If you're a VMware customer you already have VMware Realize Orchestrator. VRO is a powerful, low code platform that can run orchestration workflows to knit together integrations through your entire environment. It's often seen as a sort of on-premises version of the Azure Logic App platform.
If you're also on Alemba Service Manager, then you have an extremely capable ITSM platform, underpinned by a powerful business automation engine that can work with VRO. You have everything already in place to do some some seriously best-in-class business automation and integration. Customer requests are submitted via smart forms from ASM's integrated self-service portal, then pushed into reportable request workflows that seamlessly work with ticketing, Service Levels, CMDB, and Asset Management.
That is - if you know how to pull it all together. That's what this article is about.
VMware vRealize Orchestrator
vRO is an orchestration solution that's provided for free under VMware's vCenter licensing. However, many organisations aren't aware of vRO's capabilities - or in some cases, that it's already available to them at all. Business automation and integration projects have significant technical dependencies. If vRO is already available then you already have a head start.
In VMware's own words:
vRealize Orchestrator is drag-and-drop workflow software that simplifies the automation of complex IT tasks.
vRO provides an advanced workflow engine that allows you to perform scripted actions using JavaScript alongside hundreds of plug-ins to different tools and technologies. These powerful plug-ins present complex technical activities as simple, easy-to-consume functions. Some examples of the plug-ins available include:
Active Directory - the vRO Active Directory plug-in allows you to create, modify and delete users, computers, groups and OUs, add and remove users and computers from groups and also provides extensive AD search functionality using LDAP search filters.
HTTP-REST - RESTful APIs are standard for most modern applications; this plug-in can be used to connect with applications such as SAP, Azure & DevOps and even ASM itself, plus thousands more.
PowerShell - PowerShell is an indispensable tool for automating many Microsoft applications, such as Exchange, Office 365, Skype for Business and SCCM.
SQL - the SQL plug-in lets you run queries on any available SQL database; you can retrieve and update data; as an example, at Lida we've used it to convert SQL blobs into image files for uploading to Active Directory profiles.
vCenter - with the vCenter plug-in you can create and delete virtual machines, add CPU, memory and disk, take and restore snapshots, vMotion and Storage vMotion virtual machines, install and upgrade VMware Tools, and much more.
Azure - the Azure plug-in allows you to perform many standard Azure functions, such as creating and deleting virtual machines, resource groups, virtual networks and subnets.
Alemba Service Manager
Alemba Service Manager (ASM) comes prepackaged with a wide range of out-of-the-box connectors that make integration with third party systems relatively straight-forward. Many of these are built around pulling data out of a 3rd party system and into the ASM Configuration Management Database (CMDB). This is critical for ensuring that reliable, up-to-date configuration data is available to the system, and is a key success factor for automation.
If you want to take the manual steps out of your process, you need to be confident in the accuracy of the data going into your automation; if you start with bad data, automation is just going to help you make a bigger mess more quickly. So connectors for tools like Altiris, LanDesk, SCCM and Active Directory are absolutely essential for building a strong automation foundation.
In addition to CMDB-focused integration workloads, ASM features connectors which simplify the performing of actions in 3rd party systems, such as the External Process Connector which allows you to run executables, the Atlassian JIRA Connector for maintaining a sync between vFire tickets and Jira issues, and the vCloud Director Connector for automating within the VMware world.
One of the connectors that is generally not well understood but is potentially very powerful, is the vRealize Orchestrator connector.
At one point in its long history ASM was actually owned by VMware, when it was known as VMware Service Manager. The purpose of this acquisition was to take advantage of ASM's first-class self-service capability, as VMware lacked a customer facing web portal. A major legacy from that time is ASM's vRO Connector, which has been taken and enhanced by Alemba over the intervening years.
The ASM vRO Connector serves two very useful purposes.
ASM and vCenter integration
Firstly, the connector can pull vCenter entities such as virtual machines, virtual apps, datacenters, datastores, networks, resource pools, files and folders, directly into the ASM CMDB. These can then be used to log incidents, events, service requests and change requests against, serving as the perfect data source for subsequent outgoing automation activities.
Utilising the vRO connector from ASM opens up many possibilities for end-to-end automation. To illustrate this, consider a provisioning request example in which a customer wants to add an extra 8Gb of RAM to a virtual machine:
first, the customer accesses the ASM self-service portal, and accesses a "modify server" service request
they enter their requirements into a smart form:
first, they use a search field to find the virtual server they wish to modify
once found, the server's current specs are displayed - these are loaded in from the ASM CMDB
next, they select "8Gb" from the "Add RAM" dropdown, and submit
the request is then routed through ASM's automated workflow platform which sends an email approval to the relevant manager
once approved, the vRO connector executes a command to add 8Gb of RAM to the selected server, without the need for human intervention
Automating Active Directory (AD) tasks
Due to its wide array of no-code connectivity options and orchestration workflows, coupled with the ability to execute JavaScript, PowerShell and bespoke executables for more finely grained control, vRO provides integration capabilities that go far beyond the VMware stack. Whether intended by the vRO designers or not - the possibilities are limited only by the tools and technologies available.
We present an example here of a solution that LIDA have implemented many times for clients seeking to realize rapid improvements in Active Directory (AD) management. IT teams often experience a significant backlog for tasks related to ongoing maintenance of Active Directory entities. Fortunately, it's also one of the easiest activities to automate.
In this example we demonstrate how to automate Active Directory tasks that are still performed manually in many organisations such as:
add a user to an AD email distribution group
managing user access to applications
setting local administrator roles and permissions
granting internet access
Create a vRO workflow
The step is to create a workflow in vRO. In most cases - when executing vRO from a dedicated workflow engine - we can keep the vRO workflow relatively simple. In this example we're using ASM's advanced workflow automation platform to perform vRO orchestration via the dedicated connector. So all we need is a start task, an end task, an exception task, and a 'scriptable task', that will hold JavaScript code to perform the task.
The result is a very simple workflow that looks like this:
Within the Scriptable task we use the inbuilt functions searchExactMatch() and addElements() from the AD plug-in to take userName and groupName as input parameters. These will be passed from the ASM workflow. The code is shown below:
var users = ActiveDirectory.searchExactMatch("User",userName);
var groups = ActiveDirectory.searchExactMatch("UserGroup",groupName);
groups[0].addElements(users);Calling vRO from Alemba Service Manager
By using the connector provided by Alemba it is possible to call vRO workflows from either Calls or Service Requests. In this example we're using a Service Request, backed by Alemba's workflow automation platform.
First, connect ASM to vRO - steps are provided here
Next, create a simple ASM workflow consisting of a start task, an end task, an outbound action task and a manual failure task (these will route manual tasks to teams should the automation fail for some reason). A simple example is shown below:
A real world workflow would contain additional tasks to capture approvals, points at which the Service Level Agreement clock will stop and start, and email updates to the customer detailing progress.
Configuring the ASM Outbound Action Task
Finally, configure the Outbound Action Task in Alemba Service Manager so that it can pass through the user and group names as parameters, and run the vRO workflow.
To do that, open the Outbound Action Task, go to the Mapping Details section and select the vRO source.
A list of 'Actions' will populate, which correspond to the vRO workflows that are available. Select the new workflow and click Add.
ASM will display a list of all the parameters that can be passed for that workflow. Map each vRO input parameter to its ASM field. See below:
Save the workflow and submit the request in ASM. The vRO workflow will run, and if successful, the request will close - the user is now in the AD group, with no manual work required.
If it fails, ASM will generate a task, route it to the appropriate team, who can investigate the issue, and (if needed) perform the work manually, as before.
If you'd like a hand in getting started on your automation journey, you can always drop us a line.