In the previous part of the automated deployment of vRealize Suite in VCF 4.1, we deployed the vRealize Operations Manager and we’ve also configured the appliances. In this part we will continue deploying other vRealize Suite products. This part will cover deployment and configuration of vRealize Log Insight.
Before you begin, make sure that you have the vRealize product bundles downloaded on the SDDC Manager and the vRSLCM has synchronized its inventory.
Before you begin with the deployment, verify that your environment meets the following prerequisites and requirements for vRealize Log Insight.
Deploy vRealize Log Insight
Create Multi-SAN certificate
The vRLI cluster will consist of 3 nodes with an internal load balancer. Before the deployment, you must import or configure an SSL certificate for the cluster. In this case, I will create a self-signed SSL certificate, but it is recommended to use a CA signed one in production environments.
- Log in to vRSLCM as vcfadmin@local user under My Services, go to Locker.
- On the Certificate page, click Generate.
- Enter certificate name and fill in all required information. Make sure that Server Domain/Hostname contain all FQDN’s for the vRLI appliances and the IP addresses field contains correct values as well.
- Scroll down and hit the Generate.
Add vRealize Log Insight password
Next, we need to add the password for the vRLI admin user.
- With the vRSLCM still open on the Certificate page, go to Password on the left pane.
- Click Add.
- Enter the password alias, password itself, description, and the use name as well. For vRLI this is the “admin” user.
- Click the Add
Create vRealize Log Insight environment
With the certificate and password in place, we can now start the deployment of the vRLI cluster.
- On the vRSLCM home page, go to Lifecycle Operations under My Services and click Create Environment.
- Enter the environment name, admin email address, select the password for vRLI created earlier, and select your datacenter. Click Next.
- Select vRealize Log Insight as the product. Make sure you review the sizing information and size your environment accordingly. Click Next.
- Scroll down and accept the EULA.
- Select or add correct license and validate the association.
- Next, select the vRLI certificate create or imported earlier and click Next.
- vRSLCM will fetch the infrastructure data. Notice that the network was automatically selected for the regional network segment. Click Next.
- On the Network page, click Next once again as this information is automatically populated from the SDDC Manager.
- On the Products page, select the node size according to the sizing guidelines. The certificate and the password should be automatically assigned. Optionally, you can choose if you want to create affinity rules in DRS, always use English language, or integrate with the WS1A.
- Scroll down on the Products page and enter the FQDN and IP address for the vRLI load balancer VIP.
- Scroll down to Components and for every vRLI node, enter the virtual machine name, FQDN, and IP address. Optionally, you can review the advanced configuration for each appliance by clicking the gear button on the right. These parameters will already be populated for you. Click Next.
- Run the precheck. Fix issues if any. Click Next.
- On the Summary screen, review the settings, export the config if required, and click Submit to start the deployment.
vRSLCM will switch to Request Details page where you can monitor the deployment progress. This process can take some time to finish. Once completed, the vRealize Operations Manager will now be added to the SDDC Manager inventory.
Configure DRS Anti-Affinity Rules
As mentioned in the documentation, to protect the vRLI VM’s from a host-level failure, you must configure DRS to run the virtual machines on different hosts in the cluster.
Note: if you selected that the affinity/anti-affinity rules should be created by vRSLCM, verify that the rules are indeed created and skip this part. If not, refer to the online documentation for detailed configuration steps
Define start-up order for vRealize Log Insight appliances
Just as with vRealize Operations Manager in the previous part, we need to make sure that the vRLI cluster powers on after the WS1A appliances.
- Open the Management vCenter Server and log in as firstname.lastname@example.org.
- Select the cluster resource and on the Configure tab, go to Configuration -> VM/Host Groups.
- Click the green Add button, enter a name for the group (i.e. vRLI Appliances), and add all vRLI VM’s as members of this group. Click OK to create the group.
- Next, create a rule to power-on the WS1A before the vRLI cluster.
- Under Configuration, select VM/Host Rules.
- Click Add.
- Enter the rules name (i.e. vRLI-WS1A-Dependency), Virtual Machines to Virtual Machines as Type, and set the dependency of vROps VM’s to the WS1A VM’s.
- Click OK.
Connect vRealize Log Insight to Workload Domain
At this point, you can connect your vRLI cluster to the already deployed workload domains if there are any. Since, I don’t have it yet in my lab, I will skip this part. You can check the online documentation for the configuration steps.
Integrate vRealize Log Insight with Workspace ONE Access
In order for users to be able to login, you need to configure vRLI integration with WS1A.
- Open your browser and navigate to the vRLI cluster IP address (VIP).
- Log in as the admin user.
- Go to Administration -> Configuration -> Authentication and enable Single Sign-On.
- Enter the FQDN or IP of your WS1A cluster, enter the admin user credentials, and click Test Connection. Accept the certificate.
- Make sure that the Redirect URL Host is set to the FQDN of your vRLI cluster.
- Click Save.
You can test the authentication via WS1A buy logging out as the local admin user. Once you return to the log in page, you should now be able to select the VMware Identity Manager from the drop-down list at the vRLI login page.
Configure vSphere integration
As mentioned in the documentation, SDDC Manager automatically integrates vRLI to the management and workload domain vCenter Server instances. You can double-check the integration once logged in on the vRLI cluster and navigating to Administration -> Integration -> vSphere. Collection Status should read: Collecting.
Configure vRealize Operations Manager integration
SDDC Manager also automatically integrates vRLI with vROps but you have to update the configuration to enable the “Launch in Context” feature.
- With your vRLI cluster still open in the browser from the previous step, navigate to vRealize Operations under Integration on the Administration
- Check “Enable launch in context” option, enter the password and click Test.
- Accept the certificate.
- Click Save.
At this point the automated deployment of vRealize Log Insight is completed. You can also configure the NSX-T edge devices from the management and workload domains to send the logs to your vRLI cluster VIP. And finally, configure the log retention for the vRLI cluster according to your needs.
This concludes part 3 in the automated deployment of vRealize Suite in VCF 4.1 series. In part 4, we will deploy vRealize Automation!