vRealize Automation 7.1 is General Available!

Yesterday, VMware announced the General Availability of vRealize Automation 7.1, just a week before VMworld. Together with vRA 7.1, vRealize Orchestrator 7.1 and vRealize Business for Cloud are also GA. One of the most notable improvements is that an upgrade path is offered from vRealize Automation 6.2.x to 7.1

A closer look at the release notes also revealed the following enhancements:

• Streamlined installation process using a silent installer.
• Agent and prerequisite command line interface.
• Migration tool to move data from a source vRealize Automation 6.2.x environment to a fresh vRealize Automation 7.1 environment while preserving the source environment.
• IPAM integration framework with ability to deploy machines and applications with automated assignment of IP addresses from leading IP address management systems, with the first integration with Infoblox.
• Integrated support for Active Directory policies.
• Custom property dictionary controls to improve property definitions and vRealize Orchestrator actions.
• Reconfigure life-cycle events by means of event broker workflow subscriptions.
• Additional vSphere provisioning options and data collection improvements.
• Ability to manually conduct horizontal scale in and scale out of vRealize Automation deployments, including the automatic update of dependent components.
• Customizable message of the day portlet available on the home page.
• Additional information and filter options on the Items page.
• New ready-to-import blueprints for vSphere and AWS available from the VMware Solution Exchange.
• Discontinued support for PostgreSQL external database.

VMware promised that some of the most used integrations will be provided as out of the box functionality. What we see in the release notes is:

• IPAM integration with InfoBlox. A lot of customers are using InfoBlox for IP address distribution, in most situations the InfoBlox plugin for vRealize Orchestrator is used to request and decommission  IP adresses. With this integration, you can connect directly to InfoBlox.
• Integration with Microsoft Active Directory. Most deployment workflows require integration with AD for the creation and removal of computer accounts. With vRA 7.1 this integration is also available out of the box. Some companies use the concept of a staging OU and final OU, it looks like this option is currently not supported.

Unfortunately VMware didn’t add any new platforms/clouds to vRealize Automation, for example support for Microsoft Azure would be a great addition for the product.

vRealize Orchestrator & Business 7.1

VMware also released vRealize Orchestrator 7.1. New in vRO 7.1 is (from the release notes):

• Configuration push from one node to all other nodes in the cluster and the ability to restart all nodes from a single node.
• Monitoring of configuration differences between the nodes in a cluster by using the available in Control Center fingerprints for the currently running or pending configuration.
• Added a REST API to update resource elements.
• Swagger definition support for adding a REST host in the HTTP-REST Plug-in.
• Improved search capabilities in the Active Directory Plug-in.
• Pagination support and arbitrary entry querying in the Active Directory Plug-in.
• With the certificate management mechanism based on ISsslService, implemented in version 7.1, the server and trusted certificates are stored in the database. Plug-ins must use the API from the Plug-in SDK to retrieve the trusted certificates.

The release notes for vRealize Business for Cloud 7.1 are available here. Note that vRA 7.1 requires vRO 7.1 and vRB 7.1.

Important: security advisories

Together with the release of vRA/vRO/vRB 7.1, a security advisory is published that is related to these products and solved with the 7.1 release. VMSA-2016-0013 is about a VMware Identity Manager local privilege escalation vulnerability and vRealize Automation remote code execution vulnerability.

We want to stress that while both of these issues fall in the important severity range (please see our response policies for more information) when chained together they present the opportunity for a complete compromise of a vRA 7.0.x appliance. We strongly recommend updating to vRA 7.1 as soon as possible. Customers that cannot upgrade vRA immediately can implement the workaround documented in KB2146585 and/or limit access to port 40002 via an external firewall as a mitigation (more details here).

Companies that use vRealize Orchestrator 5.x, 6.x, vRealize Operations 6.x and/or vRealize Infrastructure Navigator 5.8x also want to take a look at security advisory 2015-0009.4 (updated).