Frequently Asked Questions (FAQ) - Private Cloud Automation


What products are included in this VMware Validated Solution?

The solution includes VMware vRealize Automation. vRealize Automation streamlines multi-cloud infrastructure and application delivery, enhances visibility and cross-functional collaboration, and provides continuous delivery and release automation. vRealize Automation is a bundled offering of vRealize Automation Cloud Assembly™, vRealize Automation Service Broker™, vRealize Automation Code Stream™, and vRealize Automation SaltStack Config. vRealize Automation contains an embedded vRealize® Orchestrator™ instance.

  • vRealize Automation Code Stream is out of scope for this VMware Cloud Foundation validated solution, but may be used to further extend the solution capabilities.
  • vRealize Automation SaltStack Config is out of scope for this VMware Cloud Foundation validated solution, but may be used to further extend the solution capabilities.
Does this solution include the use of vRealize Automation Cloud?

No, the solution's design objectives are based on the use of the on-premises deployment and configuration of vRealize Automation and the related integrations native to VMware Cloud Foundation.

What clouds are supported in this solution?

The solution provides support for private cloud automation on VMware Cloud Foundation instances and allows you to extend the solution to support hybrid (e.g VMC) and public cloud automation extension (e.g. AWS, Azure, and GCP.)

Does this solution support the use of alternative to the NSX load balancer?

This solution does not cover this deployment and operations path. The solution is authored to use the automated deployment and configuration of the standalone NSX Tier-1 Gateway that is used for vRealize Suite load balancing. When a product is deployed by the vRealize Suite Lifecycle Manager instance in Cloud Foundation-mode, the load balancer profiles, monitors, pools, virtual servers, etc. are deployed to specification using a new workflow step in the deployment request. vRealize Suite Lifecycle Manager instructs SDDC Manager to create the load balancer objects on the standalone NSX Tier-1 Gateway that’s created during the initial deployment of vRealize Suite Lifecycle Manager.

However, some customers have business or technical requirements to use alternative load balancer solution, such as, AVI, F5 Big-IP LTM, or NetScaler.

If you require the use of an alternative load balancer, a decision point exists to deviate from this solution and deploy vRealize Suite Lifecycle Manager using vRealize Easy Installer instead of using SDDC Manager – non-Cloud Foundation mode – followed by the deployment of Workspace ONE Access and the desired vRealize Suite products. Please refer the load balancer configuration settings outlined in the detailed design and translate these to your required load balancer.

After the deployment of vRealize Automation on VMware Cloud Foundation, how are certificates generated and updated as a day-two action?

Although the vRealize Suite products are integrated into SDDC Manager in Cloud Foundation, only the certificate for vRealize Suite Lifecycle Manager is managed by SDDC Manager. You can use SDDC Manager to replace the certificate for vRealize Suite Lifecycle Manager.

The certificates for vRealize Automation (as well as Workspace ONE Access, vRealize Log Insight, vRealize Operations) are managed by vRealize Suite Lifecycle Manager via the Locker.

If an issue occurs with vRealize Automation and VMware issues a hot patch, is it okay to install the hot patch?

Yes, hot patches may be applied to the vRealize Automation as required using vRealize Suite Lifecycle Manager. These hot patches may be download to vRealize Suite Lifecycle Manager using the My VMware integration or the binaries may be uploaded to vRealize Suite Lifecycle Manager and then mapped in the user interface.

Which architecture model for VMware Cloud Foundation is used in the solution?

The solution is optimized for the standard architecture model with VMware Cloud Foundation instances consisting of a management domain and one or more workload domains.

You may use the design for the consolidated architecture models with the following exceptions and caveats:

  1. Do not set the No Access role on the management domain for the integration service accounts used for both vRealize Automation- and vRealize Orchestrator-to-vSphere.
  2. Place the vRealize Automation virtual appliances within the resource pool for management workloads used in a consolidated architecture.
  3. Continue to deploy a three-node vRealize Automation cluster deployment with an NSX load-balancer. A single node vRealize Automation deployment is not available in a vRealize Suite Lifecycle Manager environement that is enabled for VMware Cloud Foundation integration.

Does the solution allow the deployment of vRealize Automation at a baseline and then scale-up later, if needed? 

Yes. The VMware Cloud Foundation releases in this solution include a vRealize Suite Lifecycle Manager version that supports scale-up operations for vRealize Automation. from medium to extra-large.

Does this solution enable vRealize Automation to support automated provisioning across multiple instances/sites?

Yes. You can configure cloud accounts for vSphere and NSX environments across instances/sites. Just be aware that firewall rules apply for the source/destination path. Additionally, vRealize Automation has support for cloud accounts that support VMware Cloud on AWS, Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform (GCP) for a multi-cloud experience.

Does the solution support the use of NSX Federation?

The vRealize Automation version in this solution does not fully support integration with NSX Federation and therefore does not support the consumption or provisioning of NSX Federation global policy objects; however, vRealize Automation can be deployed on federated NSX segments.

Additionally, this solution does not use the VMware Cloud Foundation cloud account type. SDDC Manager does not manage NSX Federation and related NSX Global Manager instances. This solution is designed to allow support when NSX Federation is enabled for vRealize Automation consumption and provisioning of NSX Federation global policy objects.

Does the solution include the use of multi-tenancy with vRealize Automation?

No, vRealize Automation multi-tenancy is not used in this solution but is supported on VMware Cloud Foundation.

However, you may adapt the solution to provide multi-tenancy as needed. Additional requirements will be required for DNS and multi-SAN certificates. Please refer to the vRealize Automation documentation.

Does the solution provide any automation of initial deployment or on-going tasks?

Yes. The solution includes the optional use of Terraform desired and Microsoft PowerShell to perform many of the deployment and configuration procedures.

For the Terraform-based procedures, you must first clone the repository and install Terraform. The subsequent procedure options will set the minimally required variables and automate the procedure.

For the Powershell-based procedures, you must first install the PowerValidatedSolutions PowerShell module from the PowerShell Gallery. The subsequent procedure options will set the minimally required variables and automate the procedure.

More detail on using the automation can be found in the solution's implementation guidance.

Are the use of Terraform and PowerShell procedures required for deployment?

No, UI implementation procedures are included, as well.

Does the solution support product upgrade flexibility for the cloud management products?

This solution does not cover this deployment and operations path. The solution is authored to use designated releases of VMware Cloud Foundation as an integrated solution stack. Each Cloud Foundation release has a specific Bill of Materials (“BOM”). This BOM sets the basis and the pace of upgrades for the Cloud Operations and Automation solutions.

Does the native integration between Cloud Foundation and the vRealize Suite support deploying vRealize Automation without high-availability?

The solution does not cover this deployment and operations path; therefore, vRealize Automation must be deployed in a three-node cluster.

What integrations are supported in this solution?

Solution interoperability includes:

  • vRealize Operations Manager to direct workload placement and assign the pricing policies for the monetary impact of deployments and their resources. You can also use vRealize Operations Manager display metrics, insights, optimization opportunities, and alerts in vRealize Automation.
  • vRealize Log Insight is integrated into the VMware Cloud Foundation environment, the vRealize Log Insight plugin for Fluentd on vRealize Automation automatically enabled to to send logs to vRealize Log Insight. You can use the vRealize Automation content pack for vRealize Log Insight to provide a consolidated summary of log events across vRealize Automation components for log analysis.

After the deployment of vRealize Automation on VMware Cloud Foundation, it's configured to send logs to vRealize Log Insight using cfapi 9000. Can this be updated to cfapi 9543 for encryption?

The default configuration is unencrypted. To ensure that the transmission of logs between vRealize Automation and vRealize Log Insight is encrypted using SSL, you must update the default configuration for vRealize Automation to send logs to vRealize Log Insight using the ingestion API, cfapi, on TCP port 9543 using the vRealize Automation vracli.

For example, on the primary vRealize Automation cluster node, execute the following: vracli vrli set https://<vrli_ilb_fqdn>:9543.

Where can I find more resources?

More resources are available at


Filter Tags

Cloud Foundation 4.3 Cloud Foundation 4.3.1 Cloud Foundation 4.4 Cloud Foundation 4.4.1 Cloud Foundation 4.5 vSAN Ready Nodes VxRAIL Document Validated Solution Planning