vRealize Automation 7 – Improved Authentication
Today VMware announced the long awaited new version of their cloud management product vRealize Automation 7 (vRA7). This new release, previously known under codename Bellatrix, is a major overhaul and includes many new features and enhancements.
Another huge improvement in vRealize Automation 7 is the authentication. In previous versions the authentication relied on the Identity Appliance or vSphere SSO and the possibilities were limited.
Now with vRealize Automation 7 the authentication has been improved to simplify and speed up log in and allow for advanced authentication to be used. vRealize Automation 7 now uses the VMware Identity Manager (vIDM) which is integrated with the vRealize Automation 7 virtual appliance.
The reduced complexity of deployment means we no longer have to worry about all the issues encountered with maintaining and upgrading and being dependent on a separate Identity Appliance.
The VMware Identity Manager has many characteristics and capabilities that are in sync with vRealize Automation 7
- Multi-tenanted from the ground up, with extensive branding support.
- Support for multiple authentication mechanisms.
- Support for OAuth2 tokens, meaning simpler identity tokens moving between the vRealize Automation system’s distributed components and services.
- Similar user profiles for both VMware Identity Manager and vRealize Automation 7.
- Synchronises users and groups into VMware Identity Manager from Active Directory, defining the universe of users and groups that can use vRealize Automation.
The multiple authentication methods supported are:
- SAML Authentication.
- Smart Card / Certificate.
- RSA SecurID.
- RSA Adaptive Authentication.
vRealize Automation 7 with the VMware Identity Manager delivers out of the box support for third party SAML Token Support. So it supports existing identity management solutions such as ADFS and also multiple third-party identity providers. Large Enterprise and Public Sector customers have demanded two-factor-authentication and Federated SAML authentication support, finally vRealize Automation 7 in able to offer this.
The VMware Identity Manager authentication methods are built using an extensible framework, so if a newer authentication method or a custom authentication method is required by a customer, these can be developed and plugged into vIDM without revving the vRA product.
VMware Identity Manager enhanced tenant and directory management delivers:
- Tenant isolation – Tenant boundary is flexible, not bound by AD domains.
- Faster searches and logins – Sync the directory content to the local database and ability to sync only part of the directory.
- Sync based on schedule or manually.
- Define mapping of attributes.
- Fully customizable login portal.
A last nifty feature is the support for local users, so an Active Directory is not required, This is especially useful for demos and proof of concepts. Local users support is delivered per tenant.
Other articles in the series vRealize Automation:
- Infoblox & vRealize Automation, Setup IPAM endpoint
- Infoblox & vRealize Automation, Install Infoblox IPAM plugin
- Setup provisioning of vCloud Air workloads
- Setup a vCloud Air Endpoint in vRealize Automation
- Setup Postgres database high availability for vRealize Automation
- Setup vRealize Automation Cost profiles & currency
- Speed up vRealize Automation life cycle updates
- Configure vRealize Automation not to delete virtual machines
- Track infrastructure changes with vRealize Automation Data Collection
- MS SQL high availability support for vRealize Automation
- Setup the vRealize Automation prerequisites for IaaS
- vRealize Automation: How to …
- Downgrade the vRealize Automation license
- vRealize Automation 7 – New Architecture & Installation
- vRealize Automation 7 – Improved Authentication
- vRealize Automation 7 – Converged Blueprints
- vRealize Automation 7 – LifeCycle Extensibility
- How to transfer vRealize Automation payload to Orchestrator
- Automation is not difficult with vRealize Automation 7
- vRA custom host name using Orchestrator and Event Broker
- How to deliver Database-as-a-Service with vRealize Automation
- Prepare Windows for vRA software deployment
- Missing endpoints after upgrading to vRealize Automation 7.3
- How to run Containers as a Service – Part 1
- How to run Containers as a Service – Part 2
- Infoblox & vRealize Automation, IP Address Management (IPAM) made easy
- How to run Containers as a Service – Secure Docker communications
- Create a new database user using vRealize Automation XaaS
- Infoblox & vRealize Automation, Infoblox NIOS setup
- Infoblox & vRealize Automation, vRA setup
- vRealize Automation failed requests monitoring
- vRealize Automation 7.2 released
- How to specify a deployment target when using vRealize Automation
- vRealize Suite just became a lot easier with Lifecycle Manager
- LAMP Stacks made easy with VMware and Puppet
- How to: Deploy vRealize Automation 8
- Create Custom Names with vRealize Automation 8
- Kubernetes as a Service
- How to: Deploy vRealize Automation 8 by Erik Scholten
- VMware Cloud Automation Services by Erik Scholten
- vRealize Operations 6.x certificate expires soon by Erik Scholten
- Add Veeam to a Workgroup, Domain or Forest? by Edwin Weijdema
- Onboard existing workloads in Cloud Automation Services by Erik Scholten