VRLCM 2.0 start to be really usable with certificate management, deployment, upgrade and content management and automatic and centralized authentification with external vidm brings with vRealize Life Cycle Manager.
The solution is “in its simpliest” usage based on an unique appliance. During the deployment, users are able to define if the unique usage is like deploy and upgrade or if the usage of content management will be realized through this solution.
In the most simplified architecture of this, using only one appliance can be find with an organization with one users for example or users who shared the “admin@localhost” default account ( eq of root).
This account will be able to do all the tasks that can be granularity exposed to specific users / groups to do a well organized dev taskforce on the vrealize SDDC platform.
In those posts, we will cover all the configuration and management of vRealize with external identity management solution like vIDM.
The architecture that will be used is based on those elements :
- One Vrealize life cycle manager appliance
- One Vmware Identity Manager
The solution relies on some standard solutions :
- DNS and ability to obtain ICMP response
- PROXY Services with capacity to send ICMP too
- DIRECTORY solutions (mainly based on Active Directory)
All those solutions will be deployed on a vSphere architecture.
The next schema present the overall solution and the basics interaction between several components.
- PKI will be able to issue certificates (I recommand using certgenvvd tools that doing simply the job and are useful to generate all the files we need for SDDC platform.
- GITLAB will be used as and endpoint of vRealize LCM to manage external repository of code, review and validation process.
- SOURCE can be either local, nfs or myvmware with users creds that can obtain product and license.
- DIRECTORY is you current Active Directory infrastructure. I didn’t try with others solution so I can only talk about the validation of the products I used. Vmware Identity Manager is able to talk with a lot of authentication solutions too.
Well great, after this first big picture … let’s start to deploy the solution.