VMware for Cloud Provisioning
- 1 Overview
- 2 Upgrade Instructions
- 3 How it Works
- 4 Provisioning Tasks by Group
- 5 Asset Management Integration
- 6 Requirements
- 7 Activating the Plugin
- 8 Selecting a role for the VMware vCenter integration
- 9 Enhancements
The VMware application for cloud provisioning enables users to request VMware virtual servers through the ServiceNow service catalog. When a user requests a virtual server, Orchestration executes preconfigured approval and provisioning tasks. If the request is approved, Orchestration automatically creates a virtual server from a stored template, configures the virtual machine, and then starts the server. Cloud provisioning is available with the Calgary release.
VMware for cloud provisioning is a feature of Orchestration, which is available as a separate subscription from the rest of the ServiceNow platform.
2 Upgrade Instructions
After you upgrade from an earlier version to the Calgary release, the information in VMware vCenter must be updated. To add data and update the relationships, either run ServiceNow Discovery or discover vCenter details using the discovery utility that does not require the full Discovery product.
3 How it Works
Orchestration in the ServiceNow platform integrates with the vCenter API and adds VMware workflow activities to the existing Workflow application. These activities enable Orchestration to clone new virtual machines from templates, configure virtual machines, and power virtual machines on and off.
4 Provisioning Tasks by Group
Tasks for setting up a virtualization product, provisioning virtual resources, and requesting virtual machines from the service catalog depend on the user group to which you belong.
- Virtual Provisioning Cloud Administrator: Members of this group own the cloud provisioning environment and are responsible for configuring the different virtualization providers used by cloud provisioning. Administrators can create service catalog items from VMware templates and Amazon EC2 images, approve requests for virtual machines, and monitor the cloud provisioning environment using the Service Monitoring Portal.
- Virtual Provisioning Cloud Operator: Members of this group fulfill provisioning requests from users. Operators perform the day-to-day work of cloud provisioning by completing tasks that appear in the Cloud Operations Portal. Operators are assigned to specific virtualization providers and must be technically adept with the products they support.
- Virtual Provisioning Cloud Users: Members of this group can request virtual machines from the service catalog and use the My Virtual Assets portal to manage any virtual machines that are assigned to them.
5 Asset Management Integration
The My Assets plugin creates a new model and model category called VMware Instance. The system creates a new asset for this model when cloud provisioning fulfills a virtual machine request, and then creates a VMware configuration item (CI). The new asset appears in the requester's My Assets portal. When the virtual machine is terminated, asset management retires the asset. The My Assets plugin is automatic for new Calgary instances, but must be activated for upgraded instances.
5.1 Activating the Plugin
Users with the admin role can activate the My Assets plugin on an instance upgraded to Calgary.
|Click the plus to expand instructions for activating a plugin.|
If you have the admin role, use the following steps to activate the plugin.
- All virtual machine templates must contain VMware Tools.
- For Windows virtual machines (VMs), click here to determine whether Microsoft Sysprep is required on the vCenter instance.
- The vCenter user must have proper credentials for cloning, customization, and powering on the virtual machine.
- On Windows 2003 templates, the password for an Administrator must be blank on the base image.
7 Activating the Plugin
This feature requires the Orchestration - VMware Support plugin. VMware for cloud provisioning is a feature of Orchestration, which is available as a separate subscription from the rest of the ServiceNow platform.
8 Selecting a role for the VMware vCenter integration
While configuring ServiceNow to connect to vCenter, you supply credentials for a vCenter user. The user's permissions in vCenter determine which VMware tasks the user can perform in the ServiceNow instance. Based on the role that you select, you can implement one of a variety of levels of permission.
8.1 Administrator role in VMware
The Administrator role provides all privileges available in vCenter. This includes access to every operation that ServiceNow supports plus all of the features that ServiceNow does not use. Using the Administrator role is a simple way to grant a ServiceNow instance full power.
8.2 Full access
It is possible define a role that provides the ServiceNow instance enough access to perform all supported operations without granting full Administrator privileges. With this role, ServiceNow users can run Discovery, view all resources, perform all operations (Start, Stop, Pause, Snapshot, Terminate, VM Modifications), and provision new VMs (including guest customization).
One way to accomplish this is to clone the "Virtual Machine Power User (sample)" role that is provided with vCenter and then edit the role to add the following additional permissions:
- Datastore > Allocate Space
- Network > Assign Network
- Resource > Assign virtual machine to resource pool
- Virtual Machine > Inventory > Create from existing
- Virtual Machine > Inventory > Create new
- Virtual Machine > Inventory > Remove
- Virtual Machine > Provisioning (All in this category)
8.3 Virtual Machine Power user
The "Virtual Machine Power User (sample)" role that is provided with vCenter allows a user to browse the datastore, schedule tasks, and perform many VM operations. The role enables ServiceNow users to run Discovery, view all resources, and perform the Start, Stop, Pause, and Snapshot operations and to perform VM modifications like adding a disk.
This role does not have permission to provision new VMs or to terminate existing VMs.
8.4 Virtual Machine user
The "Virtual Machine User (sample)", slightly less powerful than the Power User role, allows a user to browse the datastore, schedule tasks, and perform some VM operations. It provides enough for ServiceNow users to run Discovery, view all resources, and perform the Start, Stop, and Pause operations.
The role does not have permission to provision new VMs, terminate existing VMs, manage snapshots, or make VM configuration modifications.
8.5 Read-only user
The "Read-only" role allows a user limited read access to the system without any other privileges. The role allows ServiceNow users to run Discovery and view resources.
The role does not have permission to provision new VMs or to run any VM operations.
- The new activities Delete Snapshot, Get VM Events, and Get VM Guest Info are available.
- Configuration of Windows VMs has been updated to support Windows workgroups.
- An alternate IP address can be provided when using an IP pool to select a static IP address.
- DHCP is supported for configuring VMs.
- A cloud administrator can provision VMs to use datastores with the least remaining space sufficient to create the VM.