thecloudxpert

Configuring Multi-Org Tenancy in vRA 8.x - Part 1: DNS Requirements

vRealize Automation vRA Multi-Tenancy

Published on 14 April 2020 by Christopher Lewis. Words: 902. Reading Time: 5 mins.

Introduction

In this series of posts, we will be taking a look at how to configure a Multi-Organization Tenancy (aka Multi-Tenancy) in vRealize Automation (vRA) 8.x.

In this post, we will be looking at the additional DNS requirements for configuring vRA 8.x Multi-Organisation Tenancy. We will cover which DNS Records are required and then cover how those can be created easily using PowerShell.

For more information on the rest of the posts in this series, click here .

DNS Record Creation

In this section, we will highlight which DNS A and CNAME records that need to be created and then how to use PowerShell to create the DNS A, PTR and CNAME Records to support the multi-organization tenant configuration.

Which DNS Records do I need to create? (Simple Deployment)

The following DNS Records should already exist in the DNS infrastructure because they were required to originally deploy vRA:

Table: Original vRealize Automation 8.x installation DNS records
Appliance DNS Name DNS Record Type IP Address
vRealize Suite Lifecycle Manager lcm.domain.name A Record 172.16.50.120
Workspace ONE Access idm.domain.name A Record 172.16.50.122
vRealize Automation vra.domain.name A Record 172.16.50.126

To support multi-tenancy in a Simple deployment we need the following DNS records created per Organization/Tenant:

  • One DNS A Record with the Organization Name as the DNS prefix (i.e. org.domain.name) that uses the same IP address as the WOA Appliance DNS A Record (idm.domain.name).
  • One DNS CNAME Record with the Organiation Name as the DNS prefix (i.e. org.vra.domain.name) that points to the vRA Appliance DNS A Record (vra.domain.name).

In our scenario, the following additional DNS Records will need to be created to support the enabling of multiple Organizations within vRA 8.x:

Table: Multi-Organization Tenancy vRealize Automation 8.x DNS records for a Simple Deployment
DNS Name DNS Record Type Value Notes
provider.domain.name A 172.16.50.122 The DNS A Record for the WOA Appliance for the Provider/Default Organization
medtech.domain.name A 172.16.50.122 The DNS A Record for the WOA Appliance for the MedTech Hospital Organization
medtech.vra.domain.name CNAME vra.domain.name The DNS CNAME Record for the vRA Appliance for the MedTech Hospital Organization
fintech.domain.name A 172.16.50.122 The DNS A Record for the WOA Appliance for the FinTech Bank Organization
fintech.vra.domain.name CNAME vra.domain.name The DNS CNAME Record for the vRA Appliance for the FinTech Bank Organization
scitech.domain.name A 172.16.50.122 The DNS A Record for the WOA Appliance for the SciTech Labs Organization
scitech.vra.domain.name CNAME vra.domain.name The DNS CNAME Record for the vRA Appliance for the SciTech Labs Organization

Note: For the default/provider organization, we only need the to configure the DNS A Record that points to the WOA appliance IP address.

Which DNS Records do I need to create? (Clustered Deployment)

The following DNS Records should already exist in the DNS infrastructure because they were required to originally deploy vRA:

Table: Original vRealize Automation 8.x installation DNS records (Clustered)
Product Appliance/VIP DNS Name DNS Record Type IP Address
vRealize Suite Lifecycle Manager Appliance lcm.domain.name A Record 172.16.50.120
Workspace ONE Access VIP idm-vip.domain.name A Record 172.16.50.121
Workspace ONE Access Appliance idm01.domain.name A Record 172.16.50.122
Workspace ONE Access Appliance idm02.domain.name A Record 172.16.50.123
Workspace ONE Access Appliance idm03.domain.name A Record 172.16.50.124
vRealize Automation VIP vra-vip.domain.name A Record 172.16.50.125
vRealize Automation Appliance vra01.domain.name A Record 172.16.50.126
vRealize Automation Appliance vra02.domain.name A Record 172.16.50.127
vRealize Automation Appliance vra03.domain.name A Record 172.16.50.128

To support multi-tenancy in a Clustered deployment we need the following DNS records created per Organization/Tenant:

  • One DNS A Record with the Organization Name as the DNS prefix (i.e. org.domain.name) that uses the same IP address as the WOA VIP DNS A Record (idm.domain.name).
  • One DNS CNAME Record with the Organization Name as the DNS prefix (i.e. org.vra-vip.domain.name) that points to the vRA VIP DNS A Record (vra-vip.domain.name).

In our scenario, the following additional DNS Records will need to be created to support the enabling of multiple Organizations within vRA 8.x:

Table: Multi-Organization Tenancy vRealize Automation 8.x DNS records for a Clustered Deployment
DNS Name DNS Record Type Value Notes
provider.domain.name A 172.16.50.121 The DNS A Record for the WOA VIP for the Provider/Default Organization
medtech.domain.name A 172.16.50.121 The DNS A Record for the WOA VIP for the MedTech Hospital Organization
medtech.vra-vip.domain.name CNAME vra-vip.domain.name The DNS CNAME Record for the vRA VIP for the MedTech Hospital Organization
fintech.domain.name A 172.16.50.121 The DNS A Record for the WOA VIP for the FinTech Bank Organization
fintech.vra-vip.domain.name CNAME vra-vip.domain.name The DNS CNAME Record for the vRA VIP for the FinTech Bank Organization
scitech.domain.name A 172.16.50.121 The DNS A Record for the WOA VIP for the SciTech Labs Organization
scitech.vra-vip.domain.name CNAME vra-vip.domain.name The DNS CNAME Record for the vRA VIP for the SciTech Labs Organization

Note: For the default/provider Organization, we only need the to configure the DNS A Record that points to WOA.

Creating a DNS Records using PowerShell

The DNS Records can be created in a multitude of ways. The way I try to do things is using PowerShell. The following commands provide examples on how to create the required DNS records with PowerShell.

Note: The commands above have been tested on Windows Server 2016 Server with Active Directory and DNS installed.

Bringing it all together!

The DNS requirements for vRA 8.x Multi-Organization Tenancy can be very complicated. Hopefully this article has helped demystify which DNS records are required for both Simple and Clustered deployments.

In Part 2 of the Series we will look at how to create Subject Alternate Name certificates to support the vRA 8.x Multi-Organization Tenancy.

Published on 14 April 2020 by Christopher Lewis. Words: 902. Reading Time: 5 mins.


Blog Categories: VMware vRealize Automation
Related Post(s):
Recent Posts:

Blog Categories:
active directory 6 aria automation 8 aria operations 2 aws 2 blog 1 career 1 certificate authority 5 certificates 1 certification 91 cloud management 1 cloudnativecon 1 community 1 fun 1 general 9 hands on labs 1 home lab 2 kubecon 1 kubernetes 1 microsoft 7 nsx 45 nsx v 41 powercli 8 powershell 6 professional 1 reviews 1 vcap 48 vcap6 2 vcenter server 4 vcix 2 vexpert 9 vmug 5 vmware 99+ vmware aria 1 vmware aria automation 8 vmware aria operations 3 vmware cloud 3 vmware cloud director 1 vmware explore 2 vmware identity manager 2 vmworld 36 vrealize automation 79 vrealize automation saltstack config 1 vrealize business 2 vrealize log insight 1 vrealize operations 1 vrealize operations manager 5 vrealize orchestrator 11 vrealize suite 14 vrealize suite lifecycle manager 20 vsan 5 vsphere 9 windows 6
Top Tags:
active directory 6 api 18 barcelona 24 certificates 15 certification 7 howto 42 microsoft 7 multi tenancy 9 nsx v 43 platform services controller 8 powercli 8 powershell 7 psc 6 vcap 8 vcap6 45 vcap6 cma 47 vcap6 nv 37 vcix6 nv 36 vexpert 19 vmug 8 vmware 99+ vmware aria 9 vmware aria automation 8 vmworld 35 vmworld 2016 13 vmworld 2017 9 vra 13 vrealize 7 vrealize automation 74 vrealize operations 8 vrealize orchestrator 20 vrealize suite lifecycle manager 11 vrslcm 20 vsan 7 vsphere 12