Configuring Multi-Organization Tenancy in vRealize Automation 8.x
vRealize Automation vRA Multi-Tenancy
Published on 2 May 2020 by Christopher Lewis. Words: 421. Reading Time: 2 mins.
Introduction
In this series of posts, we will be taking a look at how to configure a Multi-Organization Tenancy (aka Multi-Tenancy) in vRealize Automation (vRA) 8.x.
Scenario/Background
For this series, we will assume that vRealize Automation 8.x has been deployed and is working. What we need to do is create three new Organizations/Tenants, one for MedTech, one for FinTech and one for SciTech. We will lay the ground work for all three tenants, but will only work through the creation of the first tenant MedTech. Once you have the first tenant, creating the second and third tenant should be easy.
High Level Task Overview
The High Level task list for configuring Multi-Organization Tenancy in vRealize Automation 8.x are:
- Create DNS (A and CNAME) Records. ( Part 1 ).
- Generate the SSL Certificates ( Part 2 ).
- Upload the SSL Certificates into vRSLCM ( Part 3 ).
- Apply the WOA Multi-Organization Tenancy Certificate ( Part 3 ).
- Enable Multi-Organization Tenancy. ( Part 3 )
- Apply the vRA Multi-Organization Tenancy Certificate ( Part 4 ).
- Create a new Organization/Tenant. ( Part 4 )
- Managing User Directories (Active Directory) for a Tenant ( Part 5 ).
- Assigning new Tenant Admins to a Tenant ( Part 6 .)
- Understanding Multi-Tenancy in vRealize Orchestrator ( Part 7 ).
- Integrating the Embedded vRealize Orchestrator ( Part 8 ).
Assumptions
In this series of blogs, I will assume you have deployed vRA 8.x in a Standard Deployment configuration (i.e. one vRSLCM 8.x Appliance, one Identity Manager 3.3.2 Appliance and one vRA 8.x Appliance). The only real difference in the configuration when using a vRA 8.x Clustered Deployment configuration is a slight change to the number of (and values inside) the Subject Alternate Name (SAN) certificates that need to be generated to support the configuration and (if you have chosen to use SSL termination on the load balancer) where you apply the certificates.
As you work through the different posts in the series, it should become quickly clear that I cover the DNS differences in Part 1 and the SSL Certificate differences in Part 2 . As I am following the VMware Validated Design 6.0 guidance on implementation I have assumed anyone using a Load Balancer is configured for SSL pass-through for both Workspace ONE Access and vRealize Automation.
Official Docs / Blogs
The following is a list of official documentation sources and blog articles:
- Set up multi-organization tenancy for vRealize Automation ( VMware Docs ).
- Introducing Multi-Tenancy Support for vRealize Automation 8.x ( VMware Cloud Management Blog ).
Published on 2 May 2020 by Christopher Lewis. Words: 421. Reading Time: 2 mins.
- Configuring Multi-Org Tenancy in vRA 8.x - Part 4: Configuring Multi-Tenancy ()
- Configuring Multi-Org Tenancy in vRA 8.x - Part 3: Enabling Multi-Tenancy ()
- Configuring Multi-Org Tenancy in vRA 8.x - Part 2: SSL Cert Requirements ()
- Configuring Multi-Org Tenancy in vRA 8.x - Part 1: DNS Requirements ()
- Running Platypus on Docker with Synology NAS ()
- Operating a Private Cloud - Part 3: Creating a Pricing Card in VMware Aria Automation
- Operating a Private Cloud - Part 2: Creating a Pricing Card in VMware Aria Operations
- Operating a Private Cloud - Part 1: Understanding Pricing Cards in VMware Aria
- Zero2Hero - Using Aria Automation to Deploy Multiple Machines with Multiple Disks - Part 5
- Zero2Hero - Using Aria Automation to Deploy Multiple Machines with Multiple Disks - Part 4