TASK 2
As a Cloud Administrator you have two tasks to complete:
1. Onboard new interns into vRealize Automation and assign the correct access. The Interns are split into two Active Directory groups, interns-group-a and interns-group-b. The interns-group-a group requires access to Cloud Assembly and the interns-group-b group requires access to Service Broker. The interns should be allocated the most restrictive access available.
2 Assist in resolving issues reported by the following users who do not have the correct access permissions in vRealize Automation. Each user should have the minimum permissions required to fulfill their role:
* A User with logon id appdevuset2@corp.local is only responsible for creating new and deploying from cloud templates in Cloud Assembly.
The following additional information is provided to help complete both tasks:
* IDM URL: https://identity-manager.corp.tocal/SAAS/admin or use bookmark
* IDM System Domain Username: admin
* IDM Admin Password: VMware1!
* AD Organization Unit ON: OU=lnterns.DC=corp.DC=local
* vRealize Automation URL: vr-automalion.corp.local
* Cloud Administrator Username: vca pad mm @corp. local
* Cloud Administrator Password: VMware1!
To complete the tasks as a Cloud Administrator, follow these steps:
Task 1: Onboard New Interns into vRealize Automation
Log in to the Identity Manager (IDM) using the provided URL and credentials.
Navigate toIdentity & Access Management.
UnderEnterprise Groups, find and selectinterns-group-aandinterns-group-b.
Assigninterns-group-awith the role ofCloud Assembly User, which is the most restrictive access for Cloud Assembly.
Assigninterns-group-bwith the role ofService Broker User, which is the most restrictive access for Service Broker.
Ensure that the AD Organization Unit is correctly set toOU=Interns,DC=corp,DC=localfor proper group synchronization.
Task 2: Resolve Access Permissions Issues
Log in to the vRealize Automation URL using the Cloud Administrator credentials.
Go toIdentity & Access Management.
Locate the user with the logon idappdevuser2@corp.local.
Assign this user the role ofCloud Assembly Userto allow creating and deploying from cloud templates in Cloud Assembly.
Verify that the user has the minimum permissions required and does not have any additional roles that exceed their responsibility.
By following these steps, you should be able to onboard the interns with the correct access and resolve the access permissions issues for the specified user. Always ensure to adhere to the principle of least privilege, granting users the minimum level of access necessary to perform their roles.
TASK 6
As the Cloud Administrator for the Saturn Project, you have been tasked to:
1. Create an ABX Action
2. Create a subscription to trigger the action only if the following conditions are met:
a. The Cloud Template is Saturn Ubuntu 18 only.
b The action should fire immediately after the compute resource gets provisioned.
c. The action should trigger only for the current project.
Additional Information required to complete the tasks:
* URL: https://vr-automation.corp.local
* Username: vcapadmin@corp.local
* Password: VMware1!
* Action Name: Saturn-Python-Script
* Python Script Content: "C:\Exam Files\Question 6\Satum Python Script.txt'
* FaaS Provider: On-Prem
* Subscription Name: Execute-Python-Script
To complete Task 6 for the Saturn Project, follow these steps:
Step 1: Create an ABX Action
Log in to the vRealize Automation console athttps://vr-automation.corp.localusing the provided credentials.
Navigate toExtensibility>Actions.
Click onNew Action.
Enter theAction Nameas ''Saturn-Python-Script''.
Select theScripting Languageas Python and theFaaS Provideras On-Prem.
Use theImport Packageoption to upload the content of the Python script from ''C:\Exam Files\Question 6\Satum Python Script.txt''.
Save the action.
Step 2: Create a Subscription
Go toExtensibility>Subscriptions.
Click onNew Subscription.
Enter theSubscription Nameas ''Execute-Python-Script''.
Set theEvent Topicto trigger after the compute resource gets provisioned, which is typically the ''Compute Provision'' event.
Define theConditionsfor the subscription:
The Cloud Template is ''Saturn Ubuntu 18'' only.
The action should trigger only for the current project.
Save the subscription.
Ensure that the conditions for the subscription match the exact criteria needed for the Saturn Project. The action will now be triggered automatically under the specified conditions after the compute resource is provisioned.
TASK 12
As the Cloud Administrator, you have been tasked to update the Atlas App cloud template in the Atlas project. Perform the following tasks:
1. Edit the existing cloud template Atlas App. such that it is a multi-tier application that meets the following requirements:
* 2 Web servers
* 1 Database server
* The Database server is always built before the Web servers
* 2 NSX Networks:
o The first network should use the NAT feature
* Resource Name: external
* Second network should be an existing network
* Resource Name: internal o All networks should be restricted to use only the Atlas project networks
o The internal network should be restricted to use only the nsx-atlas-existing NSX network
* Both the web and db VMs should be connected to the internal network
2. Add an NSX load balancer to provide access from the outside to the two Web servers:
* Resource Name: IbWeb
* Port: 443
* Protocol: HTTPS
3. Assign an existing Security Group to the Web servers:
* Resource Name: sgWeb
* Instances: Web Sewers
* Constraint Tag Key: sg
* Constraint Tag Value: atlasweb
To update the Atlas App cloud template to meet the specified requirements, you would perform the following steps in vRealize Automation:
Task 1: Edit the Cloud Template for Multi-tier Application
Access the vRealize Automation console and navigate to Design > Cloud Templates.
Open the existing cloud template named ''Atlas App''.
Modify the template to include:
2 Web Server Instances: Define two instances of the web server component.
1 Database Server Instance: Define a single instance of the database server component.
Build Order: Ensure the database server is set to be built before the web servers by adjusting the dependsOn property.
2 NSX Networks:
External Network (NAT): Create a network resource with the name external and configure it to use NAT.
Internal Network (Existing): Create a network resource with the name internal and link it to the existing nsx-atlas-existing network.
Restrict Networks: Apply constraints to ensure that only networks associated with the Atlas project are used.
Task 2: Add NSX Load Balancer
In the cloud template, add an NSX load balancer resource with the name lbWeb.
Configure the load balancer to distribute traffic to the web servers on port 443 using the HTTPS protocol.
Task 3: Assign Security Group to Web Servers
Define a security group resource with the name sgWeb.
Assign this security group to the web server instances.
Use constraint tags with the key sg and value atlasweb to ensure the security group is applied correctly.
Here is a simplified example of what the YAML configuration might look like:
resources:
dbServer:
type: Cloud.Machine
properties:
...
webServer1:
type: Cloud.Machine
properties:
dependsOn: dbServer
...
webServer2:
type: Cloud.Machine
properties:
dependsOn: dbServer
...
external:
type: Cloud.Network
properties:
networkType: nat
...
internal:
type: Cloud.Network
properties:
networkType: existing
constraints:
- tag: 'nsx-atlas-existing'
...
lbWeb:
type: Cloud.LoadBalancer
properties:
port: 443
protocol: HTTPS
...
sgWeb:
type: Cloud.SecurityGroup
properties:
instances: [webServer1, webServer2]
constraints:
- tag: 'sg:atlasweb'
...
Make sure to adjust the properties and configurations as needed to fit the specific details of your environment and the Atlas project. After updating the cloud template, validate the changes and ensure that the template meets all the requirements before saving.
TASK 4
As the Cloud Administrator, you have received the following request to make the changes in vRealize Automation to support new service capabilities.
1. Create a Storage Tier to support encryption.
2. Create a Network Profile for Phobos Project.
* Choose the NSX-T network from the available list.
3. The existing Phobos Zone should offer the following capabilities
* Initial workload placement should use VMware vRealize Operations and all workloads should be placed into a specific virtual machine folder by default.
The following information has been provided to assist you in these tasks:
The following information has been provided to assist you in these tasks:
* vRealize Automation URL: vr-automation.corp.local
* Cloud Admin Username: vcapadmin@corp.local
* Cloud Admin Password: VMware1!
Storage Profile Settings:
* Name: Encrypted Storage Tier
* Disk Type: Standard disk
* Region: vSphere Private Cloud / Local Dat
. Datastore/Cluster: RegionAOUSCSIOI-CC3'
* Provisioning Type: Thin
* Supports Encryption: Yes
* Capability Tag:
o Key: storage
o Value: encrypted
Network Profile Settings:
* Name: Phobos Networks
* Region: vSphere Private Cloud / Local Datacenter
* Network Segment: nsx-phobos-external
* Network IPv4 CIDR: 172.16.15.0/24
* Network Default Gateway: 172.16.15.1
* Domain: cofp.local
* IP Range Name: Phobos-range
* IP Range: 172.16.15.5-172.16.15.250
* Network Profile Capability Tag:
o Key: net
o Value: phobos
Cloud Zone Settings:
* Name: Phobos
* Folder: Workloads
To support the new service capabilities in vRealize Automation, you will need to perform the following tasks:
Task 1: Create a Storage Tier to Support Encryption
Log in to the vRealize Automation console using the provided Cloud Admin credentials.
Navigate toInfrastructure>Configure>Storage Profiles.
ClickNew Storage Profile.
Enter theNameas ''Encrypted Storage Tier''.
Set theDisk Typeto ''Standard disk''.
Choose theRegionas ''vSphere Private Cloud / Local Datacenter''.
Select theDatastore/Clusteras ''RegionA01USCSIOI-CC3''.
ForProvisioning Type, select ''Thin''.
EnsureSupports Encryptionis set to ''Yes''.
Add aCapability Tagwith Key as ''storage'' and Value as ''encrypted''.
Save the storage profile.
Task 2: Create a Network Profile for Phobos Project
In the vRealize Automation console, go toInfrastructure>Configure>Network Profiles.
ClickNew Network Profile.
Provide theNameas ''Phobos Networks''.
Set theRegionto ''vSphere Private Cloud / Local Datacenter''.
UnderNetwork Segment, choose ''nsx-phobos-external''.
Enter theNetwork IPv4 CIDRas ''172.16.15.0/24''.
Set theNetwork Default Gatewayto ''172.16.15.1''.
Specify theDomainas ''corp.local''.
Go to theIP Rangestab and add a new range named ''Phobos-range'' with the range ''172.16.15.5-172.16.15.250''.
Add aNetwork Profile Capability Tagwith Key as ''net'' and Value as ''phobos''.
Save the network profile.
Task 3: Configure Workload Placement for Phobos Zone
In the vRealize Automation console, navigate toInfrastructure>Cloud Zones.
Locate and edit the existing cloud zone named ''Phobos''.
In thePlacement Policysection, set it to use VMware vRealize Operations.
Specify the default virtual machine folder for workload placement as ''Workloads''.
Save the changes to the cloud zone.
By completing these steps, you will have created a storage tier that supports encryption, a network profile for the Phobos Project, and configured the Phobos Zone to offer advanced capabilities using VMware vRealize Operations. Always ensure to follow your organization's best practices and security policies when making changes to the infrastructure.
TASK 10
As the Cloud Administrator you have been tasked to troubleshoot and resolve the following issues raised by the developers on the Uranus Project:
* Developers have reported that Deployments are not getting deleted as per the company lease policy.
* The Uranus Project Team Leader is responsible for approving all snapshot create requests for deployments based only on the Uranus Server blueprint, however, they have received no requests so far.
* Developers have reported that they do not have the option to revert to existing snapshots for vSphere deployments.
Once you have completed your changes, deploy the Uranus Server Catalog Item to verify all the issues have been resolved.
NOTE: One or more of the tasks above may take some time to complete. For expediency, it is recommended that once the task has started successfully that you continue with the exam and return later to confirm the task has been completed successfully. There are no dependencies between any questions and therefore the successful completion of this question does not impact the ability to attempt any other question in this exam.
Information required to complete the tasks:
General Information;
* vRealize Automation FQDN: vr-aulomation.corp.local
* Cloud Administrator Username: vcapadmin@corp. local
* Cloud Administrator Password: VMware1!
* Project: Uranus
* Project Team Leader: vcapadmin@corp. local
* Blueprint Name: Uranus Server
* Deployment Name: Uranus-Check-Policies
Policy Information:
* Lease Policy name: Uranus - Lease Policy
* Lease Policy maximum lease period: 30 days
* Lease Policy maximum total lease period: 30 days
* Lease Policy grace period: 0 days
* Lease Policy scope: Uranus Project
* Day 2 Action Policy name: Uranus - Day 2 Actions Policy
* Approval Policy name: Uranus - Snapshot Approval Policy
To troubleshoot and resolve the issues for the Uranus Project, you should take the following steps:
Deployments Not Getting Deleted as per Lease Policy:
Snapshot Create Requests Not Received for Approval:
Option to Revert to Existing Snapshots Not Available:
After making the necessary changes, deploy the Uranus Server Catalog Item with the deployment name ''Uranus-Check-Policies'' to verify that all issues have been resolved. Monitor the deployment process and check if the lease policy is enforced, snapshot approval requests are generated, and developers can revert to existing snapshots as expected.
