operations Manager.
You can enable or disable the FIPS mode during product deployment. Alternatively, you can
select the Enable FIPS Compliance option for the product level operation from the Manage
Environments page.

Note If you enable the FIPS mode for a vRealize Suite product, you cannot revert and run it
on a non-FIPS mode.

VMware, Inc. 119

vRealize Suite Lifecycle Manager 8.6 Installation, Upgrade, and Management Guide

n Update NTP Configuration – Starting with vRealize Suite Lifecycle Manager 8.6, you can
update the NTP Configuration details after deploying the vRealize Suite products. The Time
Sync Mode offers two configuring options, using NTP server or using the EXSi host time.
When you choose the NTP Server, you can add the new server details or you can edit the
existing server details, such as the server name and FQDN/IP address. Click Submit to view
the new NTP server details. Under Change NTP Server Priority, you can change the priority of
the servers. Next, run precheck to view the details of the successfully passed checks and the
failed entries. Once you click Submit, the NTP configuration update request is submitted.

Day 2 Operations for vRealize Automation Clustered Deployment

If the vRealize Automation load-balancer is configured such that SSL is terminated at the load-
balancer, then for any change of certificate in the load balancer must be retrusted in vRealize
Automation. In a clustered deployment of vRealize Automation 8.x, you can click Re-trust Load
Balancer which retrusts the load balancer certificate in vRealize Automation.

Note This operation primarily checks vRealize Suite Lifecycle Manager inventory of the clustered
vRealize Automation 8.x before performing the retrust. The inventory data for clustered vRealize
Automation 8.x will have a parameter - vra-va- SSL terminated at load-balancer under
the Cluster VIP section of product properties. The parameter decides whether the SSL is
terminated at the vRealize Automation load balancer or not. For all green text box vRealize
Automation 8.x deployments, this option is provided as an input to be filled by the user and for
an existing brown field deployment, the value for the parameter is automatically computed.

Note The start up and shutdown operations are also available for vRealize Automation, which
helps to gracefully start and shut down the vRealize Automation services.

Reconfigure Internal Pods and Service Subnets

Starting with 8.2, you can modify the IP range that is used internally by vRealize Automation
services.

Prerequisites

Verify that a product has existing internal IP range values. For information on K8 service and
cluster IP range, see Install and Configure vRealize Automation Using vRealize Suite Lifecycle
Manager Easy Installer for vRealize Automation and VMware Identity Manager .

Procedure

1 From the Environment page, select a product card, and then click the vertical ellipses.

2 Select Reconfigure Internal Pods and Service Subnets.

3 Enter internal IP range values for K8 Cluster IP Range and K8 Service IP Range.

4 Click Next.

5 To validate the IP range information, click RUN PRECHECK , and click Finish.

VMware, Inc. 120

vRealize Suite Lifecycle Manager 8.6 Installation, Upgrade, and Management Guide

Add a Product to an Existing Private Cloud Environment

If you want to change your environment, you can add a product to an existing environment.

Organic growth allows you to import an existing vRealize Suite product to an existing
environment or to trigger a fresh deployment of the product to add to an existing environment.

An environment can contain only one instance of each supported vRealize Suite product.

Prerequisites

Have an existing private cloud environment in vRealize Suite Lifecycle Manager that does not
already contain all of the supported vRealize Suite products.

Procedure

1 Click Manage Environments.

2 Click the ellipsis (...) for the environment, and select Add Products to perform organic growth.

3 Select the products to add and enter the necessary configuration information.

Add a Data Source to an Existing Private Cloud Environment

You can add a data source to your environment to collect network information.

Prerequisites

Have an existing vRealize Network Insight instance in vRealize Suite Lifecycle Manager.

Procedure

1 Click Manage Environments.

2 Click View Details of Environments where you must add the data source.

3 Click the ellipsis (...) for vRealize Network Insight, and select Add Data Source.

4 Enter the required details and click Submit Request.

Data Operations Supported by vRealize Network Insight

You can add all types of data sources that are supported by vRealize Network Insight.

Data Source Description

VMware vCenter You can enter the vCenter related information in the provided fields along with the proxy details.

VMware NSX You can enter the NSX Manager related information in the provided fields along with the proxy
Manager details.

Routers and Switches You can enter the SNMP configuration details in the provided fields by clicking the Advanced
Settings.

Note You can add similar data sources to the vRealize Network Insight that are specific to its
respective products or functionalities.

VMware, Inc. 121

vRealize Suite Lifecycle Manager 8.6 Installation, Upgrade, and Management Guide

Import Data sources in vRealize Suite Lifecycle Manager

You can import data sources in bulk into vRealize Network Insight through vRealize Suite
Lifecycle Manager. This feature is helpful when the same SNMP or other configurations have to
be used for multiple switches. The common configurations along with other variable parameters
such as IP address need to be imported in vRealize Suite Lifecycle Manager and provisioned into
vRealize Network Insight. With vRealize Suite Lifecycle Manager 8.2, you can import data sources
along with an import of a vRealize Network Insight instance.

Prerequisites

Verify that you have an existing vRealize Network Insight instance.

Procedure

1 From a vRealize Network Insight environment card, right click on the vertical ellipses and
select Add Data Sources > Bulk.

2 Select CSV or JSON format to import the data sources in a defined report format.

3 Click SELECT File , and then select the JSON file, and click Next.

4 Click Submit Request.

To view the request status, view them on the Request page.

5 To update the CSV file in the required format, click Download Template.

Manage a Data Source in an Existing Private Cloud

Environment
Starting with vRealize Suite Lifecycle Manager 8.2, you can edit or delete a data source in your
environment.

Prerequisites

Verify that you have created a vRealize Network Insight data source in vRealize Suite Lifecycle
Manager.

Procedure

1 In the vRealize Suite Lifecycle Manager 8.2 dashboard, click Manage Environments.

2 In the Environments page, select the vRealize Network Insight product card, and then click
View Details.

3 Click EDIT DATA SOURCE or DELETE DATA SOURCE, as applicable.

a If you click DELETE DATA SOURCE, the selected data source is deleted.

Note If a data source is referenced in any other data source of vRealize Suite Lifecycle
Manager, you cannot delete the referenced data source.

VMware, Inc. 122

vRealize Suite Lifecycle Manager 8.6 Installation, Upgrade, and Management Guide

b If you click EDIT DATA SOURCE, you can edit the Collector (Proxy) VM, data source
username, data source password, and the data source nickname.

Note By default, the data source IP address/FQDN is disabled.

4 Click SUBMIT.

Update Bulk Passwords for Data Source

You can now perform a bulk password update for data source passwords.

Prerequisites

Verify if you have already created vRealize Network Insight data source passwords in vRealize
Suite Lifecycle Manager.

Procedure

1 Under Environments, select the data sources you want to update.

2 Select vRealize Network Insight product card, and click the vertical ellipses for the
environment, and then click Change Data Sources Password.

3 Under Select Data Sources, select the data sources that you want to update, and then click
Next.

4 Under Update Credentials, click New Password to change the existing password, and then
click Next.

Note If you select multiple data sources to update passwords, the new password applies to
all the selected data sources.

5 Under Precheck details, click RUN PRECHECK to validate the new passwords, and then click
Next.

6 Under Summary, you can verify the changes for the data sources.

7 Click Finish.

Note When you perform a bulk password update and one or more passwords fail to update,
the request is marked complete, but you will receive a warning message for the passwords
which are not updated. Click the data source details for information, and then retry updating
the bulk passwords.

VMware, Inc. 123

vRealize Suite Lifecycle Manager 8.6 Installation, Upgrade, and Management Guide

Scale-Out VMware Identity Manager

You can increase the HA option in VMware Identity Manager by having one or three nodes to
manage VMware Identity Manager.

n Ensure to take snapshots of VMware Identity Manager nodes before you perform scale-out
operations. VMware Identity Manager cluster is always three node including an existing node.

n Verify that there is a certificate already added in the locker and also perform the replace
certificate on the standalone VMware Identity Manager node. The certificate should also
have SAN entries of all the three nodes or wild-card certificate. For information on replacing
certificate, see Replace Certificate for vRealize Suite Lifecycle Manager Products

n Scale-In is not supported when you deploy VMware Identity Manager cluster through
vRealize Suite Lifecycle Manager.

Prerequisites

For a VMware Identity Manager cluster and replace certificate actions, ensure to take a snapshot
of the VMware Identity Manager nodes.

Procedure

1 Navigate to Environments, on the environment page, click Add Component .

2 Enter the Infrastructure details and click Next.

3 Enter the Network details and click Next.

Verify that the primary node and the additional components use the same default gateway
and they are connected with each other.

4 On the Product Properties, the certificate details are auto-populated.

5 On the Components tab, you have two options, so you can select Take product snapshot
and Retain product snapshot taken. If the Take product snapshot is set to true, the snapshot
is taken prior to starting scale-out, and can be rolled back to its initial state during a scale-out
failure, the snapshot is taken with the prefix LCM_AUTOGENERATED. If the Retain product
snapshot taken is set to true, it can be retained.

Note Snapshot Rollback action is available for the failed scale-out request in the Requests
page.

6 Enter the load balancer Host name.

VMware, Inc. 124

vRealize Suite Lifecycle Manager 8.6 Installation, Upgrade, and Management Guide

7 Enter a delegate IP address.

Note The delegate IP address is used internally as a proxy to postgres master (primary) and
it should be free or an available IP address. This is not same as the one used to load-balance
the application.

Note You can add two components of type secondary and provide FQDN, and IP address.
It is recommended for a VMware Identity Manager cluster to contain of three nodes behind a
load balancer.

8 Click and run the pre-check.

9 Click Submit.

Note It is very important to reboot the appliance, otherwise the scale-out procedure fails
with unable to find root certificate error. The errors occurs because of an existing
product issue after you replace the certificates to reboot the appliance.

Scheduled Health Check

Once VMware Identity Manager is clustered through, a scheduled health check is registered. This
scheduled check runs every hour and might pop-up a notification on the overall postgres cluster
health status. Starting from the 8.4 release, you can also view the cluster health status in the
VMware Identity Manager environment card.

There are various checks that are important from a postgres cluster perspective that requires
attention.

1 VMware Identity Manager nodes reachability from vRealize Suite Lifecycle Manager.

2 DelegateIP assignment to any of the cluster nodes.

3 Postgres primary node existence.

4 Postgres nodes having replication delay.

5 Postgres nodes being marked as down in the cluster.

6 Pgpool primary node existence.

7 Pgpool running on all nodes.

All the above checks are captured and appropriate description messages are displayed in the
notification that pops-ups with a message like vIDM postgres cluster health status is
critical. For more information on the steps, see the KB article 75080.

If all the checks are validated, vRealize Suite Lifecycle Manager gives a notification with a
message as vIDM postgres cluster health status is ok that provides a healthy cluster
status. On a Day-2 operation, you can click the Trigger Cluster Health on the Global Environment
for VMware Identity Manager in addition to scheduling the health check on an hourly basis.
For more information on trigger cluster health, see Day 2 Operations for Global Environment in
vRealize Suite Lifecycle Manager.

VMware, Inc. 125

vRealize Suite Lifecycle Manager 8.6 Installation, Upgrade, and Management Guide

As a Day-2 operation, Pause Cluster Health Check is introduced to pause the health notifications
when troubleshooting issues, such as VMware Identity Manager password management,
replacing certificates, upgrade related issues, and more. When performing an hourly check or
during a maintenance, you can click the Pause Cluster Health Check, and then click Submit to
pause the health notifications. Once these functions are up and running, you can resume the
health check in the environment product card.

Scale-Out Tenant Enabled VMware Identity Manager

A tenant enabled VMware Identity Manager can only be accessed through tenant FQDNs scaling-
out a tenant enabled VMware Identity Manager from a single node to a three node cluster behind
a load balancer requires changes to its DNS and certificate requirements.

All the VMware Identity Manager tenant FQDNs must now point to the load balancer IP address
instead of VMware Identity Manager a single node IP address. And VMware Identity Manager
load balancer certificate must hold all the tenant FQDNs. For more information on Mandatory
Certificates and DNS Requirements, see Multi-Tenancy Model.

The same recommendations are provided to you as a manual pre-requisite to select before
scaling-out global environment VMware Identity Manager from vRealize Suite Lifecycle Manager
UI. For more information on Tenant FQDNs, see Multi-Tenancy Model.

Scale-Out Windows Connector

You can opt for scaling out a Windows connector.

Prerequisites

Follow these prerequisites for a Windows system in which the connector will be installed.

n The supported JRE version is between 8 update 181 to 8 update 251.

n The supported .NET framework version is 4.6.0.

n The supported Windows Server versions are 2012 R2, 2016, and 2019.

n A unique Windows system is required for the migration and it must be connected to a
domain server.

Procedure

1 Navigate to Environments on the environment page, and then click Add Components .

2 Enter the Infrastructure details and then click Next.

3 Enter the Network details and then click Next.

Verify that the primary node and the additional components use the same default gateway
and they are connected with each other.

4 On the Product Properties, the certificate details are auto-populated.

VMware, Inc. 126

vRealize Suite Lifecycle Manager 8.6 Installation, Upgrade, and Management Guide

5 On the Components tab, select Windows Connector.

a Enter the Windows VM Name.

b Enter FQDN.

c Enter a user-defined Windows Connector Name, and then select the Connector Admin
Password.

d Enter the Domain Admin details.

6 Click and run the pre-check.

7 Click Submit.

Scale-Out vRealize Suite Products

You can add components to your product to configure a multi node setup to form a cluster.

Prerequisites

vRealize Suite Lifecycle Manager does not allow you to add a component of a product until
the certificate mapping for that product is created in the locker. When you replace the vRealize
Automation certificate using the new certificate added to locker, the new certificate contains
additional host entries for new components which should be added as part of scale-out. After
you import or create a certificate in the locker, apply this certificate in the product, only then the
additional components will be visible in the product.

To map the certificate for the product in the locker, import the product certificate in the locker
and trigger the inventory sync for that product. This creates a reference for that product with the
certificate in the locker. This is applicable for an import scenario.

Verify that the certificate is replaced in the product where the certificate contains all the product
components host names including the Load Balancer host name and a new additional component
host names that are added is also specified. For more information on replacing certificates, see
Replace Certificate for vRealize Suite Lifecycle Manager Products. For more information on load
balance, see vRealize Automation Load Balancing.

VMware, Inc. 127

vRealize Suite Lifecycle Manager 8.6 Installation, Upgrade, and Management Guide

Procedure

1 On the environment card, select a product, click the vertical ellipses, and select Add
Component.

For an imported environment, manually enter the text boxes for the selected product.

Note At times, scaling out patched products from vRealize Suite Lifecycle Manager might
fail. This is because joining the cluster fails due to version mismatch in the product appliances.
You can download and use the OVA corresponding to the patch. When you click Add
Component, a warning message appears indicating whether the OVA required to scale out
the patched product is available or not in the vRealize Suite Lifecycle Manager. The required
OVA bundle can be downloaded from My VMware Portal into the vRealize Suite Lifecycle
Manager appliance and mapped. You can download and map the patched product binaries.
For more information on how to download the patch product binaries, see Configure Your
Patched Product Binaries.

2 Under the Infra details, select the required vCenter Server, Cluster, Network, Datastore, and
Disk Format from the drop-down menus.

3 Select the Applicable Time Sync mode and click Next.

4 Under the Network details, if the environment is a newly created, then the text boxes are
auto-populated. If the environment is imported, you have to manually enter the text boxes.

5 Click Next.

6 Select the Applicable Time Sync Mode and under the components section, select the node.

The advanced setting provides more information on configuring the selected node in a
cluster. For an imported environment in 2.0 where a product is scaled out, ensure that the
provided certificate is primary-node certificate, as the pre-check matches the primary node
certificate. For environments from older vRealize Suite Lifecycle Manager versions, you can
add the older certificate during a scale-out by clicking Add button. This populates the older
certificate data from the environment's Infrastructure properties.

7 On the Components tab, you have two options, so you can select Take product snapshot
and Retain product snapshot taken. If the Take product snapshot is set to true, the snapshot
is taken prior to starting scale-out, and can be rolled back to its initial state during a scale-out
failure, the snapshot is taken with the prefix LCM_AUTOGENERATED. If the Retain product
snapshot taken is set to true, it can be retained.

Note Snapshot Rollback action is available for the failed scale-out request in the Requests
page.

8 Under Component > Product properties, select the required text boxes.

The field in this section varies for different products.

VMware, Inc. 128

vRealize Suite Lifecycle Manager 8.6 Installation, Upgrade, and Management Guide

Product Name Components

vRealize Automation 7.x n vra-server-secondary

n iaas-web
n iaas-manager-passive
n iaas-dem-orchestrator
n iaas-dem-worker
n proxy-agent-vsphere

vRealize Automation 8.x secondary

vRealize Operations Manager n Data

n Remote Collector

vRealize Business for Cloud VRB-Collector

vRealize Log Insight VRLI-Worker

vRealize Network Insight n vRNI-Platform

n vRNI-Collector

9 Enter the required text boxes and click Next, and run Precheck.

10 Read the summary and click Submit.

Scale-Out Tenant Enabled vRealize Automation

Tenant enabled vRealize Automation can only be accessed through vRealize Automation tenant
FQDNs, scaling-out a tenant enabled vRealize Automation from a single node to a three node
cluster behind a load-balancer requires changes to its DNS and certificate requirements.

For more information on Tenant FQDNs, see Multi-Tenancy Model. After you scaled-out, vRealize
Automation tenants must be accessed through load-balancer tenant FQDNs and DNS, and
certificates changes are to be made accordingly. The same recommendations are shown to the
user as a manual pre-requisite to be taken care before scaling-out vRealize Automation 8.x from
vRealize Suite Lifecycle Manager UI.

Scale-Up vRealize Suite Products

Vertical Scale Up is introduced to increase the RAM, disk capacity, or vCPUs in the nodes of a
cluster. The nodes of a cluster are grouped and each group consists of nodes of equal sizes.
A product can have a single group or multiple groups, and if the node sizes vary across the
different groups, you can scale up to standardize the node sizes.

Day 2 operations include the Vertical Scale Up operation to manage environments and avoid
any performance degradation. Vertical Scale Up is supported for vRealize Log Insight, vRealize
Automation, vRealize Operations, vRealize Network Insight, and VMware Identity Manager. You
can increase the storage capacity for a product by scaling up the current size and adding a disk
with the required capacity.

VMware, Inc. 129

vRealize Suite Lifecycle Manager 8.6 Installation, Upgrade, and Management Guide

Prerequisites

Verify that you have an existing private cloud environment in vRealize Suite Lifecycle Manager
that contains supported vRealize Suite products.

Procedure

1 From the vRealize Suite Lifecycle Manager dashboard, click Manage Environments.

2 Click View Details for Global Environment or a vRealize Suite product.

3 Click the ellipsis (...) for the product level operation, and then select Vertical Scale Up.

4 In the Proceed to Vertical Scale Up pop-up window, click Trigger Inventory Sync.

5 Click Proceed when the inventory sync is complete.

6 Select the Node Type, and then click Next.

7 Under Vertical Scale-Up Details, select Scale Up Size from the drop-down menu. You can
select the Additional Disk Size (optional).

8 Under Advanced Settings, select the appropriate datastore for the nodes from the drop-
down menus, and then click Next.

9 Click RUN PRECHECK.

Note If the validation is successful, a successful validation message appears. If you see an
error message, follow the instructions provided in the Recommendations tab, and then click
RE-RUN PRECHECK.

VMware, Inc. 130

vRealize Suite Lifecycle Manager 8.6 Installation, Upgrade, and Management Guide

10 When the validation succeeds, click Submit to view the details of your request.

Note
n For VMware Identity Manager (vIDM), the default vIDM deployment option and vRealize
Automation specified size of 8 CPU and 16 GB memory are supported. To increase the
storage capacity from the additional disk space provided to vIDM 3.3.2, 70% can be
assigned to /db and 30% to /var. To increase the storage capacity from the additional
disk space provided to vIDM 3.3.3, 70% can be assigned to /db and 30% to /opt.

n The requiredCpuCount and requiredMemory parameters are the overall CPU and memory
parameters that are available for a node.

n For vRealize Suite products, you provide the extra disk size to increase the capacity. The
requiredCapacity parameter adds an extra disk to the available capacity.

n For vRealize Automation, you select the required disk for expansion and choose how
much to expand the existing disk.

n If you are installing vRealize Automation, ensure that you deploy vIDM with the suggested
size for vRealize Automation.

n For VMware Identity Manager version 3.3.3 or later releases, you must be connected to
the internet to perform the vertical scale up operation. If you are not connected to the
internet and want to perform the vertical scale up operation offline, you must install the
parted packages from packages.vmware.com.

Export a Private Cloud Environment Configuration File

You can export a private cloud environment configuration file to reuse a deployment's
configuration for future environment deployments.

If any data source is added in vRealize Network Insight environment, exporting of config file of
this environment will have data source details. The config file can be used to create new vRealize
Network Insight environment and data sources will be added automatically.

Procedure

1 Click Manage Environments.

2 Click the ellipsis (...) for the environment, and select Export Configuration.

3 Select the configuration file type to export from Simple or Advance, based on your
requirement

4 Click Save File and click OK.

Earlier, the export configuration file feature was available at the LCM environment level.
Starting with vRealize Suite Lifecycle Manager 1.3, you can export the configuration file at the
product level also for the selected product.

The configuration file is downloaded to your browser's default download location.

VMware, Inc. 131

vRealize Suite Lifecycle Manager 8.6 Installation, Upgrade, and Management Guide

What to do next

Use the configuration file to create new private cloud environments. See Create a Private Cloud
Environment Using a Configuration File.

Download Private Cloud Product Logs

You can download product log file bundles to share with VMware support.

Procedure

1 Click Manage Environments.

2 Click the ellipsis (...) for the environment, and select Download Logs.

Note When you click download logs on the Manage Environments page in vRealize Suite
Lifecycle Manager, the link to download the support bundle does not appear. For more
information, see KB article 55744.

Results

Downloaded logs are stored /data/support-bundle inside vRealize Suite LCM appliance.

Delete an Environment
You can delete an existing environment from vRealize Suite Lifecycle Managerand not individual
products. You cannot select a specific product within an environment to delete.

You can delete both successful and failed environment deployments. You can delete
environments that are failed to deploy or you can delete an initiated environment.

Note You can edit an existing environment that is in progress or failed deployment state in
vRealize Suite Lifecycle Manager. Select any product card under Environments, click the vertical
ellipses for the chosen product, and select Edit Environment Details to edit the environment. You
have the option to edit the environment name or the environment description. However, you
cannot edit the environment name for globalenvironment.

VMware Identity Manager installation is optional when creating an environment. If you delete a
VMware Identity Manager environment:

n vRealize Automation 8.x cannot be installed or imported.

n You cannot use VMware Identity Manager as an authentication source for vRealize Suite
Lifecycle Manager.

n You cannot access Identity and Tenant management. The user and active directory
management becomes inaccessible. The existing roles and user mappings of VMware Identity
Manager from vRealize Suite Lifecycle Manager is removed.

VMware, Inc. 132

vRealize Suite Lifecycle Manager 8.6 Installation, Upgrade, and Management Guide

Procedure

1 Click Manage Environments to delete a successfully installed environment, or delete a failed

environment deployment listed under Recent Requests in Home page.

2 Click the three dots in the upper right corner of the environment tile, and select Delete
Environment.

3 (Optional) Select Delete related virtual machines from vCenter to delete all virtual machines
associated with this environment from vCenter server.

If you do not select this option, all virtual machines associated with this environment remain in
vCenter after the environment is deleted from vRealize Suite Lifecycle Manager.

4 (Optional) Select Delete related Windows machines to delete Windows machines associated
with vRealize Automation this environment.

This option is available only for vRealize Suite Lifecycle Manager 7.x releases if you choose
to delete all related virtual machines from vCenter. Ensure to confirm this action before you
proceed.

5 Select Delete related virtual machines from vCenter to delete virtual machines associated
with the environment.

This option is available only if you have virtual machine associated with an environment
in vCenter server. If selected, then virtual machines associated to the environment is also
deleted from the vCenter server. If it is not selected, then only the record of this environment
is deleted from the vRealize Suite Lifecycle Manager inventory.

6 Click DELETE.

7 If you chose to delete virtual machines associate with the environment, verify that the list of
virtual machines to delete is correct, and click CONFIRM DELETE.

IaaS virtual machine names do not appear in this list.

Note If the delete operation fails, an option is enabled in the environment card Delete
environment from vRealize Suite Lifecycle Manager. This action deletes the environment from
vRealize Suite Lifecycle Manager and you can delete the VMs manually from the vCenter
server. For brownfield import, if you fail to add a vCenter list, then delete environment
confirmation dialog box does not show the VM list in that particular vCenter and you have to
clean them up manually. For an organic growth, the environment card from the recent activity
home page is not deleted or dimmed.

8 Click CLOSE.

Results

The environment is removed from vRealize Suite Lifecycle Manager.

What to do next

You can view the progress of the delete operation on the Requests page.

VMware, Inc. 133

vRealize Suite Lifecycle Manager 8.6 Installation, Upgrade, and Management Guide

Managing vRealize Suite Products in a Private Cloud

You can use VMware vRealize Suite Lifecycle Manager to upgrade and patch vRealize Suite
products and to download product logs.

n Creating and Managing a Product Snapshot

You can now create and manage the snapshot of a product to save product state at a
particular point in time.

n Inventory Sync in vRealize Suite Lifecycle Manager

If you have updated any configuration outside of vRealize Suite Lifecycle Manager, then the
products managed from vRealize Suite Lifecycle Manager will be out of sync. To update the
configuration, you have to trigger inventory to sync.

n Product References
Starting from vRealize Suite Lifecycle Manager 8.1, product details has a new vertical tab
named Product References listing all inter-product integrations. For example: If product A is
integrated with product B or the other way, the View Details page of both product A and B
has an entry in Product References table, pointing reference to each other.

n Change your Password for vRealize Products

You can change the password for the installed vRealize products. There are different types
of password change options available on the Product Details page.

n Delete a Product from an Environment

You can delete a product instance from a Lifecycle Manager environment.

n Add Licenses for vRealize Suite Products

You can configure and replace license changes to vRealize Automation through the vRealize
Suite Lifecycle Manager UI where you can access the product details on the environment
card.

Creating and Managing a Product Snapshot

You can now create and manage the snapshot of a product to save product state at a particular
point in time.

This procedure does not apply to snapshots of vRealize Automation 7.x database virtual
machines. Snapshots of vRealize Automation 7.x database virtual machines must be taken
manually rather than through vRealize Suite Lifecycle Manager.

Managing snapshots are restricted to vRealize Suite Lifecycle Manager version 8.6 triggered
snapshots. If you trigger a snapshot directly, the snapshot is no longer managed in vRealize Suite
Lifecycle Manager.

Procedure

1 To create a snapshot, click Manage Environments.

2 Click VIEW DETAILS.

VMware, Inc. 134

vRealize Suite Lifecycle Manager 8.6 Installation, Upgrade, and Management Guide

3 Click the ellipses icon next to the name of the product to snapshot and select Create
Snapshot.

4 Under Snapshot Details, enter the Snapshot Prefix and the Snapshot Description details.

5 (optional) For certain vRealize Suite products, you can select the Snapshot With Memory
toggle.

6 (optional) You can select the Shutdown before taking snapshot toggle, as required.

7 Click Next.

8 Click Run precheck, and then click Finish.

Note Day 2 operations that depend on vCenter Server, such as creating a snapshot, might
fail if the guest tools are not running or if the IP address/Hostname is not visible in vCenter
Server. vRealize Operations Manager setup is not accessible after reverting the snapshot of
vRealize Operations Manager as the vRealize Operations Manager cluster can be inconsistent
state. For more information, see KB article 56560.

9 To manage a product snapshot, click Manage Environments.

10 Click VIEW DETAILS.

11 Click the ellipses icon next to the name of the product to snapshot and select Manage
Snapshot.

12 You can view the snapshot tree structure and the snapshot details. Click Delete to
permanently delete a snapshot.

13 Click Revert, and then click RUN PRECHECK to revert a snapshot.

Results

Note
n The partial or inconsistent snapshot does not provide the revert option.

n You can rollback or revert a snapshot that you created during an upgrade or a scale-out in
the Requests tab.

n When you deploy vRealize Suite products, a custom attribute is created on vCenter to
support the snapshot inventory from vRealize Suite Lifecycle Manager.

vRealize Suite Lifecycle Manager saves state and configuration details for the product's virtual
appliance. For more information, see KB article 56361.

What to do next

After you create a product snapshot, you can revert the product virtual appliance to the state of
the snapshot.

VMware, Inc. 135

vRealize Suite Lifecycle Manager 8.6 Installation, Upgrade, and Management Guide

Inventory Sync in vRealize Suite Lifecycle Manager

If you have updated any configuration outside of vRealize Suite Lifecycle Manager, then the
products managed from vRealize Suite Lifecycle Manager will be out of sync. To update the
configuration, you have to trigger inventory to sync.

If the product upgraded outside or if there is any failure in vRealize Automation or vRealize
Operations Manager, inventory sync updates the correct primary node in vRealize Suite Lifecycle
Manager.

If any components of products are added or deleted outside of vRealize Suite Lifecycle Manager,
inventory sync is used to update them. If a product password changed outside can be updated in
vRealize Suite Lifecycle Manager by syncing it with the inventory, but the request eventually fails.
However, you can provide the right password when you retry.

To change the root password of vRealize Operations Manager, then you have to create a root
password in the Locker and use the same to replace the vRealize Operations Manager root
password through vRealize Suite Lifecycle Manager. You need not change the root password in
the vRealize Operations Manager.

Also, if you modify the password directly in the application, for example, vRealize Operations
Manager then you should run the inventory sync of the product in vRealize Suite Lifecycle
Manager so that the modified passwords are synchronized with vRealize Suite Lifecycle Manager
again. This action prompts you to provide the modified passwords during an inventory sync.

You can sync your inventories for each product and for all the products across all environments.

n Instead of navigating into each product to synchronize your inventories, you can click the
horizontal ellipses on the product card and click Trigger Inventory Sync.

n If there are multiple environments and there are multiple products within an environment, you
can click the Trigger Inventory Sync on the Environment page. This triggers the inventory
sync on all the products in all environments.

n You can click the View Details of the product and then click the Trigger Inventory Sync. This
would trigger the inventory sync for the required product alone.

Product References
Starting from vRealize Suite Lifecycle Manager 8.1, product details has a new vertical tab named
Product References listing all inter-product integrations. For example: If product A is integrated
with product B or the other way, the View Details page of both product A and B has an entry in
Product References table, pointing reference to each other.

For vRealize Suite Lifecycle Manager, the table only shows VMware Identity Manager
Authentication Provider references. If a product, for example vRealize Automation is integrated
with global environment VMware Identity Manager and is using it as an authentication provider,
then both vRealize Automation and the global environment VMware Identity Manager will have a
reference linking each other in their View Details > Product References table.

VMware, Inc. 136

vRealize Suite Lifecycle Manager 8.6 Installation, Upgrade, and Management Guide

The Product Reference entries are created when you create an environment and during an
Inventory Sync. If the expected product does not show up in the VMware Identity Manager
global environment Product Reference table, then validate if the Inventory Sync for the related
product is selected and is completed successfully.

In-case of global environment VMware Identity Manager, the Product References are used while
performing following day-2 operations:

n Certificate update or replace operation. A change in VMware Identity Manager certificate

requires re-trust of VMware Identity Manager certificate on all products or services currently
integrated with it. While updating certificate, you are provided with an option to select all
currently referenced products to opt-in for re-trust.

n Enabling tenancy. Once tenancy is enabled, VMware Identity Manager can be accessed
only through tenant FQDNs. All the existing products or services currently integrated with
VMware Identity Manager must go for a re-register of VMware Identity Manager against its
primary tenant alias FQDN. While enabling tenancy, you are provided an option to choose all
the currently referenced products to opt-in for re-register.

With Manage Environments feature in the vRealize Suite Lifecycle Manager UI, a complete
inventory about each product is listed.

The Product References once found are later used in day-2 operations to ensure a life-cycle
operation performed on one product does not break the current integration with other product
that is linked and referenced.

Change your Password for vRealize Products

You can change the password for the installed vRealize products. There are different types of
password change options available on the Product Details page.

To change the password, on the product card environment, click View Details > Change
Password.

The following table shows the different password change option available on the product details
page.

Type of Password Change vRealize Product Name

Admin Password Change n vRealize Automation

n vRealize Operations Manager
n vRealize Network Insight
n vRealize Log Insight
n VMware Identity Manager

Root Password Change n vRealize Automation

n vRealize Operations Manager
n vRealize Business for Cloud
n vRealize Log Insight
n VMware Identity Manager

Support Password Change n vRealize Network Insight

VMware, Inc. 137

vRealize Suite Lifecycle Manager 8.6 Installation, Upgrade, and Management Guide

Type of Password Change vRealize Product Name

Console User Password Change n vRealize Network Insight

SSH User Password Change VMware Identity Manager

Delete a Product from an Environment

You can delete a product instance from a Lifecycle Manager environment.

You can delete a product deployment from a vCenter Server. The Lifecycle Manager can delete
Product Integration in a given environment for the selected product, if it is done within Lifecycle
Manager while deploying products.

In case of an environment where products are imported, Lifecycle Manager does not gather
information about an existing product integration within products. Therefore, you can manually
remove the product integration while deleting products.

Prerequisites

Verify that there is a product existing in an environment.

Procedure

1 From the Environment home page, select any product instance and right-click on the vertical
ellipses.

2 Click Delete Product.

Note When there are products that are internally integrated within a product, then verify
the integrations before deleting the product. However, Lifecycle Manager cannot remove the
external integrations in the products.

3 To delete all associated VMs from vCenter Server for the selected product, select the Delete
associated VMs check box.

4 If you want to delete windows machines, then select Delete associated Windows Machines
check box and click Delete.

Before you delete associated VMs from the vCenter Server on the Delete Product window,
review the list of VMs and then click Confirm Delete.

Results

The selected suite product and its associated VMs from an environment are deleted.

Replace Certificate for vRealize Suite Lifecycle Manager Products

You can replace your existing certificates for products within the vRealize Suite Lifecycle
Manager.

For replacing a vRealize Suite Lifecycle Manager VAMI/VA certificate, see Replace Certificate for
vRealize Suite Lifecycle Manager. For re-trust of Identity Manager, see Day 2 Operations with
Other Products in vRealize Suite Lifecycle Manager.

VMware, Inc. 138

vRealize Suite Lifecycle Manager 8.6 Installation, Upgrade, and Management Guide

Prerequisites

Verify that a product has an existing certificate. You can either create or import a certificate in
the locker. For information on creating certificates, see Configure Certificate Within Locker.

Procedure

1 From the Environment page, select a product card and click on the vertical ellipses.

2 Click Replace Certificate.

3 From the Current Certificate, click Next.

4 Select a Certificate from the drop-down menu and click Next.

5 Select a certificate and review the certificate summary, and click Next.

6 To replace a VMware Identity Manager certificate, you must re-trust the products that are
already configured. Select the product instance here and click Next.

By default, all the products are listed under the Re-Trust Product Certificate wizard.

7 (Optional) Enable the Opt-in for Snapshot checkbox.

Note This options enables you to take snapshots for products which do not have certificate
rollback built-in. You can use this option to revert the snapshot in case of a failure to replace
a certificate. And this is only applicable for vRealize Business for Cloud, VMware Identity
Manager, and vRealize Network Insight.

If the replace certificate request has failed and you have selected to take a snapshot, then
you can set the revertToSnapshot flag to true and then submit the failed request to rollback
the operaton.

8 To validate the certificate information, click RUN PRECHECK and click Finish.

9 Click Accept and Submit.

Add Licenses for vRealize Suite Products

You can configure and replace license changes to vRealize Automation through the vRealize
Suite Lifecycle Manager UI where you can access the product details on the environment card.

Prerequisites

n Verify that you have the vRealize Automation instance in vRealize Suite Lifecycle Manager.

n Ensure that you have added a license in the Locker. For more information on adding licenses,
see Configure License Within Locker.

Procedure

1 Log in to vRealize Suite Lifecycle Manager UI.

2 Select the Environments tab, and then click View Details for a vRealize product card.

VMware, Inc. 139

vRealize Suite Lifecycle Manager 8.6 Installation, Upgrade, and Management Guide

3 Select the product options (...) icon, and then click Add License from the drop-down list. You
can view the list of current licenses.

4 Click Next .

5 Select a new license from the drop-down list, and then verify the license details.

6 (Optional) In vRealize Automation 8.0 and later releases, vRealize Operations Manager, and
vRealize Log Insight, you can delete the older licenses after selecting a new license. Select
the licenses to be removed under Terminate Licenses.

Note This option is applicable for vRealize Suite Lifecycle Manager 8.4.1 and later versions.

7 Click Finish.

The License requests can be tracked in the vRealize Suite Lifecycle Manager Requests tab.

What to do next

For more information on configuring the license, see Configure License Within Locker.

Configure Health Monitoring for the vRealize Suite

Management Stack
When vRealize Operations Manager is part of your environment, you can retrieve and display the
health status of vRealize Suite products in vRealize Suite Lifecycle Manager.

Health status information in vRealize Suite Lifecycle Manager is available only for vRealize
Suite Lifecycle Manager supported products: vRealize Automation, vRealize Operations Manager,
vRealize Log Insight, and vRealize Business for Cloud.

Prerequisites

Verify that you have a private cloud environment that contains VMware vRealize Operations
Manager. For information on adding to an existing environment, see Add a Product to an Existing
Cloud Environment. For information on creating an environment, see Creating a Private Cloud
Environment.

n Health Status in vRealize Suite Lifecycle Manager

vRealize Suite Lifecycle Manager displays private cloud environment health for the
environment as a whole and at the individual product level.

n View the SDDC Health Overview Dashboard in VMware vRealize Operations Manager
With vRealize Suite Lifecycle Manager, you can view detailed health status in vRealize
Operations Manager.

n Enable or Disable Health Check for Products in vRealize Suite Lifecycle Manager

VMware, Inc. 140

vRealize Suite Lifecycle Manager 8.6 Installation, Upgrade, and Management Guide

Procedure

1 Configure vRealize Operations Manager with the VMware SDDC Management Health Solution
Management Pack. See VMware SDDC Management Health Solution microsite on the
VMware Solution Exchange.

2 Configure adapter instances for vRealize Log Insight, vRealize Business for Cloud, and
vRealize Automation in vRealize Operations Manager.

For information on configuring adapters in vRealize Operations Manager, see the following
topics:

n Configuring vRealize Log Insight with vRealize Operations Manager

n Configure the vRealize Business for Cloud Adapter

n Configure vRealize Automation

3 If you have an instance of vRealize Automation in your environment, install End Point
Operations Management agents on all nodes on vRealize Automation applications and on
any new node added to the vRealize Automation cluster later.

See End Point Operations Management Agent Installation and Deployment .

Results

vRealize Suite Lifecycle Manager displays the health status of the vRealize Suite management
stack as provided by VMware SDDC Management Health Solution Management Pack.

vRealize Suite Lifecycle Manager retrieves health status information from one instance of vRealize
Operations Manager in a given private cloud environment. The health displayed applies only to
the vRealize Suite products configured in the target vRealize Operations Manager instance within
the private cloud environment. Do not configure additional vRealize Suite products from other
private cloud environments in the same instance of vRealize Operations Manager.

What to do next

View the health status of vRealize Suite in vRealize Suite Lifecycle Manager. See Health Status in
vRealize Suite Lifecycle Manager.

Health Status in vRealize Suite Lifecycle Manager

vRealize Suite Lifecycle Manager displays private cloud environment health for the environment
as a whole and at the individual product level.

Health Status By Color

To enable or disable health at environment level, click the vertical ellipses in the environment
card. The following table presents a color-coded guide to help you determine the health status of
your private cloud environment.

VMware, Inc. 141

vRealize Suite Lifecycle Manager 8.6 Installation, Upgrade, and Management Guide

Color Status

Gray A gray status indicates one of the following scenarios:

n vRealize Operations Manager is not part of your private cloud environment.
n vRealize Operations Manager is not configured with VMware SDDC Management Health Solution
Management Pack.
n An error occurred while determining private cloud environment health.
n Health information is not yet available.

Green vRealize Operations Manager is reporting health as Green, as per its policies, for all configured
products.

Yellow vRealize Operations Manager is reporting health as Yellow, as per its policies, for at least one
configured product.

Red vRealize Operations Manager is reporting health as Orange or Red, as per its policies, for at least
one configured product.

Health status in vRealize Suite Lifecycle Manager continues to display these colors, even when
you only partially configure vRealize Suite products in vRealize Operations Manager. vRealize
Suite Lifecycle Manager does not attempt to determine health status of vRealize Suite products
that are not configured in the private cloud environment.

View the SDDC Health Overview Dashboard in VMware vRealize

Operations Manager
With vRealize Suite Lifecycle Manager, you can view detailed health status in vRealize Operations
Manager.

Prerequisites

Verify that you have a valid VMware vRealize Operations Manager credentials or have VMware
Identity Manager configured.

Note For SDDC management pack 4.0, there is no requirement of installing End point agents for
vRealize Automation 7.4 and IaaS node.

Procedure

1 In vRealize Suite Lifecycle Manager, click the health status for the private cloud environment
to open the SDDC Health Overview Dashboard for the environment in VMware vRealize
Operations Manager.

2 In vRealize Suite Lifecycle Manager, click the health status for an individual product to open
the summary page for that product in VMware vRealize Operations Manager. For more
information, see the VMware Marketplace.

Enable or Disable Health Check for Products in vRealize Suite

Lifecycle Manager

VMware, Inc. 142

vRealize Suite Lifecycle Manager 8.6 Installation, Upgrade, and Management Guide

You can enable the health check option to check the health of an existing environment. You
can use this option on a scenario when you want to evaluate vRealize Suite Lifecycle Manager
environment with vRealize Operations Management Suite is installed along with SDDC MP.
This health check is only available on the vRealize Operations Manager instance with a SDDC
Management pack to monitor the health of the entire system.

This option first checks whether there is an environment to run at first place. Once the
health checks run, it checks if there is a SDDC management health solution available and then
verifies the last status of the health solution. A health check runs periodically at a scheduled
interval. When you want to avoid resource usage in development environments or production
environments, you might want to disable a health check.

Once the health check is disabled, the environment health is not evaluated anymore. A message
is displayed on the environment card, suggesting the user to enable health check to monitory
the health of environment. When a health check has run, you can see the current status of the
environment. If the status is ok and the data is fetched, then you can view a message on the card
as Health OK.

Adding and Managing Content from Marketplace

You can use vRealize Suite Lifecycle Manager to add and manage content from Marketplace.

Marketplace contains content plugins for vRealize Orchestrator, including vRealize Automation
blueprints and OVAs, vRealize Operations Manager management packs, and vRealize Log Insight
content packs, that you can download and deploy in your vRealize Suite environments.

The VMware Marketplace displays the content details for the available vRealize Suite products.
The Available tab provides the Sync option, if you are syncing marketplace for the first time.

Find and Download Content from Marketplace

You can use vRealize Suite Lifecycle Manager to search for and download content from
Marketplace.

vRealize Suite Lifecycle Manager 8.1 supports vRealize Automation 7.6, OVA installation. Each
OVA are in GBs in Marketplace. If you want to download more OVAs from Marketplace then
increase the data folder size to avoid the Disk Full alert. OVAs in Marketplace have large file size.
If multiple OVAs are downloaded and to avoid disk storage alert, extend the storage from the
system settings page.

Prerequisites

Verify that you have performed an initial Marketplace sync to load Marketplace content. See
#unique_150.

VMware, Inc. 143

vRealize Suite Lifecycle Manager 8.6 Installation, Upgrade, and Management Guide

Procedure

1 Click VMware Marketplace and click the All tab.

vRealize Suite Lifecycle Manager displays all content available for vRealize Suite in
Marketplace.

2 (Optional) To filter the list of available content by search terms, enter search terms into the
Search text box.

3 (Optional) To filter the list of available content by product, publisher, or technology, click
Filter and select the appropriate filters.

4 Click View Details for to learn more about the downloadable content, including what
products and version the content is compatible with, user ratings for the content, and a list of
related content.

5 Click Download to download the content to vRealize Suite Lifecycle Manager.

Results

Downloaded content appears on the Download tab of the Marketplace page.

What to do next

Install the content you downloaded. See Install Downloaded Marketplace Content.

View and Upgrade Downloaded Marketplace Content

You can view details about content previously downloaded from Marketplace, including version
number and last updated date.

Procedure

1 Click Marketplace and click the Available tab.

vRealize Suite Lifecycle Manager displays all content downloaded to vRealize Suite Lifecycle
Manager from Marketplace.

2 If there is an update available for content, you can download a newer version of the content.

a Mouseover the notification icon in the upper left corner of the content tile to verify that
there is an available update.

If there are no notifications for the content, the notification icon does not appear.

If there is a newer version of the content available, vRealize Suite Lifecycle Manager
displays the message New version updates are available for the app.

b Click the three dots on the upper right corner of the content tile, and select Upgrade.

c To download, select a version, and click Continue.

VMware, Inc. 144

vRealize Suite Lifecycle Manager 8.6 Installation, Upgrade, and Management Guide

If you are upgrading a vRealize Automation blueprint, vRealize Orchestrator plugin, or

vRealize Log Insight content pack, or upgrading a VMware vRealize Operations Manager
management pack with a newer version, the previous content is overwritten with upgraded
content. If you attempt to update a VMware vRealize Operations Manager management pack
with the same version that is already installed, the update fails.

3 Click View Details to view information about the content, including related content and the
date the content was last modified.

Install a Downloaded Marketplace Content

You can install content downloaded from Marketplace.

Prerequisites

n Download the content to install from Marketplace. See Find and Download Content from
Marketplace.

n Verify that the environment which you are installing have the entitlement matching the
entitlement which the content supports.

Procedure

1 Click Marketplace and click the Available tab.

vRealize Suite Lifecycle Manager displays all content that has been downloaded to vRealize
Suite Lifecycle Manager from Marketplace.

2 Click the three dots in the upper right corner of the tile for the content to install, and click
Install.

3 Select the data center and environment to install the content, if you are installing a blueprint
or OVA in an vRealize Automation, and click Next.

vRealize Automation and vRealize Operations Management Suite contents are tagged with
license entitlements.

4 After selecting a data center and environment, select the tenant in which the content needs
to be installed and click Submit.

What to do next

You can track installation progress on the Requests page.

Delete Content Downloaded from the Marketplace

You can delete content that you downloaded from Marketplace. However, this does not remove
the content from the environments in which it is installed through vRealize Suite Lifecycle
Manager.

Procedure

1 Click Marketplace and click the Download tab.

VMware, Inc. 145

vRealize Suite Lifecycle Manager 8.6 Installation, Upgrade, and Management Guide

2 Click the vertical dots in the upper right corner of the tile for to delete and click Delete.

3 Click Yes.

Results

The content is deleted from vRealize Suite Lifecycle Manager and no longer appears under
downloaded content on the Marketplace page.

VMware, Inc. 146

Managing Content Lifecycle in
vRealize Suite Lifecycle Manager 5
Content lifecycle management in vRealize Suite Lifecycle Manager provides a way for release
managers and content developers to manage software-defined data center (SDDC). It includes
content capturing, testing, and release to various environments, and source control capabilities
through different source control endpoints that include GitHub, GitLab, and Bitbucket. Content
developers are not allowed to set a Release policy on end-points, only Release Managers can set
policies.

Migration of contents or versions is not supported from an older instance to vRealize Suite
Lifecycle Manager. The latest content version can be either source control or deploy to an
endpoint before moving to vRealize Suite Lifecycle Manager . So that the same content can be
re-captured from the endpoint in the new instance.

Migration of endpoints and content settings are captured supported:

n All the endpoints are migrated along with source control user tokens.

n Tags associated with the endpoints are migrated to new instance.

n Pipeline stub configurations are migrated.

Note When a cloud admin user gets a role of release manager or content developer, the cloud
admin can only view the content management app inside the vRealize Suite Lifecycle Manager.
But the cloud admin does not have permission to view other applications. Whereas a Release
manager and a content developer user can view the content management app. As a workaround,
you can perform all the cloud admin operations using cloud admin role only and do not provide
additional permission or role mapping.

You can use the content lifecycle management to dispense with the time-consuming and error-
prone manual processes required to manage the software-defined content. Supported content
includes entities from:

Product Name Supported Version

vRealize Automation 7.2 and later

vRealize Orchestrator 7.x and later

VMware vSphere 6.0 and later

VMware, Inc. 147

vRealize Suite Lifecycle Manager 8.6 Installation, Upgrade, and Management Guide

Product Name Supported Version

vRealize Operations Manager 6.6.1+ and later

Source Control servers n GitHub Enterprise Server: 2.20.15, 2.19.21, 2.21.6, and 3.0
(GitHub Cloud is not supported)
n GitLab: 12.2.12 (Enterprise Edition), 12.7, and 12.8
n Bitbucket Server 6.10 and 7.0
n Bitbucket Cloud: Version 2.0

Content lifecycle management in vRealize Suite Lifecycle Manager is similar to content lifecycle
management with the vRealize Code Stream Management Pack for DevOps, with the following
differences.

n Content lifecycle management is deployed as part of vRealize Suite Lifecycle Manager on

a single appliance. It has a new user interface and is tightly integrated with vRealize Suite
Lifecycle Manager core services.

n Updated Pipeline services: Advanced capability to manage content to work with source
control to support a multi-developer use case.

If there are dependencies between captured content packages, all the dependencies are
captured as first class objects in vRealize Suite Lifecycle Manager. Each content version shows all
its dependencies associated with it. For example, if a vRealize Automation Composite Blueprint
has a dependency on Property-Definition, there are two items in the content catalog, one for
each content package. With independent version control for each content package, you can
edit, capture, and release dependencies independently so that the content is never old. vRealize
Automation allows you to define multiple named value sets within the Size and Image component
profile types. You can add one or more of the value sets to machine components in a blueprint.
We cannot deploy or release Automation-Component Profiles in vRealize Suite Lifecycle Manager
to a target end point if the corresponding value set already exists on the end point.

n Working with Content Endpoints

A content endpoint is an infrastructure endpoint in the software-defined data center (SDDC),
such as an instance of vRealize Automation, that is targeted for the capture, test, and
release of managed content.

n Managing Content
Content is a collection of files that contains definitions that represent software defined
services.

n Access Source Control

Only a release manager can add a source control access, where in the source control can
be GitLab or Bitbucket. With this privilege, a release manager can select the GitLab type,
Bitbucket and enter the gitLab server name. You can supply multiple server names and then
use the git lab personal access token and assign it to the source control server.

VMware, Inc. 148

vRealize Suite Lifecycle Manager 8.6 Installation, Upgrade, and Management Guide

n Managing Source Control Server Endpoints

Before you can check in or check out content, a vRealize Suite Lifecycle Manager must add
a GitLab or Bitbucket source control server to the system.

n Working with Content Settings

You can add source control server endpoint, vCenter publisher, pipeline extensibility and
developer restrictions in Content Settings.

n Content Pipelines
Starting with vRealize Suite Lifecycle Manager 8.3, the Content Pipelines page is redesigned
to display the status of the content capture, test, and release of the content pipelines. You
can view all the content pipelines that are displayed in the completed, in progress, or failed
state.

Working with Content Endpoints

A content endpoint is an infrastructure endpoint in the software-defined data center (SDDC),
such as an instance of vRealize Automation, that is targeted for the capture, test, and release of
managed content.

You add a content endpoint to an environment to capture, test, deploy or check-in software-
defined content in the form of a content package. A content package is a file that contains
definitions for software-defined services, such as blueprints, templates, workflows, and so on.
Each content endpoint can support more than one type of content package. For example, a
vRealize Automation content endpoint can support both composite blueprints and software.

You use content endpoints to perform the following actions:

n Capture one or more content packages.

n Test one or more content packages in a staging environment.

n Release one or more tested content packages to a production environment.

Content Lifecycle Management provides the following policies for vRealize Orchestrator, vRealize
Automation, vRealize Automation Cloud, vCenter Server, and vRealize Operations content
endpoints.

Table 5-1. Policies for vRealize Suite Products

Policy Description

Allow content to be captured from this endpoint Allows you to capture content from this endpoint.

Allow unit tests to be run on this endpoint Allows you to release content for the endpoint and
run test workflows against the endpoint. A vRealize
Orchestrator marked as test endpoint also acts as unit
test server.

Allow releasing content packages to this endpoint Allows you to release content for the endpoint.

Source controlled content only Allows you to release only source controlled content to
the endpoint.

VMware, Inc. 149

vRealize Suite Lifecycle Manager 8.6 Installation, Upgrade, and Management Guide

Table 5-1. Policies for vRealize Suite Products (continued)

Policy Description

Enable code review This policy applies only to the source control endpoints.
Allows a manual review for the developers. vRealize Suite
Lifecycle Manager content lifecycle management creates
a branch with changes that require a code review. A code
reviewer accepts or rejects the merge request into the
branch of the respective source control.

Enable vCenter template support Requests you for information required for deploying
templates. This option is available only when you mark a
vCenter server as production endpoint.

n Add a vRealize Orchestrator Content Endpoint

A vRealize Orchestrator endpoint is required to create vRealize Automation endpoints and
to capture content.

n Add a vRealize Automation Content Endpoint

To capture, test, deploy, or check-in a content package, add a content endpoint to an
environment.

n Add a vRealize Automation Cloud Endpoint

vRealize Automation Cloud endpoint is introduced to add a content endpoint to an
environment.

n Add a Source Control Endpoint

A source control endpoint represents a project (repository) and a source control server.

n Add a vCenter Server Content Endpoint

Add a content endpoint to an environment to capture, test, deploy, or check-in a content
package.

n Add a vRealize Operations Manager Endpoint

Add a vRealize Operations Manager content endpoint to capture, test, deploy, or check-in a
content package.

n Delete a Content Endpoint

You can delete an existing content endpoint.

n Edit a Content Endpoint

You can edit the settings of an existing content endpoint.

Add a vRealize Orchestrator Content Endpoint

A vRealize Orchestrator endpoint is required to create vRealize Automation endpoints and to
capture content.

VMware, Inc. 150

vRealize Suite Lifecycle Manager 8.6 Installation, Upgrade, and Management Guide

Prerequisites

If you are using this vRealize Orchestrator endpoint for unit testing, verify that the vRealize
Orchestrator instance has been configured as a unit test server.

Procedure

1 On the My Services Dashboard, click Content Management.

2 Under Endpoints, click NEW ENDPOINT.

3 Click vRealize Orchestrator.

For an Orchestrator content, you can capture workflows, configuration elements, and actions
individually or in a folder where they reside.

Note If a folder is captured, a temporary content name starting with [FOLDER] is displayed.
You can start a Content Pipeline to capture all content, this is then added to the vRealize
Orchestrator Package provided as input.

4 Enter the information for the vRealize Orchestrator content endpoint.

a In the Name text box, enter a unique name for the endpoint.

b In the Tags text box, enter tags associated with the endpoint.

Using tags allow you to deploy content to multiple endpoints at the same time. When you
deploy content, you can select a tag instead of individual content endpoint names, and
the content deploys to all endpoints that have that tag.

To add multiple tags, press Enter after you enter each tag.

c In the Sever FQDN/IP field, enter the fully qualified server name, IP address, or host name
for the content endpoint server.

If the vRealize Orchestrator instance is not embedded in vRealize Automation, include the
port number in the server FQDN/IP. Typically the port number is 8281. The port number
8281 is required for vRealize Orchestrator 7.x versions. For vRealize Orchestrator 8.x and
above, the port is not required.
vRO-Server-FQDN:Port

d Enter a user name and password to use to access this content endpoint.

5 Press TEST CONNECTION to test the connection to the content endpoint.

If the connection test fails, verify that the information you entered for the content endpoint is
correct and try again.

VMware, Inc. 151

vRealize Suite Lifecycle Manager 8.6 Installation, Upgrade, and Management Guide

6 Select vRO Package.

The vRealize Orchestrator package can be captured from an endpoint and is associated with
the content endpoint. Mark the version as Production ready. Selection of a vRO package is
a post deployment capability that imports the package once any other content has been
deployed allowing maintained localized or regional settings.

n Ignore modules when listing content: A comma-separated list of vRealize Orchestrator

Actions or modules that are excluded when listing from an endpoint to reduce the
number. With Lifecycle Manager 8.0, any module or folder with or without any
dependencies can be excluded while capturing or listing the content. However, for
Orchestrator-package these modules or folders are not ignored. Lifecycle manager
validates the content dependencies available in the source endpoint while capturing with
dependencies. This depends on the policy specified on the endpoints.

n Ignore Workflows in these folders: A comma-separated list of vRealize Orchestrator

Workflow folders that are excluded when listing from an endpoint to reduce the number.

n A vRO package name cannot contain special characters and can cause issues when you
capture, release or check-in a content. If you have a vRO package name with a space in
between the name, then the space is converted to an underscore (_) during a capture
and fails during a test and deploy.

7 Select the appropriate policies for the content endpoint, and click Next. For more information
on policies, refer to the policy table provided in Working with Endpoints.

8 Verify that the content endpoint details are correct, and click Submit.

Add a vRealize Automation Content Endpoint

To capture, test, deploy, or check-in a content package, add a content endpoint to an
environment.

Prerequisites

Verify that you have added at least one vRealize Automation endpoint.

Note If the vRealize Orchestrator is embedded, then there is no need of a separate instance of
vRealize Orchestrator endpoint. vRealize Orchestrator endpoint creation is needed only if you are
using an external vRealize Orchestrator endpoint for vRealize Automation.

Procedure

1 On the My Services Dashboard, click Content Management.

2 Under Endpoints, click NEW ENDPOINT

3 Click Automation.

VMware, Inc. 152

vRealize Suite Lifecycle Manager 8.6 Installation, Upgrade, and Management Guide

4 Enter the information for the vRealize Automation content endpoint.

a In the Name field, enter a unique name for the endpoint.

This can be a server name or any name.

b Select the product version of the endpoint from the Endpoint Version drop-down menu.

c In the Tags field, enter tags associated with the endpoint.

With tags, you can deploy content to multiple endpoints at the same time. When you
deploy content, you can select a tag instead of individual content endpoint names, and
the content deploys to all endpoints that have that tag.

To add multiple tags, press Enter after you enter each tag.

d In the Sever FQDN/IP field, enter the fully qualified server name, IP address, or host name
for the content endpoint server.

While adding an endpoint for a particular tenant, tenant based FQDN has to be used as
a server. However, for a system based domain, user FQDN without a tenant should be
used.

IP addresses are not supported while adding vRealize Automation 8.x endpoints.

e Enter a tenant name, user name, and password to use to access this content endpoint.

f Select an external or embedded vRealize Orchestrator endpoint to associate from the

vRO Server Endpoint drop-down menu.
When selecting a user account for exporting or importing content into vRealize Suite
Lifecycle Manager, ensure that the account has ALL Roles selected. The Secure Export
Consumer role allows LCM to export passwords which can be imported into alternate vRA
endpoints.

5 Press TEST CONNECTION to test the connection to the content endpoint.

If the connection test fails, verify that the information you entered for the content endpoint is
correct and try again.

6 Click Next.

7 Select the appropriate policies for the content endpoint, and click Next. For more information
on policies, refer to the policy table provided in Working with Endpoints.

8 Verify that the content endpoint details are correct, and click Submit.

Add a vRealize Automation Cloud Endpoint

vRealize Automation Cloud endpoint is introduced to add a content endpoint to an environment.

1 On the My Services Dashboard, click Content Management.

2 Under Endpoints, click NEW ENDPOINT.

3 Select vRealize Automation Cloud.

VMware, Inc. 153

vRealize Suite Lifecycle Manager 8.6 Installation, Upgrade, and Management Guide

4 Enter the endpoint details for the vRealize Automation Cloud endpoint.

a In the Name field, enter a unique name for the endpoint.

b In the Tags field, enter tags associated with the endpoint, so that you can deploy content
to multiple endpoints at the same time. When you deploy content, you can select a tag
instead of individual content endpoint names. The content deploys all endpoints that have
the selected tag. When you want to add multiple tags, press Enter after you enter each
tag.

c Enter the Refresh token.

d In the vRO Server Endpoint field, select External vRO or vRA Cloud Extensibility
appliance.

e To associate a vRO Server, select a vRealize Orchestrator (vRO) endpoint from the drop-
down menu.

5 To test the connection to the content endpoint, click TEST CONNECTION. If the connection
test fails, verify that the information you entered for the content endpoint is correct, and then
retry.

6 Click Next.

7 Under Policy Settings, select the appropriate vRealize Orchestrator Package policy for the
content endpoint, and click Next. For more information on policies, refer to the policy table
provided in Working with Endpoints.

8 Verify that the content endpoint details are correct, and then click Submit.

Prerequisites

n Create an external vRealize Orchestrator endpoint for vRealize Automation.

n Generate an API refresh token. For detailed information on generating API tokens, refer to
VMware Cloud Services.

Add a Source Control Endpoint

A source control endpoint represents a project (repository) and a source control server.

You can have any number of source control repositories and branches added to vRealize Suite
Lifecycle Manager. Adding a source control branch allows you to check in and check out the
SDDC content.

Prerequisites

n Verify that a vRealize Suite Lifecycle Manager administrator has added a system source
control server under Content Settings.

VMware, Inc. 154

vRealize Suite Lifecycle Manager 8.6 Installation, Upgrade, and Management Guide

n Verify that a developer has entered the GitLab access token to the source control server so
that they can check-in and check out content.

Note Previously, primary workspaces was supported for Bitbucket Cloud. Starting from
vRealize Suite Lifecycle Manager 8.6.1, multiple workspaces is also supported for Bitbucket
Cloud.

Procedure

1 On the My Services Dashboard, click Content Management.

2 Under Endpoints, click NEW ENDPOINT

3 Click Source Control.

4 Select the configured Source Control Server (Bitbucket Server, Bitbucket cloud, GitLab, or
GitHub).

5 Enter the information for the Source Control content endpoint.

a In the Name text box, enter a unique name for the endpoint.

b Enter a Tag name.

c Enter the Branch and Repository Name to use for the content endpoint in the
following format: For GitLab, enter group_name/repository_name, Bitbucket server, enter
project_name/repository_name and for a Bitbucket cloud, enter repository_name if
you are using primary workspace or workspace_name/repository_name if you are using
multiple workspace.

Note In bit bucket cloud, you can only create a repository and use the repository name.
The source control endpoint with a repository must be initialized with any file. GitLab and
bit bucket cloud already have a provision to add the file but the bit bucket server does not.
With Lifecycle Manager 2.1, cluster and elastic search instance for multi developer story is not
supported for bit bucket server.

6 Click Test Connection and click Next.

7 Select the appropriate policies for this content endpoint, and click Next.

Policy Description

Enable code review Allows a manual review between developers. vRealize Suite Lifecycle
Manager content lifecycle management creates a branch with the changes
that require a code review. A code reviewer can accept or reject the merge
request into the branch.

8 Verify that the content endpoint details are correct, and click Submit.

Add a vCenter Server Content Endpoint

Add a content endpoint to an environment to capture, test, deploy, or check-in a content
package.

VMware, Inc. 155

vRealize Suite Lifecycle Manager 8.6 Installation, Upgrade, and Management Guide

Prerequisites

Verify that you have added at least one vCenter endpoint in the Content Settings > vSphere
Template Repository .

Procedure

1 On the My Services Dashboard, click Content Management.

2 Under Endpoints, click NEW ENDPOINT

3 Click vCenter Server.

4 Enter the information for the vCenter content endpoint.

a In the Name text box, enter a unique name for the endpoint.

b In the Tags text box, enter tags associated with the endpoint.

Using tags allow you to deploy a content to multiple endpoints at the same time. When
you deploy a content, you can select a tag instead of individual content endpoint names,
and the content deploys to all endpoints that have that tag. To add multiple tags, press
Enter after you enter each tag.

5 In the Server FQDN/IP text box, enter the fully qualified server name, IP address, or host
name for the content endpoint server.

6 To access the endpoint, enter the User name and Password.

7 Click Test Connection and click Next.

8 Select the appropriate policies for the content endpoint. For more information on policies,
refer to the policy table provided in Working with Endpoints.

9 Click Next and provide the vCenter sever details.

10 Click Next.

11 To import an existing data center, click Import LCM Data center.

vCenter Server settings can be added to an LCM data center, once vCenter data collection is
competed this endpoint is seen when importing from LCM and reduces the time to fill in the
form as all the properties have been collected. Except the Virtual Machine folder path that is
provides in the format /Templates/MyTemplates/ is not imported.

Once the endpoint is created, it validates if the configuration is correct. It can connect
through API and that the configuration of the local subscriber details is setup to point to
the publisher as defined in Content Settings/vSphere Template Repository. If there is
a problem, then the endpoint is disabled and an error is displayed when you cover of the
warning.

Add a vRealize Operations Manager Endpoint

Add a vRealize Operations Manager content endpoint to capture, test, deploy, or check-in a
content package.

VMware, Inc. 156

vRealize Suite Lifecycle Manager 8.6 Installation, Upgrade, and Management Guide

Prerequisites

n Verify that the SSH user account is configured.

n Verify all vRealize Operations Manager instances contain the same management packs
installed and the required adapter instances configured.

n Dashboards that are configured to refer specific objects, for example, vCenter VM, Host or
Datastore are not used on the release endpoint until they are manually edited to update the
reference to a specific object.

Note Some content may not release between different versions of vRealize Operations Manager
where a content from 6.6 to 6.7, some content types may fail.

Procedure

1 On the My Services Dashboard, click Content Management.

2 Under Endpoints, click NEW ENDPOINT

3 Click vRealize Operations.

4 Enter the information for the vRealize Operations Manager content endpoint.

a In the Name field, enter a unique name for the endpoint.

b Enter a tag name so that endpoint can use them to test or capture.

c Enter the Server FQDN/IP address.

d Enter the Username and Password.

e Enter the SSH Username and SSH Password.

f Click Test Connection and once the connection is established, click Next. For more
information on creating an SSH user on the vRealize Operations Manager instance, see
Create an SSH User in vRealize Operations Manager.

5 Under the Policy Settings, select the required options to capture, test, or mark as production.
For more information on policies, refer to the policy table provided in Working with
Endpoints.

6 Verify that the content endpoint details are correct, and click Submit.

Create an SSH User in vRealize Operations Manager

You can create a vRealize Operations Manager end-point in vRealize Suite Lifecycle Manager
Content Management end-point.

1 When you are selecting a Root as an SSH user from the content endpoint, create a user on
the vRealize Operations Manager appliance. The user must have a SSH access and belong to
the user group root and with a valid home directory.

2 Log into the vRealize Operations Manager appliance as a root user and create user on the
vRealize Operations Manager appliance using below command. useradd sshuser.

VMware, Inc. 157

vRealize Suite Lifecycle Manager 8.6 Installation, Upgrade, and Management Guide

3 Configure user groups for the created user - usermod -G root,wheel sshuser

4 Configure the correct home directory for the user:

mkdir /home/sshuser"
"chown sshuser /home/sshuser"

5 Set the password to passwd sshuser.

6 Enable the password with sudo capabilities.

Run command visudo

sshuser ALL = NOPASSWD: /usr/lib/vmware-vcopssuite/python/bin/python /usr/lib/vmware-vcops/

tools/opscli/ops-cli.py *
sshuser ALL = NOPASSWD: /bin/rm -rf /tmp/*
sshuser ALL = NOPASSWD: /bin/mv /tmp/*

Note Use OPS-CLI for most of the vRealize Operations Manager contents to export or import a
content capture or release in vRealize Suite Lifecycle Manager.

Delete a Content Endpoint

You can delete an existing content endpoint.

Procedure

1 On the My Services Dashboard, click Content Management.

2 Under Endpoints, click the vertical ellipses to the left of the endpoint, and select Delete.

You have to manually delete the endpoint.

3 Click OK.

Edit a Content Endpoint

You can edit the settings of an existing content endpoint.

All content endpoint values can be edited apart from the name, which is used across various
logs.

Note When vRealize Suite Lifecycle Manager deploys a vRA instance or a vRA instance is
imported into vRealize Suite Lifecycle Manager, then content management services imports
Content endpoints (per tenant) automatically through a data collection process. By default, all
policies are disabled so you must edit the endpoint and assign appropriate content policies. Only
certain set of users can edit a content endpoint, for more information on roles, see Content
Actions.

Procedure

1 On the My Services Dashboard, click Content Management.

VMware, Inc. 158

vRealize Suite Lifecycle Manager 8.6 Installation, Upgrade, and Management Guide

2 Under Endpoints, click the vertical ellipses to the left of the endpoint, and select Edit.

3 Edit the endpoint details you want to change, and click Next.

4 Edit the endpoint policy settings you want to change, and click Next.

5 Verify that the content endpoint details are correct, and click Submit.

Managing Content
Content is a collection of files that contains definitions that represent software defined services.

After you add a content endpoint to one or more environments, you can manage the software-
defined content that each environment contains. You can use vRealize Suite Lifecycle Manager to
perform the following operations on content:

n Capture content from an endpoint

n Deploy to test and run unit tests

n Check-in content

n Release content to production

For example, a YAML file for a vRealize Automation blueprint or an XML file for a vRealize
Orchestrator workflow. Content is linked together so that when you capture a vRealize
Automation blueprint, all dependencies are also displayed in the content catalog, and they can
each have their own versions. vRealize Suite Lifecycle Manager displays dependency information
within each content version. The / Characters cannot be used in the name for Topology or Text
ResourceKind Metrics as the export fails.

vRealize Suite Lifecycle Manager does not support an Azure machine in content management for
testing and releasing content. XaaS blueprint "Azure Machine" is shipped by default with vRealize
Automation. However, transfer of XaaS blueprint between vRealize Automation environments is
not supported.

n Add Content
You can add content from an existing content endpoint.

n Delete Multiple Content

With vRealize Suite Lifecycle Manager 8.0, you can delete multiple content items and
content versions. The multi delete feature can delete all the versions related to the selected
content item.

n Working with Captured Content

You can capture a new version of an existing content package.

n Content Actions
After you capture a content, you can perform and view the activity of a content.

n Content Types Available for Products

The content packages available for each endpoint are displayed in the following tables.

VMware, Inc. 159

vRealize Suite Lifecycle Manager 8.6 Installation, Upgrade, and Management Guide

n Searching Content
You can search an existing content based on certain defined entries within the UI.

n Test Content
You can test content to ensure it is ready for release.

n Source Control with vRealize Suite Lifecycle Manager Content Lifecycle Management
vRealize Suite Lifecycle Manager content lifecycle management integrates natively into a
defined GitLab and Bitbucket branch endpoint to provide source control for content.

n Deploy a Content Package

Deploy a content package when it is ready for a production environment.

n Multi Release of Content Package

vRealize Suite Lifecycle Manager 8.0 content management allows the bulk release of
content spanning different types where vSphere, vRealize Operations Manager, and vRealize
Automation are deployed in one request. It provides an advanced filter option on the
content type that is established from a specific content endpoint.

n Delete a Content Package

You can delete a content package from all endpoints when you no longer need the content
package.

n Content Issues You might Encounter

There can be content issues that you might encounter during any content operations.

Add Content
You can add content from an existing content endpoint.

Prerequisites

Verify that you have added a content endpoint.

Procedure

1 On the My Services Dashboard, click Content Management.

2 Under Content, click ADD CONTENT.

If a version has already been captured, a content can be added either with the Add Content
button or with an inline capture.

3 Select test or deploy the content package in addition to capturing it, and click PROCEED.

VMware, Inc. 160

vRealize Suite Lifecycle Manager 8.6 Installation, Upgrade, and Management Guide

4 Enter the capture details for the content package.

a From the Select Capture Endpoint drop-down menu, you can either select one or
multiple content types to capture content.

b Enter a tag name and select Include all dependencies to capture any dependencies
associated with the content.

You can search for content by tag within the UI/API.

c Enter the vRO Package Name. Any spaces in the name are replaced with an _ underscore
character and a vRO package name.

The vRO Package Name is applicable only for vRealize Orchestrator or vRealize
Automation content having some vRealize Orchestrator dependencies. The field is used
for managing vRealize Orchestrator contents in an efficient way. If you provide any new
name,then all the vRealize Orchestrator contents will be merged to one package. If you
select an existing name from the drop-down menu, then a new version of the package will
be created and merges all vRealize Orchestrator contents to the version. If there exists
a package version already from that endpoint, the new version will have old contents in
the previous version with new contents. This helps you to work incrementally on vRealize
Orchestrator contents.
If the vRealize Orchestrator package is not captured prior from a given content endpoint,
then a new version is created but the content might not be the same as the previous
version. Deploy the added vRealize Orchestrator package to the vRealize Orchestrator
content endpoint first to append the content. If you do not enter any package name, then
the name of the vRealize Orchestrator package matches to the content that is captured
with an added "-vro" as part of the name. All the discovered and captured vRealize
Orchestrator content, including individual workflows in the content files, appears in the
vRealize Orchestrator package that is created.

d If the content is ready for production, select Mark this version as production ready.

e Enter a description for this content version in the Comments field.

f Click Next.

Note When you list the content for the first time for an endpoint, the UI retrieves the content
from the endpoint. However, once you have captured then the content is cached and an auto
refresh of content list runs in the background every 30 minutes. You can select the Get latest
content option to retrieve the content in between this time.

5 Enter test details for the content endpoint.

This option appears only if you chose to test the content package.
a Select one or more content endpoints to specify the environments to run tests on.

b Select Deploy Content to deploy the content in the endpoint before running tests.

c Select Stop test deployment on first failure to stop the test deployment when it
encounters an error.

VMware, Inc. 161

vRealize Suite Lifecycle Manager 8.6 Installation, Upgrade, and Management Guide

d Select Run unit tests to run available unit tests on the content.

e Select Stop unit tests on first failure to stop testing if any unit test fails.

f Select a server to run unit tests on from the Select a Unit Test Server drop-down menu.

You must have a vRealize Orchestrator test package imported to use a unit test server.

g Click Next.

6 Enter the check-in details for the content package.

This option appears only if you chose to check-in the content package.
a Select one or more content endpoints from the Select Release Endpoints drop-down
menu to specify the production environments where the system releases the content.

7 Click SUBMIT.

If you have selected a single content capture, then you can view a single content pipeline. If
you have selected multiple content capture, then you can see the individual capture pipelines
triggered for each of the content.

Delete Multiple Content

With vRealize Suite Lifecycle Manager 8.0, you can delete multiple content items and content
versions. The multi delete feature can delete all the versions related to the selected content item.

Prerequisites

Verify that you have a content item already available in the content list.

Procedure

1 On the My Services dashboard, click Content Management.

2 Under Content, select the content item on the check box.

3 Click Actions and select Delete.

When you delete the content item, the associated content versions are also deleted. If there
is more than one content item, then you can select all and click delete. You can perform the
multi-delete operation for upto 15 content items.

Working with Captured Content

You can capture a new version of an existing content package.

Procedure

1 On the My Services Dashboard, click Content Management.

2 Under Content, click the name of the content package to capture and click CAPTURE.

3 From the Select Capture Endpoint drop-down menu, select the content endpoint to capture
from.

VMware, Inc. 162

vRealize Suite Lifecycle Manager 8.6 Installation, Upgrade, and Management Guide

4 Select Include all dependencies to capture any dependencies associated with the content.

5 If the content is ready for production, select Mark this version as production ready.

6 Enter a description for this content version in the Comments field, and click CAPTURE.

Content Actions
After you capture a content, you can perform and view the activity of a content.

Deploying a Content
Content Settings Role Expected Behavior

Content version is production ready Release Manager You can view only production endpoints.

Content version is production ready Developer You can test endpoints that have the Test policy set, and
it cannot include the Production policy.

Content version is NOT marked as Release Manager You can view the test endpoints that have the Test policy
production ready Developer set.

Content version is NOT marked as Release Manager You can view the content endpoints that do not have the
SourceControlled Developer Source Control policy set on the content endpoint.

Content version is marked as Release Manager All the content endpoints are displayed based on other
SourceControlled Developer conditions in this table.

Managing Tags
Tags can be managed at a given version to navigate content within the UI. These tags can
be useful as a grouping mechanism when future capability of releasing all content by tag is
supported.

Content Types Available for Products

The content packages available for each endpoint are displayed in the following tables.

Content Types
Table 5-2. vSphere Content Endpoint

Content Type Product Support Versions Description

vSphere-CustomSpecification vSphere vCenter 6.0+ Captures guest operating system settings

saved in a specification that you can apply
when cloning virtual machines or deploying
from templates.

vSphere-Template vSphere vCenter 6.0 + Captures template to deploy virtual machines

in the vCenter Server inventory.

VMware, Inc. 163

vRealize Suite Lifecycle Manager 8.6 Installation, Upgrade, and Management Guide

Table 5-3. vRealize Automation Content 8.x Endpoint

vRealize Suite Lifecycle Manager
Content Type Supported Versions Description

Automation-CloudTemplate (vRealize vRealize Suite Lifecycle Manager 8.1 Captures a vRealize Automation
Automation 8.2 release. For vRealize and later versions. composite blueprint to deploy virtual
Automation 8.1 and earlier releases, machines managed by vRealize
the content type was known as Automation.
Automation-CompositeBlueprint)

Automation-PolicyDefinition (vRealize vRealize Suite Lifecycle Manager 8.1 Captures a vRealize Automation
Automation 8.0 and later releases. and later versions. property definition for specifying
Prior to vRealize Automation 8.0 custom properties.
release, the content type was known
as Automation- PropertyDefinition)

Automation-ResourceAction vRealize Suite Lifecycle Manager 8.2 Captures a vRealize Automation

and later versions. resource action.

Automation-Subscription vRealize Suite Lifecycle Manager 8.1 Captures vRealize Automation

and later versions. subscription events that are triggered
using the event broker. Captures
the configured event and dependent
workflows.

Automation-XaaSBlueprint vRealize Suite Lifecycle Manager 8.1 Captures vRealize Automation XaaS
and later versions. blueprints.

Automation-CustomResource (In vRealize Suite Lifecycle Manager 8.2 Captures vRealize Automation
vRealize Suite Lifecycle Manager and later versions. Resource Type
8.2, the content type is known as
Automation-Resource Type)

Automation-ABXAction vRealize Suite Lifecycle Manager 8.3 Captures, tests, and releases vRealize
and later versions. Automation ABXActions.

Automation-PropertyGroup vRealize Suite Lifecycle Manager 8.4 Captures a vRealize Automation

and later versions. property group to group custom
properties.

Table 5-4. vRealize Automation Cloud Endpoint

vRealize Suite Lifecycle Manager
Content Type Supported Versions Description

Automation-CloudTemplate vRealize Suite Lifecycle Manager 8.3. Captures a vRealize Automation

composite blueprint to deploy virtual
machines managed by vRealize
Automation.

Automation-PolicyDefinition vRealize Suite Lifecycle Manager 8.3. Captures a vRealize Automation

property definition for specifying
custom properties.

Automation-ResourceAction vRealize Suite Lifecycle Manager 8.3. Captures a vRealize Automation

resource action.

VMware, Inc. 164

vRealize Suite Lifecycle Manager 8.6 Installation, Upgrade, and Management Guide

Table 5-4. vRealize Automation Cloud Endpoint (continued)

vRealize Suite Lifecycle Manager
Content Type Supported Versions Description

Automation-Subscription vRealize Suite Lifecycle Manager 8.3. Captures vRealize Automation

subscription events that are triggered
using the event broker. Captures
the configured event and dependent
workflows.

Automation-XaaSBlueprint vRealize Suite Lifecycle Manager 8.3. Captures vRealize Automation XaaS
blueprints.

Automation-CustomResource vRealize Suite Lifecycle Manager 8.3. Captures vRealize Automation

Resource Type

Automation-ABXAction vRealize Suite Lifecycle Manager 8.3. Captures, tests, and releases vRealize
Automation ABXActions.

Automation-PropertyGroup vRealize Suite Lifecycle Manager 8.4. Captures a vRealize Automation

property group to group custom
properties.

Note The naming convention for vRealize Automation 8.x content type may change for the
vRealize Suite Lifecycle Manager 8.3 release.

Table 5-5. vRealize Automation Content 7.x Endpoint

vRealize Suite Lifecycle Manager
Content Type Supported Versions Description

Automation-CompositeBlueprint vRealize Suite Lifecycle Manager 2.1 Captures a vRealize Automation

and later versions. composite blueprint to deploy virtual
machines managed by vRealize
Automation.

Automation- Componentprofile vRealize Suite Lifecycle Manager 2.1 Captures a vRealize Automation
and later versions. component profile.

Automation- PropertyDefinition vRealize Suite Lifecycle Manager 2.1 Captures a vRealize Automation
and later versions. property definition for specifying
custom properties.

Automation-ResourceAction vRealize Suite Lifecycle Manager 2.1 Captures a vRealize Automation

and later versions. resource action.

Automation-Software vRealize Suite Lifecycle Manager 2.1 Captures a vRealize Automation

and later versions. resource action.

Automation-Subscription vRealize Suite Lifecycle Manager 2.1 Captures vRealize Automation

and later versions. software component settings that
govern how middleware or
applications are installed, configured,
and uninstalled.

Automation-CustomForm vRealize Suite Lifecycle Manager 2.1 Captures vRealize Automation

and later versions. Customer form.

VMware, Inc. 165

vRealize Suite Lifecycle Manager 8.6 Installation, Upgrade, and Management Guide

Table 5-5. vRealize Automation Content 7.x Endpoint (continued)

vRealize Suite Lifecycle Manager
Content Type Supported Versions Description

Automation-ResourceType vRealize Suite Lifecycle Manager 2.1 Captures vRealize Automation

and later versions. Resource Types.

Automation-ResourceMap vRealize Suite Lifecycle Manager 2.1 Captures vRealize Automation

and later versions. Resource Maps.

Table 5-6. vRealize Operations Manager Content Endpoint

Content Type Product Support Versions Description

Operations Alert vRealize Operations Manager Captures vRealize Operations alerts containing
6.6.1+ symptom definitions and recommendations that
are used to evaluate conditions and generate
alerts.

Operations-Dashboard vRealize Operations Manager Captures vRealize Operations alerts dashboard

6.6.1+ data used to determine the nature and timeframe
of existing and potential issues.

Operations-Report vRealize Operations Manager Captures vRealize Operations report templates

6.6.1+

Operations-SuperMetric vRealize Operations Manager Integrates vRealize Operations super metric data
6.6.1+ definition that is used to track combinations
of metrics. After releasing Super Metrics,
assigning the one or more object types
and enabling the super metric in policies
are still required. All vRealize Operations
package types also support .Super Metrics, which
means dashboards, alerts, vIews, and metric
configurations automatically point to the correct
super metric at the time of release.

Operations- vRealize Operations Manager Reads text from a Web page or text file. You
TextWidgetContent 6.6.1+ specify the URL of the Web page or the name of
the text file when you configure the Text widget.

Operations- TopoWidgetConfig vRealize Operations Manager Captures the structure of the topography around
6.6.1+ a specific resource, including parent and child
resources.

Operations-View vRealize Operations Manager Captures vRealize Operations views that help you
6.6.1+ to interpret metrics, properties, and policies of
various monitored objects.

Operations- vRealize Operations Manager Captures vRealize Operations metric

ResourceKindMetricConfig 6.6.1+ configurations for particular adapter and object
types so that the supported widgets are
populated based on the configured metrics and
selected object type.

Operations-Symptoms vRealize Operations Manager Captures the operation symptoms.

6.6.1+

VMware, Inc. 166

vRealize Suite Lifecycle Manager 8.6 Installation, Upgrade, and Management Guide

Table 5-7. vRealize Orchestrator Content Endpoint

Content Type Product Support Versions Description

Orchestrator-Action vRealize Orchestrator version Captures a vRealize Orchestrator action.

7.0+

Orchestrator- vRealize Orchestrator version Captures a vRealize Orchestrator

ConfigurationElement 7.0+ configuration element.

Orchestrator-Package vRealize Orchestrator version Captures a vRealize Orchestrator package.

7.0+

Orchestrator-RestHost vRealize Orchestrator version Captures a vRealize Orchestrator rest host.

7.6+

Orchestrator-RestOperation vRealize Orchestrator version Captures a vRealize Orchestrator rest operation.

7.6+

Orchestrator-Workflow vRealize Orchestrator version Captures a vRealize Orchestrator workflow.

7.0+

Note Ensure that Orchestrator-RestHost is available in the target vRealize Orchestrator prior to
capturing or deploying Orchestrator-RestOperation.

Searching Content
You can search an existing content based on certain defined entries within the UI.

n Content dependencies and dependency files can be seen by clicking the version and looking
at the DEPENDENCIES tab.

n By clicking each file, you can download it from the content repository within vRealize Suite
Lifecycle Manager.

Test Content
You can test content to ensure it is ready for release.

Prerequisites

Verify that the content package has been added to vRealize Suite Lifecycle Manager.

Procedure

1 On the My Services Dashboard, click Content Management.

2 Under Content, click the name of the content package to capture.

3 Click the three horizontal dots to the right of the version to test, and select Test.

4 Select one or more content endpoints to specify the environments to run tests on.

5 Select Deploy Content to deploy the content in the endpoint before running tests.

6 Select Stop test deployment on first failure to stop the test deployment as soon as it
encounters an error.

VMware, Inc. 167

vRealize Suite Lifecycle Manager 8.6 Installation, Upgrade, and Management Guide

7 Select Run unit tests to run available unit tests on the content.

8 Select Stop unit tests on first failure to stop testing if any unit test fails.

9 Select Include all dependencies to include all dependencies associated with the content
package in the tests.

10 Select Release Latest Dependencies to release the latest versions of the dependencies
associated with the content package.

11 Select a server to run unit tests on from the Select a Unit Test Server drop-down menu, and
click PROCEED.

Performing Unit Tests

When you create a content endpoint, you can select supportTest policy to enable the system to
run unit tests after deploying a content to the test environment.

There are two servers here:

n Unit test server

n Test endpoint

The server is a staging environment in which you can deploy the contents and run unit tests
against the deployed contents to the environment.

Unit Test Server

The test server is a vRO server, where you can run your unit tests against a deployed content
in a test endpoint. Whenever you set an orchestrator endpoint as a test endpoint, it tests the
vRealize Orchestrator package and is deployed automatically to this endpoint allowing unit or
integration tests. There are some basic tests already present in the package and you can extend
the tests in the unit test server as well.

Menu options for Unit Test Server

VMware, Inc. 168

vRealize Suite Lifecycle Manager 8.6 Installation, Upgrade, and Management Guide

Sample Unit Test Flow

Common Tests

All tests under the PackageType Common folder are run.

If you go to the unit test server (vRO), under the Content Management Tests, you can view
separate folders for all content types. For each content type folder, there is a common folder
present where you see all the common workflows that are run for a given content type.

Package Specific Tests

VMware, Inc. 169

vRealize Suite Lifecycle Manager 8.6 Installation, Upgrade, and Management Guide

Specific tests can be run per content name as well. For example, if an Automation-
XaaSBlueprint content called "Add AD User" requests a unit test called "Add AD User - Test
1" can be created, which can connect to a given Content endpoint, and run the XaaS Blueprint
and wait to see if it was successful. The format of tests is:

<content name - test name> and under the <Content-Type> folder.

Whenever you select the unit server while testing content, the new unit tests is also run
based on the content type against the deployed content in a test endpoint.

The following lists the overall functionality of unit tests:

n Common unit tests workflows can be written under common folder per content type

n Unit test workflow for a given content can be written under <Content Type> and name the
workflow as <Content name> - <Tests name>.

n If there is a test failure, then the test displays an error from a workflow.

n Checks the available inputs to test a workflow

Sample Workflows
You can refer to the existing unit workflows available in their vRealize Orchestrator (policy set to
test). Navigate to a common folder in vRealize Orchestrator, Workflows > Content Management
Tests > Content Type > Common.

Input properties available for a unit test workflow that is provided by the platform.

Property Name Description

version Version of content being tested.

testEndpointLink The content endpoint link within the repository.

tenant The tenant being connected to.

packageVersionLink The version link to the repository.

packageType Type of Content. Automation-CompositeBlueprint.

packageName Content Name

packageId Content Unique Identifier in the repository.

endpointUser The username of the endpoint being tested against.

endpointServer The server name of the endpoint being tested against.

endpointPassword The password (SecureString) of the endpoint being tested against.

Source Control with vRealize Suite Lifecycle Manager Content

Lifecycle Management
vRealize Suite Lifecycle Manager content lifecycle management integrates natively into a defined
GitLab and Bitbucket branch endpoint to provide source control for content.

VMware, Inc. 170

vRealize Suite Lifecycle Manager 8.6 Installation, Upgrade, and Management Guide

You can store content in both the vRealize Suite Lifecycle Manager version-controlled repository
and a GitLab or Bitbucket branch. This allows developers to work together to check in and check
out content, and to code review changes prior to deploying to test or production environments.

vRealize Suite Lifecycle Manager stores all source control commit hashes for the purpose of
check in, so the correct state of content is known. This enables multi-developer support, which
reduces the risk of overwriting content and reduces the number of merge conflicts that can
occur.

To use source control in vRealize Suite Lifecycle Manager, you must meet the following
prerequisites:

n Verify that you have a GitLab or Bitbucket server. If you do not have an existing GitLab
server, you can use the Gitlab-CE free docker container.

n Verify that at least one vRealize Suite Lifecycle Manager user has access to GitLab or
Bitbucket.

n Create a branch in GitLab and apply the necessary permissions in GitLab for other developers
to check in and check out content to the branch.

n The GitLab user must create an access token in GitLab and store the token against the GitLab
instance under vRealize Suite Lifecycle Manager Content Settings.

It is a best practice when each time the content is checked in to source control, and new version
should be checked out and deployed to a content endpoint. This saves the latest changes from
other developers (effective rebase of the content) and also communicates to the vRealize Suite
Lifecycle Manager content services which GIT Commit Hash is deployed to which content per
endpoint. However, when you are capturing content from GitLab server, the checkout works
if you are using the GitLab version 11.6.5 or earlier. The checkout fails if you are using GitLab
version higher than 11.6.5.

VMware, Inc. 171

vRealize Suite Lifecycle Manager 8.6 Installation, Upgrade, and Management Guide

VMware, Inc. 172

vRealize Suite Lifecycle Manager 8.6 Installation, Upgrade, and Management Guide

Contents referring to multiple commit

Ref:
Commit #2

Dependencies
Source Content 2 (version y)
control Content 1
branch (version x)
dependencies
Content 3 (version z)

Ref:
Commit #1
Ref:
Commit
Commit #2
Hash

Ref:
Commit #2

Commit #2 Dependencies
Content 5 (version y)
Content 4
Commit #1 (version x)
Dependencies
Content 6 (version z)

Ref:
Commit #1
Ref:
Commit #2

Commit#1 (Changes of content 1 and 4 ) → If code review is enabled, generates

one review/pull request per commit#. If not, then the changes are merged to the branch.

Commit #2 (Changes of Content 2, 3, 5, 6) → If code review is enabled, generates

one review/pull request per commit#. If not, then the changes are merged to the branch.
hashes

Check in Content to a Source Control Endpoint

You can check-in the previously captured content to a source control endpoint.

Prerequisites

Verify that you have added a source control endpoint to vRealize Suite Lifecycle Manager. See
Source Control with vRealize Suite Lifecycle Manager Content Lifecycle Management for source
control requirements.

Note We support a single content check-in, with a maximum of 1000 files at a time.

Procedure

1 On the My Services Dashboard, click Content Management.

2 Under Content, click the name of the content package to capture.

3 Click the name of the content package to test.

VMware, Inc. 173

vRealize Suite Lifecycle Manager 8.6 Installation, Upgrade, and Management Guide

4 Click the three vertical dots to the right of the version to check in, and select Checkin.

5 Select a content endpoint to check the content package in to.

6 Select Include all dependencies to include all dependencies associated with the content
package in the check-in.

7 Add a descriptive comment in the Comment field, and click CHECK IN.

Note Adding a check-in comment is mandatory.

When checking in a vRO package, there is an optional capability to merge with an existing
vRO package that exists in the source control. This ensures that all files that are captured
are checked into the path of the selected package (ultimately merged). If you do not see the
package, then Select the Source Control Endpoint > Orchestrator-Package type, refresh the
cache and check- in to view the vRO package in which it needs to be merged. You have the
following new features added when you check in an Orchestrator package:

n You can merge a custom orchestrator-package from an endpoint to an uber package

version in LCM.

n The ability to merge a custom Orchestrator-package directly to an uber package in

GitLab.

n You can release a subset of contents from an Orchestrator-package while deploying to

an endpoint.

n As part of the dependency management, you can remove dependency from a content
version.

For a vRealize Automation content check-in, you can merge directly on GitLab. You can
check out without dependency or check out with dependency, where you can perform the
following:

n You can remove the package dependency from the latest version. For example, if you
have performed a vRealize Automation content check in with dependency and enabled
the option to merge the dependent Orchestrator-Package to an uber package directly
on GitLab. When you check-out the same Automation content with dependency from a
source control.

Results

If a code review is disabled on the source control branch, the content is auto merged.

What to do next

If a code review is enabled on the source control branch, you or another code reviewer must
check the content in to GitLab manually after the code review is complete. After you check the
content into GitLab, capture the latest content version from the source control server in vRealize
Suite Lifecycle Manager.

VMware, Inc. 174

vRealize Suite Lifecycle Manager 8.6 Installation, Upgrade, and Management Guide

If you are continuing to develop on your content endpoint, capture the latest content version
from source control and deploy it to your development content endpoint. This updates the
content endpoint so that the content is in sync with the source control and subsequent check-ins
are valid.

You can view the check in status in the Activity Log.

Check Out Content from a Source Control Endpoint

After a content is checked in to a source control endpoint, you can check out the content and
deploy it to a content endpoint. When the content is checked out from Source Control, the
content is marked with the Git Hash Code for reference.

Prerequisites

Verify that the content has been checked in to the source control endpoint. See Check in Content
to a Source Control Endpoint.

Procedure

1 On the My Services Dashboard, click Content Management.

2 Under Content, click ADD CONTENT.

Note You can check out the content inline as well.

3 Choose whether to test or deploy the content package in addition to capturing it, and click
PROCEED.

4 Enter the capture details for the content package.

a From the Select Capture Endpoint drop-down menu, select the source control endpoint
to capture content from.

b Select Get the latest content to retrieve the latest content dependencies rather than the
dependencies the content was initially captured with.

c Select the content type and content to capture.

d Select Include all dependencies to capture any dependencies associated with the
content.

Dependencies are stored in vRealize Suite Lifecycle Manager, not the source control
endpoint.

e If the content is ready for production, select Mark this version as production ready.

f Enter a description for this content version in the Comments field.

g Click Next.

VMware, Inc. 175

vRealize Suite Lifecycle Manager 8.6 Installation, Upgrade, and Management Guide

5 Enter test details for the content endpoint.

This option appears only if you selected to test the content package.
a Select one or more content endpoints to specify the environments to run tests on.

b Select Deploy Content to deploy the content in the endpoint before running tests.

c Select Stop test deployment on first failure to stop the test deployment as soon as it
encounters an error.

d Select Run unit tests to run available unit tests on the content.

e Select Stop unit tests on first failure to stop testing if any unit test fails.

f Select a server to run unit tests on from the Select a Unit Test Server drop-down menu.

You must have a vRealize Orchestrator test package imported to use a unit test server.

g Click Next.

6 Enter deployment details for the content package.

This option appears only if you chose to test the content package.
a Select one or more content endpoints from the Select Release Endpoints drop-down
menu to specify the production environments where the system releases the content.

b Select Stop release deployment on first failure to stop deployment as soon as the
system encounters a failure.

c Enter a comment that explains why the content is being released in the Release
Comment field as writing comments are mandatory.

7 Click SUBMIT.

Results

vRealize Suite Lifecycle Manager captures the content from the source control endpoint
and creates a new version of the content in the content catalog. This version is marked
SourceControl Enabled, which tells vRealize Suite Lifecycle Manager the state of the content
when deploying to a content endpoint so the content is checked in against the right point in time.

What to do next

If you are using source control and have multiple capture content endpoints, only deploy content
from the content catalog is marked SourceControl Enabled. This communicates the state of the
content when deploying to a content endpoint so the content is checked in against the right
point in time.

Deploy a Content Package

Deploy a content package when it is ready for a production environment.

Prerequisites

n Verify that the production environment has been added as a content endpoint.

VMware, Inc. 176

vRealize Suite Lifecycle Manager 8.6 Installation, Upgrade, and Management Guide

n Verify that the content is ready for a production environment.

Procedure

1 On the My Services Dashboard, click Content Management.

2 Click Content and click the name of the content package to deploy.

3 Click DEPLOY for the version to deploy.

4 Select one or more content endpoints from the Select Release Endpoints drop-down menu
to specify the production environments where the system releases the content.

5 Select Stop release deployment on first failure to stop a deployment as soon as the system
encounters a failure.

6 Select Include all dependencies to deploy all dependencies associated with the content
package.

7 Select Release Latest Dependencies to release the latest versions of the dependencies
associated with the content package.

8 Enter a comment that explains why the content is being released in the Release Comment
field, and click PROCEED.

Multi Release of Content Package

vRealize Suite Lifecycle Manager 8.0 content management allows the bulk release of content
spanning different types where vSphere, vRealize Operations Manager, and vRealize Automation
are deployed in one request. It provides an advanced filter option on the content type that is
established from a specific content endpoint.

Multi contents are selected as part of a multi release request. Failure to deploy one of the
selected contents, will not roll back deployed contents which are part of that request.

Procedure

1 On the My Services Dashboard, click Content Management.

2 Under Content, select Content Item List.

3 Expand the Filter Applied tree.

VMware, Inc. 177

vRealize Suite Lifecycle Manager 8.6 Installation, Upgrade, and Management Guide

4 Under the Content Filter section, you can filter by a single tag or multiple tags, Type,
Endpoint, and Policy to get to a subset of the content you want to view and deploy.

Filter Type Description

Content Filters This section lists the content filters.

n Production Ready
n Development Content
n Tested
n Source Controlled
n Dependencies Captured

Content Types This section lists the Content category based on the content type.

Content Endpoints This section lists all the associated Content Endpoints.

5 After you select a content filter, you can add a tag and then click Apply.

A tag is associated when a content is created. A tag-based filter is useful when you want to
search. However, you can still add the tag even after creating content. You can also manage
bulk tags for all content and older versions.

6 To save your filters, click Save.

Developers can only view their filters and release managers can view all other RM filters. The
saved filters can be edited or deleted.

After you set the content filters, the default content view changes to Content Version List.
When you provide a filter, you can locate a specific version of the content, for example,
Production Ready Content with a specific tag and of a specific set of content types. For
example, display only vSphere templates, vRealize Operations Manager dashboards and
vRealize Automation Blueprints.

7 To deploy the content to a release endpoint, follow the wizard.

8 Click Actions and select Checkin.

Note With Lifecycle Manager 8.0, you can now check-in multiple content after filtering and
selecting contents. When you are performing a multi-capture, test and release, verify that
all the capture is successful because if one of the content capture fails, the entire content
pipeline is marked as failed. Based on multi-capture pipeline failure, you cannot move to the
next step of testing and releasing a pipeline.

9 To check in multiple content.

a Select an Endpoint repository.

b if you want to capture all the dependencies, select Include all Dependencies and merge
the vRO package, if required.

c Click Check-in.

VMware, Inc. 178

vRealize Suite Lifecycle Manager 8.6 Installation, Upgrade, and Management Guide

10 Select an appropriate endpoint to each type of content appears.

Note Orchestrator endpoints are assumed by their parent automation instance. If there are
standalone Orchestrator endpoints configured, then you can also deploy them.

Delete a Content Package

You can delete a content package from all endpoints when you no longer need the content
package.

This operation cannot be undone.

Prerequisites

n Verify that one or more content endpoints are added.

n Verify that the content package is present in the deployment.

Procedure

1 On the My Services Dashboard, click Content Management.

2 Click Content and click the name of the content package to delete.

3 Click the three horizontal dots to the right of the version and select Delete.

4 Click OK.

For the changes to appear on the UI, refresh the page.

Content Issues You might Encounter

There can be content issues that you might encounter during any content operations.

n When transferring a customization spec between vCenter servers the password fields cannot
be decrypted by the target. This causes deployments that depend on custom specs with
passwords to fail. You can manually enter the correct value in the Administrator password
field after customization spec is deployed by the Lifecycle Manager pipeline.

n When a symptom definition is setup with REGEX or NOT_REGEX, the import

fails using the vRealize Operations Manager APIs with the following error. Error
releasing Operations-Symptom message= "Invalid request... #1 violations
found.","validationFailures":[{"failureMessage":"Message Event Condition
field 'operator' must be either EQ or CONTAINS. If a symptom uses REGEX, the
content needs to be imported manually through Lifecycle Manager UI.

n Content release from different versions of vRealize Operations Manager may fail. For
example, content from 6.6 to 6.7 some content types may fail.

n A pipeline execution with a large number of captures or check-ins may fail, if the number of
executions is higher than that supported by the endpoint type. For example, bitbucket cloud
can support 1000 accesses per hour to its respository.

VMware, Inc. 179

vRealize Suite Lifecycle Manager 8.6 Installation, Upgrade, and Management Guide

Access Source Control

Only a release manager can add a source control access, where in the source control can be
GitLab or Bitbucket. With this privilege, a release manager can select the GitLab type, Bitbucket
and enter the gitLab server name. You can supply multiple server names and then use the git lab
personal access token and assign it to the source control server.

By enabling access source control, you can add an endpoint for a source control. For information
on adding a source control, see Add a Source Control Server Endpoint. Release manager can add
a source control server. But any developer logged-in to vRealize Suite Lifecycle Manager has to
associate their token to the server to access the source control server.

Managing Source Control Server Endpoints

Before you can check in or check out content, a vRealize Suite Lifecycle Manager must add a
GitLab or Bitbucket source control server to the system.

n Add a Source Control Server Endpoint

To add a source control server to the system, add a source control server endpoint.

n Delete a Source Control Server Endpoint

You can delete a source control server endpoint that is no longer in use.

Add a Source Control Server Endpoint

To add a source control server to the system, add a source control server endpoint.

When you disable the file editor option then the bitbucket API (PUT/POST) does not work for
an admin or a developer. Either do not include the below property (feature.file.editor) in the
property files or if this is included then ensure that the property is set to true.

Location:
<base_directory>\Atlassian\ApplicationData\Bitbucket\shared\bitbucket.propert
ies

Properties: feature.file.editor=true

Prerequisites

n Verify that you have a Bitbucket, GitHub or a GitLab instance that is supported for this
version of vRealize Suite Lifecycle Manager. For more information on the supported versions
of Bitbucket, GitHub, or GitLab, refer to Content Lifecycle Management.

n Log in to GitHub, GitLab or Bitbucket, and generate an access token for your user with all
scopes enabled. Copy and save this one-time token from GitHub, GitLab or Bitbucket.

n Log in to GitHub, GitLab or Bitbucket and verify you have group, project and branch created
in GitHub, GitLab or Bitbucket before adding it as a source control endpoint.

VMware, Inc. 180

vRealize Suite Lifecycle Manager 8.6 Installation, Upgrade, and Management Guide

Procedure

1 On the My Services Dashboard, click Content Management.

2 Click Content Settings.

3 On the Source Control Access tab, click ADD SOURCE CONTROL SERVER.

4 Select the Source Control Type.

Note With vRealize Suite Lifecycle Manager 8.0, you can now select Bitbucket Server or
Bitbucket Cloud.

5 Enter the IP address or fully qualified domain name of the server, and click SUBMIT.

vRealize Suite Lifecycle Manager uses https scheme for any Source Control APIs by
default. If you have not enabled https on the GitLab instance, then specify http://<ip
address>:<port> in the source control server under the content settings page to change
the scheme. When you create source control endpoint, the repository must be specified
in <GroupName>/<ProjectName> form. Whenever multiple developers are working on the
bit bucket repository then the performance is slow in the bit bucket enterprise version.
Therefore, you can use at least 4 vCPU machine of bit bucket.

6 Click the pencil icon for the source control server.

7 Enter your GitLab or Bitbucket server access token in the ACCESS KEY text box, and click
SUBMIT.

a For a GitHub instance, you can either select to enter the credential of the Github instance
by providing the user name and password or enter the access token.

b Click SUBMIT.

An access token is a unique identity for a user to perform check-in or check-out to track the
GitLab or GitHub API. To create an access token for GitLab or GitHub, access the GitLab or
GitHub Server URL. For example, gitlab.example.com or github.com. For Bitbucket Server and
Cloud, browse to bitbucket.org and navigate to App Passwords to create a password with full
permissions.

Delete a Source Control Server Endpoint

You can delete a source control server endpoint that is no longer in use.

Prerequisites

Verify that the source control server endpoint is not being used by any content endpoints.

Procedure

1 On the My Services Dashboard, click Content Management.

2 Click Content Settings.

VMware, Inc. 181

vRealize Suite Lifecycle Manager 8.6 Installation, Upgrade, and Management Guide

3 On the Source Control Access tab, click the trash icon for the source control server endpoint
to delete.

4 Click OK.

Working with Content Settings

You can add source control server endpoint, vCenter publisher, pipeline extensibility and
developer restrictions in Content Settings.

Source Control Access

To add a source control endpoint, provide a server for that source control from GitLab. For more
information, see Add a Source Control Server Endpoint.

Note You can add multiple server names for a source control server endpoint and only GitLab
source control is supported for this version.

vSphere Template Repository

Starting with vRealize Suite Lifecycle Manager 1.3 and later, you can capture content from
vSphere vCenter Server, the vSphere Template Repository is a Content Library within a
designated vCenter instance that will store all the templates that are captured in which they
can be managed from LCM. A best practice is to have this vCenter instance close to where the
templates would typically be captured, that is a development vCenter for template authoring.
You can go back to Endpoints and select vCenter to add as your endpoint. For more information,
see Add a vCenter Server Content Endpoint . The model for the Content Library Configuration is
the following:

1 Create the Content Library (Publisher): The vSphere Template Repository points to a Content
Library that is set up for publishing. For more details on how to setup a publisher Content
Library, see vCenter Documentation.

2 Create Content Library Subscribers: Each vCenter server that opts for a template support
requires a Content Library to be configured which will Subscribe to the Published Library
configured in Step 1. The following settings are required:

Setting Description

Automatic You can enable this setting for automatic synchronization of the template metadata.
Synchronization

Subscription URL This URL contains details about the publishers lib.json file. This will be available when you
create a publisher in Step 1.

VMware, Inc. 182

vRealize Suite Lifecycle Manager 8.6 Installation, Upgrade, and Management Guide

Setting Description

Authentication Disabled Disabled

Library content n Download all library immediately - If you don't select this option then vCenter will
download ALL virtual machine templates.
n Download library content only when needed - Only the metadata is downloaded (not
the disks). vRealize Suite Lifecycle Manager instructs on demand and as requested to
download the associated disks

Developer Restrictions
Content tags are useful for a variety of reasons, to locate content within the UI, that is when
you find all content with "BugFix-Task-1" tag or can be used for custom business logic during the
release pipeline.

An example of this may be custom business logic implemented by a release manager - Don't
Deploy Content to Endpoint B unless the Content has been deployed to Endpoint B, first this
requires a custom pipeline/workflow to be implemented. If this rule is to be bypassed, for
example, for Release Mangers to push Content straight to Endpoint B then a tag could be applied
to the content. This tag should only be added by a Release Manager and not a Developer.

Configure Pipeline Stub

Pipeline stubs can be executed in a synchronous or an asynchronous manner. When running
a stub in an asynchronous manner other pipeline stages are executed without waiting for
the custom logic to complete. For instance, a Pre-Capture configured to run asynchronously
executes in parallel with the Capture stage. However, a Post-Capture stage's execution is
triggered only after the Capture stage is executed, but can be made to run in parallel with the
next scheduled stage such as pre-test.

To associate a tag to a vRealize Orchestrator workflow, the global custom tag name of workflow
and value can either be manually edited to include vRSLCM_CUSTOM or the ‘/Library/Tagging/
Tag’ workflow can also be used for the tagging. Migration of pre and post stubs are not
supported.

Prerequisites

Ensure that all the Orchestrator endpoints whose workflows are to be used in the pre or post
stubs are added in vRealize Suite Lifecycle Manager and that the workflows which are to be used
in the stubs are tagged with vRSLCM_CUSTOM keyword.

Procedure

1 On the Content Settings, click the Edit pencil icon.

The Configure Pipeline Stub appears.

2 The Name and Execute Pipeline condition appears by default.

3 Select Run in background if the stub is to be executed in an asynchronous manner.

4 Select the Orchestrator Endpoint from the drop-down menu.

VMware, Inc. 183

vRealize Suite Lifecycle Manager 8.6 Installation, Upgrade, and Management Guide

5 Select a Orchestrator Workflow and click Submit.

Only workflows that are tagged as vRSLCM_CUSTOM is shown in this list.

6 Select the Input Param Configuration and click Submit.

Map Your Proxy Setting

vRealize Suite Lifecycle Manager 8.1 has introduced Proxy for Source Control Management
endpoints. The feature allows SCM endpoints to channel all REST calls through a proxy server
which can be configured on the vRealize Suite Lifecycle Manager setting page and map the
same to the content management. Proxy can be enabled for an SCM server, which automatically
enables the proxy for all endpoints using that SCM server.

The Proxy Mapping tab displays the proxy status, and configuration details such as proxy server
hostname and port.

Note You can use the proxy settings for the source control endpoints only.

You can enable the proxy for an SCM instance by selecting it from the list of servers and clicking
Update. Once the proxy is enabled for any of the SCM servers the administrator cannot remove
the proxy from the vRealize Suite Lifecycle Manager setting page. To remove the proxy, disable
the proxy mapping for all SCM servers and then proceed with the removal of proxy from the
vRealize Suite Lifecycle Manager setting page. You can disable proxy mapping for an SCM server
by selecting it again and clicking Update. The administrator can confirm that the proxy is not
used by any of the servers from the status of vRealize Suite Lifecycle Manager Proxy used by
Content Management.

If you notice that the proxy is not enabled, then navigate to Locker > Proxy, and select the
Configure Proxy check box. For more information, see Configure Your Proxy Settings. Only
a Release Manager and the administrator has the privileges to access the Proxy mapping in
vRealize Suite Lifecycle Manager.

Content Pipelines Settings

Starting with vRealize Suite Lifecycle Manager 8.0, there are only Content Pipelines and Capture
pipeline are supported. In the Content Pipelines section, under the Pipelines tab, the status of the
last 24 pipeline executions can be seen in the Content_Pipeline card. Each of the content pipeline
executions when selected, shows the associated Capture pipelines, if any, in the Capture pipeline
card. The execution representations, the colored dot in the pipeline card, can be selected to
view a detailed breakdown of the various stages of the selected execution. The Content pipeline
execution can contain a maximum of nine stages in the order of execution. However, the actual
execution has the stages which are relevant to the execution.

Pipeline Stubs
The pipeline stubs display the status of each action whenever a content is captured. The content
pipeline has the following status types whenever a content is run.

n Pre-Capture

VMware, Inc. 184

vRealize Suite Lifecycle Manager 8.6 Installation, Upgrade, and Management Guide

n Capture

n Post- Capture

n Pre-Test

n Test

n Post-Test

n Pre-Deploy/Checkin

n Deploy/Check-in

n Post-Deploy/Check-In

In the last three stages, the term Check-in is used if the content is released to a source control
endpoint such as Git or BitBucket else the term deploy is used. By default, the pre or post
stages are disabled and should be configured before they can be used in an execution. The
configuration and various modes of execution for pre or post stages, also called pre or post
stubs, are covered under the configure pipeline stubs section. The capture pipeline will always
have a single stage, that is Capture. The corresponding details of the pre or post capture can be
viewed in the associated content pipeline, also referred as the parent pipeline.

The Executions tab lists all the content and capture pipeline executions. The list shows the status,
time taken, executed by and time of the request for each of the executions. This list can be
filtered by the type of pipeline and execution status.

Each pipeline consists up of various Stages, each stage then can have various Tasks. Tasks can
be either parallel or sequential based on your custom business logic. After selecting an action
that you want to perform on a content, a content capture can list various types of status related
to such an action. Each of the content settings is related to the view displayed on the Content
Pipeline page.

Execute Pipeline Conditions:

1 EXECUTE_ON_SUCCESS - The stub is executed only if the corresponding stage executes
successfully. For example, Post-Capture if configured to EXECUTE_ON_SUCCESS executes
only if the Capture stage is executed successfully.

2 EXECUTE_ON_FAILURE -The stub is executed only if the corresponding stage execution

fails. For example, Post-Capture if configured to EXECUTE_ON_FAILURE executes only if the
Capture stage is execution fails.

3 EXECUTE_ON_SUCCESS_AND_FAILURE - The stub is executed irrespective of whether the

corresponding stage execution passes or fails. For example, Post-Capture if configured
to EXECUTE_ON_SUCCESS_AND_FAILURE executes in both cases, whether Capture stage
execution passes or fails.

VMware, Inc. 185

vRealize Suite Lifecycle Manager 8.6 Installation, Upgrade, and Management Guide

Inputs Parameters
The pre or post stubs support the mentioned list of parameters, the values of which can
be passed to the respective vRealize Orchestrator workflow as inputs. The value of these
inputs depends on the content (been captured/tested/deployed) of the pipeline execution for
which the pre or post routines are executed. Currently, all the parameters are of the type
'String'. Therefore, the input parameters configured for the corresponding workflow in vRealize
Orchestrator should be necessarily of type 'String'. A mismatch between the type of parameters
results in an execution failure for the pipeline. For more information on configuration, see
Configure Pipeline Stub.

Post-Deploy- Pre-Deploy- Post-Test- Post-Capture- Pre-Capture-

Pipeline Pipeline Pipeline Pre-Test-Pipeline Pipeline Pipeline

n contentName n contentName n contentEndp n contentName n contentName n contentName

n contentEndp n contentEndp oint n contentEndp n contentEndp n contentEndp
oint oint n ContentId oint oint oint
n ContentId n ContentId n contentName n ContentId n ContentId n ContentId
n contentType n contentType n contentType n contentType n contentType n contentType
n ContentVersi n ContentVersi n ContentVersi n ContentVersi n ContentVersi n ContentVersi
onID onID onID onID onID onID
n requestid n requestid n requestid n requestid n requestid n requestid
n requestnumb n requestnumb n requestnumb n requestnumb n requestnumb n requestnumb
er er er er er er
n status n requestedby n requestedby n requestedby n requestedby n requestedby
n requestedby n useridentity n useridentity n useridentity n useridentity n useridentity
n useridentity n status

Content Pipelines
Starting with vRealize Suite Lifecycle Manager 8.3, the Content Pipelines page is redesigned to
display the status of the content capture, test, and release of the content pipelines. You can view
all the content pipelines that are displayed in the completed, in progress, or failed state.

Note If you are unable to view the complete list of your pipelines, refresh the Content Pipelines
page as the queued request takes time to display the current data.

When you select a content pipeline from the Content Pipelines list, you can view the detailed
breakdown of the various stages of the selected execution. Each content pipeline displays the
following list:

Content Pipeline Options Description

Status Message Displays the status summary of the selected content

pipeline.

Executed by Displays the user details when performing the execution.

Last Update Displays the date of the selected content pipeline.

Comments Displays additional comments entered by the user.

VMware, Inc. 186

vRealize Suite Lifecycle Manager 8.6 Installation, Upgrade, and Management Guide

Content Pipeline Options Description

Content Types Displays the content type selected for the pipeline
execution.

Content_pipeline You can select the capture, test, or the deploy options for
n Capture a content pipeline. Based on your selection, you can see
the detailed breakdown of the selected execution, such as
n Test
the All Stages View, the content_pipeline Stage View, and
n Deploy
the content_pipeline Stage Request.

VMware, Inc. 187

Upgrading vRealize Suite Lifecycle
Manager and vRealize Suite
Products
6
This topic describes how to upgrade your vRealize Suite products and vRealize Suite Lifecycle
Manager when you are having an older version.

When you want to upgrade from an older version of vRealize Suite Lifecycle Manager, you have
three steps.

n Upgrade of vRealize Suite Lifecycle Manager

n Upgrade of VMware Identity Manager

n Upgrade of vRealize Automation 8.x

When you want to upgrade your individual products after installing vRealize Suite Lifecycle
Manager 8.x or earlier versions.

n All products supported by vRealize Suite Lifecycle Manager.

This chapter includes the following topics:

n Upgrade vRealize Suite Lifecycle Manager 8.x

n Upgrade VMware Identity Manager

n Upgrade vRealize Automation 8.x with vRealize Suite Lifecycle Manager

n Upgrade a vRealize Suite Product

Upgrade vRealize Suite Lifecycle Manager 8.x

You can check for and install updates to the vRealize Suite Lifecycle Manager appliance.

Upgrade is supported from vRealize Suite Lifecycle Manager 8.0 and later versions. You can also
upgrade vRealize Suite Lifecycle Manager by using an ISO file to install the upgrade. Latencies
have been validated with 350 ms with a bandwidth of 1.5 MB for a vRealize Suite small suite
deployment and upgrade.

Prerequisites

n Verify that you meet the system requirements. See System Requirements.

n Take a snapshot of the vRealize Suite Lifecycle Manager virtual appliance. If you encounter
any problems during upgrade, you can revert to this snapshot.

VMware, Inc. 188

vRealize Suite Lifecycle Manager 8.6 Installation, Upgrade, and Management Guide

n Verify that no critical tasks are currently in progress in vRealize Suite Lifecycle Manager.
The upgrade process stops and starts vRealize Suite Lifecycle Manager services and reboots
the vRealize Suite Lifecycle Manager virtual appliance, which might corrupt tasks that are in
progress.

n If you are upgrading vRealize Suite Lifecycle Manager through a repository URL or CD-
ROM, ensure that you download the vRealize Suite Lifecycle Manager upgrade binary from
MyVMware portal in advance. The file name must be -VMware-vLCM-Appliance-8.X.X.XX-
XXXXXXXX-updaterepo.iso.

Note You cannot use the easy installer iso file for an vRealize Suite Lifecycle Manager
upgrade, you must use the vRealize Suite Lifecycle Manager upgrade iso file.

Procedure

1 From the My services dashboard, click Lifecycle Operations and click Settings.

2 Click System Upgrade.

vRealize Suite Lifecycle Manager displays the name, version number, and vendor of the
current vRealize Suite Lifecycle Manager appliance.

3 Select the repository type for vRealize Suite Lifecycle Manager updates.

Option Description

Check Online You can check if the upgrades are available online. To use this option,
the vRealize Suite Lifecycle Manager virtual appliance must have access to
vapp-updates.vmware.com.

URL Enter your repository URL for updates. To use this option, extract the ISO
containing the upgrade files to a private repository. Do not use a private
repository that requires authentication for a file access.

CD-ROM You can update the vRealize Suite Lifecycle Manager Appliance from an ISO
file that the appliance reads from the virtual CD-ROM drive.

4 Click CHECK FOR UPGRADE.

After few minutes, vRealize Suite Lifecycle Manager displays a message indicating whether
there are updates available.

VMware, Inc. 189

vRealize Suite Lifecycle Manager 8.6 Installation, Upgrade, and Management Guide

5 Select the Repository Type, and then click UPGRADE.

a When vRealize Suite Lifecycle Manager is not connected to the internet, you can
download the "vRealize Suite Lifecycle Manager Update Repository Archive" binary from
My VMware Portal.

b The downloaded ISO should be attached to vRealize Suite Lifecycle Manager VM's
virtual CD-ROM drive. To do this, you can either upload the ISO in a content library
of the vCenter server hosting vRealize Suite Lifecycle Manager or you can upload in a
datastore that the vRealize Suite Lifecycle Manager VM can access. After uploading, you
must attach the ISO to the vRealize Suite Lifecycle Manager VM's CD-ROM device by
editing the VM's hardware configuration from the vCenter inventory. From vRealize Suite
Lifecycle Manager UI, select CD-ROM based upgrade option and proceed.

6 Select the checkbox on product snapshots under Prerequisite, and then click Next.

7 Click RUN PRECHECK. Once the precheck validation is complete, you can then download the
report to view the checks and validation status.

8 Click Upgrade after a successful precheck validation.

9 After a few minutes, login to the vRealize Suite Lifecycle Manager UI and check for the
upgrade successful message in the Settings > System Upgrade.

On an upgrade completion,vRealize Suite Lifecycle Manager displays the message upgrade

completion message. If you do not see this message, wait for a few minutes and refresh the
UI.

Support for Additional Product Versions

This section covers information about enabling applicable product versions for the vRealize Suite
products while you are updating the LCM appliance. You can add additional Policy support and
enhance the new product versions and add patches to vRealize Suite Lifecycle Manager as and
when applicable.

With the check version feature, you can check the latest available product versions even
without web connectivity. The table with the versions of the product of each vRealize Suite is
pre-populated wherein the data is fetched from the VMware source.

If the selected upgraded product version does not work, then navigate to the downloaded
product file with a file extension .pspak. Upload the file and validate the same using Chrome or
Internet Explorer.

Upgrade VMware Identity Manager

You can upgrade from earlier versions of VMware Identity Manager to the latest version if you
conform to vRealize Suite Lifecycle Manager supported form-factor. Otherwise, the upgrade has
to be performed outside vRealize Suite Lifecycle Manager. After an upgrade, you can reimport
VMware Identity Manager by triggering the inventory sync in vRealize Suite Lifecycle Manager.

VMware, Inc. 190

vRealize Suite Lifecycle Manager 8.6 Installation, Upgrade, and Management Guide

For more information, refer to the Installing vRealize Automation with vRealize Suite Lifecycle
Manager Easy Installer for vRealize Automation and VMware Identity Manager documentation.

Note
n If the installation, upgrade, or scale out request of VMware Identity Manager is IN PROGRESS
or FAILED state in vRealize Suite Lifecycle Manager, ensure that you do not remediate the
cluster.

n If VMware Identity Manager is clustered through vRealize Suite Lifecycle Manager, then it is
recommended to use the Power ON and Power OFF option for a scenario which involves
bringing down the cluster, such as reboot and shut down.

n VMware Identity Manager version 3.3.4 is backward compatible with Windows connectors of
previous versions.

n When you deploy VMware Identity Manager with vRealize Suite Lifecycle Manager, do not
change the VMware Identity Manager hostname. For more information, refer to the VMware
Identity Manager documentation.

Prerequisites

n In a clustered environment, ensure that the Postgres Cluster Health Status is healthy by
selecting the Trigger Cluster Health for your product in the Environments page. After your
request is complete, you can view the notifications for your product and verify if your status
is healthy. If your status is unhealthy, you can use Power ON to remediate your cluster, prior
to an upgrade. For the 8.4 release, the remediate button is available in your product card in
the Environments page.

n Verify that you have taken a snapshot of VMware Identity Manager nodes.

n Verify that you have your product binaries mapped. For more information, see Configure
Product Binaries.

n For a clustered VMware Identity Manager upgrade, ensure that you disable all the stand-by
nodes in the load-balancer so that the traffic is not routed to the stand-by nodes, and then
enable the stand-by nodes after the upgrade is complete.

Procedure

1 On the Lifecycle Operations page, click Manage Environment.

2 Navigate to the Global Environment instance.

3 Click View Details > Upgrade..

VMware, Inc. 191

vRealize Suite Lifecycle Manager 8.6 Installation, Upgrade, and Management Guide

4 Under the Product details section, you can select the following repository type.

Option Description

Repository URL When you select this option, you can manually add the local upgrade file
location in the Lifecycle virtual appliance.

vRealize Suite Lifecycle Repository When you select this option, you can enter the upgrade path available after
mapping the binaries through vRealize Suite Lifecycle Manager.

Note For VMware Identity Manager version 3.3.4, the only option available
is vRealize Suite Lifecycle Repository The other options, Repository URL
and VMware Repository are not available.

VMware Repository Select this option and select the version. The upgrade is performed using
the online source.

5 Click and run the pre-check.

6 Click Submit.

Migrating Windows Connector

In Connector migration, the Windows connector for VMware Identity Manager is installed on
a Windows box, by providing the configuration file which is generated from an external or
embedded Linux connector. This is supported for vRealize Suite Lifecycle Manager 8.2 Patch 1
and later releases.

After the external or embedded Linux connector is migrated, the Integrated Windows
Authentication (IWA) and LDAP directories on the Linux connector are migrated to Windows.
In VMware Identity Manager version 3.3.2 and earlier releases, the active directories were
supported on both external and embedded Linux connectors and external Windows connectors.
Starting with VMware Identity Manager version 3.3.3, IWA active directories are supported only
on external Windows connectors.

Prerequisites

Ensure that you adhere to the following requirements.

n The supported JRE version is between 8 update 181 to 8 update 251.

n The supported .NET framework version is 4.6.0.

n The supported Windows Server versions are 2012 R2, 2016, and 2019.

n A unique Windows system is required for the migration and it must be connected to a
domain server.

Procedure

1 On the Lifecycle Operations page, click Manage Environment.

2 Navigate to the Global Environment instance.

3 Click View Details > Upgrade.

VMware, Inc. 192

vRealize Suite Lifecycle Manager 8.6 Installation, Upgrade, and Management Guide

4 Select the check box and proceed to Upgrade.

5 In the Select Version tab, select the Repository Type, Product Version, and the Repository
URL.

6 To specify the connector migration, enter the Target Windows Connector details in the
Migrate Linux Connector to Windows Connection section.

Note The Source Connector details for Embedded Connector Type are populated from
VMware Identity Manager. You must enter only the Linux Connector SSH passwords for the
External Connector Type.

a Enter the target Windows FQDN and Windows Domain User.

b Select the Windows Domain Password.

c Select the Windows VM Center.

7 Click and then RUN PREHECK.

If the validations are not successful and you want to make changes, and then resume the
upgrade VMware Identity Manager operation, click SAVE AND EXIT.

8 If the validations are successful, click Next.

9 In the Upgrade Summary page, you can verify the details, and then click Submit.

Upgrade vRealize Automation 8.x with vRealize Suite

Lifecycle Manager
You can upgrade vRealize Automation in vRealize Suite Lifecycle Manager.

Prerequisites

n Ensure that you have upgraded the earlier versions of vRealize Suite Lifecycle Manager to
the latest. For more information on upgrading your vRealize Suite Lifecycle Manager, see
Upgrade vRealize Suite Lifecycle Manager 8.x .

n Ensure that you have upgraded the earlier version of VMware Identity Manager to 3.3.2 or
later. For more information on VMware Identity Manager upgrade, see Upgrade VMware
Identity Manager.

n Verify that you have already installed vRealize Automation 8.0, 8.0.1, 8.1, 8.2, or 8.3.

n Perform the binary mapping of the vRealize Automation upgrade ISO from Local, myvmware
or NFS share. For more information on binary mapping, see Configure Product Binaries.

n Increase the CPU, memory, and storage as per the system requirements of vRealize
Automation 8.4. For more information, see the Hardware Requirements of vRealize
Automation 8.4 Reference Architecture.

VMware, Inc. 193

vRealize Suite Lifecycle Manager 8.6 Installation, Upgrade, and Management Guide

Procedure

1 On the Lifecycle Operations page, click Manage Environments.

2 Navigate to a vRealize Automation instance.

3 Click View Details and click Upgrade.

A pop-up menu is appears to alert you to perform an inventory sync.

4 Click Trigger Inventory Sync of the product before you upgrade.

Note At times, there can be a drift or a change in the environment outside of Lifecycle
Manager and for Lifecycle Manager to be aware of the current state of the system, the
inventory requires to be up-to-date.

a If the product inventory is already synced and up-to-date, then click Proceed Upgrade.

5 After the inventory is synced, select the vRealize Automation version to 8.4.

6 To select the Repository Type, you can either select vRealize Suite LCM Repository, only if
you have mapped the ISO Binary map, or you can select the Repository URL with a private
upgrade Repository URL.

7 If you selected the Repository URL, enter the unauthenticated URL, and then click Next.

8 Click Pre-Check.

Pre-check validates the following criteria:

n If the source vRealize Automation versions are one of 8.0.0 or 8.0.1, ensure follow the
steps given in the KB article 78325 before you upgrade to restore expired root accounts.

n SSH enabled - Verifies that SSH for the root user is enabled.

n Version check - Verifies if the target version selected for upgrade is compatible with the
current vRealize Automation version.

n Disk space on root, data, and services log partition - Verifies if the required amount of
free disk space is available in the root, data, and services log partition.

n CPU and Memory Check - Verifies if the required amount say 12 CPU and 42 GB Memory
resources available in each vRealize Automation nodes before upgrade.

n vCenter property existence check - Verifies if the vCenter details are present as part
of each node in the Lifecycle Manager inventory. Since a snapshot is taken during the
upgrade process, it is important to have the right vCenter details within the Lifecycle
Manager inventory.

n vRealize Automation VMs managed object reference ID retrieval check - Verifies if the
managed object reference ID of the VM can be retrieved from the details available in the
Lifecycle Manager inventory. This is required as you perform snapshot-related operations
on the VMs, finding the VM using the same.

VMware, Inc. 194

vRealize Suite Lifecycle Manager 8.6 Installation, Upgrade, and Management Guide

9 Click Next and Submit.

You can navigate to the Request Details page to view the progress of the upgrade status.
You can enable the multi-tenancy for vRealize Automation, refer to Tenant Management in
vRealize Suite Lifecycle Manager.

Upgrade Functionality of vRealize Automation

There are three stages in the upgrade process of vRealize Automation within vRealize Suite
Lifecycle Manager.

Stages of Upgrade Description

Upgrade Preparation The preparation phase verifies that the system is healthy
and shuts down services to make sure that all data is
persisted.

Snapshot of all the VMs for an automatic recovery Snapshots are taken for faster recovery of failures. vRealize
Suite Lifecycle Manager then shuts down the VMs, takes a
snapshot, turns power on, and continues to the next phase.

Upgrade Execution. Run the upgrade.

At certain unexpected or failure scenarios, the vRealize Suite Lifecycle Manager upgrade
workflow gives user decision points to either finish the upgrade successfully or revert to the
stage before upgrade.

n The upgrade process starts with a status check task that verifies the current state of the
VA. If the system already has an upgrade request due to a previous upgrade attempt, then
vRealize Suite Lifecycle Manager provides you with an option to clean the older states and
start a new upgrade. You can see the status task failing with a retry parameter similar
to 'cancelAndStartAfresh'. Setting this retry parameter to true cleans up older states and
retriggers the upgrade again.

n If unexpected failures occur during the prepare phase, you can either cancel the whole
upgrade process and start new. If a failure cannot be corrected or if the unexpected failure
is fixed manually, you can proceed to the next phase in the upgrade workflow. The status
selects done after the prepare failure provide you with two retry parameters that help you
decide which option to select. If you set 'cancelAndStartAfresh' to 'true', the upgrade process
is cancelled and returns the system to the state before the upgrade. If you set ‘proceedNext’
to 'true', the vRealize Suite Lifecycle Manager upgrade workflow proceeds to the next state
with an assumption that you fixed the prepare issue outside.

n The upgrade workflow consists of VM level operations like reverting or deleting a snapshot
and VM Shutdown, power ON, and so on. If there was a failure, these operations include a
Skip option which can be used if the RETRY option in the vRealize Suite Lifecycle Manager
does not help and when you manually perform the same operation directly on the vCenter
Server.

VMware, Inc. 195

vRealize Suite Lifecycle Manager 8.6 Installation, Upgrade, and Management Guide

n The final phase of the upgrade can be successful or success with warnings or a fatal state.

n Success with warnings indicates that the upgrade has completed successfully, but a
minor error is detected. You can check the errors and rectify them. You can set the
'succeedUpgradeRequest' retry parameter to 'true' which will succeed and complete the
vRealize Suite Lifecycle Manager upgrade workflow.

n If there is an fatal error, you can decide if you want to revert the snapshot and retry the
upgrade or cancel the whole upgrade process. You can revert and delete the snapshot,
cancel the current upgrade request, and move the system to a state before the upgrade
started.

n For a fatal error, you can see the status task after the upgrade
failure with retry parameters similar to 'revertSnapshotNRetryUpgrade' and
'cancelUpgradeNRevertBack'. If you set 'revertSnapshotNRetryUpgrade' to 'true',
then it can revert the snapshot and retry the upgrade again.

n If you set 'cancelUpgradeNRevertBack' to 'true', you can cancel the upgrade process,
which can revert and delete the snapshot and cancel the current upgrade request and
move the system to a state before the upgrade started.

Note
n The vRealize Suite Lifecycle Manager upgrade workflow does not support removing the
snapshots if there was a successful upgrade. You hold the snapshots or remove it manually
from the vCenter Server, if necessary.

n If you Cancel the upgrade process after a failure post prepare or upgrade phase, the
vRealize Suite Lifecycle Manager workflow post cleaning up the upgrade request in vRealize
Automation ends up in an canceled state. This indicates that the upgrade workflow from
vRealize Suite Lifecycle Manager stopped. In such situations, retrigger an upgrade from the
product actions under Manager Environment page.

n You can enable the multi-tenancy for vRealize Automation, refer to Tenant Management in
vRealize Suite Lifecycle Manager.

n If the vRealize Automation upgrade fails, you must cancel upgrade or revert a snapshot, and
then retry to upgrade through vRealize Suite Lifecycle Manager. If you revert the snapshot
manually in a vCenter Server, vRealize Automation goes into an inconsistent state.

n For vRealize Automation, if you cancel upgrade or revert a snapshot, and then retry to
upgrade, ensure that you create a support bundle that contains the log files for any future
analysis and reference.

Upgrade a vRealize Suite Product

You can use vRealize Suite Lifecycle Manager to upgrade vRealize Suite product installations.

VMware, Inc. 196

vRealize Suite Lifecycle Manager 8.6 Installation, Upgrade, and Management Guide

When a deployment request is saved in vRealize Suite Lifecycle Manager 1.1 and the same
request is resumed after upgrading vRealize Suite Lifecycle Manager to 1.2, vRealize Automation
7.3 products details page items does not load. For more information, see KB article 56369. When
a vRealize Suite Lifecycle Manager upgrade is triggered, the screen stays at Maintenance mode
and Home page never comes up. After an upgrade, there can be some errors in the content
from the marketplace. The content might contain few request that prevents the service to start.
vRealize Suite Lifecycle Manager UI displays a maintenance mode message and the Home page
is not displayed. In this scenario, restart the xenon server. If the issue still persists, delete the
error request and restart xenon. To upgrade to vRealize Automation 8.x, see Upgrade vRealize
Automation 8.x with vRealize Suite Lifecycle Manager .

Prerequisites

Verify that the vRealize Suite product to upgrade is part of a vRealize Suite Lifecycle Manager
private cloud environment, and take a snapshot of the product that you can revert to in the event
that something goes wrong with the upgrade. See Creating and Managing a Product Snapshot.

If you are upgrading vRealize Automation 7.x, ensure that the following additional prerequisites
are met:

n The vRealize Automation management agent and all IaaS Windows nodes are running.

n The second member in the vRealize Automation load balancer is disabled.

If you are upgrading vRealize Automation 8.x, ensure that the following additional prerequisites
are met:

n vRealize Suite Lifecycle Manager should be upgraded to latest.

n VMware Identity Manager should be upgraded to 3.3.2 or later.

n The vRealize Automation services should be running.

Procedure

1 Click Manage Environments.

2 Click VIEW DETAILS for the environment the product to upgrade is part of.

3 Click the ellipses (...) icon next to the name of the product to upgrade and select Upgrade
from the drop-down menu.

4 Choose a product version to upgrade to.

5 If you are upgrading vRealize Automation or vRealize Business for Cloud, choose whether to
upgrade from the Default repository, the vRealize Suite Lifecycle Manager Repository, or a
manually-entered Repository URL.

6 If you are upgrading vRealize Log Insight or vRealize Operations Manager, choose whether
to upgrade from the vRealize Suite Lifecycle Manager Repository, or a manually-entered
Repository URL, and then select the Product Version.

7 Click Next.

VMware, Inc. 197

vRealize Suite Lifecycle Manager 8.6 Installation, Upgrade, and Management Guide

8 Under Snapshot, you have two options. You can select Take product snapshot and Retain
product snapshot taken. If the Take product snapshot is set to true, and the snapshot is
taken prior to an upgrade which can be rolled back to its initial state during an upgrade
failure, the snapshot is taken with the prefix LCM_AUTOGENERATED. If the Retain product
snapshot taken is set to true, it is retained, and can revert back to the previous version after
a successful upgrade.

Note
n The Snapshot option is not supported for vRealize Automation version 7.x.

n When you select a snapshot, it powers off the product VMs prior to taking the snapshot,
and involves downtime for a specified time.

n If your upgrade fails, you can now roll back through the Revert Snapshot option. This is
only applicable for a failed upgrade or a scaleout request. If you have chosen to take
snapshot as an option and your upgrade fails, the Snapshot Rollback action would trigger
a new request to roll back to the initial state. Select the ellipsis (...) in the Requests page
for the Snapshot Rollback action.

9 Click RUN PRECHECK. After a successful precheck, you can view the Upgrade Summary, and
then click Upgrade.

If you have upgraded a vRealize Suite product outside of vRealize Suite Lifecycle Manager,
then vRealize Suite Lifecycle Manager will not reflect the latest product version or the latest
data of the upgraded product. At such instances you have to delete the vRealize Suite
product (the product which is already upgraded to the newer version outside vRealize Suite
Lifecycle Manager) from vRealize Suite Lifecycle Manager only, and then re-import the same
product again so that vRealize Suite Lifecycle Manager will fetch the latest state of the given
product along with its newer version.

What to do next

You can view the progress of the upgrade on the Requests tab.

Upgrade Existing Products Using Pre-Upgrade Checker

You can trigger a pre-validation check from the product UI before upgrading an existing product
within an environment. You can evaluate product upgrades and allow upgrade operation later.
You can also validate the product compatibility matrix should be validated.

For more information on upgrade vRealize Suite products, see Upgrade a vRealize Suite Product.

Prerequisites

Verify that you already have an existing vRealize Suite product in your environment.

VMware, Inc. 198

vRealize Suite Lifecycle Manager 8.6 Installation, Upgrade, and Management Guide

Procedure

1 Right click the vertical ellipses of an existing vRealize Suite product and select an upgrade.

The compatibility matrix information is loaded with new, compatible and incompatible
versions with product that needs to be upgraded.

2 Under the Product details section, you can select the following repository type.

Option Description

VMware Repository When you select this option, the latest versions of the vRealize Suite
products are displayed in the Compatibility Matrix table. You can see
this option only on vRealize Automation and vRealize Business for Cloud.
Although, the compatibility matrix information is populated at the Suite
product level, there can be a possibility for that latest versions might not
be available at vRealize Suite Lifecycle Manager. However, with the Check
Available Version, you can get only the latest version number with the
associated build number.

Repository URL When you select this option, you can manually add the local upgrade file
location in vRealize Suite Lifecycle Manager virtual appliance.

vRealize Suite Lifecycle Repository When you select this option, you can select the upgrade path available after
mapping the binaries through vRealize Suite Lifecycle Manager.

Note Only vRealize Operations Manager upgrade consists of the Run Assessment feature.
The run assessment checks for the vRealize Operations Manager upgrade readiness. It is not
mandatory for the Run assessment to be passed, you can still go ahead with the upgrade.
The compatibility matrix information is populated as per the selected version of the vRealize
Operations Manager under the Product Version drop-down menu.

3 Click Next and click Run Pre-check.

Once the precheck validation is completed, you can then download the report to view the
checks and validation status.

Note If you want to run the Precheck again after evaluating the discrepancies, you can
select the Re-Run Pre Check. Pre-Check can also be performed using on Submit toggle
button.

4 Click Next and click Submit.

5 If an vRealize Automation IaaS components upgrade fails

a Revert all the Infrastructure components back to the snapshot "post-upgrade VA

snapshot".

b Revert the MS SQL database back to the pre-upgraded state.

c Click Retry from vRealize Suite Lifecycle Manager and set Upgrade Iaas Using Cli to True.

d Click Submit.

VMware, Inc. 199

vRealize Suite Lifecycle Manager 8.6 Installation, Upgrade, and Management Guide

Upgrade vRealize Operations Manager

You can trigger a pre-validation check from the product UI before upgrading vRealize Operations
Manager within an environment. You can evaluate vRealize Operations Manager upgrades and
allow upgrade operation later. You can also validate the product compatibility matrix must be
validated.

Prerequisites

Verify that there is an older or an existing version of vRealize Operations Manager instance in the
Manage Environments.

Procedure

1 Right click the vertical ellipses of an existing vRealize Operations Manager product and select
an Upgrade.

The compatibility matrix information is loaded with new, compatible, and incompatible
versions with product that must be upgraded.

2 Under the Product details section, you can select the following repository type.

Option Description

Repository URL When you select this option, you can manually add the local upgrade file
location in a Lifecycle virtual appliance.

vRealize Suite Lifecycle Repository When you select this option, you can enter the upgrade path available after
mapping the binaries through LCM.

3 Click Next.

VMware, Inc. 200

vRealize Suite Lifecycle Manager 8.6 Installation, Upgrade, and Management Guide

4 To run the file format and Version support from LCM, click RUN PRECHECK.

Once the precheck validation is finished, you can then download the report to view the
checks and validation status.

Note When you upgrade vRealize Operations Manager instance, you have two options.

n Run PreCheck: You must run to upgrade vRealize Operations Manager.

n Run Assessment Tool: You can use this option to run a vRealize Operations Manager
APUAT tool.

The binary for vRealize Operations Manager APUAT tool is bundled with vRealize Suite
Lifecycle Manager build, and once vRealize Suite Lifecycle Manager gets deployed it is
present in vRealize Suite Lifecycle Manager VA location: /data/lcmcontents/, by default.

Note If you want to run the Precheck again after evaluating the discrepancies, you can
select the Re-Run Pre Check. Pre-Check can also be performed using on Submit toggle
button.

If the OS Admin Password for vRealize Operations Manager expires, vRealize Operations
Manager upgrade Precheck fails while check-in even if the admin account is locked or not.
You can change the admin password for the vRealize Operations Manager within vRealize
Suite Lifecycle Manager UI, and then click Precheck for vRealize Operations Manager again.
You can also change the vRealize Operations Manager admin password outside vRealize
Suite Lifecycle Manager directly in vRealize Operations Manager, then run an inventory
sync for the selected vRealize Operations Manager instance in the vRealize Suite Lifecycle
Manager UI. Click Run upgrade Precheck for vRealize Operations Manager again.

Upgrade vRealize Automation 7.x

You can trigger a pre-validation check from the product UI before upgrading vRealize
Automation within an environment. You can evaluate vRealize Automation upgrades and allow
upgrade operation later. You can also validate the product compatibility matrix should be
validated.

Prerequisites

Verify that there is an older or an existing version of vRealize Automation instance in the Manage
Environments.

Procedure

1 Right click the vertical ellipses of an existing vRealize Automation product and select an
Upgrade.

The compatibility matrix information is loaded with new, compatible and incompatible
versions with product that needs to be upgraded.

VMware, Inc. 201

vRealize Suite Lifecycle Manager 8.6 Installation, Upgrade, and Management Guide

2 Select the IAAS Snapshot After VA Upgrade checkbox.

If an IaaS component fails after vRealize Automation then you can revert to the post upgrade
VA snapshot.

3 Under the Product details section, you can select the following repository type.

Option Description

Repository URL When you select this option, you can manually add the local upgrade file
location in Lifecycle virtual appliance.

VMware Repository When you select this option, the latest versions of the vRealize Suite
products are displayed in the Compatibility Matrix table. You can see this
option only on vRealize Automation. Although, the compatibility matrix
information is populated at the Suite product level, there can be a possibility
for that latest versions might not be available at vRealize Suite Lifecycle
Manager. However, with the Check Available Version, you can get only the
latest version number with the associated build number.

vRealize Suite Lifecycle Repository When you select this option, you can select the upgrade path available after
mapping the binaries through LCM.

4 Click RUN PRECHECK to execute.

Once the precheck validation is completed, you can then download the report to view the
checks and validation status.

Note If you want to run the Precheck again after evaluating the discrepancies, you can
select the Re-Run Pre Check. Pre-Check can also be performed using on Submit toggle
button.

5 Click Next and read the summary before you click Submit.

Upgrade vRealize Network Insight

You can trigger a pre-validation check from the product UI before upgrading vRealize Network
Insight within an environment. You can evaluate vRealize Network Insight upgrades and allow
upgrade operation later. You can also validate the product compatibility matrix should be
validated.

Procedure

1 Right click the vertical ellipses of an existing vRealize Network Insight product and select an
Upgrade.

The compatibility matrix information is loaded with new, compatible and incompatible
versions with product that needs to be upgraded.

VMware, Inc. 202

vRealize Suite Lifecycle Manager 8.6 Installation, Upgrade, and Management Guide

2 Under the Product details section, you can select the following repository type.

Option Description

Repository URL When you select this option, you can manually add the local upgrade file
location in Lifecycle virtual appliance.

vRealize Suite Lifecycle Repository When you select this option, you can enter the upgrade path available after
mapping the binaries through LCM.

3 Click Next.

4 Click RUN PRECHECK to execute the File format and Version support from LCM.

Once the precheck validation is completed, you can then download the report to view the
checks and validation status. `

Note If you want to run the Precheck again after evaluating the discrepancies, you can
select the Re-Run Pre Check. Pre-Check can also be performed using on Submit toggle
button.

Upgrade vRealize Log Insight

You can trigger a pre-validation check from the product UI before upgrading vRealize Log
Insight within an environment. You can evaluate vRealize Log Insight upgrades and allow upgrade
operation later. You can also validate the product compatibility matrix should be validated.

Prerequisites

Verify that there is an older or an existing version of vRealize Log Insight instance in the Manage
Environments.

Procedure

1 Right click the vertical ellipses of an existing vRealize Log Insight product and select an
Upgrade.

The compatibility matrix information is loaded with new, compatible and incompatible
versions with product that needs to be upgraded.

2 Under the Product details section, you can select the following repository type.

Option Description

Repository URL When you select this option, you can manually add the local upgrade file
location in Lifecycle virtual appliance.

vRealize Suite Lifecycle Repository When you select this option, you can select the upgrade path available after
mapping the binaries through LCM.

3 Click Next.

VMware, Inc. 203

vRealize Suite Lifecycle Manager 8.6 Installation, Upgrade, and Management Guide

4 Click RUN PRECHECK.

Once the precheck validation is completed, you can then download the report to view the
checks and validation status.

Note If you want to run the Precheck again after evaluating the discrepancies, you can
select the Re-Run Pre Check. Pre-Check can also be performed using on Submit toggle
button.

Upgrade vRealize Business for Cloud

You can trigger a pre-validation check from the product UI before upgrading vRealize Business
for Cloud within an environment.

Procedure

1 Right click the vertical ellipses of an existing vRealize Business for Cloud product and select
an Upgrade.

The compatibility matrix information is loaded with new, compatible, and incompatible
versions with product that must be upgraded.

2 Under the Product details section, you can select the following repository type.

Option Description

Repository URL When you select this option, you can manually add the local upgrade file
location in Lifecycle virtual appliance.

vRealize Suite Lifecycle Repository When you select this option, you can enter the upgrade path available after
mapping the binaries through Lifecycle Manager.

3 Click Next.

4 Click RUN PRECHECK to run the file format and Version support from LCM.

Once the precheck validation is completed, you can then download the report to view the
checks and validation status.

Note If you want to run the Precheck again after evaluating the discrepancies, you can
select the Re-Run Pre Check. Pre-Check can also be performed using on Submit toggle
button.

Upgrade vRealize Automation Salt Stack Config

You can trigger a pre-validation check from the product UI before upgrading vRealize
Automation Salt Stack Config within an environment. You can evaluate vRealize Automation Salt
Stack Config upgrades and allow upgrade operation later.

Prerequisites

Note If you have multiple tenants, you can upgrade only one tenant at a time.

VMware, Inc. 204

vRealize Suite Lifecycle Manager 8.6 Installation, Upgrade, and Management Guide

Verify that there is an older or an existing version of vRealize Automation Salt Stack Config
instance in the Manage Environments.

Procedure

1 In the Environments page, select vRealize Automation Salt Stack Config, and then click
Upgrade.

2 Click Proceed to upgrade.

3 Under the Select Version section, you can select the following repository type.

Option Description

vRealize Suite LCM Repository When you select this option, you can select the upgrade path available after
mapping the binaries through vRealize Suite Lifecycle Manager.

Repository URL When you select this option, you can manually add the local upgrade file
location in Lifecycle virtual appliance.

4 Click Next.

5 In the Precheck page, you can view the validation status. You can click RE-RUN PRECHECK
button to evaluate the discrepancies.

6 Click Next to view the upgrade summary.

7 Click Submit.

VMware, Inc. 205

Performing a Disaster Recovery
Plan for vRealize Suite Lifecycle
Manager
7
You can perform disaster recovery by running a recovery plan in vRealize Suite Lifecycle
Manager with re-IP, using Site Recovery Manager.

Procedure

1 Create a recovery plan for vRealize Suite Lifecycle Manager VM and configure the recovery
steps by turning off re-IP manually, and then disabling power on post recovery.

2 Edit the hardware setting of the recovered vRealize Suite Lifecycle Manager VM in the
vCenter inventory, and then assign correct network.

3 Power ON the vRealize Suite Lifecycle Manager VM.

4 Access the vRealize Suite Lifecycle Manager VM console from vCenter inventory as a root
user.

5 Execute the following commands from the VM console.

a /opt/vmware/share/vami/vami_set_network <Network-Interface-Name>
STATICV4+NONEV6 <New-IPV4> <SUBNETMASK> <DEFAULT-GATEWAY>

b /opt/vmware/share/vami/vami_set_dns <New-DNS-IP-OR-FQDN>

c /opt/vmware/share/vami/vami_set_hostname <New-Hostname>

d Reboot.

6 Access the vRealize Suite Lifecycle Manager UI with new IPv4 or the new FQDN, and then
log in. Under Locker, select Home Certificates, and then generate a new certificate, which
includes the updated vRealize Suite Lifecycle Manager FQDN.

7 Under Lifecycle Operations Home page, select Settings, and then select Change Certificate to
update the vRealize Suite Lifecycle Manager certificate that is generated in the previous step.

8 Under Lifecycle Operations Home page, select Settings, and then select Authentication
Provider to perform SYNC and RE-REGISTER. This would updade the new FQDN of vRealize
Suite Lifecycle Manager in the VMware Identity Manager catalogue.

Note Perform this step only if the VMware Identity Manager is reachable to the network of
the recovered vRealize Suite Lifecycle Manager VM.

VMware, Inc. 206

vRealize Suite Lifecycle Manager 8.6 Installation, Upgrade, and Management Guide

9 Perform an inventory sync with the managed products to ensure vRealize Suite Lifecycle
Manager is functional with the new network settings.

VMware, Inc. 207

Managing vRealize Cloud Licenses
in vRealize Suite Lifecycle
Manager
8
You can now centrally manage your vRealize Cloud subscription licenses along with other on-
premise licenses from the Locker of vRealize Suite Lifecycle Manager.

To know more about vRealize Cloud, you can view Creating Environments in vRealize Cloud.

This chapter includes the following topics:

n Managing vRealize Cloud Licenses in Locker

n Activating vRealize Cloud Universal Subscription Licenses

n Day 2 Operations for vRealize Cloud Universal

n Day 2 Operations for vRealize Cloud Licenses

Managing vRealize Cloud Licenses in Locker

The Locker application helps you to manage vRealize Cloud licenses for your vRealize Cloud
Subscription and collect your daily data usage for the associated products and cloud services.

When you purchase vRealize Cloud Subscription, you receive access to vRealize Cloud
Subscription Manager, which is a new complimentary utility service. With vRealize Cloud
Subscription Manager, you can add endpoints and monitor the data usage for your vRealize
Cloud Subscription services. You must create vRealize Cloud licenses at the locker level in
vRealize Suite Lifecycle Manager, and then connect these licenses to vRealize Cloud Subscription
Manager to monitor your cloud data usage. For more information on vRealize Cloud Subscription
Manager, refer to the vRealize Cloud Subscription Manager documentation.

Prerequisites

Verify if you have registered with My VMware to access licenses.

Procedure

1 If you do not have My VMware account, navigate to the Lifecycle Operations dashboard, and
then click Settings.

2 Click My VMware and add a vRealize Cloud account.

3 After your My VMware accounts are configured, then the corresponding license keys are
synced.

VMware, Inc. 208

vRealize Suite Lifecycle Manager 8.6 Installation, Upgrade, and Management Guide

4 From the Lifecycle Operations dashboard, click Locker.

5 Click the License icon. The vRealize Cloud licenses are created under My VMware account
and are displayed in the Licenses table.

6 To re-sync licenses from My VMware account, click Retrieve Licenses.

7 If you already have products deployed, then import these products in vRealize Suite Lifecycle
Manager, and then apply the vRealize Cloud Universal licenses to these products captured
in locker. If there are no existing products present, then you can use the vRealize Cloud
Universal licenses present in vRealize Suite Lifecycle Manager locker for product deployment.
For more information, view the Configure License Within Locker topic.

8 If you have already downloaded your license, you can add the license details in the Locker.

9 To connect a license to vRealize Cloud Subscription, select a license which is displayed in the
License table, and then right-click the vertical ellipses.

a Click Connect License.

b Under API Token, generate an API token from your user account for vRealize Cloud
Subscription, and then click Next.

c Under Match License Key, the vRealize Cloud Subscription Manager finds a correct match
for the provided API token, and lists out the organization details.

d Under Report Frequency, you will receive a confirmation that you are connected to
vRealize Cloud Subscription Manager, and your data usage is reported to vRealize Cloud
Subscription Manager twice a day.

e Click Finish.

10 To disconnect a license in vRealize Suite Lifecycle Manager, right-click the vertical ellipses,
and then click Disconnect License.

11 To trigger the license usage for a product, select a license from the License table, and then
right-click the vertical ellipses.

a Click Sync Usage.

b You can download the usage sync report to view the data usage for the products.

12 To view the data consumption report, select a license, and then right-click the vertical
ellipses.

a Click Generate Report.

b To view a graphical representation of the report, click GENERATE in the Generate Report
page.

c To download the report for a maximum period of 120 days, click DOWNLOAD.

VMware, Inc. 209

vRealize Suite Lifecycle Manager 8.6 Installation, Upgrade, and Management Guide

Downloading Usage Report for vRealize Cloud Licenses

Starting with vRealize Suite Lifecycle Manager 8.4.1, two new options are available for the
vRealize Cloud licenses that are displayed as vRealizeFlex license type in the Licenses table.
When you right-click the vertical ellipsis, you can view the Usage Report and the Update Usage
Key options.

The Usage Report enables you to download and view your license reports.

n Download Report: The General option enables you to download reports for
viewing ,analyzing, storing, documentation, or auditing purposes.

The vRealize Cloud Subscription Manager Billing option enables you to download a encrypted
usage data zipped file, that you upload in vRealize Cloud Subscription Manager, and this
generates a usage key. For more information, see VMware vRealize Cloud Subscription
Manager documentation. You can use this usage key in vRealize Suite Lifecycle Manager
to update the vRealize Subscription Manager usage key option. Once your usage key is
updated, you can generate the license usage report for a specified period.

n View Usage: This tab displays a chart of the usage details for a particular license.

Activating vRealize Cloud Universal Subscription Licenses

In the vRealize Cloud Universal page, you must activate your vRealize Cloud Universal
subscription licenses. After you activate your licenses, you can perform the available license
actions.

Procedure

1 To activate a subscription license, navigate to the vRealize Cloud dashboard, and then click
Cloud Universal.

2 Click Activate Subscription License.

3 Select the check box to confirm that the vRealize Suite products are on the required patches
to proceed.

4 Select the plus (+) sign to add the license key details, and then click Validate. After the
license key is validated, click ADD. Click Next.

Note The license key must be a vRealize Cloud Subscription. When you add a new license,
you can view the license key under Locker in vRealize Suite Lifecycle Manager.

5 Select the Product Type and the Version.

6 Enter the FQDN/IP Address.

7 Based on the selected product, you can select the Admin Password or Root Password.

8 Select the check box to remove all the perpetual licenses from the selected product, if
required.

VMware, Inc. 210

vRealize Suite Lifecycle Manager 8.6 Installation, Upgrade, and Management Guide

9 Click Validate & Add. When the validation is complete, click Next.

10 In the Cloud Connection Details page, you have two options.

n Automatically send subscription license consumption from your on-premises to VMware

Cloud: This check box allows you to send subscriptions to vRealize Suite Subscription
Manager. If you select this check box, enter the API Token details.

n Use vRCU subscription licenses with perpetual licenses: If you select this check box, enter
your Associated MyVMware Account details.

n If you select both the check boxes, you must enter the Network Proxy details.

11 Click Next.

12 You can validate the details in the Summary page, and then click Finish.

What to do next

You can track the request details under the Requests tab.

Day 2 Operations for vRealize Cloud Universal

You can now perform the Day 2 operations in vRealize Cloud Universal.

Day 2 Operations Function

Delete The Delete option removes the selected entry from the
Cloud Universal page, but does not delete the product.

Update Password The Update Password option updates the vRealize Suite
Lifecycle Manager inventory.

Inventory Sync The Inventory Sync option helps to sync with the product
and retrieve the latest license details.

Add/Replace License The Add/Replace License option helps to select a new

license and remove existing licenses.

Day 2 Operations for vRealize Cloud Licenses

You can now perform the Day 2 operations within vRealize Cloud Universal.

Day 2 Operations Function

Connect License to Cloud 1 Connect vRealize Cloud Subscription license to a

VMware organization.
2 Add the license key and the correct API token.
3 The license key would be connected to the
organization where the subscription is redeemed.

Disconnect License to Cloud Disconnect the license key from the vRealize Cloud
subscription.

Usage Bundle Download 1 Select the license key and purpose.

2 Click Download.

VMware, Inc. 211

vRealize Suite Lifecycle Manager 8.6 Installation, Upgrade, and Management Guide

Day 2 Operations Function

Sync Usage 1 Provide the license key and sync usage.

2 Click Sync Usage.
3 You can view the sync usage for all the products.

Update License Key 1 Select the license key from the Usage Bundle
Download option.
2 Select the purpose.
3 Click Download.

VMware, Inc. 212

Troubleshooting vRealize Suite
Lifecycle Manager 9
vRealize Suite Lifecycle Manager troubleshooting topics provide solutions to problems you might
experience installing and managing vRealize Suite with vRealize Suite Lifecycle Manager.

n Unexpectedly Large vRealize Operations Manager Virtual Machine Fails to Power On Due to
Resource Limitations
Large vRealize Operations Manager virtual machines fails to power on due to resource
limitations.

n Environment Deployment Fails During vRealize Log Insight Clustering and VMware Identity
Manager Registration
Environment deployment fails during the Adding vIDM user as vRLI Super Admin task
while running vRLI Clustering and vIDM Registration.

n Change in DNS Server

If there is a change in the DNS server, you can update the vRealize Suite Lifecycle Manager
Appliance DNS Settings.

n Wrong IP Details During vRealize Suite Lifecycle Manager Deployment

If you have given an incorrect IP address or if you want to upgrade an existing IP address
during vRealize Suite Lifecycle Manager deployment, follow the steps provided in this
section.

n Binary Mappings Are Not Populated

Even if the requests for each product binary are marked as completed, the binary mappings
are not populated.

n Content Capture Fails with Secure Field

A vRealize Automation content with a secure field corrupts the field on the target
environment on successful deploy.

n Fix Errors Using Log Files

vRealize Suite Lifecycle Manager log files are present under the following locations for
trouble shooting any issues.

n Blueprint Capture Fails

The captured blueprint fails after the property group is deleted.

VMware, Inc. 213

vRealize Suite Lifecycle Manager 8.6 Installation, Upgrade, and Management Guide

n Component Profile Deployment Fails

When the component profiles are released to vRealize Automation, the values for the text
boxes "Clone from" and "Clone from snapshot" are not assigned automatically.

n Update vRealize Suite Lifecycle Manager Hostname

If you provide an incorrect hostname or if you want to change the hostname of vRealize
Suite Lifecycle Manager after deployment, follow the steps provided in this section.

n Resource Not Found in Directory Management

The system shows an error message in the Directory Management.

n vRealize Automation UI Does Not Display New License Keys

When you apply a term vRealize Cloud Universal license to a vRealize Automation 7.5 or
7.6 instance from vRealize Suite Lifecycle Manager, the request succeeds in vRealize Suite
Lifecycle Manager UI, but newly applied vRealize Cloud Universal license keys are not visible
in vRealize Automation VAMI UI.

n Capture, Test, or Release Fails in vRealize Orchestrator Content

Capturing, testing, or releasing vRealize Orchestrator content may fail due to database
related operations on vRealize Orchestrator.

n Non-Responsive State of License-Related Operations in vRealize Automation 7.6

When performing license-related operations in vRealize Automation 7.6, the corresponding
tasks get into an non-responsive state, and continue to run longer than expected time.

n Import or Inventory Sync of vRealize Suite Product Fails

The import or inventory sync of vRealize Suite product fails with an error message.

n VMware Identity Manager Day 2 Operations Fail When the Root Password Expires
VMware Identity Manager Day 2 operations such as upgrade or root password update fails
when the root password of VMware Identity Manager expires.

n Enable Log Rotation for pgpool Logs on Postgres Clustered VMware Identity Manager
You can enable log rotation for pgpool logs on postgres clustered VMware Identity
Manager installed using vRealize Suite Lifecycle Manager.

n VMware Identity Manager Postgres Cluster Outage Due to Loss of Delegate IP

Troubleshooting VMware Identity Manager postgres cluster outage deployed through
vRealize Suite Lifecycle Manager.

n Importing vRealize Automation invRealize Suite Lifecycle Manager Fails

When importing vRealize Automation in vRealize Suite Lifecycle Manager, the import fails
with an error message.

n vRealize Suite Lifecycle Manager Displays Older Version After an Upgrade

vRealize Suite Lifecycle Manager displays an older version after a successful upgrade.

VMware, Inc. 214

vRealize Suite Lifecycle Manager 8.6 Installation, Upgrade, and Management Guide

n Licenses Disconnected as Day-2 Operation in Cloud Universal UI Are Not Listed for
Reconnect
If you disconnect a connected license from vRealize Cloud > Cloud Universal > License
Actions > Disconnect License to Cloud, then you may not be able to connect it from vRealize
Cloud > Cloud Universal > License Actions > Connect License to Cloud

Unexpectedly Large vRealize Operations Manager Virtual

Machine Fails to Power On Due to Resource Limitations
Large vRealize Operations Manager virtual machines fails to power on due to resource limitations.

Problem

When you deploy vRealize Operations Manager in vRealize Suite Lifecycle Manager, by selecting
node size as large and if you have budgeted resources for a different size virtual machine, the
virtual machine might fail to power on due to resource limitations.

Cause

vRealize Operations Manager deployment size set in vRealize Suite Lifecycle Manager is based
on the number of virtual machines, catalog items, concurrent provisions, and other workload
metrics for your vRealize Operations Manager environment. Virtual machine size is unrelated to
deployment size.

Solution

vRealize Operations Manager virtual machines deployed from vRealize Suite Lifecycle Manager
have a large (16 vCPU and 48 GB RAM) virtual machine size, if deployed with large size, and
require sufficient vCPU and RAM to power on successfully.

Environment Deployment Fails During vRealize Log Insight

Clustering and VMware Identity Manager Registration
Environment deployment fails during the Adding vIDM user as vRLI Super Admin task while
running vRLI Clustering and vIDM Registration.

Problem

Even after you multiple deployment operation, environment deployment fails during the
Adding vIDM user as vRLI Super Admin task while running vRLI Clustering and vIDM
Registration.

The following error message appears in the logs:

{"errorMessage":"Unable to retrieve information about this

user from VMware Identity Manager.","errorCode":"RBAC_USERS_ERROR","errorDetails":
{"errorCode":"com.vmware.loginsight.api.errors.rbac.invalid_vidm_user"}}

VMware, Inc. 215

vRealize Suite Lifecycle Manager 8.6 Installation, Upgrade, and Management Guide

Solution

1 Add the VMware Identity Manager Suite Administrator user to vRealize Log Insight by using
the vRealize Log Insight UI.

See Create a New User Account in vRealize Log Insight.

2 Remove the VMware Identity Manager Suite Administrator user from vRealize Log Insight by
using the vRealize Log Insight UI.

3 Retry the environment deployment in vRealize Suite Lifecycle Manager.

Change in DNS Server

If there is a change in the DNS server, you can update the vRealize Suite Lifecycle Manager
Appliance DNS Settings.

Cause

When a DNS server provided during deployment gets changed, then follow these steps to
update the DNS Settings of vRealize Suite Lifecycle Manager.

Solution

1 SSH to vRealize Suite Lifecycle Manager appliance using root user.

2 Update the DNS setting using the command:

/opt/vmware/share/vami/vami_set_dns
vami_set_dns [-d <domain>] [ -s <searchpath>] DNS_Server_1 [DNS_Server_2]

For example: /opt/vmware/share/vami/vami_set_dns -d sqa.local -s sqa.local 10.1.1.25

3 Close the vRealize Suite Lifecycle Manager virtual appliance.

4 Select the vRealize Suite Lifecycle Manager virtual appliance from vCenter, and then select
Configure.

5 Enable vApp Options.

6 Under Properties, edit the following command:

vami.DNS.VMware_vRealize_Suite_Life_Cycle_Manager_Appliance

7 Power ON the vRealize Suite Lifecycle Manager virtual appliance.

8 Verify the new DNS entry by running the resolvectl status, and then verify the DNS server.

Wrong IP Details During vRealize Suite Lifecycle Manager

Deployment
If you have given an incorrect IP address or if you want to upgrade an existing IP address during
vRealize Suite Lifecycle Manager deployment, follow the steps provided in this section.

VMware, Inc. 216

vRealize Suite Lifecycle Manager 8.6 Installation, Upgrade, and Management Guide

Cause

If you have given an incorrect IP address while deploying vRealize Suite Lifecycle Manager.

Solution

1 SSH to vRealize Suite Lifecycle Manager appliance using root user.

2 Update the IP address using the below command:

vami_set_network <interface> (STATICV4|STATICV4+DHCPV6|STATICV4+AUTOV6) <ipv4_addr>

<netmask> <gatewayv4> For example: /opt/vmware/share/vami/vami_set_network eth0
STATICV4 192.168.1.150 255.255.255.0 192.168.1.1

Binary Mappings Are Not Populated

Even if the requests for each product binary are marked as completed, the binary mappings are
not populated.

Problem

When you navigate from Home > Settings > Product Binaries, the corresponding request is
marked as COMPLETED in the Requests page but the binary mappings are not populated.

Cause

The checksum for the target product binary cannot be same as the one published by VMware.

Solution

u Ensure that the binaries are not corrupted or modified and their SHA256 checksum is the
same as mentioned in MyVMware portal.

Content Capture Fails with Secure Field

A vRealize Automation content with a secure field corrupts the field on the target environment
on successful deploy.

Cause

In vRealize Suite Lifecycle Manager 8.0, the secure field is captured as encrypted from the source
environment and the value cannot be decrypted when deployed.

Solution

u After you successfully deploy, login to the target vRealize Automation and manually update
the secure fields in the content.

VMware, Inc. 217

vRealize Suite Lifecycle Manager 8.6 Installation, Upgrade, and Management Guide

Fix Errors Using Log Files

vRealize Suite Lifecycle Manager log files are present under the following locations for trouble
shooting any issues.

Solution

1 For vRealize Suite Lifecycle Manager 1.1 or older version, service Layer logs are present
in the location /opt/vmware/vlcm/logs/ and the file format is xenon.*.log, the active log
file is xenon.0.log. For vRealize Suite Lifecycle Manager 1.2 or later, this log is available
at /var/log/vlcm and log file name is vrlcm-xserver.log

2 For vRealize Suite Lifecycle Manager 1.1 or earlier version, engine logs are present in the
location /var/log/vlcm/ and the current log filename is catalina.out. For vRealize Suite
Lifecycle Manager 1.2 or later, this log is available at /var/log/vlcm and log file name is
vrlcm-server.log

Note To upgrade from 1.0 or 1.1–1.3, the old LCM service layers log present at the
location /opt/vmware/vlcm/logs/ are in the name console.log, and the new service
layer logs are in the file format xenon.*.log.

Blueprint Capture Fails

The captured blueprint fails after the property group is deleted.

Problem

When a composite blueprint of vRealize Automation have references to any properties like
Property Definition or Property Groups, and if those properties are deleted from the vRealize
Automation then the Blueprint has to be updated in the vRealize Automation or else the capture
in Lifecycle Manager fails.

Solution

1 Edit the Blueprint.

2 Click the Setting icon next to blueprint name at the top.

3 Click the Properties tab (select custom properties tab if any properties were added
previously) and select OK.

4 Select each of the components in the blueprint and select the Properties tab. (select the
custom properties tab if any properties were added previously).

5 Click Save.

6 Click Finish.

VMware, Inc. 218

vRealize Suite Lifecycle Manager 8.6 Installation, Upgrade, and Management Guide

Component Profile Deployment Fails

When the component profiles are released to vRealize Automation, the values for the text boxes
"Clone from" and "Clone from snapshot" are not assigned automatically.

Problem

When deploying an "Image Component Profile" the "Clone From" value of the component profile
is stripped. The "Clone From" text boxes are empty on the target system.

Solution

u You can manually edit the component profile and the respective values from the drop-down
menu.

Note When you capture and release a component profile of vRealize Automation
using vRealize Suite Lifecycle Manager, the name of component profile should start with
"ValueSet".

Update vRealize Suite Lifecycle Manager Hostname

If you provide an incorrect hostname or if you want to change the hostname of vRealize Suite
Lifecycle Manager after deployment, follow the steps provided in this section.

Cause

If you want to update the hostname of vRealize Suite Lifecycle Manager.

Solution

1 Use the Secure Shell (SSH) to access vRealize Suite Lifecycle Manager appliance using the
root user privileges.

2 Update the hostname using the following commands:

rm/opt/vmware/etc/vami/flags/vami_setnetwork

/opt/vmware/share/vami/vami_set_hostname new-hostname

3 Reboot the vRealize Suite Lifecycle Manager appliance.

4 Update the vRealize Suite Lifecycle Manager certificate under Settings in vRealize Suite
Lifecycle Manager.

5 Close the vRealize Suite Lifecycle Manager appliance.

6 Locate the virtual machine in vCenter.

7 Select Configure, and then select vApp Options.

8 Select vami.hostname, set the value, and then update the value to the new hostname.

VMware, Inc. 219

vRealize Suite Lifecycle Manager 8.6 Installation, Upgrade, and Management Guide

9 Power ON the virtual machine, and then change the hostname using the following command:

/opt/vmware/share/vami/vami_config_net

10 Reboot the vRealize Suite Lifecycle Manager appliance.

Resource Not Found in Directory Management

The system shows an error message in the Directory Management.

Problem

When you view or edit the directory in the Directory Management, the system cannot retrieve
the required information from VMware Identity Manager and displays an error message.

Cause

The directory is partially created or the directory configuration is incomplete.

Solution

1 Log in to VMware Identity manager. Verify the directory configuration, and confirm if the
directory is associated with a connector. Also, validate the bind password.

2 If the directory configuration is incomplete, you can configure it in VMware Identity Manager.
You can also use vRealize Suite Lifecycle Manager to remove the directory using the delete
functionality, provide correct configuration details, and then add back the directory.

Solution

Note Any role assigned to the directory user in vRealize Lifecycle Manager must be deleted and
reassigned after the directory is added back.

This is supported in vRealize Suite Lifecycle Manager 8.2 Patch 1 and later releases.

vRealize Automation UI Does Not Display New License Keys

When you apply a term vRealize Cloud Universal license to a vRealize Automation 7.5 or 7.6
instance from vRealize Suite Lifecycle Manager, the request succeeds in vRealize Suite Lifecycle
Manager UI, but newly applied vRealize Cloud Universal license keys are not visible in vRealize
Automation VAMI UI.

Problem

When a term license key is applied on a vRealize Automation 7x instance having a perpetual
license key, the task fails in vRealize Automation. vRealize Suite Lifecycle Manager does not show
this failure and the corresponding request is marked as complete. This problem occurs only when
FIPS mode is enabled in vRealize Suite Lifecycle Manager.

VMware, Inc. 220

vRealize Suite Lifecycle Manager 8.6 Installation, Upgrade, and Management Guide

Cause

This is a known limitation in vRealize Suite Lifecycle Manager with the FIPS mode.

Solution

Disable the FIPS mode before applying vRealize Cloud Universal licenses from vRealize Suite
Lifecycle Manager so that actual errors can be reflected in the vRealize Suite Lifecycle Manager
request UI.

Capture, Test, or Release Fails in vRealize Orchestrator

Content
Capturing, testing, or releasing vRealize Orchestrator content may fail due to database related
operations on vRealize Orchestrator.

Cause

When capturing, testing, or releasing vRealize Orchestrator content, the vRealize Orchestrator
elements may fail on the endpoint when creating content.

Solution

Inspect the vRealize Orchestrator logs and identify the element causing the failure. Delete the
respective element from vRealize Orchestrator and retry.

Non-Responsive State of License-Related Operations in

vRealize Automation 7.6
When performing license-related operations in vRealize Automation 7.6, the corresponding tasks
get into an non-responsive state, and continue to run longer than expected time.

Cause

This occurs when FIPS is enabled in vRealize Suite Lifecycle Manager.

Solution

1 Disable FIPS in vRealize Suite Lifecycle Manager from Lifecycle Operations > Home > Settings
> FIPS Mode Compliance.

2 Cancel the request that is in progress from the Requests page. Alternatively, the request can
be deleted using API, if the option to cancel the request is not available.

3 Trigger the cancelled request. If it is a system scheduled request, it triggers automatically

after specific time interval.

Note The FIPS mode must be disabled in vRealize Suite Lifecycle Manager to avoid this
issue. If FIPS is enabled, then the issue occurs.

VMware, Inc. 221

vRealize Suite Lifecycle Manager 8.6 Installation, Upgrade, and Management Guide

Import or Inventory Sync of vRealize Suite Product Fails

The import or inventory sync of vRealize Suite product fails with an error message.

Cause

When the keyUsage does not have the digitalSignature attribute in the HTTPS certificate
of target product, the import or inventory sync of the vRealize Suite product fails with an error
message.

Solution

Perform the following steps:

1 Click the padlock icon in the address bar of a browser (Chrome, Edge, or Firefox), and then
click Certificate.

2 Click Details, and then click Key Usage.

3 Verify if the digitalSignature attribute is present in the keyUsage. If the

digitalSignature attribute is not present, replace the certificate on the target product with
the certificate that has the digitalSignature attribute present in keyUsage.

VMware Identity Manager Day 2 Operations Fail When the

Root Password Expires
VMware Identity Manager Day 2 operations such as upgrade or root password update fails when
the root password of VMware Identity Manager expires.

Solution

1 Login to the virtual appliance console of VMware Identity Manager in vCenter Server.

2 Update the root password of the VMware Identity Manager virtual appliance.

3 Login to vRealize Suite Lifecycle Manager and run the inventory sync of VMware Identity
Manager. Update the root password of VMware Identity Manager when retrying a failed
inventory sync request.

4 Trigger the Day 2 operations of VMware Identity Manager.

Solution

Enable Log Rotation for pgpool Logs on Postgres Clustered

VMware Identity Manager
You can enable log rotation for pgpool logs on postgres clustered VMware Identity Manager
installed using vRealize Suite Lifecycle Manager.

VMware, Inc. 222

vRealize Suite Lifecycle Manager 8.6 Installation, Upgrade, and Management Guide

Problem

The combined disk usage shown with du -hsc /var/log/pgService/pgService* is more than
50% of total disk capacity of /dev/sda4 as indicated in the output of the command df -h.

Solution

1 When running the command find /etc/logrotate.d -iname pgservicelog, if the

response is /etc/logrotate.d/pgservicelog, then run the following commands:

a touch /etc/cron.d/rotatePgserviceLogs

b echo "*/45 * * * * root /usr/sbin/logrotate /etc/logrotate.d/

pgservicelog" > /etc/cron.d/rotatePgserviceLogs

c For VMware Identity Manager 3.3.2: /etc/init.d/cron restart

For VMware Identity Manager 3.3.3 or later: systemctl restart crond

2 When running the command find /etc/logrotate.d -iname pgservicelog, if there is no

response, then run the following commands:

a touch /etc/cron.d/rotatePgserviceLogs

b touch /etc/logrotate.d/pgservicelog

c echo "/var/log/pgService/pgService.log {

copytruncate

rotate 6

compress

missingok

size 50M

}" > /etc/logrotate.d/pgservicelog

d echo "*/45 * * * * root /usr/sbin/logrotate /etc/logrotate.d/

pgservicelog" > /etc/cron.d/rotatePgserviceLogs

e For VMware Identity Manager 3.3.2: /etc/init.d/cron restart

For VMware Identity Manager 3.3.3 or later: systemctl restart crond

VMware Identity Manager Postgres Cluster Outage Due to

Loss of Delegate IP
Troubleshooting VMware Identity Manager postgres cluster outage deployed through vRealize
Suite Lifecycle Manager.

VMware, Inc. 223

vRealize Suite Lifecycle Manager 8.6 Installation, Upgrade, and Management Guide

Problem

VMware Identity Manager cluster health status displays as CRITICAL in vRealize Suite Lifecycle
Manager Health Notification due to network loss in the VMware Identity Manager appliance.

Cause

Network loss on the postgres cluster primary node. For /usr/local/bin/pcp_watchdog_info

-p 9898 -h localhost -U pgpool command, it would prompt for a password. If /usr/
local/etc/pgpool.pwd file is present on the VMware Identity Manager node, that would
contain the password. If the password is not available, use the default password password.

Command parameters help:

-h : The host against which the command is run is localhost.

-p : The port on which pgpool accepts connections is 9898.

-U : The pgpool health check and replication delay check user is pgpool.

There must be an expected response.

3 YES <Host1>:9999 Linux <Host1> <Host1>

<Host1>:9999 Linux <Host1> <Host1> 9999 9000 4 MASTER

<Host2>:9999 Linux <Host2> <Host2> 9999 9000 7 STANDBY

<Host3>:9999 Linux <Host3> <Host3> 9999 9000 7 STANDBY

In the response, there needs to be a MASTER node and 2 STANDBY nodes present. If any of the
node's status is SHUTDOWN, DEAD or the command execution is struck, follow the steps to resolve
this issue.

Solution

1 Gracefully bring down the services on VMware Identity Manager nodes. Refer to KB 78815 for
the required steps.

2 Power OFF the VMware Identity Manager appliances in vCenter.

3 Power ON the VMware Identity Manager nodes through vRealize Suite Lifecycle Manager.

Importing vRealize Automation invRealize Suite Lifecycle

Manager Fails
When importing vRealize Automation in vRealize Suite Lifecycle Manager, the import fails with an
error message.

Problem

If the details of VMware Identity Manager fails to match with vRealize Automation, when
importing vRealize Automation in vRealize Suite Lifecycle Manager, you may see the following
error message.

VMware, Inc. 224

vRealize Suite Lifecycle Manager 8.6 Installation, Upgrade, and Management Guide

Error Code: LCMVRAVACONFIG590026

vRealize Automation Import failed due to VMware Identity Manager details in vRealize
Suite Lifecycle Manager not matching with the provided vRealize Automation. Please
retry by providing vRealize Automation which has VMware Identity Manager details same
as vRSCLM VMware Identity Manager details.

vRA vIDM details mismatch. vRA Import is supported only if vRSLCM vIDM is matched with
vRA vIDM details.

Cause

The VMware Identity Manager imported into vRealize Suite Lifecycle Manager does not match
the vRealize Automation host that was attempting to import.

Solution

1 Delete globalenvironment from vRealize Suite Lifecycle Manager. This action is supported in
the UI from vRealize Suite Lifecycle Manager version 8.4.

2 Import VMware Identity Manager which is associated with the vRealize Automation host.

3 Create a new request to import vRealize Automation.

vRealize Suite Lifecycle Manager Displays Older Version

After an Upgrade
vRealize Suite Lifecycle Manager displays an older version after a successful upgrade.

Problem

When you upgrade vRealize Suite Lifecycle Manager from version x to version y, vRealize Suite
Lifecycle Manager may incorrectly display version x after a successful upgrade.

Cause

This behaviour displays when VAMI, the component that performs the upgrade, fails to update a
manifest file in vRealize Suite Lifecycle Manager with the upgraded version.

Solution

No action required from user. When VAMI fails to update the version in the manifest file, it
schedules a job that performs this operation in the next cycle in 12 hours.

Licenses Disconnected as Day-2 Operation in Cloud

Universal UI Are Not Listed for Reconnect
If you disconnect a connected license from vRealize Cloud > Cloud Universal > License Actions >
Disconnect License to Cloud, then you may not be able to connect it from vRealize Cloud > Cloud
Universal > License Actions > Connect License to Cloud

VMware, Inc. 225

vRealize Suite Lifecycle Manager 8.6 Installation, Upgrade, and Management Guide

Problem

If you select vRealize Cloud > Cloud Universal > License Actions > Disconnect License to Cloud,
and then disconnect a connected license, you cannot connect the same license from vRealize
Cloud > Cloud Universal > License Actions > Connect License to Cloud as the license key does not
get listed in the UI.

Solution

1 From the Lifecycle Operations dashboard, navigate to Locker, and then select Licenses.

2 Select Connect License from the actions for the license key that is not showing up in Cloud
Universal, and then follow the steps provided in the wizard to connect the license key to
Cloud.

VMware, Inc. 226