aving worked with vRealize Operations Manager (vROPS) for a little while now, one of my aims was to enable end-users, i.e. application support teams and VM owners, the ability to log in and see a dashboard of all the VMs that are related to their service. Setting up a dashboard for each service seemed relatively straight forward but I didn’t want to manage any more dashboards than necessary – if a change needed to be made then I only wanted to do it once. So, my quest became on how to get a multiple service vROPs dashboard, so that end-users would only be able to see the services that were appropriate to them.
As there is an article (and you’re reading it !) it is possible to do and combines permissions with a custom group type to deliver. When it is done, we’ll have a dashboard that will let us view the list of VMs in a service, and the infrastructure utilisation statistics for it.
Before you begin, you must identify how you are grouping service VMs together. For example, the VMs could:
- all be in the same cluster or resource pool.
- all be in the same VM folder.
- have a tag with the service name.
- all share a common part of your naming convention.
Sadly, custom attributes will not work here as I have not found a way for vROPS to load them as attributes.
Take some time and write out what services you have and how you identify everything related to them. It may be that some VMs are used by more than one service (possibly database servers ?) so how do you handle this ?
Custom Group Type
We need to add a group type that will be used as a container for all our custom groups. I recommend, as with everything in vROPs, that you prefix this. As this is part of my “auto.internal” infrastructure (where I test out automation in my home lab) I’m going to be prefixing with “Auto”. So, under Administration and Configuration there is an option for Group Types (pictured below). Select it and press the green plus button to add a new group type.
The box below will appear – type in the name of the container for the service groups. This container will appear in the Environment/Custom Groups structure. When done, press OK.
When this is done, navigate to Environment, and leave Custom Groups selected. On the left hand side, under Groups and Applications, select Custom Groups in order to show the structure. You should see your new container listed (as below):
Now it is time to create some service groups. Using the Actions button at the top of the main part of the window, select to create a new group – give it an appropriate name (again with the prefix !) and select the group type as the container you’ve just created. If you are using dynamic criteria to set the group (i.e. tagging, cluster/resource pool/folder membership) then select to keep the group membership up to date.
Setting a policy is up to you – in my case I have a policy set for these VMs with a higher priority, so the policy setting here is disregarded.
The picture below shows how to set up a Custom group based upon a vSphere Tag:
The group in the image below is all the Virtual Machines that are running a flavour of Windows.
I created another group (identical to above but containing the word “Linux”) and the result is that I have three groups in the image below. These groups are purely for example, you can do this for SQL servers, Exchange servers, custom applications, management tools, domain controllers. I suspect it is easier if you are using the Service Discovery Management Pack, but I haven’t tried this out yet 😉
This next step assumes that you have linked your instance of vROPs to Active Directory as an authentication source. I’m not going to cover how to do this here as there are more than a few guides (in addition to the official documentation) available online.
Once we have custom groups created and vROPs joined to AD, we either create or use an existing Active Directory security group to control access. In the image below, I’ve created a new group for each of the services that we just created:
Now that we have security groups for access we must import them. This is done on the Administration, Access and Access section. Navigate to the User Groups section and press the Import button.
From the picture below, I have searched for the new security groups and ticked the ones I wish to import. The “vctr_auto_admins” group has a grey tick as it has already been imported.
At this stage don’t assign any roles or permissions to the user groups as this will be done individually afterwards. Select a group and use the pencil icon above the list:
In this case, members of the group will be given ReadOnly permission to the group – though a customised (and more restrictive role could be used). After selecting the role we must tick the Assign this role to the group box in order to select what we will apply the role to. In the left hand column select Custom Groups and in the right hand column put a tick next to the service name that we wish to apply it to.
Ensure Propagation is enabled, so permissions are applied to the objects (Virtual Machines, Hosts, etc) that are included into the group.
The multiple service dashboard
We have our services and we have controlled who has access to them, it’s now time to build the dashboard that they will use.
Go to the Dashboards section and selection Actions and Create Dashboard (pictured below).
Give the dashboard a name, and as below I have added the prefix to ensure it won’t be overwritten by updates.
Under Widget List, drag an Object List onto the dashboard. This will automatically populate with everything, and you can see below some of the other objects that exist in my Home Lab 🙂
Edit the Object List settings using the pencil at the top of the widget. Make changes as below:
- Set a Name to describe what the list of objects is.
- Set Auto Select First Row to On.
- Our Group Type is an Object Type that we can filter upon. Open up the list of Object Types, find it and select it.
The dashboard will now look as follows:
Add a second Object List to the right of the Services widget:
I have edited the settings of the Object List to change:
- the Name, to something appropriate.
- limit the Object Types to Virtual Machine
- change the Mode to Children.
I prefer Auto Select First Row being set to On (in most cases) as it will automatically show some information to the end user, without having to imply that they need to click something else to load data.
On the left hand side select the next tab – Widget Interactions – change it so the Inventory list displays data based upon the Services selection. This is pictured below.
Press Apply Interactions to save changes and then Save to save the dashboard.
At this point you could create widgets that show the performance of the VM (taking the selection from the inventory list), or perhaps an overall view of the service, but I’ll leave that up to you 🙂
Sharing the dashboard
We will now tidy up the user experience a little by sharing our dashboard and moving it to the top of the dashboard list. Select All Dashboards and Manage Dashboards.
When the page has opened, select the gear button and press Reorder/Autoswitch Dashboards.
Re-order the dashboards (to put the service information at the top). To do this, use the “hamburger” picture on the right to grab and drag to the correct position. Sadly there is no “To top” bottom, so the more dashboards that exist, the more dashboards this dashboard needs to be dragged through :(. When done, press Save.
To share the dashboard, go back to the gear icon on the “Manage Dashboards” page and select Share Dashboards:
Most of the dashboards are shared by default, however I like to curate the experience of users to ensure they only see the dashboards they would be interested in. On the left is the list of groups that exist in the system with the number of dashboards that have been shared to them. A red mark (as above) in the same column as a number indicates that there have been changes. The selection in this left side determines what is displayed in the “Shared Dashboards” section – either a list of dashboards shared to a group, or all the dashboards in the system.
We will begin by removing all the shared dashboards- select Everyone and select all (or as many dashboards as possible) and use the Sharing button (the picture of a yellow person with a line through them) at the top to unshare all dashboards from everyone. Do this until the number is 0.
Now select Not Grouped and find the Service dashboard that you have created. Drag it onto the group names on the left, so the numbers change – this means the users in those groups will now see that dashboard. In the picture above the “vctr_auto_admins” group can see other dashboards about the infrastructure that have been shared.
Save the window.
Now it is time to test ! Log in as a user – below I have logged in as the Windows user:
This change means the user can only see the Windows service in the list, and the Virtual Machines that are members of this group (the Inventory on the right).
If a user has rights to more than one group, they see multiple options in the Services list. Below is a user that has rights to both the Linux and the Windows groups.
We now have a single Service dashboard that we manage for all services, and will allow people who manage more than one service to see information about those services separately.
The next things to do would be:
- Planning your dashboards to show relevant service/server information.
- Curating the role permissions to define a directed user experience (i.e. does the user need to see Alerts or Environment ?