vRO and Microsoft Azure integration using PowerShell (SKKB1020)

In this article we will take a look on how to integrate VMware vRealize Orchestrator (vRO) and Microsoft Azure using Microsoft Windows PowerShell.

You can use Windows PowerShell to perform a variety of tasks in Azure, either interactively at a command prompt or automatically through scripts. Azure PowerShell is a module that provides cmdlets to manage Azure through Windows PowerShell. You can use the cmdlets to create, test, deploy, and manage solutions and services delivered through the Azure platform. In most cases, you can use the cmdlets to perform the same tasks that you can perform through the Azure Management Portal. For example, you can create and configure cloud services, virtual machines, virtual networks, and web apps.

The Kaloferov.com company has decided to extend it’s existing VMware vRealize Autoamtion (vRA) private cloud offering and take advantage of Microsoft Azure as  cloud computing platform and infrastructure, for building, deploying and managing applications and services. The company is planning to also take advantage of the already existing VMware vRealize Orchestrator (vRO) automation platform and automate the integration. The company is planning to start with a simple proof of concept (PoC) deployment to test the basic integration between vRO, Windows Azure PowerShell module and Microsoft Azure. This integration will lay the foundation for more advanced future integration and automation.
The company has identified the following requirements for the implementation:

  • UC1-R1: The existing vRealize Orchestrator (vRO) Infrastructure should be utilized to automate the creation of Virtual machines in Microsoft Azure.
  • UC1-R2: The Microsoft Windows PowerShell Plug-in for vRO should be utilized.
  • UC1-R3: The Microsoft Azure cmdlets must use certificate authentication method.

 

Lab Environment

The logical design of this lab can be seen HERE.

 

Prerequisites

Subscription

Azure is a subscription-based platform. This means that a subscription is required to use the platform. In most cases, it also means that the cmdlets require subscription information to perform the tasks with your subscription
For the purpose of accomplishing this PoC a Free Trial subscription will be utilized. If you don’t have a subscription, see Get Started with Azure.

 

Authentication

You can use a management certificate that contains the information or you can sign in to Azure using your Microsoft account or a work or school account. When you sign in, Azure Active Directory (Azure AD) authenticates the credentials and returns an access token that lets Azure PowerShell manage your account.
To help you choose the authentication method that’s appropriate for your needs, consider the following:

  • Azure AD is the recommended authentication method since it makes it easier to manage access to a subscription. With the update in version 0.8.6, it enables an automation scenario with Azure AD authentication as well if a work or school account is used. It works with Azure Resource Manager API as well.
  • When you use the certificate method, the subscription information is available as long as the subscription and the certificate are valid. However, this method makes it harder to manage access to a shared subscription, such as when more than one person is authorized to access the account. Also, Azure Resource Manager API doesn’t accept certificate authentication.

For more information about authentication and subscription management in Azure, see Manage Accounts, Subscriptions, and Administrative Roles.

For the purpose of this PoC we will use the certificate method.

 

Azure PowerShell Module

You must download and the Azure PowerShell modules:

 

Azure Configuration

Initial Microsoft Azure configuration

At this point we have created a free trial Azure account that we are going to use for this PoC. We need to create few basic items in Azure so that we can test the integration and deploy a simple VM.
We need to create at minimum:

  • Directory
  • Storage Account
  • Virtual Network
  • Cloud Service

 

Cloud Services

Login to the Azure Management Portal and navigate to Cloud Services and click New.
I will be using the following values to create the Cloud Service:

  • URL: VMwareCloudService01
  • Region or Affinity Group: South Central US

Fill in the information and click Create Cloud Service.

You should now see the Cloud Service being created.

 

Storage

Login to the Azure Management Portal and navigate to Storage and click New.
I will be using the following values to create the Cloud Service:

  • URL: VMwareCloudService01
  • Location/Affinity Group: South Central US
  • Replication: Locally Redundant

Fill in the information and click Create Storage Account.

You should now see the Storage being created.

 

Networks

Login to the Azure Management Portal and navigate to Networks and click New.
I will be using the following values to create the Network:

  • Name: Subnet-1

I will leave all other settings to their default values.
Fill in the information and click Create a Virtual Account.

You should now see the Network being created.

 

Directory

Login to the Azure Management Portal and navigate to Directory. You should see the default directory being created. For the purpose of this PoC this will be enough.

At this point we have reconfigured the following Azure items:

 

Powershell Host Setup

Installing the Azure PowerShell Module

Install the Azure PowerShell Module you downloaded earlier. Open a PS console and make sure you can see the Azure cmdlets:

 

Configure the Certificate Authentication Method

The Azure module includes cmdlets that help you download and import the certificate.

  • The Get-AzurePublishSettingsFile cmdlet opens a web page on the Azure Management Portal, from which you can download the subscription information. The information is contained in a .publishsettings file.
  • The Import-AzurePublishSettingsFile imports the .publishsettings file for use by the module. This file includes a management certificate that has security credentials.

Run the Get-AzurePublishSettingsFile cmdlet and sign in to the Azure Management Portal using the credentials for your Azure account:

Get-AzurePublishSettingsFile

When prompted, download and save the publishing profile and note the path and name of the .publishsettings file. This information is required when you run the Import-AzurePublishSettingsFile cmdlet to import the settings.

Type a command similar to the following, substituting your Windows account name and the path and file name for the placeholders:

Import-AzurePublishSettingsFile "C:\Users\Administrator\Downloads\Free Trial-11-9-2015-credentials.publishsettings"

 

View Account and Subscription Details

You can have multiple accounts and subscriptions available for use by Azure PowerShell. You can add multiple accounts by running Add-AzureAccount more than once.
To get the available Azure accounts, type:

Get-AzureAccount

To get your Azure subscriptions, type:

Get-AzureSubscription

 

CredSSP Configuration

Depending on the authentication method you are using (Azure AD, Certificate) , the Azure Active Directory Domain and if you are planning to use Single-Sign On you might or might not need to enable CredSSP on the PowerShell host form which you will run the Azure cmdlets.

For the purpose of this PoC and to meet the company requirements we have identified earlier we do not need CredSSP configured on the PS Host

If you need to configure CredSSP to use with vRO , visit Using CredSSP with the vCO PowerShell Plugin

 

Azure and vRO Integration

The PS Script

In order to create a VM in Azure we need to identify and include in our PowerShell script the following:

  • Select an Azure image to be used for the deployment.
  • Create an Azure VM Configuration object (New-AzureVMConfig) . here is where you select the isntnase size and image to be used.
  • Add a provisioning configuration to an Azure virtual machine (Add-AzureProvisioningConfig). Here is where you specify the user to be created and the associated credentials to be set.
  • Define a subnet list for an azure virtual machine (Set-AzureSubnet). The subnet must be in the acceptable range that we have identified when we created the Azure Network earlier. 
  • Add a data disk to virtual machine (Add-AzureDataDisk)
  • Set the static VNet IP address information to a VM object (Set-AzureStaticVNetIP)
  • Create new Azure VM (New-AzureVM)

The following script will be called from vRO to create a VM in Azure:

$Images = Get-AzureVMImage ; $myImage = $Images[4] ; $myVM = New-AzureVMConfig -Name "CloudVM01" -InstanceSize ExtraSmall -ImageName $myImage.ImageName | Add-AzureProvisioningConfig -Windows -AdminUsername Administrator2 -Password VMware1! | Set-AzureSubnet "Subnet-1" | Set-AzureStaticVNetIP 10.0.0.101 | Add-AzureDataDisk -CreateNew -DiskSizeInGB 10 -DiskLabel "DataDisk10" -LUN 0 ; New-AzureVM -ServiceName VmwareCloudService01 -vNetName "Subnet-1" -VMs $myVM

The script will

  • Use a Windows image to create the VM.
  • Create an Azure VM with the name CloudVM01 , deployed in a ExtraSmall instance.
  • Will create Administrator2 account and assign a password VMware1!. Note that you cannot use the default Administrator name.
  • Will assign a static ip of 10.0.0.101 to the VM.
  • Will add a data disk with size 10 GB

vRO has a strange way of handling some switch callouts. In some situation when you explicitly call out a switch name you might receive error similar to the following:

[2015-11-09 14:49:26.702] [I] PowerShellInvocationError: Errors found while executing script
System.Management.Automation.ParameterBindingException: A positional parameter cannot be found that accepts argument ‘Subnet-1’.

The fallowing are two examples where I’ve seen the error:

  • When calling from vRO [Set-AzureSubnet -SubnetNames "<SubnetName>"] and not [Set-AzureSubnet "<SubnetName>"]
  • When specifying [New-AzureVM -ServiceName "<CloudServiceName>"] and not [New-AzureVM -ServiceName <CloudServiceName>]

 

Testing vRO VM creation in Azure

Login to the Azure Management Portal and navigate to Virtual Machines.
Make sure not machines are deployed.

Login to vRO and run the [Invoke a PowerShell script] workflow.
Select the PS host which also has the Azure cmdlets installed.
Use the following script to create the VM:

$Images = Get-AzureVMImage ; $myImage = $Images[4] ; $myVM = New-AzureVMConfig -Name "CloudVM01" -InstanceSize ExtraSmall -ImageName $myImage.ImageName | Add-AzureProvisioningConfig -Windows -AdminUsername Administrator2 -Password VMware1! | Set-AzureSubnet "Subnet-1" | Set-AzureStaticVNetIP 10.0.0.101 | Add-AzureDataDisk -CreateNew -DiskSizeInGB 10 -DiskLabel "DataDisk10" -LUN 0 ; New-AzureVM -ServiceName VmwareCloudService01 -vNetName "Subnet-1" -VMs $myVM

Click Submit.

After a moment the WF should finish and you might receive output similar to the following:

Login to the Azure Management Portal and navigate to Virtual Machines.
You should see the VM being deployed.

 

References

To learn more on how to install and configure Azure, visit
How to install and configure Azure PowerShell

Final Step

If all went well, go grab a beer.

DISCLAIMER; This is a personal blog. Any views or opinions represented in this blog are personal and belong solely to the blog owner and do not represent those of people, institutions or organizations that the owner may or may not be associated with in professional or personal capacity, unless explicitly stated. Any views or opinions are not intended to malign any religion, ethnic group, club, organization, company, or individual.
All content provided on this blog is for informational purposes only. The owner of this blog makes no representations as to the accuracy or completeness of any information on this site or found by following any link on this site. The owner will not be liable for any errors or omissions in this information nor for the availability of this information. The owner will not be liable for any losses, injuries, or damages from the display or use of this information.
Photos
Unless stated, all photos are the work of the blog owner and are licensed under a Creative Commons Attribution-NonCommercial-NoDerivs 3.0 Unported License. If used with watermark, no need to credit to the blog owner. For any edit to photos, including cropping, please contact me first.
Recipes
Unless stated, all recipes are the work of the blog owner and are licensed under a Creative Commons Attribution-NonCommercial-NoDerivs 3.0 Unported License. Please credit all recipes to the blog owner and link back to the original blog post.
Downloadable Files
Any downloadable file, including but not limited to pdfs, docs, jpegs, pngs, is provided at the user’s own risk. The owner will not be liable for any losses, injuries, or damages resulting from a corrupted or damaged file.
Comments
Comments are welcome. However, the blog owner reserves the right to edit or delete any comments submitted to this blog without notice due to
– Comments deemed to be spam or questionable spam
– Comments including profanity
– Comments containing language or concepts that could be deemed offensive
– Comments containing hate speech, credible threats, or direct attacks on an individual or group
The blog owner is not responsible for the content in comments.
This policy is subject to change at anytime.

Leave a Reply

Your email address will not be published. Required fields are marked *