vRealize Automation – Changing a Virtual Machine’s Business Group in 7.2 and 6.x

Changing business groups in both vRealize Automation v6 and v7 is a common task and below demonstrates how to automate the process. Luckily, VMware provides an out of the box vRealize Orchestrator workflow solution in both vRealize 6.x and 7.2, however, the workflow you need to use in both versions is different. Let’s have a look:

vRealize Automation 7.2

As of v7.2, we have a new workflow that changes the business group of the IaaS virtual machine entity as well as the CAFE deployment entity. The virtual machine entity is still part of the IaaS model, however, the deployment is a CAFE entity and therefore there are a few things you need to be aware of before changing the business group. We’ll cover those later. However, here is a screenshot of the workflow that you need to use:

The workflow you need to run to change business group can be found in the following location, noting this is under the Library folder:


You need to provide the following inputs:

Screen Shot 2017-01-28 at 16.56.39.png

There are a few things to be considered.

1 – The owner of the virtual machine must also be a member of the target business group. The business group is determined based on the reservation you select. If the user is not a member of the target business group, the virtual machine IaaS entity business group will get updated, however, the deployment CAFE entity business group entity will not get updated, leaving you in a position where the 2 entities that are out of sync. If this is the case, your my items will be out of sync as the deployment will still appear under the original business group but the virtual machine will appear under the new business group.

2 – You may have more than one Virtual Machine within the deployment so make sure you update all virtual machine entities within the deployment.

3 – This workflow is not available prior to version vRealize Automation 7.2, although if you need it, contact VMware GSS support as they may be able to help you get your hands on a fix. Or, better still upgrade to vRealize 7.2.

Based on the above, one way I would implement this solution would be to create a day 2 operation on the deployment CAFE entity. Then you can do a couple of things as follows:

1 – Check that the owner of the deployment is a member of the target business group. If not, flag this on the day 2 XaaS form.

2 – Get all virtual machines that are part of the deployment so you update all virtual machines which are part of the deployment.

That’s it but you can enhance the custom day 2 resource operation if you need to.

vRealize Automation 6.x

In my opinion, it is slightly easier to update the virtual machine business group as we don’t have to worry about the CAFE deployment as the entity doesn’t exist in vRA 6.x. We do have MMBP, but this is part of the IaaS model which can be updated. This post just concentrates on single machine blueprints. The workflow you need to run to change business groups can be found in the following location, noting this is under the Library folder:

Screen Shot 2017-01-28 at 17.12.29.png

You can just run the import vCAC Virtual Machine and you can rerun this over an over again. It won’t register the machine multiple times but just update the business group based on the following inputs:


You can see there are few more options to supply in vRA 6.x. You can also make this a day 2 operation by wrapping this workflow around another workflow as you can see the actual code that changes the business group is this:


Where vm is a vCAC:VirtualMachine type. You can see this in the ‘start register workflow‘ scripting element.

You can see the requirements parameters using the API library, but here’s a screenshot of what you need:


That’s pretty much it. Happy Business Group Automating.

vRealize Orchestrator 7 VAPI vSphere tags workflow

I created a workflow using the VAPI plugin to assign vSphere tags to a VC:VirtualMachine object.

You will need to import the package, then configure VAPI with your vCenter endpoints by following these instructions:

1 – Run the Import VAPI metamodel workflow

2 – Run the Add VAPI endpoint workflow

Both workflows take the same inputs, but you must run the workflows in that order. Screen shot of inputs as follows:

Screen Shot 2016-07-19 at 22.56.04


Once you have configured your VAPI endpoints, download the following package from github


Import the package and then the following workflows and actions.

Screen Shot 2016-07-19 at 23.02.25

Screen Shot 2016-07-19 at 23.03.11

Run the Add tag to VC vm workflow (highlighted in the package screen shot above), and as long as you have configured VAPI endpoints, you can add vSphere Tags and vSphere Categories to a VC:VirtualMachine object.


  • The vCenter Virtual Machine is the VC:VirtualMachine object
  • The VAPI Endpoint drop down list should contain all your VAPI endpoints
  • The Create new Tag Category allows you to create a new Category
  • The Tag Category displays existing tag categories configured on your VAPI Endpoint
  • The Tag Name is the name of the tag you wish to create
  • The Tag description is the description and is optional

Code is more of an example, as I found the OOTB VAPI plugins for tags pretty limited. You can move the input parameters to attributes as desired and pass in values for the tag name using maybe an API call to a SNOW or CMDB to get values for your tag name.

Any issues, send in a comment.


Deploying a VM to vCloud Director using API and Python


Further to my other post about getting started with vCloud Director API using Python, I thought I would write down how I deployed a VM to a vApp.

Once you have got a login function working by obtaining the x-vcloud-authorization token, you need to use the recomposeVApp REST API call, which as outlined by the documentation is done by using appending this URI, /vApp/{id}/action/recomposeVApp, to your endpoint. NOte, your endpoint is your API URL.

Here is my example code, which can be found on my github account, https://github.com/oliverleach/vcloud-autodeploy/blob/master/vCloudDeployVm.py

def recompose_vapp(self):

    post_headers = self.headers

    xml = """<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
              <Description> "api deployed vm" </Description>
                  <SourcedItem sourceDelete="false">
                      <Source href="%s"/>
              </RecomposeVAppParams>""" % (self.vapp_template)

    post = requests.post(self.vapp + '/action/recomposeVApp', data=xml, headers=post_headers)
    result = ET.fromstring(post.text)

Firstly, you can see I am setting the post_headers value to self.headers – these headers include the x-vcloud-authorization token. You also need to add the content type which is outlined in the documentation. It just tells the API what XML to expect, which in this case is recomposeVAppParams+xml.

Next, I have specified the XML file and I’ve cut down what I have specified and kept it simple. The only thing I have provided is the vapp_template value, which is something I have obtain earlier in my API script.

Finally, I then post this request as shown again below:

post = requests.post(self.vapp + '/action/recomposeVApp', data=xml, headers=post_headers)

Here I am using the python requests library and adding the required parameers, which in cludes the self.vapp URL, again obtained earlier in my API script, which appends /action/recomposeVApp. I then provide the XML which is contained in the function and add the post_headers.

You need to look at the whole API script to understand how I have built up the post request, including how I have obtained the various requirements such as vapp href and the vapp_template href.

Please do post a comment if you would like more info or use the contact me link on my blog.

Happy scripting. 🙂

Getting started with the vCloud Director API with Python


I have been working closely with vCloud Director from a front end point of view as one of our customers wanted to leverage our public cloud offering. I wanted to show them the power of the API and I decided to use Python as the scripting language of my choice to script some API calls. Now there is one problem I faced straight away which is there is no vCloud SDK for Python. What does this mean? Well, an SDK provides a library that you can leverage which makes vCloud API calls easier. So was the only other option was to use the REST API provided by vCloud. This is fine, but it just means more work rather then use something that someone else has written to make your life easier.

Just for the record, there are SDK’s for vCloud for DOT NET, Java and PHP.

So the first thing to understand is the documentation – you need to understand how it’s laid out and how to find what you want to do. Easier said than done. There are loads of goods resources here but I have listed a few to start with:

vCloud Dirtector API reference documentation

Exploring the vCloud Director API

Once you have muddled through the API documentation, you need to use a Python library that will interact with HTTP. I used the great Python Requests library rather than HTTPLIB2. I find it much easier to use, more simple and cleaner to understand.

The next thing to do is to build a login function. Here is my snippet of Python code:

class vCloud_Deploy(object):

    def __init__(self):

        self.login = None
        self.headers = None
        self.endpoint = None
        self.org = None
        self.root = None

    def sessions(self, username, org, password, key, secret, endpoint):

        self.endpoint = endpoint

        self.login = {'Accept':'application/*+xml;version=5.1', \
            'Authorization':'Basic '+ base64.b64encode(username + &quot;@&quot; + org + &quot;:&quot; + password), \
            'x-id-sec':base64.b64encode(key + &quot;:&quot; + secret)}

        p = requests.post(self.endpoint + 'sessions', headers = self.login)

        self.headers = {'Accept':'application/*+xml;version=5.1'}

        for k,v in p.headers.iteritems():
            if k == 'x-json':
                access_token_value = 'Bearer %s' % v[21:57]
                if k == &quot;x-vcloud-authorization&quot; : self.headers[k]=v

The public cloud I was working with needed 2 forms of authentication. The first authentication mechanism was to send an api and secret key in a base64 encoded URL. This bit doesn’t really matter as it’s not part of the vCloud Director authentication mechanism but merely an added layer of authentication provided by the company I work for. What is important is logging in to the vCloud Director API and for this, you need to get the x-vcloud-authorization header value. This is then passed in when ever you call other vCloud APIs. This is your token.

You can see above that I am requesting a login and once I have passed in all the headers I need to for the inital login request, if it is successful I then look at the headers returned. I iterate through all the headers and find the x-vcloud-authorization header and its value and then add this information to my self.headers. Whenever I call another API, I just use the self.header which contains a valid x-vcloud-authorization token. The point here, is once you have the login function set up and working, you’ve gone a long way to then starting to use the API. Get this sorted and your in basically.

So now you can start with some simple get requests. Here is an example function that gets the org URL. This tacks on to the script snippet above.

    def org_url(self):

        g = requests.get(self.endpoint + 'org', data=None, headers = self.headers)
        root = ET.fromstring(g.content)

        for child in root:

            self.org = child.get(&quot;href&quot;)

            g = requests.get(self.org, data=None, headers = self.headers)
            self.root = ET.fromstring(g.content)

            return self.org

In my python class constructor, I have set up various parameters I need when using the API. This includes my endpoint which is something you need to know before you use the API.

    def __init__(self):

        self.endpoint = None

So back to the how I get the org URL, you will notice that I have passed the endpoint in my get request, followed by the ‘org’ appended. This essentially gives me the REST API call which gets me the org URL and how this is done can be found in the VMware documentation, see here – http://pubs.vmware.com/vcd-55/topic/com.vmware.vcloud.api.reference.doc_55/doc/operations/GET-Organizations.html. Once I collect the information, I set the self.org value to the HREF org_url. I use the self.org value to specify in future API calls that its this org I want to query or provision to.

This is just a blog, not a how to step by step article. The full version of the script can be found on my github account here – https://github.com/oliverleach/vcloud-autodeploy/blob/master/vCloudDeployVm.py. Get in touch if you have any questions or comments.

vmware tools in Centos 5.x and 6.x


A really boring post, but I want to have this for future records. Here is a manual way of installing vmware tools running on CentOS 5/6

First, import the keys to RPM:

rpm --import http://packages.vmware.com/tools/keys/VMWARE-PACKAGING-GPG-DSA-KEY.pub rpm --import http://packages.vmware.com/tools/keys/VMWARE-PACKAGING-GPG-RSA-KEY.pub

Add the repository to yum by creating file /etc/yum.repos.d/vmware-tools.repo:

cat <<EOT > /etc/yum.repos.d/vmware-tools.repo
name=VMware Tools </span>
#baseurl=http://packages.vmware.com/tools/esx/5.0u1/rhel5/\$basearch baseurl=http://packages.vmware.com/tools/esx/5.0u1/rhel6/\$basearch

Then, install using:

# for non-PAE kernel:

yum -y install vmware-tools-esx-kmods vmware-tools-esx

# for PAE kernel:

yum -y install vmware-tools-esx-kmods-pae vmware-tools-esx

For no X windows:

yum -y install vmware-tools-esx-nox

BUT, here is a puppet manifest that does the job for you 🙂

class vmtools

if $::osfamily == 'RedHat' and $::operatingsystem != 'Fedora' {

yumrepo { 'vmware-tools-repo':
 baseurl => "http://packages.vmware.com/tools/esx/5.0u1/rhel$ {::os_maj_version}/${::architecture}",
 enabled => '1',
 gpgcheck => '1',
 descr => "VMware tools package for ESX 5.0 update 1"


exec { "install GPG-DSA keys":

command => "/bin/rpm --import http://packages.vmware.com/tools/keys/

unless => "/bin/rpm -q gpg-pubkey --qf
 '%{name}-%{version}-%{release} -->
 %{summary}\n' |/bin/grep VMware >
 /dev/null 2>&1"


exec { "install GPG-RSA keys":
 command => "/bin/rpm --import http://packages.vmware.com/tools/keys/

unless => "/bin/rpm -q gpg-pubkey --qf
 '%{name}-%{version}-%{release} -->
 %{summary}\n' |/bin/grep VMware >
 /dev/null 2>&1"

 package { "vmware-tools-esx-nox" : ensure => "installed" }
 } else {

notice ("Your operating system ${::operatingsystem} is not
 supported vmtools to run with this puppet manifest")


vSphere 5.1 review


I recently took time out to review the new features of vsphere 5.1 and this is what I found:

1. Larger and more powerful Virtual Machines

Virtual machines can grow two times larger than in any previous release to support even the most advanced applications. Virtual machines can now have up to 64 virtual CPUs (vCPUs) and 1TB of virtual RAM (vRAM). Why would we want that size of VMs. Well I have never seen a virtual machine that will utilise 64 vcpus, but large applications that run in high performance compute grid networks may just have this requirement and it’s another reason why you would use VMware over the other competitors, XenServer, Hyper-V for example, to run your mission critical intensive application on a the vmware hypervisor.

usefulness : 5/10

2. A new virtual machine format

New features in the virtualmachine format (version 9) in vSphere 5.1 include support for larger virtual machines, CPU performance counters and virtual shared graphics acceleration designed for enhanced performance.

This goes hand in hand with the first feature but notice we have a nice shared graphics acceleration feature. NVIDIA added vSGA (Virtual Shared Graphics Acceleration) that allows the presentation of a physical graphics processing unit (GPU) from the underlying host to virtual desktops guests. By virtualizing the physical GPU, its resources can be allocated and shared across several virtual desktop instances. This provides several different benefits. Using the physical GPU and vRAM frees the underlying CPU and memory from the host to be used for other tasks. Using a GPU for hardware-accelerated graphics also allows customers to provide a more rich and interactive graphical experience across an even broader set of use cases, especially implementation of vmware view.

Usefulness 6/10

3. Storage enhancements

Flexible, space-efficient storage for virtual desktop infrastructure (VDI). A new disk format enables the correct balance between space efficiency and I/O throughput for the virtual desktop.

Usefulness 6/10

4. vSphere Distributed Switch enhancements

Enhancements such as NetworkHealth Check, Configuration Backup and Restore, Roll Back andRecovery, and Link Aggregation Control Protocol support anddeliver more enterprise-class networking functionality and a more robust foundation for cloud computing.

Anything distributed switch is good and useful – it is a great part of the product and really helps define network policies more efficiently, especially when you have large numbers of hosts.

usefulness 7/10

5. Single-root I/O virtualization (SR-IOV) support

Support forSR-IOV optimizes performance for sophisticated applications. SR-IOV is a specification that allows a PCIe device to appear to be multiple separate physical PCIe devices. Here is a great video explain SR-IOV and how resources are assigned to each particular function. This all helps with over performance and with point 1 and larger machines, all feeds back in to the fact that VMware ESX can handle bigger workloads

usefulness 7/10

6. AvailabilityvSphere vMotion enhancements

Leverage the advantages of vMotion(zero-downtime migration) without the need for shared storage configurations. This new vMotion capability appliesto the entire network. This is great – This means you can migrate virtual machines live without needing “shared storage”. In other words you can vMotion virtual machines between ESXi hosts with only local storage

usefulness 10/10

7. vSphere Data Protection changes

Simple and cost effective backupand recovery for virtual machines. vSphere Data Protection isa newly architected solution based on EMC Avamar technology that allows admins to back up virtual machine data to diskwithout the need of agents and with built-in deduplication.  This feature replaces the vSphere Data Recovery product available with previous releases of vSphere.

A great white paper from VMware regarding this: http://www.vmware.com/files/pdf/techpaper/Introduction-to-Data-Protection.pdf

usefulness: 9/10

8. vSphere Replication

vSphere Replication enables efficientarray-agnostic replication of virtual machine data over the LAN or WAN. vSphere Replication simplifies management enablingreplication at the virtual machine level and enables RPOs as low as 15 minutes.

I like this one. Again another feature rich offering from Vmware.

usefulness: 9/10

9. Reduced downtime upgrade for VMware Tools

After you upgrade to the VMware Tools available with version 5.1, reboots have been reduced or eliminated for subsequent VMware Tools upgrades on Windows.

Been a while coming due to the challenges of upgrading locked files within an operating system most probably not the best and easiest to work within when you are VMware. We here and expect some more enhancements coming in the later versions.

usefulness 8/10

10. Additional security enhancements

VMware vShield Endpoint delivers a proven endpointsecurity solution to any workload with an approach that is simplified, efficient, and cloud-aware. vShield Endpoint enables3rd party endpoint security solutions to eliminate the agentfootprint from the virtual machines, offload intelligence to a security virtual appliance, and run scans with minimal impact.

This was once bluelane and its now bundled in the product. It makes a lot of sense when you are running multiple instances of security as you can now limit the overhead.

usefulness: 8/10

11. vSphere Storage DRS and Profile-Driven Storage

New integration with VMware vCloud® Director™ enables further storage efficiencies and automation in a private cloud environment. This is cool – a feature that allows us to DRS storage IO. Not tested in anger but a great performance tool in an already feature rich product.

usefulness: 9/10

12. vSphere Auto Deploy

Two new methods for deployingnew vSphere hosts to an environment make the Auto Deploy process more highly available then ever before. This is my favourite. Stateless and stateful ESXi deployments. Got to be worth a bucket of comfort knowing that whatever happens, the ESXi host will also boot up.

usefulness 10/10

13. VMware vCenter™ Operations Manager Foundation

This enables you to leverage comprehensive views into health, risk and efficiency scores of your vSphere environment infrastructure. Quickly drill down to see what’s causing current workloadconditions, pinpoint potential problems in the future andidentify areas with inefficient use of resources.

usefulness 9/10

14. vCenter Orchestrator

Orchestrator simplifies installation and configuration of the powerful workflow engine in vCenter Server. Newly designed workflows enhance ease of use, and canalso be launched directly from the new vSphere Web Client. vCO is a powerful tool and one that you can do truck loads with – alot of large service providers would use this to prep a machine when it is being provisioned, for example, creating a naming convention, putting this VM in the right container within a management domain, installing management tools . Always a good thing

usefulness 8/10

15. Management using vSphere Web Client

The vSphere Web Client is now the core administrative interface for vSphere. This new flexible, robust interface simplifies vSphere control through shortcut navigation, custom tagging, enhanced scalability, and the ability to manage from anywhere with Internet Explorer orFirefox-enabled devices.

This is a big winner for me. Still we need a windows installer and an operating system to run on but its a big move in the right direction.

usefulness 10/10

16. vCenter Single Sign-On

vCenter SSO is sometimes misunderstood and this is a great step in the right direction. SSO will act as a proxy rather than a authenticator and what I mean by this is that you can now have mulitple directory services configured to authenticate your user on to a vCenter environment. There is a great blog from Arnim Van Lieshout which describes this in more detail – http://www.van-lieshout.com/2013/08/vcenter-single-sign-on-sso-is-an-authentication-proxy/

usefulness 8/10


VMware are still ahead of the game. XenServer is catching up and have a release later on in the year called the Augusta release which has features like dom0 disaggregation and Hyper-V 2012 has all the features now, but as VMware still have a huge foot in the industry, they need to now move up the stack and take more advantage of workflows and the automation features that are possible,


well its a 9/10 for me. Keep up the good work VMware, you really are some software provider who have changed the face of infrastructure.