Provisioning databases with Aria Automation, Cloud Consumption Interface and Data Services Manager – Part 1: Setup

I recently read a blog post by my colleague Maher on some enhancements made to Aria Automation version 8.17 to include an on-premises version of our Cloud Consumption Interface (CCI).  As per our documentation, CCI enables Automation Service Broker DevOps users to provision Supervisor namespaces and use its associated services to create Kubernetes workloads using mainly the VM Service and the Tanzu Kubernetes Grid Service within vSphere namespaces. What really peaked my interest was an update from our own Data Services Manager (DSM) product team stating that we could also used the new version of Aria Automation version 8.17 with CCI to provision databases using DSM. Thus, I wanted to set this up in my lab and try it out. However, I first needed to get Aria Automation version 8.17 with CCI deployed. This post will cover the steps involved in that setup. A later post will focus on the CCI database integration aspects.

Deploy the Aria Suite Lifecycle Manager

I decided to use the Aria Suite Lifecycle Manager to deploy Aria Automation. The latest available version is 8.16.0. This also deploys VMware Identity Manager and Aria Automation. Note that it only deploys Aria Automation version 8.16. Therefore an upgrade to version 8.17 will be required if you use this method. However, once Aria Suite Lifecycle Manager is deployed, upgrades are relatively straight forward. After downloading the LCM ISO image and mounting it, simply run the installer and follow the on-screen instructions. A window will appear detailing the deployment progress.

Once the lifecycle services are up, you will see the LCM URL appear in the installer window:

If you login to the Lifecycle Manager UI, you can get a closer view of the deployment process by navigating to the Requests view and showing the details:

Assuming everything completes successfully, the installation process should finally display the URLs for the Lifecycle Manager (LCM), the Identity Manager (vISM) and the Aria Automation deployment, as shown below.

As mentioned in the introduction, the version of Aria Automation needs to be 8.17 to use the CCI. Next step is to upgrade from version 8.16 to version 8.17. But before that, LCM itself first needs to be updated to support the later version(s) of Aria Automation.

Upgrade Lifecycle Manager to PSP3

Before we upgrade to Aria Automation version 8.17, we must first bring the version of Aria Suite Lifecycle Manager to v8.16.3. This adds support to LCM for additional product versions, including Aria Automation version 8.17. This is done through the installation of Product Support Packs (PSPs). There are three PSPs to apply. PSP1 and PSP2 are available automatically but I found that PSP3 must be manually downloaded and added. In the LCM UI, navigate to the Settings section. You may need to click on the “Check Support Packs Online”.

Once the PSP has been discovered, click apply version. Repeat this for both PSP1 and PSP2. For PSP3, I could not discover this online, so I had to download and import it. It can then be applied in the same way as the other PSPs.

LCM is now updated. We are now ready to upgrade Aria Automation to version 8.17.

Upgrade Aria Automation to version 8.17

Before we begin, there are a few caveats to highlight. The most important is the way in which images for upgrades are sourced. These changes are highlighted in the following KB article:

Following the VMware by Broadcom Day 2 transition on May 6, 2024, Customer Connect 
has been migrated to the Broadcom Support. This migration impacts the VMware Aria 
Suite Lifecycle as follows:

- All Product Support Packs, along with product and patch binaries, will now 
need to be downloaded from the Broadcom Support Portal

- Users must then manually map these into the VMware Aria Suite Lifecycle
Additionally, all online download methods previously available in the VMware 

- Aria Suite Lifecycle will be disabled in the user interface upon upgrading to 
our next release.

Therefore, the upgrade image for Aria Automation 8.17 needs to be downloaded from the Broadcom Support portal, and uploaded to the LCM appliance using the Binary Mappings technique. When uploading the upgrade image for Aria Automation v8.17 to LCM, place it into the /data/temp folder on the appliance.

Now navigate to Settings > Binary Mappings, and Add Binaries. The newly uploaded Aria Automation image should be present. Once added, it should now appear in the updated Binary Mappings listing.

We are now able to commence the upgrade. However, before doing that, there are two more items to bring to your attention. The first is that you might need to configure some extra space on the appliance for additional product images, patches and upgrades. This can be done via the LCM UI, which also raises a warning about disk capacity on the LCM appliance.

The second issue is that the memory requirements for Aria Automation has increased from 48GB in version 8.16 to 54GB in version 8.17. Therefore you will need to shutdown the current version of Aria Automation, modify the memory settings and then power the appliance back on before you can upgrade it. With all this in mind, let’s proceed with the upgrade steps.

From the Environments section, under Automation, there is an Upgrade option available.

Click on the Upgrade option. A snapshot will be taken as part of the upgrade process. The next step is the pre-check. This is where the additional memory requirement will be highlighted (54GB for Aria Automation 8.17).

Assuming the memory requirements are addressed, you can then proceed with the upgrade request. This can once again be monitored in the LCM UI > Requests view.

To set your expectations, the upgrade took approximately 1 hour and 5 minutes in my environment. This does of course require a restart of the Aria Automation services. Some useful CLI commands to monitor the start up progress of the services are:

  • kubectl get pods -A
  • vracli service status

With Aria Automation now upgraded to version 8.17, we can turn our attention to identity management.

vIDM Configuration for Active Directory Users over LDAP

I want to be able to give some of my Active Directory users access to Aria Automation. This is done via the Identity Manager which is already deployed. When first connecting to the vIDM URL, you should be met with a landing page similar to the following:

Click on the login link which will bring you to a Workspace ONE login page. Login as the vIDM admin. After logging in, navigate to the Identity and Access Management section. Here I plan to connect my Active Directory/LDAP users to vIDM so that they can get access to the different Aria Automation components. The only attribute I want to use for my users is their username. From Identity and Access Management, select Setup > User Attributes and only check userName as the required attribute, as shown below.

Staying in the Identity and Access Management view, click Manage > Add Directory  and select Add Active Directory over LDAP/IWA. In my case, I am only using LDAP and not Integrated Windows Auth. One of the requirements for setting up Single Sign-On for CCI is to use the userPrincipalName as the directory search attribute. By default it is set to sAMAccountName so you will need to change this. Populate the FQDN of the Directory, Base DN and Bind DN information, along with Bind user details, as shown below:

 

Use the Test Connection button to make sure everything is correct. If successful, use Save and Next and in the next window, select the Domain (which should be automatically selected). This will bring you to the Mapped Attributes view, which we previously setup to be userName only. Click next to select the Groups you wish to sync. Click next to select the Users you wish to sync. Now you can do a Save & Sync. If everything goes according to plan, your AD over LDAP users should now be present after a sync has taken place:

The final step in the setup is to grant at least one of these users a role in Aria Automation. Let’s do that next.

Grant Roles in Aria Automation

If you try to login to Aria Automation as one of these AD users currently, it will respond that the user does not have access and display a 403 Error:

To grant roles to the AD/LDAP users, you must first login as the Organisation Owner which was configured during the setup. Once logged in as this user, you can now assign roles to other users. In this example, I am selecting user ‘amaury’ and giving that user a full range of Aria Automation roles.

Click on the Edit Roles, and assign whichever roles you wish to give to a user.

After saving the role assignments, I can logout as the Organisation Owner, switch to the AD domain in the Workspace ONE auth window,  and login as the user ‘amaury’. The standard Aria Automation splash screen should now appear when the user logs in.

Success! And now the final step is to check for the Cloud Consumption Interface, which is the reason why we set all of this up in the first place. Launch the Service Broker and under Consume, I can now see references to the Supervisor Namespace and CCI.

Looks like everything is ready to do some further investigation into how CCI and Aria Automation can provision databases via DSM. Check back soon for some updates on that.