Last Post As VMware Employee

Dear readers and followers this is just to inform you all that from November 1st 2015 I will no longer be working for VMware. Instead I will be working for Splunk as Head of Cloud Practice for EMEA.

I worked for VMware for over 4.5 years and loved the technology and the company but the opportunity is just too big to miss.

Have a look at my new blog to document my adventures with Splunk:

Thanks again for all your support.

See you somewhere for sure.




Leave a comment

Advanced Gating Rules in vRealize Code Stream

Recently VMware released vRealize Code Stream which is an application release automation and continuous delivery solution that allows developers and operations teams to release software more frequently and efficiently, all the while leveraging their investments in existing developer and operations tools. It offers Pipeline Automation to model any release process for any kind of software, Artifact Management to assure the right artifact versions for each release and a Release Dashboard to get full visibility into your release process.

One of the key features in vRealize Code Stream is the ability to define Gating rules which allows to control what happens between individual stages in a pipeline. Let’s say you want to run an automated test, or a manual approval is required before you deploy into a production environment. vRealize Code Stream lets you define gating rules between stages to allow for these types of validations.

If the gating rule is not configured, then the process proceeds to the next stage regardless of the outcome of tasks in the current stage.


The default gating rules are  Test Acceptance Threshold and Approvals.

Advanced Gating Rules– At the moment a specific Gating rule can either be Approval based or Test acceptance based but not both at the same time. So if I need to achieve both (for example run some automated Selenium test and also get approval) then how can I achieve that?

In the future we are planning to introduce a complex Gating Plugin which could take many options based on any task output and take a Boolean decision (approve/reject) based on options configured. For now we can write a vRealize Orchestrator workflow which can take task output as one of the input and approval workflow name as another input. The idea here is that you can create one workflow where you include a workflow element which is tied to Test Threshold workflow followed by another workflow element which is tied to the Approval workflow. All you need is the same input which you have in Test Threshold as the input parameter to this new workflow as well. Tag this new workflow as vRCS_GATING_RULE (global tag). To tag a workflow in vRO just run this workflow: “Library > Tagging > Tag workflow” and enter the tag as vRCS_GATING_RULE.

After you tag your workflow in vRO with vRCS_GATING_RULE, when you configure your gating rule in the pipeline template and select “If outcome of a vRO workflow is successful”, you will then see your new workflow appear in the same selection box as “Approval” and “Test Acceptance Threshold”.

If you select the newly added workflow, it will help you achieve a more complex Gating rule to include both an approval step and an automated test step at the same time.

Here is the vRO workflow for your convenience:

Jobe done!

, , ,

Leave a comment

Deploy OVA/OVF from vRealize Automation Portal

Lately I had to deliver a use case around automating the deployment of an ova appliance, more specifically IBM WebSphere DataPower. So spin up a virtual image, add to network etc…
Luckily I managed to find and ova/ovf plugin for vRealize Orchatrator I can use: from one of VMware’s partners called SVA ( and I would like to take this opportunity to thank Sascha Bitzer and Christian Strijbos from SVA for putting this plugin together and improving it based on my feedback.

The latest version of the this plugin is returning VC:VirtualMachine object from the importVM action, which is great because then I can then use this output parameter to feed into other workflow steps such as for example powering-on the ova once it has finished deploying, which is what I am doing in this vRO workflow:


The scriptable task’s job is to retrieve the VM name from the array output coming from the previous “Get Virtual Machines by name” workflow step. It will always be one VM so no need for an array but I was too lazy to change it:

System.log(“found VMs ” + vms.length);

for (var i in vms) {
var outputvm = vms[i];
System.log(“out vm = ” + outputvm);

In vRA Portal, I then used the Advanced Service Designer (ASD) to add a new Catalog item which looks like this:


So please first install the plugin from VMware Solution Exchange and then you can optionally use my workflow which is attached here for your convenience:

Jobe done!

, , ,

Leave a comment

vRealize Application Services Fails to Connect to vRA Cloud Provider

Recently I was using vRealize Automation (vRA) 6.2.1 with vRealize Application Services (vRAS) 6.2 and I encountered a strange issue. When I went to vRAS > Cloud Provider and select “Validate connection” I got “Could not connect to the Cloud Provider at https://(Your_vRA_IaaS_VM): BusinessGroup not found id= dd55fda1-df67-4b38-b93e-f6301f9e9696 – java.lang.IllegalStateException: Expected BEGIN_OBJECT but was STRING”.

This used to work so I was a bit annoyed the night before a big demo I was supposed to be delivering.

I tried unregistering vRAS with vRA “unregister-vcac-server” and registering again with this command: “register-vcac-server –componentRegistryUrl vCACServerURL –ssoAdministratorUsername UserName –ssoAdministratorPassword Password” but the problem remained. Strangely when I restarted the entire vRA IaaS Windows box then the error in vRAS would disappear for a couple of minutes but then come back again.

This got me thinking it was a timing issue as vRA as a platform is “time sensitive” so all components need to be synched on the same time zone with similar NTP settings. And indeed when I looked at the Windows IaaS machine it was on Pacific Time and then when I SSH’ed into the vRAS appliance it was on UTC time so quite a big difference.

So I did the following:

1. Set the timezone on the vRAS appliance to the same as the vRA appliance, vRA Identity Appliance and IaaS Windows VM:


2. Login as darwin_user into a Putty session to the host name of your vRAS server. Then sudo up to root by typing su – and press enter then enter the root password.

3. Change directory to etc by typing cd /etc and press enter. Edit the ntpd.conf and add an ntp server type vi ntpd.conf and press enter. Click insert to change the server address to your NTP time source and hold SHIFT and press ZZ to save it:


4. Now type “chkconfig –level 35 ntp on” and press enter. Then start the NTP service: “service ntp start”.

5. Restart the vRAS service: “service vmware-darwin-tcserver restart”. You should be good to go now.

6. On the vRA IaaS Windows VM run the following command in a PowerShell windows as admin:

“w32tm /config / /syncfromflags:MANUAL”

and then:

“Stop-Service w32time” followed by “Start-Service w32time”

Remember more than 1 minute time difference between vRA IaaS VM, vRA appliance, vRA Identity Appliance and vRealize App Services may cause these type of issues so get your “timings” right.

In vRAS Cloud Provider you should now see the following:


Job Done!


Leave a comment

New- vCloud Automation Center 6.1 Reference Architecture and High Availability Guides


Scalability, availability and performance are three attributes that are critical to any IT management solution.  The default configurations for most enterprise software products are designed for rapid initial deployment and not intended to handle the needs of every customer.  In this regard, vCloud Automation Center is no different than other software products. 

These NEW deployment Guides provide you with guidance and best practices required to configure vCloud Automation Center 6.1 to meet your specific scalability and availability needs.

 These documents looks at the components in the standard configuration and documents how the default parameters can be configured and components scaled to meet the needs of configurations with 1,000, 10,000 and 50,000+ machines under management.  In addition high availability considerations are also discussed.  This information is designed to augment information provided in the Install and configuration manual.

, , , , , ,

1 Comment

Update ServiceNow CMDB As Part Of IaaS Machine Life Cycle

In a previous post I explained how to update a CMDB as part of IaaS machine lifecycle. The example I used was a generic MSSQL Server table. In this blog post I want to give a more concrete example, namely ServiceNow.

The use case, as I have built it, is using vCO and the REST API’s of ServiceNow and is doing the following: When the machine is requested and provisioned from vCAC portal by the user: A Configuration Item (CI) record is automatically and immediately created in ServiceNow CMDB with the machine attributes coming from vRealize Automation (VM name, IP, CPU Count etc…) The Configuration Item “State” property in ServiceNow CMDB is shown as “On” since the machine exist and is of course running. When the machine is destroyed from the vRealize Automation portal by the user: The same previously created CMDB CI record is not deleted but instead its “State” property is now updated to say “Retired” instead of the previously “On” state. This way, we still have a record of the deleted machine in the CMDB while the “State” property is telling us if the machine exist or not.

Steps needed:

1. In vCO add your ServiceNow host as a REST HTTP Host, for example:


2. Add 2 REST operations:

-A POST one for CreateVM in CMDB: /api/now/table/cmdb_ci_vm_instance?JSON=&sysparm_action=insert

-A PUT one for UpdateCIBysysid in CMDB: /api/now/v1/table/cmdb_ci_vm_instance/{sys_id}

The result in vCO inventory should look as follows:


3. Decide which properties you want to send from vRealize Automation to ServiceNow CMDB as CI attributes. In my workflow I am sending a combination of both OOTB properties like “VirtualMachine.Memory.Size” and custom ones I have attached to the IaaS bluepring like “cost” for example or “location”.

The first scriptable task in the vCO workflow needs to reflect what you want to send to ServiceNow for example:

var hostName = vmentity.getProperty(“VirtualMachineName”);

var vmProps = vmentity.getLink(vcacHost,”VirtualMachineProperties”);

for each (var prop in vmProps) {
var propertyName = prop.getProperty(“PropertyName”);
var propertyValue = prop.getProperty(“PropertyValue”);
if (propertyName == “VirtualMachine.CPU.Count”) {
var cpuTotalCount = propertyValue;
if (propertyName == “VirtualMachine.Memory.Size”) {
var memoryTotalSize = propertyValue;
if (propertyName == “VirtualMachine.Disk0.Size”) {
var diskTotalSize = propertyValue;
if (propertyName == “VirtualMachine.Admin.UUID”) {
var uuid = propertyValue;
if (propertyName == “VirtualMachine.Network0.Address”) {
var ip = propertyValue;
if (propertyName == “__Legacy.Workflow.User”) {
var owner = propertyValue;
if (propertyName == “VirtualMachine.Network0.DnsSuffix”) {
var dns = propertyValue;
if (propertyName == “cost”) {
var daily_cost = propertyValue;
if (propertyName == “VirtualMachine.Network0.MacAddress”) {
var mac = propertyValue;
if (propertyName == “location”) {
var location = propertyValue;

Note: “vmentity” is input parameter of type “vCAC:Entity” coming dynamically from vRealize Automation during provisioning. “vcacHost” on the other hand we set in advance to point to our vRealize Automation server (previously known as vCAC).


1. Create VMware VM Instance CI – Uses this POST Rest call:


2. Update VMwareVM Instance CI by sys_id- Uses this PUT Rest call:


You will notice the POST and the PUT REST operations use different cmdb tables in SNOW (cmdb_ci_vm_instance and cmdb_ci_vmware_instance) but for me that didn’t create any issue, it worked well this way. In the POST/insert workflow I grab the sys_id from the CI to be stored in vRealize Automation as a custom property on the blueprint so that when I destroy the VM in vRealize Automation it knows which CI to update in SNOW with the status “Retired”. So make sure you have attached/defined a custom property called “sys_id” to the relevant vRealize Automation IaaS blueprint.

Now we need to associate these 2 workflows with a vCAC external Stub. More information about vCAC external stubs and how they can be associated with vCO workflows and triggered at runtime can be found here in Chris Alleaume’s excellentt blog: Chris’s Blog

Make sure you associate your “Create_VMware_VM_Instance_CI” workflow with MachineProvisioned stub and  “Update_VMwareVM_Instance_CI_by_sys_id_(1)” workflow with MachineDisposing stub as described in Chris’s blog.

So now in ServiceNow when a machine is requested and provisioned from the vRealize Automation Portal, a new CI is created with the “On” state:


And when the same machine is deleted from the vRealize Automation portal, the State is now set to “Retired”:


Job Done.

Here are the workflows attached:

, , , , , , ,


Prompting the IaaS Portal User To Say “Yes/No” to VM Backup with EMC Avamar during Machine Request

In previous blog posts I have explained how to “intercept” vRealize Automation (previously known as vCAC) IaaS machine provisioning at its different machine provisioning steps to integrate with 3rd party systems (E.G. F5). In this example I would like to show how to prompt the user for input (E.G. Yes/No) in the request form, and then based on the user selection, get vCenter Orchestrator (vCO) to add the provisioned machine to a pre-defined Avamar backup group.

First we need to identify how to integrate with EMC Avamar. In this example we have selected to SSH to the Avamar server and run some MCCLI commands. For example:

1. mccli client add

2. mccli group add-client

3. mccli group remove-client

So the vCO Workflow will look like this:


In vCO, the first step will be to get the value from the property in vRealize Automation relevant blueprint which is capturing the user input (Yes/No). We use a vCO scriptable task for this which includes the following code:

var clientName = virtualMachineEntity.getProperty(“VirtualMachineName”);
var vmProps = virtualMachineEntity.getLink(vcacHost,”VirtualMachineProperties”);

for each (var prop in vmProps) {
var propertyName = prop.getProperty(“PropertyName”);
var propertyValue = prop.getProperty(“PropertyValue”);
if (propertyName == “avamar”) {
if (propertyValue == “Yes”) {
avamar_input = true; }

Note: “virtualMachineEntity” is input parameter of type “vCAC:Entity” coming dynamically from vRealize Automation during provisioning. “vcacHost” on the other hand is a vCO attribute we set in advance to point to our vRealize Automation server (previously known as vCAC). “avamar_input” will be defined as a boolean Output Parameter of the first scriptable task since we are going to use its value in the “Decision” object whether or not to perform the backup based on the user selection.

As you can see from the code “avamar” will be the property we are going to use in vRealize Automation blueprint to prompt the user and then based on that selection we can then use a vCO “Decision” object to perform the backup action or not.

To make the property selection more presentable we can use vRealize Automation Property dictionary. First let’s add the “avamar” property to the relevant blueprint and make sure that “Prompt User” is set to “Yes”:


Then create a Property dictionary with the same name (“avamar”) of type “DropDownList” and make sure that “Required” is set to “Yes”:


Make sure you click on “Edit” and type the value you want the user to choose from (Yes/No):


Now back to your vCO workflow, here is a table of the Attributes one needs to set before running the workflow:

Name Type Value Description
vcacHost vCAC:VCACHost Insert you vCAC Server here Your vCAC Server
hostNameOrIP String Hostname or IP address of the SSH host Hostname or IP address of the SSH host
username String SSH Root User SSH Root User
password SecureString Root User Password Root User Password
path Path /etc/vco/app-server/vco_key Path to private key (most probably /etc/vco/app-server/vco_key)
avamarGroup String Insert your group name/td> backupGroup on Avamar system
vcDomain String Insert your VC FQDN vCenter Server FQDN
virtualDC String Insert the Virtual DC the VM is deployed in Virtual DC the VM is deployed in
vmFolder String Insert the VC Folder the VM resides in< VC Folder the VM resides in

Now we need to associate these 2 workflows with a vCAC external Stub. More information about vCAC external stubs and how they can be associated with vCO workflows and triggered at runtime can be found here in Chris Alleaume’s excellent blog: Chris’s Blog

Make sure you associate your “a Add Client to Avamar” workflow with MachineProvisioned stub and  “Remove Client from Avamar Group” workflow with MachineDisposing stub as described in Chris’s blog.

Job Done.

We are now ready to request a machine. Note how the user is given a choice for the backup (Yes/No) at request time:


Then in VCO based on the user selection we should see the backup taking place or not:


For your convenience the two vCO workflows mentioned above can be downloaded from here:

, , , , , ,

Leave a comment