VCP7-CMA Section 2 Objective 2.1 Create and Manage Tenants

  • Create a new tenant for a given design

VMware Docs link

Out of the box a default tenant named vsphere.local is created, which is accessed via the https://myvraserver.mydomain.local/vcac/ url. You log into the default tenant using the System Administrator role with the username administrator and the password set for the system administrator account during the installation of vRA.

 

Once inside the default tenant you will see the default tenant listed under the tenant section, any  new tenants created will also be displayed here.

dften

All new tenants are created inside the default tenant by the system administrator

 

To create a tenant select new and fill in the details required

danlabtent

click submit and next to proceed to creating a Local User or Users for the new tenant, these local users are specific to the new tenant, you don’t have to create local users at this stage to complete creating the tenant however you wont be able to log into the new tenant if you dont!

If you want to use directory users, you must create the local user(s), assign them/it as tenant and iaas admins, log into the new tenant with the new local user, setup the identity source, log back into the default tenant with the system administrator account, edit the new tenant, add the domain users or groups as the tenant and iaas admins!

Then you will be able to log into the new tenant as a tenant/iaas admin to start the configuration of the new tenant.

user

Assign the roles of Tenant Administrator and IaaS Administrators if required, you don’t have to assign these roles at this time to finish creating the new tenant, however you wont be able to log into the tenant if you dont assign these roles to a local user. Once you have configured an identify source we can come back into the default tenant and add directory users and\or remove the local user(s) from these groups.

roles

It’s important to understand that privileges of the IaaS administrator role are NOT tenant specific. The IaaS administrator role is System Wide, so even though our new local user “danlab” is specific to the danlab tenant, this user has system wide IaaS privileges.

This is because the Infrastructure Fabric is available to all tenants. Depending on how you want your architecture configured you may want an IaaS administrator per tenant to configure endpoints, and have fabric groups per tenant as shown below

multiiaas

However I would say in the majority of vRA architectures it’s more common to see the below with System Administrator, IaaS Administrator and Fabric roles assigned to members of IT within the default tenant with Tenants then having access to that infrastructure via Fabric Groups

single iaas

  • Create, add, and manage local users

Creating local users for a tenant can be done inside the default tenant by the system administrator as described above.

  • Configure administrative access and describe privilege level differences between roles

There are many Roles within vRA, each role having different privileges. 2 roles are system wide  (System Administrator role and the IaaS Administrator role) and having the following provileges

system wide

The remaining roles are Tenant Specific

tenant1

tenant2

tenant3

tenant 4

I would say learning the differences in these roles is very important for the exam, little more than hands on experience will help you with this. For that that are creating a vRA lab to study, you may want to assign yourself “god” permissions. The only way to do that is to create a custom group

Inside the new Tenant, select Administration>Custom Groups> Create a new custom group, give it a Name, Assign ALL Roles to the group, then on the members tab select your local user (or directory account if you’ve already added a directory service)

Once the account is created, log out of vRA and back in for the permission changes to take affect.

godrole

  • Determine the unique URL used to access the tenant

The unique URL is set during the creation of the tenant. When creating my tenant i specified the URL danlab as can be seen below.

danlabtent

So my tenant will be access via

https://myvraserver.mydomain.local/vcac/org/danlab

Note that this is different from the default tenant which is accessed via

https://myvraserver.mydomain.local/vcac/

Assume we created a third tenant named test1 with a URL of test1 and a forth tenant named test2 with a url of test2bob then access would be as follows

default tenant – https://myvraserver.mydomain.local/vcac/

danlab tenant – https://myvraserver.mydomain.local/vcac/org/danlab

test1 tenant – https://myvraserver.mydomain.local/vcac/org/test1

test2 tenant – https://myvraserver.mydomain.local/vcac/org/test2bob

Tools

VCAP6-DCD Beta Exam Experience

It’s been a week since I sat the VCAP6-DCD exam and I’ve been meaning to blog about it since, I’d say the number of people who’ve posted vcap6-dcd experience blogs has already past double figures so if you’ve read them you’re unlikely to get anything new from my post, we’re also approaching the end of the Beta period so I’m not exactly sure how much use this post will be when the exam goes GA.

With that said, I feel I can add some value by providing some study material for those prepping to take the exam when it does go GA and also by providing some hope to those wanting to obtain VCIX status but are worried that their lack of design exposure may affect their chances of passing the VCAP6-DCD.

From what I can make out from twitter & blog bios, nearly all who have sat the VCAP6-DCD beta are from an architecture background, I’m not. I’m an escalation engineer at VCE so while my role is heavily VMware focused its not design focused, I’ve been an OPS guy for the majority of my career. That’s not to say I haven’t designed a VMware environment, I’ve implemented many out of the box environments in my time which obviously have required design decisions, it’s just those decisions have never manifested themselves the way VMware present them in the exam or more importantly, I’ve never had to represent those decisions the way VMware would expect them to be presented in the exam!

I’d like to think I have a deep understanding of vSphere, I’m a VCAP5-DCA a VCP4 & VCP5, I felt comfortable that my knowledge & understanding meant I wouldn’t struggle on a technical level & the only thing I would probably struggle with would be implementing a design mythology & how to represent my designs & decisions the way VMware expects using the tool provided in the exam.

I’ve been interested in progressing to VCDX ever since I passed my VCAP5-DCA so I’ve been looking into design mythologies such as TOGAF which I hoped would at least be of some assistance.

The exam was made up of 31 questions, a mixture of design questions & drag and drop. The design questions varied in complexity which of course meant they took varying times to complete.

At times I was frustrated by the limited instructions provided to complete a design task which meant with questions I could adequately answer in a real world scenario I wasn’t convinced that my representation would be marked as correct when it came to the exam.

This wasn’t down to limitations with the Visio style tool which I found functional & responsive all the way through the exam, it was my lack of exposure to design representation.

With that said, I completed the exam with 40 minutes to spare. I’m not the kind of guy to second guess & finished the exam after ensuring I’d answered every question. I left feeling that the exam was passible, whether I’ve done enough this time around or whether I have to reseat it I don’t know.

I’ve yet to get my results & I won’t until the DCD goes GA, so as yet I don’t know if I’ve passed but I’d say my score is likely to be in the high 200s or the low 300s (assuming they still mark VCAP exams out of 500)

Overall I really enjoyed the exam experience, what separates the VCAP from any other exams I’ve taken is there’s no real way to “guess” your way through, so there’s a real sense of achievement if you pass. I think this helps ensure you don’t cut corners when it comes to revision, you put in the hours and you become better at your job as a result… whether you pass or not!

I’ve detailed how I approached the exam in a separate blog post here, it’s more of a reference guide than a study guide but hopefully some of you may find this useful.

If anyone is reading this blog and thinking of taking any of the VCAP exams I’d thoroughly encourage them to do so, I’m already studying for the VCAP6-NV Deploy exam (I’m hoping to become a VCIX-NV before the design requirement is added to the pre-reqs, lazy I know!)

After that I’m going for VCIX-CMA, I’m hoping to finish all of these by the end of 2016, a tad ambitious when I don’t even know if I’m a VCIX6-DCV yet!!

I may end up being a bit top gear… ambitious but rubbish!!

 

 

VMware VCIX 6 Exam Details Released

Rejoice details on the VCIX 6 exams for Data Centre Virtualization & Cloud have finally been released!

I’d originally held off sitting the VCAP-DCD 5 exam back in Feb 2015 (im already a VCAP-DCA holder) as the VCIX 6 exams were supposedly imminent, that wait is finally over and study can begin in earnest.

Details of the beta have been posted on VMwares blog site in 3 parts here

Part 1 – https://blogs.vmware.com/education/2015/12/vcix6-certification-announcement-part-1-of-3.html

Part 2 – https://blogs.vmware.com/education/2015/12/vcix6-certification-announcement-part-2-3-updated-structure-paths.html

Part 3 – https://blogs.vmware.com/education/2015/12/vcix6-certification-announcement-part-3-of-3-exam-guides.html

Exam registration is expected early to mid-January with first beta appointments in late January.

However, questions still remain on the prerequisites for the VCIX/VCAP6 exams.

It isn’t clear whether VCAP5 holders can jump straight into upgrading to VCIX

or whether they first need to sit and pass the VCP6 exam.

Blog post part 2 states the following

“From VCAP5 Administration to VCIX6 → Earn the VCAP6 Design certification by passing the VCAP6 Design Exam”

“From VCAP5 Design to VCIX6 → Earn the VCAP6 Deployment certification by passing the VCAP6 Deployment Exam (lab)”

However the official exam guide states

“Candidates are required to obtain a valid VMware Certified Professional 6 certification prior to attempting this certification”

Personally I feel the VCP6 cert should only be a pre-req for non VCAP holders, hopefully when the new VCIX sites go live things will become clearer…

For now, I’m concentrating on bringing up my lab & study, I’ll update this blog when the prerequisites become a little clearer…