Stuff about vCloud Automation Center [6.0] (2/5)


System-wide Roles

  • System Administrator
    • Installs vCAC
    • Manages tenants
  • IaaS Administrator
    • Manages endpoints and credentials
    • Creates fabric groups
  • Fabric Administrator
    • Manages physical and compute resources within a fabric group
    • Manages reservations and reservation policies
    • Manages build profiles and machine prefixes

Tenant Roles

  • Tenant Administrator
    • Manages and configures the tenant
    • Manages users and groups
    • Manages catalog services
    • Manages entitlements
    • Creates approval policies
    • Manages blueprints
  • Service Architect
    • Creates custom service blueprints and publishes them in Advanced Service Designer
  • Approval Administrator
    • Creates and applies approval policies

Business Group Roles

  • Business Group Manager
    • Manage machine blueprints, items and entitlements
    • Is able to monitor resource usage
  • Business User
    • Request services
  • Support User
    • Is able to perform tasks in the name of others
  • Approver
    • Approve requests

It is important to understand that privileges are not inherited from a higher to a lower level. So by default a system administrator does not have privileges within a tenant.

By the way: just because there are that much roles, you don’t have to use all of them – keep it simple!


The fabric is the sum of all resources collected by endpoints. For resource provisioning the fabric is partitioned in fabric groups. Fabric groups are created within a tenant. These groups consume resources out of the fabric. So the group is within a tenant but the resources itself are not directly attached to the tenant.

Global Machine Prefix

  • Provides a kind of failback for VM naming, in case there is no naming configuration within workflows
  • In every business group a default machine prefix is defined

Business Group

  • Is a group of services and resources that is associated with organisation unit/department
  • It is created by a tenant administrator
  • Business group manager can see machines in business group and can manage group blueprints
  • Users can see (published) blueprints in service catalog
  • Machines will be deployed on business groups


Do not mix up reservation in vSphere and reservation in vCAC, they are not related to each other! In vCAC reservation is more like a commitment than a guarantee! Reservation in vCAC can be seen as a maximum.


“A machine blueprint is a complete specification for a virtual, cloud, or physical machine that defines resources, attributes, policies, and method of provisioning for the new system”

There are different kind of machine blueprints to deploy different types of machines. Each consists of a different set of parameters.

  • Cloud
  • Physic
  • Virtual
  • Multimachine

To enable users to request a machine out of a blueprint, it has to be published

Configuration of blueprints

Blueprint Information
  • Blueprints can be a Master so it can be copied by a tenant administrator
  • It can be shared across all business groups
  • Location information can be displayed on request
    • Location are defined in C:\Program Files (x86)\VMware\vCAC\Server\Website\XmlData\DataCenterLocations.xml
  • Reservation policy
  • Archive Period: Number of days a expired machine can be reactivated. Zero means the machine will be deleted upon expiration. Expired machines get archived; after archive period it will be deleted.
  • Daily cost for basic charge management
Build Information (options vary by type of blueprint)
  • Type of machine (Server, Desktop or Hypervisor)
  • Action to create the machine; here are for example the actions for vSphere:
    • Create
    • Clone
    • LinkedClone
    • NetApp FlexClone
  • TIP: If the snapshot of the selected LinkedClone-Master is not visible for selection, perform a Data Collection on the compute resource!
  • Provisioning Workflow
    The selection depends on the type of machine (cloud, physical, virtual), the OS and the action to create
  • Customization spec to provide an answer file during provisioning (case sensitive!)
  • Machine resources
    Specified by a rang from minimum to maximum. Values within minimum and maximum can be requested for approval.

Additional machine information can be set. These information can be used in workflow during provisioning. More of custom properties in part 3 of this series.

  • Possible actions can be selected. It can be used as kind of permissions.
  • As good practice: do not customize permission in blueprint; customize them in service catalog as item actions. Otherwise troubleshooting will be difficult because you can add item actions in service catalog that are disabled in blueprint.

Multimachine Blueprints

  • Combination of more than one blueprint
  • Can combine different types of machines
    • Cloud
    • Physical
    • Virtual
  • There are different settings compared to other type of blueprints. Additional are:
    • Startup and shutdown order
    • Network settings: transport zone, network profile and reservation policy
    • scripting: defining provisioning-, startup-, shutdown-scripts

Service Catalog

A table of blueprints that can be presented to user for requesting. Users can deploy machines out of these blueprints organized in Service Catalogs.

  • The word “service” could be misleading. Here services are a list of options a user can select of. Services can be:
    • Machine blueprints
    • Workflows
  • A service consists of catalog entries that could contain for example a blueprint.
  • Change Window
    vCAC will do maintainance tasks within this window
  • Entitlement
    • A user must be entitled to see a service in portal
    • Entitlement includes the definition of allows item actions

Requesting and Deploying Services

  • Depending on the configuration of the blueprint, a user can customize these parameter of a machine
    • Number of machines
    • Number of CPUs
    • Memory
    • Storage
    • Description
    • Reason for the request
    • Custom Properties that are set to PromptUser
  • You can define basic costs for compute and storage resources by using cost profiles
  • A user that requests services can monitor the state of these requests
  • A tenant administrator can/should change the “own by” filter when checking items
  • Entitled users can take allowed item action on machines in vCAC portal. These includes creating snapshots, expire, reset, reprovision, …
  • For multimachine blueprint: actions, settings, and entitlements specified for the multimachine blueprint override settings in the component blueprints. But just for the multimachine!
  • For Snapshots you can use custom properties: Snapshot.Policy.Limit and Snapshot.Policy.AgeLimit to control number of snapshots
  • vSphere VMs can be reconfigured on CPU and memory by users

Leave a Reply

Your email address will not be published. Required fields are marked *