How to configure vRA to work with VMware vCloud Government Service
search cancel

How to configure vRA to work with VMware vCloud Government Service

book

Article ID: 343122

calendar_today

Updated On:

Products

VMware VMware Aria Suite

Issue/Introduction

VMware vCloud Government Service, provided by Carpathia, is a FedRAMP-compliant hybrid cloud service.

This article outlines how to configure VMware vRealize Automation to work with VMware vCloud Government Service.

Environment

VMware vRealize Automation 6.2.x
VMware vRealize Automation 7.0.x

Resolution

Configuring a vCloud Government Service endpoint in vRealize Automation differs from configuring vCloud Director or vCloud Air endpoints in:
  • Endpoint URLs
  • User credentials
  • IP Allowlists

Endpoint URLs

The endpoint URLs are different for vCloud Government Service than for vCloud Air. The URLs for connecting to vCloud Government Service are:
 
LocationUseURL
EastvCloud REST APIhttps://api.east.vcgs.vmware.com/
EastvCloud Connectorhttps://vcc01.east.vcgs.vmware.com/
WestvCloud REST APIhttps://api.west.vcgs.vmware.com/
WestvCloud Connectorhttps://vcc01.west.vcgs.vmware.com/







 
 
 
Note: Carpathia employs an API firewall that blocks some aspects of the vCloud API (such as security/user operations). This does not impact vRealize Automation integration with vCGS, but is useful to note for other API applications.
 

User Credentials

To register vCloud Government Service as a VMware vCloud Director (vCD) endpoint, you must have a user account with permission to access the REST API.

vCGS has two types of users. The first type is a normal user account, which requires two-factor authentication and is used when logging in from a browser. The second type of vCGS user account is the API user, which is independent of normal end-users. API user accounts do not require two-factor authentication and are used only for accessing the API.

vCGS requires a ticket to be opened to create the API user. The username and password are provided for you.
 

IP Allowlists

vCGS blocks API requests by default. To allow API access, Carpathia’s team must allow the IP address of the IaaS DEM server or servers that communicates with vCGS. This is the IP address vCGS sees API requests coming from. Ensure to provide a publicly routable, Internet-connected IP address, and not a NAT or private IP. If you are using a proxy, you must provide the proxy IP address.

To Configure VMware vRealize Automation to work with VMware vCloud Government Service:
  1. Open a ticket to create an API user and allow a public Internet IP

    Open a ticket with VMware Federal support. You are routed to a GSS representative who can open a ticket with Carpathia.

    When opening a ticket, request the API user to be created and provide the IP to be allowed at the same time to expedite the process.

    The information for calling is:

    VMware Federal Support Line: 1-877-VMWARE0 (1-877-869-2370)
    Service ID Number: Provided with your welcome letter (have it ready when you call)
    Order Number: Optional

    Follow the automated instructions and choose Technical Support and Services.

    Request Carpathia to create an API user for REST and vCloud Connector access in the organization (same as the service ID) you are using and to provide the username and password. You should also give them a public IP address and request for it to be allowed in their firewall for API access.

    Note: You can test the account is correct by issuing a POST to /api/sessions at one of the API URLs listed above.
     
  2. Create the vCGS Endpoint

    The vCGS endpoint must be created in vRealize Automation as a vApp (vCloud) endpoint (vCloud Director endpoint for vRealize Automation 7.x).
     
    1. Log in to vRealize Automation as an Infrastructure Administrator.
    2. Navigate to Infrastructure > Endpoints > Endpoints.
    3. Click New Endpoint > Cloud > vApp (vCloud) (vCloud Director for vRealize Automation 7.x).
    4. Enter the required endpoint information:
       
      1. Name: vCGS (or a name that you want).
      2. Address: Enter the vCloud REST API URL listed in the Endpoint URLs table.
      3. Organization: Enter the service ID provided in your welcome letter.
      4. Credentials: Click the ellipsis button to bring up the credentials manager.
         
        1. Click New Credentials.
        2. Enter the credential information:
           
          1. Name: vCGS-API (or whatever you wish)
          2. Username: Enter the API user name Carpathia provided from section 1.
          3. Password: Enter the API user password Carpathia provided from section 1.
          4. Click the green check button to save the new credentials.
          5. Ensure the new credential is still selected, and click OK.
      5. Optionally, configure the proxy server to enable access to the Internet from your internal network.
      6. Click OK to add the new endpoint.
         
  3. Test data collection on the vCGS endpoint to verify the credentials and connection are correct.
     
    1. Navigate to Infrastructure > Endpoints > Endpoints.
    2. Hover over the vCGS endpoint, and click Data Collection from the dropdown.
       

    Data collection starts immediately after the endpoint is created and you see the status:

    Data collection has been requested

    This indicates that the data collection has not started yet, but the workflow is in the queue. After the data collection starts, the status changes to:

    Data collection started on [date/time].

    If data collection fails, go to Infrastructure > Monitoring > Log to see more details about the failure.

For more information about configuring vRealize Automation for vCloud provisioning, see the Iaas Configuration for vCloud Air and vCloud Director Guide.

Additional Information

To be alerted when this document is updated, click the Subscribe to Article link in the Actions box.
For more information, see vCloud API Programming Guide

Powered by Wolken Software