Friday, August 25, 2017

Notes on Upgrading vRealize Business for Cloud to 7.3 with vIDM

If you installed vRBC like some of my customers did by using the vIDM appliance for SSO. You will run into a minor permissions issue after you upgrading to 7.3. This issue is mentioned in the release notes.
http://pubs.vmware.com/Release_Notes/en/vRBforCloud/73/vRBforCloud-73-release-notes.html

In this post I'll walk you through the upgrade process. Going from 7.2 to 7.3

vRBC 7.1 and higher allows you to use two authentication sources. vRA or vIDM. Here is a screenshot showing my home lab vRBC VAMI interface configured with vIDM for SSO.



When you install vIDM and configured it with vRBC 7.2 or lower it will automatically create two new security groups in vIDM. These two security group are what allow access to the vRBC application. If you have vIDM configured to use your Active directory you can add AD users or groups to these vIDM groups to grant access to the application.

  • VCBM_ALL
  • VCBM_VIEW


When it comes  to upgrading the vRBC appliance to the latest 7.3 or higher versions it is super easy.

  1. Go to the vRBC management interface  https://<yourVRBCfqdn>:5480
  2. Click on the Update tab.
  3. Click on Check updates
  4. Click on Install updates
  5. Watch magic happen....








After the update process completes and you login to the vRBC web application, you will be greeting with a warning that fades away. This warning is actually important. Because if you are an Admin you now only have read only access.


You are not associated with any of the vRealize Business for Cloud roles.
Contact the system administrator to add your username in a vREalize Business group for the appropriate access.

What happens during the upgrade is vRBC 7.3 and higher is now looking for three new security groups in vIDM. These new groups are as follows.


  • vRBC_Administrator
  • vRBC_Controller
  • vRBC_ViewOnly
In order for these new groups to appear in your vIDM you need to unregister your vRBC appliance from vIDM and then re-register it.

  1. Go to the vRBC management interface  https://<yourVRBCfqdn>:5480
  2. On the registration tab click on vIDM
  3. Then enter the credentials for your vIDM server and click on Unregister
  4. Once it completes successfully, Click on Register.
Once you are done with this process you can now go back to  vIDM and you will see the three new security groups.

You can now migrate any local vIDM users or AD Users/Groups you had previously configured with the old groups into the new security groups and grant access to vRBC again. You can also safely delete the old security groups. Once complete the warning will go away, and if you are an admin on vRBC you will now have write access in vRBC.

Hope this helps someone with this error.


Heath








Safety First!

Today started out crazy, My wife is a runner and goes on a run almost every morning. I decided to join her for part of it and take a morni...