Alemba Service Manager (ASM) comes with a wide range of out-of-the-box connectors to different tools and technologies. Many of those are built around pulling data out of a 3rd party system and into the ASM Configuration Management Database (CMDB), rather than performing actions in an external system. This is good - populating the CMDB is really important when you're wanting to automate, because at the heart of effective automation is reliable, up-to-date configuration data. If you want to take the manual steps out of your process, you need to be confident in the accuracy of the data going into your automation; if you start with bad data, automation is just going to help you make a bigger mess more quickly. So connectors for tools like Altiris, LanDesk, SCCM and Active Directory are absolutely essential for building a strong automation foundation.
vRealize Orchestrator (vRO)
Not all of the ASM connectors are solely about pulling data into the CMDB though - ASM does also have a number of other connectors that allow you to perform actions in 3rd party systems, such as the External Process Connector which allows you to run executables, the Atlassian JIRA Connector for maintaining a sync between vFire tickets and Jira issues, and the vCloud Director Connector for automating within the VMware world. One of the connectors that is generally not well understood but is potentially very powerful, is the vRealize Orchestrator connector. vRO is a piece of software created by VMware as part of the vCenter suite. In VMware's own words:
vRealize Orchestrator is drag-and-drop workflow software that simplifies the automation of complex IT tasks.
vRO is free for vCenter customers (so many of you may already be licensed for it). It provides an advanced workflow engine that allows you to perform scripted actions using javascript alongside hundreds of plug-ins to different tools and technologies. These powerful plug-ins present complex technical activities as simple, easy-to-consume functions. Some examples of the plug-ins available include:
Active Directory - the vRO Active Directory plug-in allows you to create, modify and delete users, computers, groups and OUs, add and remove users and computers from groups and also provides extensive AD search functionality using LDAP search filters.
HTTP-REST - RESTful APIs are standard for most modern applications; this plug-in can be used to connect with applications such as SAP, Azure & DevOps, Lida's own RIGA and even ASM itself, plus thousands more.
PowerShell - PowerShell is an indispensable tool for automating many Microsoft applications, such as Exchange, Office 365, Skype for Business and SCCM.
SQL - the SQL plug-in lets you run queries on any available SQL database; you can retrieve and update data; as an example, at Lida we've used it to convert SQL blobs into image files for uploading to Active Directory profiles.
vCenter - with the vCenter plug-in you can create and delete virtual machines, add CPU, memory and disk, take and restore snapshots, vMotion and Storage vMotion virtual machines, install and upgrade VMware Tools, and much more.
Azure - similar to vCenter, the Azure plug-in allows you to perform many standard Azure Cloud functions, such as creating and deleting virtual machines, resource groups, virtual networks and subnets.
ASM's vRealize Orchestrator Connector
Those of you who have been around ASM for a while will remember back to when it was known as VSM - VMware Service Manager. Yes, there was a time when VMware owned what is now known as ASM, when they were preparing it to be the killer self-service portal that they still sadly lack today. A key building block from that time is ASM's vRO Connector, which has been taken and enhanced by Alemba over the intervening years.
The ASM vRO Connector serves two very useful purposes. Firstly, it is able to use vRO to pull down vCenter entities such as virtual machines, virtual apps, datacenters, datastores, networks, resource pools, files and folders into the ASM CMDB. These can then be used to log incidents, events, service requests and change requests against, serving as the perfect data source for subsequent outgoing automation activities. For example, if you want a user to be able to request that an extra 8Gb of RAM be automatically added to a server, it's immensely helpful if that server is already there for them to select in their request form, and even better if you can display on screen for them how much memory that server currently has. With the server stored as a configuration item in ASM, it's a simple task to present it and its attributes to a user in the ASM Self-Service Portal.
The example of adding RAM to a server neatly segways us into the second purpose for the vRO Connector - executing vRO workflows from ASM calls and requests. It's probably easiest at this point if we walk you through a simple use case, so you can see how it all hangs together. One of the highest volume, lowest value-add activities in any IT department is the ongoing maintenance of Active Directory entities. Fortunately, it's also one of the easiest activities to automate. So let's consider the case where you decide to automate all of the times that a Service Desk analyst has to manually add a user to an AD group - whether that be in order to add a user to an email distribution list or to provide them with access to an application, to make them a local administrator or to grant them access to the internet.
The first thing we want to do is create our workflow in vRO. We'll leave the detailed 'how to' for another article, but we end up creating a very simple workflow that looks like this:
This is about as straightforward as it gets - a start task, an end task, an exception task, and a 'scriptable task' (where we can put some javascript code). The code is simple too as it can just use the inbuilt searchExactMatch() and addElements() functions from the AD plug-in (gotta love those plug-ins!). It takes usrName and grpName as input parameters, which we'll pass from ASM:
var users = ActiveDirectory.searchExactMatch("User",usrName);
var groups = ActiveDirectory.searchExactMatch("UserGroup",grpName);
groups[0].addElements(users);That's all we need to do from the vRO end - pretty easy, hey? Next we need to call our vRO workflow from ASM - we'll do it from a workflow but it's possible to run vRO workflows from calls as well. You do need to connect ASM to vRO first - it's a once-only activity and the steps are provided here so we won't go over them in this article. Once that's done, we can create a simple ASM workflow consisting of a start task, an end task, an outbound action task and a manual 'failure' task (should the automation fail for some reason):
Then we just need to configure the Outbound Action Task to run the vRO workflow and pass through the user and group names as parameters. To do that, we open up the task, go to the Mapping Details section and select our vRO source. A list of 'Actions' will populate, which correspond to the vRO workflows that are available (there are a lot of them because ASM pulls down thousands of out-of-the-box ones as well). We select the workflow we created and click Add. ASM will show us a list of all the parameters we need to pass for that workflow; we can just select them one at a time and map the value or ASM field we want to pass. In our example below we've passed hardcoded values but in a real world scenario you'd probably be taking your values from fields captured on a portal form.
And that's it. Save the workflow and submit your request in ASM. The vRO workflow will run and if everything is ok, it will succeed and the request will close - your user is now in the AD group without you having to do a thing! If there's a problem, it will fail over to the manual task and you can do it the old way.
Next Steps
We're just playing with high level concepts here obviously and there's a lot more detail to be delved into. Hopefully though, you've started to see some of the possibilities. If you want more ideas, keep an eye out because we've got an article brim full of automation suggestions coming very soon. And as always, if you'd like a hand in getting started on your automation journey, you can always drop us a line.