VMware Cloud Foundation Lifecycle Manager - Patch Management and Upgrades PDF

Summary

This document provides an overview of patch management and upgrades within VMware Cloud Foundation (VCF). It explains the manual and automated processes using the Lifecycle Manager (LCM) service and details the different upgrade mechanisms associated with various VMware products.

Full Transcript

**Patch Management and Upgrades Without Life Cycle Management**

A diagram of a computer component Description automatically generated

VMware Cloud Foundation LCM uses different infrastructure components to
automatically upgrade VMware software products.

**Product** **Upgrade Mechanism**
----------------------------- ----------------------------------------------------------------------------------------------------------------------------------------------------------------------
SDDC Manager SDDC Manager performs its own life cycle management.
vCenter SDDC Manager performs the life cycle management of all vCenter instances.
ESXi hosts SDDC Manager uses **vSphere Lifecycle Manager** to upgrade the ESXi hosts.
NSX SDDC Manager uses the NSX upgrade coordinator to upgrade the NSX Edge nodes and the local NSX Manager instances.
VMware Aria Suite Lifecycle **VMware Aria Suite Lifecycle performs [life cycle management for all the VMware Aria Suite] components [independently] from SDDC Manager**.

![A screenshot of a computer Description automatically
generated](media/image4.png)

Three separate Lifecyle Manager products

SDDC Manager

vCenter LifeCycle Manager

Aria LifeCycle Manager

\*will eventually combine into one LCM

**vSphere Lifecycle Manager and ESXi Host Images**

vSphere Lifecycle Manager helps to automate the following tasks:

- Managing VMware Tools and VM hardware upgrades

- Upgrading and patching ESXi hosts

- Installing and updating third-party software on ESXi hosts

- Installing and updating ESXi drivers and firmware

- **[Standardizing ESXi images across hosts in a
cluster]**

- To maintain consistency, you apply a SINGLE ESXi image to ALL
hosts in a cluster

1. ESXi Base Image: update that provides software fixes & enhancements

a. grouping of components. You must select [at least]
the base image or [vSphere version] when creating an
image.

2. Components: Logical grouping of one or more VIBs that encapsulates
functionality in ESXi

b. smallest unit that is used by vSphere Lifecycle Manager to
install VMware and third-party software on ESXi hosts.
Components are the basic packaging for vSphere Installation
Bundles (VIBs) and metadata. The metadata provides the name and
version of the component

c. On installation, a component provides you with a visible
feature. For example, a third-party vendor\'s network driver is
provided as a component. Components are [optional]
elements to add to a cluster image

3. Vendor add-ons: Sets of components that OEMs create & distribute

d. custom OEM images. Each add-on is a collection of components
customized for a family of servers. OEMs can add, update, or
remove components from a base image to create an add-on.
Selecting an add-on is optional.

4. Firmware & Driver add-ons: Firmware & driver bundles that you can
define for your cluster image

e. provided by the vendor

f. They contain the components that encapsulate firmware and driver
update packages for a specific server type

g. These add-ons [require the Hardware Support Manager
plug-in] for the desired server family

A screenshot of a computer Description automatically generated

![A screenshot of a computer Description automatically
generated](media/image6.png)

**NSX Upgrade Coordinator**

- Upgrade the NSX Edge clusters

- Upgrade the NSX components for the ESXi hosts

- Upgrade NSX Manager

- Not capable of life cycle operations of NSX Global Manager

- Manually use the NSX upgrade coordinator from NSX global manager

- NSX Global Manager & NSX Local Manager nodes must be compatible with
each other

- SDDC manager does not provide life cycle ops for the NSX global
Manager nodes, upgrading to an unsupported version cannot be
prevented & must be manually controlled by the cloud admin

A screenshot of a computer Description automatically generated

**VMware Aria Suite Lifecycle**

- Workspace One Access

- VMware Aria Operations

- VMware Aria Operations for Logs

- VMware Aria Automation


A screenshot of a computer Description automatically generated

![A screenshot of a computer Description automatically
generated](media/image10.png)

A screenshot of a computer Description automatically generated

![A screenshot of a computer Description automatically
generated](media/image12.png)

A screenshot of a computer Description automatically generated

**Installation and Upgrade Bundles**

Types of Bundles

- Install Bundles

- Include the software binaries required to deploy the following
VCF Components

- VI Workload Domains

- VMware Aria Suite Lifecycle

- Upgrade or Update Bundles

- Include the software binaries to perform updates on SDDC
Manager, vCenter, ESXI (image -- consistent at cluster and
workload domain level) and NSX

- Async Patch Bundles

- Critical Patches to certain VCF components outside of VCF
releases

1. Directly from SDDC Manager UI

- When SDDC manager has DIRECT INTERNET ACCESS and the depot
settings are configured to work with Broadcom support portal


- SDDC Manager polls **depot.broadcom.com on port 443 every 5
minutes by default**. If new bundles are available, VMware Cloud
Foundation LCM generates a notification in SDDC Manager.

- You must download the bundles before performing an upgrade.
Users can decide when to install the bundle. You can either
download and install immediately or you schedule the download
and update.

- The depot.broadcom.com site is a hosted service. Its IP
addresses are likely to change because different servers support
this service. You must use nslookup and ping commands to ensure
that SDDC Manager can reach depot.broadcom.com.

1. Proxy Server

- SDDC Manager does NOT have direct internet access

- Update the Settings on the Proxy Settings Page in SDDC Manager

- From VMware Cloud Foundation 5.2, you can now configure
authentication for the proxy server settings available in SDDC
Manager. The authentication configuration is optional, and it
can be enabled or disabled by turning
the **Authentication** toggle on or off.

2. Download bundles offline

- SDDC manager does NOT have internet access or you want to
maintain a local offline depot

- If your SDDC Manager instance does not have direct Internet
connectivity, you can use the **Offline Bundle Transfer
Utility** to manually download bundles from the online depot to
your own web server. You can therefore maintain a local offline
depot

- Offline Bundle Transfer Utility

- Create offline depot on webserver

- SDDC Manager downloads patches from this local offline
bundle repository

- Eliminates the need to manually copy and import bundles to
each VCF instance

- Supports HTTPS and basic authentication

- Configure Offline Depot

- Windows or Linux VM as web server

- Download and install the latest version of Offline Bundle
Transfer Utility to the web server

- Configure the offline depot directory structure and download
the required bndles

- Connect SDDC Manager to the offline depot

- You specify the offline depot host name, post, user name,
and password when you configure of the offline depot
settings.


![A screenshot of a computer Description automatically
generated](media/image23.png)

A screenshot of a computer Description automatically generated

![A screenshot of a computer Description automatically
generated](media/image25.png)

A screenshot of a computer Description automatically generated


A white background with black text Description automatically generated

![A screenshot of a computer Description automatically
generated](media/image29.png)

A screenshot of a computer program Description automatically generated

**vSphere Life Cycle Manager Images**

Workflow

1. Create a Lifecycle Manager Image

2. Make the Image Available in VCF

a. Export the vSphere Lifecycle Manager image from vSphere and
import it into VMware Cloud Foundation.

b. Extract a vSphere Lifecycle Manager image from an existing
workload domain cluster in VMware Cloud Foundation

c. After the image is available in VMware Cloud Foundation, you can
reuse it for clusters across workload domains

3. Apply the Image when adding clusters in a new or existing workload
domain

4. Upgrade all hosts in a cluster using the image

![A screenshot of a computer Description automatically
generated](media/image31.png)

**Creating vSphere LifeCycle Manager Images**

vSphere 7 or \>

Created for Mgmt Domain OR VI workload Domain or for an external
vCenter Instance

Steps

1. Create an empty cluster (no hosts needed)

2. Select the **Manage All Hosts In the Cluster With a Single Image**
check box and then select **Compose A New Image**

3. Select the ESXi build in the VCF BOM

4. Select any additional Vendor Add-ons

![A screenshot of a computer Description automatically
generated](media/image33.png)

**Making vSphere Life Cycle Manager Images Available In VCF**

1. Export the vSphere LifeCycle Manager image from vSphere & Import
into VCF

- Hosts and Clusters inventory list, select the cluster where you
created the image

- Updates Tab

- Hosts\>Image

- Click the elipses icon in the upper-right corner of the image
page

- Export

- Select a Format for the vSphere Lifecycle Manager Image

- Export Image Wizard, create 3 of the 4 files required to export
images

- JSON (moving towards this) -- Create the image
specifications JSON file

- Can be downloaded and imported into other hosts or
clusters managed by images. This ONLY contains metadata
about the image, NOT the actual software packages

- ISO - Create the ESXI image

- Download an installable ISO from the image to reuse this
in other hosts or clusters managed using baselines or to
image new hosts

- ZIP -- create the image components bundle

- Download a zip offline bundle that contains all
components (software packages) included in this image
that can be imported into Lifecycle Manager's Depot.

2. Extract a vSphere LifeCycle Manager Image from an existing workload
domain cluster in VCF

- Navigation Pane select Lifecycle Management\>Image Management

- Import Image Tab

- Configure the Options under Extract a cluster image


3. Download the following files to export a vSphere Lifecycle Manager
image from vCenter and import into VCF

- Image Specification

a. JSON using vSphere Client

- Cluster Settings

b. JSON using vSphere client or VCF API

- ESXi Image (optional)

c. ISO using vSphere Client

- Image Components

d. ZIP using vSphere Client

Export the cluster settings JSON from the vSphere Client by navigating
to the **Configure** Tab on the vSphere Cluster and selecting **Desired
State\> Configuration** from the navigation pane

A screenshot of a computer Description automatically generated

**Importing vSphere Lifecycle Manager Images into VCF**

1. Select Lifecycle Management\>Image Management

2. Click Import Image tab

3. Under Import a Cluster image, upload all 4 of the required files


A screenshot of a computer Description automatically generated

**Using vSphere Lifecycle Manager to Perform Life Cycle Management
Tasks**

Custom ISO Images (work with the OEM)

- Include VIBs that might not exist in standard ESXi

- Functionality can be adversely affected in these VIBs are not
included

- Supportability by the vendor might be questioned if their ISO images
are not used

1. Create a new temporary cluster

2. Select **Manage all hosts in the cluster with a single image** check
box

3. Select the ESXi version and any vendor add-ons needed

4. Export the vSphere Lifecycle Manager image as an ISO file

5. Delete the temporary cluster


Note: *You use the same procedure to export the vSphere Lifecycle
Manager image as an ISO file as you use to download the four files
required to export a vSphere Lifecycle Manager image from vCenter.
However, in this scenario, you only need to download the **ISO image**.*

- Firmware updates require a Hardware Support Manager to be deployed

- This is a vendor-provided software module

- You register the hardware support manager as a vCenter extension

A screenshot of a computer Description automatically generated

![A screenshot of a computer Description automatically
generated](media/image52.png)

A screenshot of a computer Description automatically generated

![A screenshot of a computer Description automatically
generated](media/image54.png)

A screenshot of a computer Description automatically generated

**Upgrading Workload Domains**

Order of Upgrade in VCF

(management domain upgrade) -- Ops and ID mgmt. before anything else
(top down)

1. SDDC Manager and VCF Services

- Independent SDDC Manager Upgrades

a. VCF 5.2, you can upgrade SDDC Manager without updating the
other infrastructure components in the mgmt. domain

i. This allows you to use the SDDC Manager features of a
new VCF release without having to upgrade the SDDC stack

ii. Be careful of the BOM

2. VMware Aria Suite Lifecycle, Aria Suite Products, Workspace ONE
Access

3. NSX

4. vCenter

5. ESXi Hosts

After the mgmt. domain components are upgraded, you can proceed to
upgrade the VI workload domains. The VI Workload domain components
are upgraded in the following order

- NSX

- vCenter

- ESXi Hosts

**Mixed-Mode Support for VI Workload Domains**

VCF 5.2 supports mixed-mode for VI workload domains

- Admins can update the mgmt. domain and one or more VI workload
domains to the latest VCF version without needing to upgrade all VI
workload domains

![A screenshot of a computer Description automatically
generated](media/image57.png)

*In the image on the right, the management domain is upgraded to VMware
Cloud Foundation 5.1, which places VMware Cloud Foundation in a mixed
BOM state. In this example, Workload Domain 1 was also upgraded to
VMware Cloud Foundation 5.1. However, Workload Domain 2, which runs
business critical applications and cannot be upgraded to VMware Cloud
Foundation 5.1 at this time, has been left running VMware Cloud
Foundation 5.0*.

**Prerequisites for Upgrading VCF**

- Verify VMware Aria Suite Compatibility

- Verify that no passwords are expired or expiring

- Verify that no certifiates are expired or expiring

- Backup SDDC Manager, all vCenter Instances, NSX manager appliances

- Ensure SDDC Manager has no running or failed workflows

- None of the VCF resources are in activating or error states

- Upgrade bundles for all VCF components are downloaded

**NSX Upgrade Considerations (keep consistent across workflow domains)**

- Use the same NSX bundle to upgrade NSX on both the mgmt. and VI
workload domains

- You must run the upgrade PRECHECK before performing the upgrade

- You can either initiate the update immediately or schedule it

- The upgrade workflow upgrades NSX mgr, NSX edge nodes and host
transport nodes

A screenshot of a computer Description automatically generated

**Upgrade Pre-Check Process**

Inventory-\>Workload Domains-\>Updates

RUN PRECHECK

1. Target Version

2. Ran on entire workload domain or a custom section

a. Cluster

b. vCenter

c. SDDC\_Manager

d. NSX

![A screenshot of a computer Description automatically
generated](media/image61.png)

- /var/log/vmware/vcf/lcm directory in the SDDC manager appliance

- Log files

- [Lcm-debug] contains debug-level logging information

- [Lcm.log] contains information-level logging

- NSX Manager

- vCenter

- ESXi Host

A diagram of a software project Description automatically generated

**Applying Patches in VCF 5.2**

- SDDC Manager UI without using the Async Patch Tool

- The SDDC mgr graphical workflow allows you to patch multiple
components at the same time

- Target versions are validated to ensure support in accordance
with the compatibility matrix

![A screenshot of a computer Description automatically
generated](media/image64.png)

- From VMware Cloud Foundation 5.2, asynchronous patches can be
deployed directly from the SDDC Manager UI. Available patches appear
in a drop-down menu that is automatically updated when SDDC Manager
receives an updated data bundle, either through the online depot or
through offline equivalents

- Benefits to choose specific versions and patches during the upgrade
process

- Eliminates the need to apply patches after the upgrade

- Allows each domain to have a different combination of component
versions based on workload requirements

- The SoS utility is a command-line tool that you can use to run
health checks, collect logs for VMware Cloud Foundation components,
and so on.

- To run the SoS utility, SSH in to the SDDC Manager appliance using
the **vcf** user account. For basic operations, enter the following
command:

- sudo /opt/vmware/sddc-support/sos \--*option-1* \--*option-2*
\--*option-3* \... \--*option-n*

- To list the available command options, use the \--help long option
or the -h short option.

- sudo /opt/vmware/sddc-support/sos --help

- sudo /opt/vmware/sddc-support/sos -h

- Complete cloud-management solution that delivers and manages
infrastructure and applications quickly while maintaining IT control

- Aria Suite provides a comprehensive mgmt. stack for IT services on
vSphere and other hypervisors, physical infrastructure, and multiple
public clouds

- (VRNI) now Aria Operations for Networks

- (analysis and optimization tool)

- SDDC Manager deploys the VMware Aria Suite Lifecycle appliance.
Then, you use VMware Aria Suite Lifecycle to deploy the VMware Aria
Suite products that are supported by VMware Cloud Foundation.

- Supported versions are controlled by the VMware Aria Suite
Lifecycle?appliance and Product Support Packs. See the VMware
Product Interoperability Matrix
at .

- To orchestrate the deployment, patching, and upgrade of Workspace
ONE Access and the VMware Aria Suite products, VMware Aria Suite
Lifecycle communicates with SDDC Manager and the management domain
vCenter system in the environment.

- SDDC Manager configures the load balancer for Workspace ONE Access,
VMware Aria Operations, and VMware Aria Automation.

- SDDC Manager -- Aria Suite Lifecycle Manager -- Cloud Operations
Connections

- VCF Aware and integrates with SDDC Manager

1. IP Address

2. DNS Name

3. Service Accounts

4. AD Groups

5. Certificates

- Cross region -- goes across all sites

- Aria Ops

- Aria Automation

- Workspace One Access

- Aria Suite Lifecycle

- Region specific -- per site

- Collectors run per site (locally) and then upload across the WAN

- Proxys

- Workspace One Access

- Aria Ops Cloud Proxies

- Management -- needs to communicate the site where mgmt. is running
and running all site

- AVN Configuration

- Overlay

- Creates segments independently from hardware

- VLAN deployed with NSX Edge Cluster

- Requires BGP configured at TOR

- Vlan-backed

- Uses vlan-backed network segments

- Requires physical vlan configurations

- Supports static routing

- Requires manual configuration

**Role of Edge Clusters and AVNs (Application Virtual Networks) in Aria
Suite Deployment**

1. AVNs were created to serve a special purpose for VMware Aria Suite
management applications. AVNs allow the cloud administrator to
optimally configure VMware Aria Suite management applications for
SDN through NSX. AVNs configure local-region and cross-region SDN
segments, providing flexibility, mobility, and security to VMware
Aria Suite management applications. VMware Aria Suite components can
be moved between regions to maintain operations during planned
migration, maintenance, or in the case of a disaster recovery (DR)
event.

2. Before you can deploy VMware Aria Suite components, you must also
deploy AVNs in the management domain. SDDC Manager is used to
automate the deployment of AVNs, which are configured through NSX.
After they are deployed, AVN configuration is visible in SDDC
Manager, but it cannot be changed (read only).

3. Before configuring AVNs, an NSX Edge cluster is required. The
workflow of NSX Edge cluster and AVN deployment is as follows:

4. The NSX Edge Cluster is deployed from SDDC Manager.

5. Configure the NSX Edge cluster for AVNs.

6. Configure two-tier routing for VMware Aria Suite local-region and
cross-region segments.

7. Configure NSX load balancers for VMware Aria components.

8. AVNs are deployed from SDDC Manager to the management domain.

9. AVNs are used to configure local-region and cross-region SDN
segments for VMware Aria Suite management applications.

10. After they are deployed, AVN configuration is visible in SDDC
Manager.

**Overlay versus VLAN-Backed**

- Before you begin implementing AVN, you must decide the type of
network to which you want to deploy your VMware Aria Suite
management applications.

- The VMware Cloud Foundation administrator is given the option to
create overlay-backed or VLAN-backed segments. Either one of these
options can be used to create two segments for use by VMware Aria
Suite management applications:

- A local-region segment is a network segment configured for the local
region in a multi-region architecture.

- A cross-region segment is a network segment deployed across a
multi-region architecture to support VMs fail over.

- Overlay-backed network segments are the preferred choice, allowing
you to make full use of automation and the powerful features of NSX
SDN. Using NSX overlay networks allows VMware Aria Suite components
to fail over in the case of a single region failure, therefore
improving application up-time. For the NSX Edge cluster to be
deployed, an upstream router must be configured as a border gateway
protocol (BGP) peer to support dynamic routing of the overlay
networks. When using overlay networks for dynamic routing, a set of
upstream routers must be configured for BGP peering.

- VLAN-backed network segments are also supported for customers that
do not want to deploy VMware Aria Suite products on an overlay
network with BGP dynamic routing. This configuration supports static
routing and VLAN-backed networks. An NSX Edge cluster is still
required to support load-balancing services for the VMware Aria
Suite products and Workspace ONE Access.

- Using overlay-backed network segments is the recommended approach
because it uses the automation in VMware Cloud Foundation to deploy
the necessary SDN infrastructure components to facilitate flexible
workload placement. Using VLAN-backed network segments requires
manual configuration at the time of deployment, in addition to
manual configuration during scaling operations procedures. These
procedures can be more tedious, more time-consuming, and less
flexible.

- Overlay-backed versus VLAN-backed segments:

- Overlay-backed NSX segments:

- Overlay-backed segments provide flexibility for workload placement
by removing the dependence on traditional data center networks.
Using overlay-backed segments improves the security and mobility of
management applications and reduces the integration effort with
existing networks.

- Overlay-backed segments are created in an overlay transport zone.

- Traffic between two VMs on different hosts (but attached to the same
overlay segment) have their layer-2 traffic carried by a tunnel
between the hosts. NSX instantiates and maintains this IP tunnel
without the need for any segment-specific configuration in the
physical infrastructure. As a result, the virtual network
infrastructure is decoupled from the physical network
infrastructure. That is, you can create segments dynamically without
any configuration of the physical network infrastructure.

- VLAN-backed NSX segments:

- VLAN-backed segments use the physical data center networks to
isolate management applications while still taking advantage of NSX
to manage these networks.

- VLAN-backed network segments ensure the security of management
applications without requiring support for overlay networking.

- VLAN-backed segments are created in a VLAN transport zone**.**

-

A diagram of a computer Description automatically generated

The diagram shows the SDN topology deployed through SDDC Manager after
an NSX Edge cluster and AVNs are deployed. You can see each VMware Aria
Suite component and the SDN segment to which each one is deployed. You
can also see how these segments are connected through the NSX Edge
cluster.

VMware Aria Suite management applications are deployed in the overlay-
or VLAN-backed logical segments. An NSX Edge cluster is required for
both overlay- or VLAN-backed implementations to support the load
balancer services.

Following the VMware Validated Solutions guidance for the
region-specific site, the following VMs stay in region (in a
multi-region architecture, these VMs do not fail over):

VMware Aria Operations for Logs

VMware Aria Operations Cloud Proxies

Following the VMware Validated Solutions guidance for the cross-region
site, if a multi-region architecture is used, the following VMs fail
over to the other region:

VMware Aria Operations: Load balancer located in T1 Edge cluster

VMware Aria Automation: Load balancer located in T1 Edge cluster

VMware Workspace ONE Access: Load balancer located in T1 Edge cluster

VMware Aria Suite Lifecycle

**VMware Aria Suite LifeCycle and Workspace One Access Deployment on
VCF**

- Planning

- SDDC Manager Automation

- Deploy NSX Edge

- Deploy AVN

- Deploy Aria Suite Lifecycle Install Bundle

- Deploy Aria Suite Lifecycle

- Aria Suite LifeCycle

- Deploy Aria Suite Components

- Aria Suite Products

- Configure Aria Suite Lifecycle Components

- Lifecycle Management -\> Bundle Management

- Downoad VMware Software Install Bundle and

- Access one Bundle

- An AVN is an SDN concept based on NSX that allows the hosting of
management applications on NSX segments. In NSX, segments are
virtual layer-2 domains.

- You can create overlay-backed NSX segments or VLAN-backed NSX
segments. Both options create two NSX segments (Region-A and
X-Region) on the NSX Edge cluster deployed in the default management
vSphere cluster. Those NSX segments are used when you deploy the
VMware Aria Suite products. Region-A segments are local instance NSX
segments, and X-Region segments are cross-instance NSX segments.

VCF Awareness

- Automate Load Balancer Configuration

- Automate Infrastructure Selection in the Aria sUite Lifecycle
deployment wizards

- Cluster mode deployments for a new environment

- Consistent BOM

- Inventory Sync between Aria Suite Lifecycle and SDDC Manager

- Based on bundle see what is available in diagram

**Aria Suite Lifecycle NSX Object Creation**

- Create tier-1 static routes

- Create NSX tier-0 interface

- Create & Configure NSX tier-1 gateway

![A screenshot of a computer Description automatically
generated](media/image83.png)

A screenshot of a computer Description automatically generated

- SDDC Manager deploys an NSX Edge cluster.

- The cloud administrator configures the AVN.

- SDDC Manager downloads the VMware Aria Suite Lifecycle installation
bundle.

- The VMware Aria Suite Lifecycle appliance is deployed from SDDC
Manager.

- The operations team configures certificates, SSO access, global
permissions, and Workspace One Access.

**Deploying Aria Suite Lifecycle for Workspace One Deployment**

- Certificates

![A screenshot of a computer Description automatically
generated](media/image85.png)

- Replacing the Aria Suite Lifecycle Certificate through SDDC Manager

- Inventory-\>Workload Domains-\>Certificates-check box for
GENERATE CSRS-\>Next

- Select Microsoft or OpenSSL

- GENERATE CERTIFICATES

- INSTALL CERTIFICATES

- Configuring Data Centers in VMware Aria Suite Lifecycle

- Add Datacenter

- Name

- Customer Location

- Location

A screenshot of a computer Description automatically generated

1. \> to access the VMware Suite Lifecycle UI.

2. Login with vcfadmin\@local user

3. My Services Page -- Lifecycle Operations

4. Datacenters

5. ADD DATACENTER

6. SAVE

- Configuring the Management Domain in vCenter

![A screenshot of a computer Description automatically
generated](media/image87.png)

- Adding VMware Aria Suite Lifecycle Environments

- Must create LCM before adding the environment contents

- Workspace One Access

- RBAC (role based access control)

- Can deploy single appliance

- Can deploy as a cluster

- Auto configures a load balancer

- Site 1 -- mgmt. domain

- Site 2 -- region specific

- Components Needed

- Global Environment Admin

- Local Admin

- Local Configuration Admin

- Appliance Root User

- Adding Passwords

- WS1 Access Pwd in Aria Suite Lifecycle UI

- My Services-\>Locker

- Select passwords in nav panel on left

- No user name needed -- not required, leave blank

- Steps to Deploying Workspace One Access with VMware Aria Suite
Lifecycle

- Home-\>Create Environment

1. Install Identity Manager

1. New Install or Import

2. Version

3. Deployment Type

2. Default Password

3. Datacenter

4. Activate SDDC Manager Integration

4. JSON Configuration

A screenshot of a computer Description automatically generated

**Options for Upgrading Aria Suite Lifecycle**

- VCF 5.x products can be updated independently

- SDDC Manager updating -- ex 5.2.1 to 5.2.2

- SDDC Manager

- vCenter

- ESXi

- vSAN

- NSX

- Aria Suite Lifecycle Builds

- Workspace One Access

- Order of Updates for Management Domain

- SDDC Manager

- Aria Suite Lifecycle

- Aria and Workspace One Access Components

- NSX

- vCenter

- ESXi Hosts

- Benefits

- Maintain an independent update cadence between VMware Cloud
Foundation and VMware Aria versions, which boosts and improves
interoperability

- Maintain consistency of VMware Aria versions

- Decouple infrastructure team updates from DevOps team updates

- Consume new VMware Aria Suite features quickly

- Workflow

- Download Aria Suite lifecycle PSPAK and Aria Suite Lifecycle
build

- Applying the PSPAK updates the interoperability data for the
new Aria suite versions and is needed to allow the upgrade

- After PSPAK applied can then upgrade Aria Suite Lifecycle

- Once Aria Suite Lifecycle is at the latest release, it provides
the operator with a selection of compatible upgrades for the
components that have been validated for the VCF version being
used

- VCF operator then downloads and installs latest Aria products in
the VCF environment

- Operator can pick and choose without upgrading all components.

![A screenshot of a computer error Description automatically
generated](media/image89.png)

A screenshot of a computer Description automatically generated

![A screenshot of a computer Description automatically
generated](media/image91.png)

A screenshot of a computer Description automatically generated

![A screenshot of a computer Description automatically
generated](media/image93.png)

**Aria Suite Lifecycle Operations**

- Add Aria Suite Binaries and how to Apply

A screenshot of a computer Description automatically generated

- Manage the config on Settings page. View system details, logs,
apply system patches PSPAKS (product support packs)

- Binary Mapping

- Add Binaries

- Location Type

- Local

- NFS

- Base Location

- DISCOVER

- MyVMware Downloads

- Add Product from available features

- Creates private cloud environments within our private cloud

- Steps

- My Services Page

- Lifecycle Operations

- Settings

- Binary Mappings

- Product Binaries

- ADD BINARIES

- Local, NFS or MyVMware Downloads

- Base Location

- DISCOVER

- ADD

- Expanding the Environment

- Add Product from the Edit Environment Details Screen

![A screenshot of a computer Description automatically
generated](media/image95.png)

A screenshot of a computer Description automatically generated

**VMware Validated Solutions for VMware Aria Suite Products**

- Help customers solve common business problems using VCF as the
foundation infrastructure

![A screenshot of a diagram Description automatically
generated](media/image97.png)

- Stakeholders for business objectives

- Constraints

- Delivers

- Design objectives

- Detailed design with design decisions

- Planning and preparation

- Implementation procedures (UI and Infrastructure as Code where
available)

- Operational guidance

- Solution interoperability

- Solutions map to products

- Benefits

- Validated - designed by VMware architects to help customers
build secure, high performing, resilient and efficient
infrastructure

- Scalable -- easily scale infrastructure & applications running
on VCF with technically validated, repeatable and automated
solutions

- Secure -- security-centric designs

- Lower Costs -- automated workflows that reduce manual labor and
rework

- Faster time to value -- rapidly implement solutions on top of
VCF

- On premises

- Intelligent Logging

- Health reporting

- Intelligent network visibility

- Private cloud automation

- Intelligent operations

- Hybrid-Cloud

- Cloud-based ransomware

- Cross-cloud mobility

- Summary Available List

- ID and Access mgmt.

- Developer ready infrastructure

- Health Reporting & monitoring

- Intelligent logging & analytics

- Intelligent ops mgmt.

- Intelligent network visibility

- Private cloud automation

- Site protection and disaster recovery

- Advanced load balancing

- Cloud-based ransomware recovery

- Cross-cloud mobility

- Private AI ready infrastructure

A diagram of a software company Description automatically generated with
medium confidence

![A screenshot of a computer Description automatically
generated](media/image99.png)

**Using VMware Validated Solutions to Deploy Common VMware Aria
Solutions**

- VMware Aria Suite Lifecycle deploys a three-node cluster for VMware
Aria Operations.

- Log collection for vSphere, vSAN, NSX, and Workspace One Access is
automatically configured during the automated installation.