vRealize Automation 8 Evolution: Automate Everything!

David Raymond

VMware released vRealize Automation 6.2 eight days after I started my career at CDI, with a stable release 6.2.3 ten months later. Ha! Anyway, I was just happy to be out of the vRA 5.x days. vRealize 7.0 changed the game with the Installation Wizard, a simplified architecture, and a graphical canvas for Blueprint Authoring.

The GA release of vRA 8.1 was much like seeing a Tool concert. The built-up anticipation waiting in line to get in, some quirky opening band (vRA 8.0), finishing with the main act (vRA 8.1); no encore needed. You walk out of the show. Wow! How did they pack so much into a single release? Hey, there’s a guy with a VCDX t-shirt. Cool!

Although VMware took a huge leap with vRA 8.0, version 8.1 brought back some of the critical features we all know and love.

Utilizing a modern container-based microservices architecture enhanced the platform scalability and performance. The UI was redesigned entirely in HTML5. The legacy DynamicOps .NET code is gone. No more Windows servers! It’s all appliance-based and deploys to Kubernetes under the covers, which is sweet. Driven by the familiar VMware “API first” mentality, the new API expands integrations and use-case scenarios. A core link in the automation chain, vRealize Orchestrator (vRO) has also been redesigned in HTML5 with end-to-end Git support. Python, Node.js, and PowerCLI scripting languages are now supported. Yes! “Tree-View” is back in vRO 8.1. Action Based Extensibility (ABX) adds an alternative to vRO providing the ability to trigger AWS Lamda functions and other FaaS platforms.

As infrastructure has evolved over the last decade, the velocity of deployments has increased, now with a shortened requirement period. From this need, Infrastructure as Code (IAC) has gained immense popularity. The Blueprint Design Canvas now offers the best of both worlds by presenting a declarative IAC experience using YAML next to the drag and drop visual canvas. Cloud-Agnostic blueprints can be configured to deploy across compute and storage and are now versioned OOTB with Git support.

vRA 8 has enhanced cloud support, including VMware Cloud on AWS, and native support for AWS services, Azure, and Google Cloud are now offered. Watch out for Licensing! VMware has moved Public Cloud Endpoints to the Enterprise edition. Advanced, the only other option, provides on-prem IaaS with self-service capabilities, governed by compliance policies, and resource lifecycle management.

VMware has pushed all their chips in, betting that Kubernetes will prove to be the cloud abstraction layer of the future. You can see this across the board, starting with their flagship product vSphere, embedding Kubernetes into the hypervisor in the latest vSphere 7 release. Customers that take advantage of the Kubernetes abstraction can deploy and operationalize applications across any cloud. Their commitment to this strategy is evident, as VMware has become the third largest “single” contributor to the Kubernetes project.

There are a ton of ways to leverage upstream Kubernetes with vRealize Automation. Whether it’s deploying a cluster, managing clusters on PKS, or deploying applications to Kubernetes clusters through CI/CD pipelines, vRA enables you need to make your application and digital transformations.

VMware also enhanced Network Automation support. In addition to NSX 3.0 support, day-2 operations of networks and load balancers and on-demand Security Groups for NSX-T and NSX-V were added. A new IPAM SDK was developed to support third party IPAM solutions. Infoblox continues to showcase as the only third-party OOTB IPAM provider, with SolarWinds and BlueCat on the roadmap.

So, vRA can automate and manage your deployments across any cloud. Great! Who is going to manage and automate your vRA infrastructure stacks? Enter vRealize LifeCycle Manager (vRLCM)! vRLCM has been around for some time now and is basically a suggested add-on to the product suite. Updates to versions, certificates and content synchronization across vRA stacks provided operational functionality without a hitch. Now vRLCM is included within the vRA architecture, ensuring this operational smoothness.

So, What’s New?

  • Support for vSphere 7 and NSX-T 3.0
  • Approval Policies
  • Resource Limits
  • vRealize Orchestrator Enhancements
  • XaaS Support – Custom Resources and Resource Actions
  • Multi-Tenancy
  • VCF Integration
  • RBAC Enhancements
  • vROPS – Health and Pricing Integrations
  • Intrinsic Kubernetes Support
    • PKS Integration – Deploy new and onboard existing PKS Kubernetes Clusters
    • Native Kubernetes consumption
    • vRA Blueprints – Add Kubernetes Clusters to the Design Canvas
    • VMware Code Stream – Target Kubernetes clusters for application pipelines
  • OpenShift support
  • Code Stream pipelines-as-a-Service
  • Ansible Tower Support
  • Powershell for ABX
  • On-Demand NSX Security Groups
  • Day2 Network Updates
  • IPAM SDK and updates
  • AD Enhancements
  • OVA Content Source

Approval Policies: Approval Policies weren’t included in the vRA 8.0 release and bringing back these policies helps close the gap on feature parity. However, the consistent trend we see is that the approval for deployment has already occurred upstream (ServiceNow) and having approval policies embedded within the vRA lifecycles can be redundant. But, better safe than sorry!

Resource Limits: Bringing back another vRA 7.x feature, Resource Limits for CPU, Memory, and Storage utilization within a Cloud Zone that is assigned to a project can help limit specific groups of users to prevent overuse of a specific set of infrastructure resources.

vRealize Orchestrator Enhancements: vRealize Orchestrator now supports PowerShell, Nodejs, and Python for tasks in workflows alongside the traditional vRealize Orchestrator java scripting language! This is a huge advancement for vRealize Orchestrator.

No more need to have a PowerShell Host to run PowerShell scripts. Plus, the inclusion of Nodejs and Python make creating sophisticated workflows easier by using existing libraries for those languages! The tree view that everyone was familiar with in vRealize Orchestrator was not available when the switch to the HTML 5 client happened. However, a version of the tree view is back with hierarchical folders in vRealize Orchestrator 8.1, allowing users to easily organize workflows as they did in previous versions.

Furthermore, syncing workflows to different branches from a Git repository is supported, whereas before it was only available to source control to a single branch. This allows promotion of code through normal Git operations and PR requests. You can also see the visual differences between versions of a workflow in the workflow designer under version history.

XaaS Support – Custom Resources and Resource Actions: Custom Resources allow you to define anything as a resource that can be used as part of a blueprint. As a part of creating the custom resource, you define the Create, Update, and Destroy actions. The ability to create and manage infrastructure and services for your organization just became more flexible and powerful with the introduction of Custom Resources and Resource Actions in vRealize Automation.

Multi-Tenancy: 8.1 introduces multitenancy as an optional feature for vIDM and vRA to provide an additional layer of isolation beyond what vRA Projects (Business Groups vRA 7.x) provide.

VCF Integration: Existing vCloud Foundation (vCF) customers can now easily consume the infrastructure and policies that are provided with the vCloud Foundation solution.

RBAC Enhancements: A new view only role can be assigned for all the services within vRealize Automation 8.1 providing an “auditor” capability. This role can see configurations, deployments, blueprints, etc. but not interact with the platform in any way.

vROPS – Health and Pricing Integrations: Showing the price of VMs to end-users can help influence their behavior when requesting new VMs and maintaining their existing VMs. An integration between vRA and vROPS makes defining the prices of your VMs easier than ever.

Intrinsic Kubernetes Support: vRA can help deploy and manage upstream Kubernetes environments as well as deployments of applications to Kubernetes environments.

  • PKS Integration – Deploy new and onboard existing PKS Kubernetes Clusters
  • Native Kubernetes consumption
  • vRA Blueprints – Add Kubernetes Clusters to the Design Canvas
  • VMware Code Stream – Target Kubernetes clusters for application pipelines

OpenShift Support: Continuing down the Kubernetes journey, VMware released support for OpenShift consumption and governance. This is another step in the right direction towards maintaining the control plane across a multi-cloud landscape.

Code Stream Pipelines-as-a-Service: Service Broker provides an easy to use self-service catalog for requesting blueprint from Cloud Assembly, vRealize Orchestrator Workflows, ABX Actions, and Market Place OVAs and Templates. Now you can also present Code Stream pipelines as catalog items. This capability provides an easy to use request process for users to launch pipelines directly from the Service Broker catalog.

Ansible Tower Support: Support for Ansible Tower allows customers to run Ansible Tower Job Templates from the blueprint canvas. This provides customers with another option for configuration management along with Puppet and Ansible Open Source. The Ansible Tower and/or Engine can reside on-premises or in the cloud. The nodes that will be managed or deployed could also be on-premises or in the cloud. With the choice of where to deploy and manage instances, the integration provides maximum flexibility when integrating with these solutions.

Powershell for ABX: Action Based Extensibility (ABX) is a serverless function capability integrated into vRealize Automation’s Cloud Assembly Service. Previously, ABX only supported Python and NodeJS scripting languages. With the release of vRealize Automation 8.1 the on-premises ABX appliance will now support running PowerShell (PS) natively as a serverless function.

On-Demand NSX Security Groups: vRealize Automation 8.1 (vRA) now offers full NSX security group support for NSXv and NSX-T with included support for new and existing security groups. Security group membership is controlled through the network profile or the blueprint canvas. You can also assign firewall rules and services to on-demand security groups.

Day-2 Network Updates: You now can change the network associated with a deployment as a day-2 update action at a deployment level. Inputs are used within blueprints to allow the choice of networks for vSphere workloads.

IPAM SDK and updates: The IPAM SDK enables the development of a package that enables integration of a third-party IPAM provider with vRealize Automation and vRealize Automation Cloud.  Currently, Infoblox and the native vRA Network Profiles are supported OOTB.

AD Enhancements: vRealize Automation 8.1 (vRA) allows consumption of Active Directory within Cloud Zones based on Tags. Machines are assigned to correct Organization Unit based on the Project the deployment user is assigned to in Cloud Assembly. When a deployment is deleted, the machine account in Active Directory is also deleted. If vRA Cloud is used, the on-premises Extensibility Action appliance is required.

OVA Content Source: The Bitnami acquisition VMware made last year brings an entire library of prepackaged application stacks to the VMware Marketplace. It makes it easy to get your favorite open source software up and running on any platform, Kubernetes and all the major clouds. One of the formats that is provided for these popular application stacks is Open Virtual Appliance (OVA).

David Raymond

David Raymond, Senior Technical Consultant, Digital Transformation Services

David Raymond, Senior Technical Consultant, Digital Transformation Services, is an automation and orchestration expert with a focus on Cloud and DevOps toolsets. In his current role at CDI, David is responsible for driving client success through automation and making time-intensive and manual processes more efficient and reliable.


In his previous role as Senior Cloud Solutions Engineer, David worked with CDI’s Converged Compute Professional Services group in developing offerings inclusive of proven architectures, proofs of concept, and best practices and procedures for delivery.


He holds numerous industry certifications including VCP, VCAP-CMA, ServiceNow Cloud Management, MCSA and CWNA. He also is a graduate of the inaugural VMware Advanced Architecture Course (AAC).  This strategic invite-only class focused on strengthening architecture knowledge and business outcome skills in VMware Senior Consultants, Architects and partners by establishing a baseline and model to interact with VMware customers, leading the discovery, design and ability to effectively communicate VMware solutions.