Today VMware announced the long awaited new version of their cloud management product vRealize Automation 7 (vRA7). This new release, previously known under codename Bellatrix, is a major overhaul and includes many new features and enhancements.

Authentication

Another huge improvement in vRealize Automation 7 is the authentication. In previous versions the authentication relied on the Identity Appliance or vSphere SSO and the possibilities were limited.

Now with vRealize Automation 7 the authentication has been improved to simplify and speed up log in and allow for advanced authentication to be used. vRealize Automation 7 now uses the VMware Identity Manager (vIDM) which is integrated with the vRealize Automation 7 virtual appliance.

The reduced complexity of deployment means we no longer have to worry about all the issues encountered with maintaining and upgrading and being dependent on a separate Identity Appliance.

The VMware Identity Manager has many characteristics and capabilities that are in sync with vRealize Automation 7

  • Multi-tenanted from the ground up, with extensive branding support.
  • Support for multiple authentication mechanisms.
  • Support for OAuth2 tokens, meaning simpler identity tokens moving between the vRealize Automation system’s distributed components and services.
  • Similar user profiles for both VMware Identity Manager and vRealize Automation 7.
  • Synchronises users and groups into VMware Identity Manager from Active Directory, defining the universe of users and groups that can use vRealize Automation.

The multiple authentication methods supported are:

  • Username/password.
  • SAML Authentication.
  • Smart Card / Certificate.
  • RSA SecurID.
  • RSA Adaptive Authentication.

vRealize Automation 7 with the VMware Identity Manager delivers out of the box support for third party SAML Token Support. So it supports existing identity management solutions such as ADFS and also multiple third-party identity providers. Large Enterprise and Public Sector customers have demanded two-factor-authentication and Federated SAML authentication support, finally vRealize Automation 7 in able to offer this.

The VMware Identity Manager authentication methods are built using an extensible framework, so if a newer authentication method or a custom authentication method is required by a customer, these can be developed and plugged into vIDM without revving the vRA product.

VMware Identity Manager enhanced tenant and directory management delivers:

  • Tenant isolation – Tenant boundary is flexible, not bound by AD domains.
  • Faster searches and logins – Sync the directory content to the local database and ability to sync only part of the directory.
  • Sync based on schedule or manually.
  • Define mapping of attributes.
  • Fully customizable login portal.

A last nifty feature is the support for local users, so an Active Directory is not required, This is especially useful for demos and proof of concepts. Local users support is delivered  per tenant.