VMware Aria Guardrails provide an infrastructure-as-code solution for users to set up and manage policies for configuration, security, networks, performance, availability, and cost of their multi-cloud environment.
Approval Policies
04.22 Update: With cloud governance being one of the biggest concerns for cloud operators the need for multi-level approval policies is very common. With multi-level approvals, VMware Aria Automation allows for review by different users and/or departments.
Gate deployment actions for critical workloads and ensure proper resource allocation with approval policies. Approvals are critical to ensure the right level of control for your cloud organisation. Approvals can be applied on new or existing "brownfield" deployments, any Service Broker catalog item or Day 2 action and can be triggered based on granular, resource-level criteria.
Bring the power of vRealize Orchestrator workflows to manage VMware Aria Automation constructs. Readily available content will support orchestration for managing projects, users, custom types and resource management. Custom workflows can also be created and run.
VMware Aria Automation availability in AWS Europe (London), enables hosting in that region.
VMware Aria Automation availability in AWS South America (São Paulo), enables hosting in that region.
VMware Aria Automation availability in AWS Asia Pacific (Mumbai), enables hosting in that region.
VMware Aria Automation is tested and certified to work with Oracle Cloud VMware Solution. The Oracle Cloud VMware Solution is a customer-managed, VMware Cloud Verified environment.
VMware Aria Automation availability in AWS Asia Pacific (Tokyo), enables hosting in that region.
Integration between SaltStack SecOps and Carbon Black Workload Protect delivers automated remediation for known vulnerabilities, and is now available as a part of the SaltStack SecOps Add-on for Aria products.
Create Tanzu Kubernetes Grid (TKGs) clusters in a self-service fashion to extend automated provisioning and management services across your vSphere environment for a consistent developer experience.
Enhance container management with Code Stream pipeline workspace, which now supports Kubernetes workspaces for continuous integration tasks. Choose either Docker or Kubernetes in your pipeline workspace, or create a clone of the Git repository to facilitate container lifecycle management.
Simplify application development using ABX actions to create custom resources and Day 2 actions that can be directly populated onto the cloud template design canvas.
Increase network agility by assigning the same IP range coming from internal or external IPAM to multiple networks.
Administer managed resource consumption across your organization and within projects, using policy based governance to enforce quotas on metrics like CPU, Storage, Memory, and instances.
Resource Center provides a brand new view, at the resource level, enabling granular monitoring and management.
In conjunction with the deployment view, this capability enables flexible management at the desired level of detail.
vSphere network objects can now be onboarded along with the VM while executing an onboarding plan. When a VM is onboarded, the attached vSphere network object will also be
onboarded and the network object will show up on the deployment canvas.
Evaluate migration requirements for users that are looking to move from the older VMware vRealize Automation 7.x to the newer VMware Aria Automation 8 or SaaS.
Interface with Code Stream CI/CD pipelines through the command line. Built in Golang and inspired by the kubectl CLI this feature brings one more way to interact with the Code Stream Rest APIs directly.
View and manage additional disks (beyond boot) that are included in an image template. VMware Aria Automation can now recognize additional disks that come with a VM and treat them independently with Day 2 actions.
VMware Aria Automation availability in AWS Canada (Central), enables hosting in that region.
Embed security and firewall rules in your workloads and configure them post-provisioning as a Day 2 action or iteratively, by updating your deployment. Create on-demand or assign existing NSX Security Groups directly on the design canvas and track all security groups under dedicated "Security" tab.
VMware Aria Automation is tested and certified to work with Google Cloud VMware Engine - VMware's hosted cloud solution on Google Cloud.
Flag VMware Cloud Template as private and control what can be shared at the project level.
Adapt the catalog request forms to the needs of your organization. Customize item fields and branding, and adapt input options dynamically. Use CSS to edit, import or export custom forms.
Constraint who can access and edit Day 2 actions for existing workloads through the Service Broker policy engine.
Define the naming nomenclature of your VMs with custom machine naming.
Naming proliferation and inconsistency can quickly make a cloud environment unmanageable. VMware Aria Automation custom naming capability brings naming rules and templates that can apply at one project or across multiple projects to make cloud administration a lot more straightforward.
Manage your teams more efficiently with property groups. Property groups let you templatize your cloud environment properties and reuse them for new catalog requests within a VMware Cloud Template.
Save time and resources by testing the validity of your VMware Cloud Templates before deploying them.
Bring the power of the latest vRealize Orchestrator in VMware Aria Automation and VMware Cloud on AWS. vRealize Orchestrator is a modern workflow automation platform that improves IT agility and reduces operational risk by automating the execution of manual IT tasks and processes. In this release, vRealize Orchestrator for VMware Aria Automation comes with a modern HTML5 interface, advanced Git integration, multiple scripting languages, and the ability to run/debug workflow schemas and actions. In addition, vRealize Orchestrator and ABX are deployed on the same appliance, and the integration with VMware Aria Automation is simple via automated authentication on VMware Cloud Services. With this addition the latest vRealize Orchestrator also becomes available for VMware Cloud on AWS environments.
Manage and perform Day 2 actions for the individual machines of a deployment from the "Deployments" UI.
Exploit the full extent of infra-as-code capabilities with full-screen YAML editor.
Specify where you want a virtual machine object placed in your Active Directory structure using our out-of-the-box integration. Active Directory is also configurable within VMware Cloud Templates bringing more granularity in your resource authorization process.
Run your datacenter optimally by notifying end-user of resource optimization opportunities and let them take reclamation actions. Actions include power off, resize and delete.
Automate your network provisioning and configuration as-code, with VMware Aria Automation. VMware Aria Automation provides the ability to create provider and on-demand networks or use existing software-defined networks through the NSX integrations as well as leverage network resources from public cloud providers (AWS, Azure and GCP). VMware Aria Automation supports NSX Policy Mode, DNAT rules for port forwarding, advanced load balancer configurations, one-to-many association for NSX Manager to vCenter and the latest NSX-T version. Setup and configuration for load balancer health monitors is also supported. NSX-T Tier-1 routers (or NSX-V ESG) can be reused across networks within the same deployment.
Manage the lifecycle of your workloads post-provisioning at the object or workload level. Out-of-the-box actions include lease change, delete, reboot, resize, power on/off, update, snapshot, suspend, tag editing, load balancer reconfigure including health monitors, network reconfigure, disk creation for storage DRS datastore cluster and VM movement to another network.
Model cloud templates with services specific to AWS including EC2 Dedicated, S3, Route53, Redshift, RDS, Lambda, KMS, Kinesis, IAM, EMR, Amazon DB and Amazon API Gateway.
Track your alerts on VMware Aria Automation and take action directly, on the same console. Alerts can be assigned to any cloud object and a variety of actions can be available including resource reclamation, cloud zone analytics and owner notification. VMware Aria Operations required.
Collaborate with GitHub. Pull template definitions externally and work with templates natively in GitHub or an IDE.
Use Terraform to configure VMware Aria Automation constructs (including cloud accounts, cloud zones, projects, mappings and platform integrations), deploy and publish VMware Cloud Templates, provision any other Service Broker catalog item, and perform “Day 2” actions on deployments. These features enable several use cases for Terraform users that VMware Aria Automation can only address or is a better fit for. Most notably, VMware Cloud setup and consumption, cloud agnostic deployments, rule-based placement, workload lifecycle management and consistent resource policies. The latest version is verified and available through the Terraform Registry. Check out the GitHub release notes for the latest updates.
Leverage Ansible Open Source to deliver applications and configuration management to your workloads during provisioning and de-provisioning with Cloud Assembly.
Intuitive drag-and-drop canvas to design VMware Cloud Templates. Declarative Infrastructure as Code YAML script is automatically created as objects are added in canvas (and vice-versa), in a low-code fashion. Apply tags to define placement rules. Add "free form" properties as metadata or to work with extensibility. Auto-complete properties and tags to facilitate consistent script development.
Implement external IPAM configuration with Infoblox integration out-of-the-box with network filtration to simplify selection of relevant networks.
Connect to PKS Endpoint and share the PKS plans across projects. Self-service request for creating a cluster. Admin provided shared cluster for the project. Discover and add existing PKS clusters on the endpoint.
Bring visibility on the utilization and consumption of your Cloud Zones. Cloud Zone Insights help monitor, inspect and forecast critical operational and consumption metrics. VMware Aria Operations required.
Expand functionality of templates with property interpolation - conditional statements within properties. Late binding of properties (i.e. IP Address). Inline property expressions (count, to_upper, base64_encode, to_json, etc.).
Acquire upfront pricing for new deployments and monitor cost for existing deployments by applying pricecards originating from VMware Aria Operations.
Establish the cloud surface to consume and automate VMware Cloud on AWS endpoints within minutes. Our onboarding experience includes a VMware Cloud on AWS in-product guided to quickly onboard and setup a fully automated cloud environment. Additionally, a pre-approved 45-day free trial for VMware Aria Automation is included to give you time to explore its transformational benefits on VMware Cloud on AWS.
Integrate with GitHub and GitLab to provide Source Control integration for Action Based Extensibility (ABX) Actions.
Publish and consume extensibility actions (ABX) directly from Service Broker as a catalog item. Apply policies to control ABX consumption.
Publish and consume vRealize Orchestrator directly from Service Broker as a catalog item. Apply policies to control workflow consumption.
Terraform is a first-class VMware Cloud Templates citizen. Terraform configurations can be pulled from Git and represented as template objects. Such canvas objects can be used to assemble hybrid blueprints bringing together the breadth of Terraform with the power of VMware Cloud Templates and placement logic. VMware Aria Automation manages Terraform state centrally, allowing teams to collaborate effectively on their deployments by preventing state file conflicts, data loss and corruption. Day 2 actions can be applied at the deployment level for any configuration and at the object level for resources that are supported natively in VMware Cloud Templates. All Terraform providers, including the ones Reusable TF configuration files can be consumed as Service Broker catalog items for self-service consumption. This will ensure consistent access control and governance with RBAC and resource policies (lease, approvals), as well as customization of request forms for Terraform files.
Bring the power of vSphere with Kubernetes at the fingertips of your Kubernetes operators. Create Supervisor Namespaces for vSphere with Kubernetes directly from VMware Aria Automation. Assign Supervisor Namespaces to projects and provide access to Kubernetes resources. Use Supervisor Namespaces as a templates resource and share them on the Service Broker catalog for self-service. From there, you can customize the request inputs in a user-friendly interface and leverage the advanced policy engine to apply the appropriate level of control with resource limits and approvals.
Share, consume and manage VMware Aria Automation catalog items through the ServiceNow ITSM plugin. VMware Aria Automation brings all the cloud richness to the ServiceNow ITSM, providing a single consolidated catalog for cloud and business requests with closed loop governance and advanced workload lifecycle management actions. Implement advanced workflows with multi-level approvals, custom request forms, email notifications and automated ticket creation for failed deployments. Supports Orlando, Madrid, New York and newer ServiceNow versions.
Leverage Kubernetes clusters as template resource type. Easily configure, deploy and manage the lifecycle of Kubernetes clusters.
Monitor workload health indicators through integration with VMware Aria Operations.
Create your own Day 2 Actions leveraging the power of vRealize Orchestrator. Use Custom Day 2 Actions to automate and implement tailored processes and workflows specific to your environment.
VMware Aria Automation availability in AWS Asia Pacific (Singapore), enables hosting in that region.
Define tailored roles with granular access control to adapt to your organization's needs. While VMware Aria Automation provides a comprehensive list of out-of-the-box roles, custom roles empower organizations with diverse access requirements. Permission levels include "manage", "run", "view-only" and span across functionality areas of the product.
VMware Aria Automation availability in AWS Europe (Frankfurt), enables hosting in that region.
Actions execute via function-as-a service in AWS Lambda, Azure Functions for public clouds, and OpenFaaS for on-prem. Tie actions to lifecycle events of your infrastructure with subscriptions. Create inputs in VMware Cloud Templates and define package dependencies and requirements. Establish and release versions for actions. Create workflow chains of actions across clouds and establish failure actions. Share ABX actions across projects. PowerShell, Python 3 and NodeJS languages supported.
Optimize workload performance and capacity with smart workload placement based on VMware Aria Operations metrics and rules.
Develop resource elements specific for your environment leveraging the power of vRealize Orchestrator. Custom Resources can be incorporated and fully managed as a VMware Cloud Template resource type.
Authorize level of access and control based on role assignment . Available roles include admin, user types and view-only. Role assignments can take place both at the project and organization level.
VMware Aria Automation availability in AWS Asia Pacific (Sydney), enables hosting in that region.
SDK to easily integrate third-party IPAM solutions in VMware Aria Automation that are not supported out-of-the-box.
Automate the provisioning and lifecycle management of vSphere workloads with VMware Aria Automation. Self-service vSphere machines consumption, on-demand or as part of a VMware Cloud Template based on predefined placement rules and resource policies. Support for vSphere 7 included.
Expand the DevOps reach in your organization with Code Stream pipeline requests directly through our catalog. Pipelines as a catalog item make DevOps process accessible beyond programmers; to any IT or business user. Additionally, all the Service Broker goodness with consistent governance and custom request forms naturally becomes part of your CI/CD processes.
Support your configuration management of deployed resources with Ansible Tower integration. Ansible components are directly consumable as a VMware Cloud Template first-class citizen both for new or existing deployments.
Limit your exposure and optimize your resource allocation with policies. Control CPU and memory consumption by setting limits at the deployment level, within a project. Assign storage allocation of cloud zones by setting project limits (Currently for vSphere-based workloads only).
Extend your IT systems with Realize Orchestrator workflows and plugins. Subscriptions bind workflows to lifecycle events including networking events.
Offer persistent storage on-demand; as part of a VMware Cloud Template topology or standalone. Initially available through API only.
Define lease terms, grace period and expiration for workloads across clouds.
Model templates with services specific to Azure including Resource Groups, Traffic, Storage, SQL, Search, Redis, Key, Function, DNS and App.
Create, configure and manage Kubernetes namespaces with Cloud Assembly and Service Broker. Specifically, provision namespaces based on policies, control namespace access by role, manage and share namespaces on Kubernetes clusters, and request namespaces from catalog.
Define and offer self-service OpenShift Kubernetes clusters and namespaces to your project teams in three easy steps. Configure an OpenShift resource connection, assign the clusters to the teams you choose and setup your tags to enable rule-based consumption Integration with OpenShift versions 3.x, currently supported.
Use APIs to setup, consume and manage your cloud environment. Browse easily our Swagger-based API documentation.
Collaborate with GitLab. Pull template definitions externally and work with templates natively in GitLab or an IDE.
Use IPv6 or IPv4 (pure or dual stack) for IP identification and routing for vSphere cloud accounts and endpoints .
Assign specific ownership of deployments to limit visibility and management to the owner or project admins or share ownership across all project members.
Examine object details from the design canvas including general values, storage details, networks, custom properties and template expressions.
Monitor and troubleshoot deployment process for workloads. Track day-2 actions.
Reusable and consumable networking objects. Provision NSX network objects on-demand as standalone objects. Support for network and load balancer provisioning, assigning (for existing existing objects), configuring and post-deployment re-configuring.
Compliance with European Union General Data Protection Regulation (GDPR). The European Union's General Data Protection Regulation (GDPR) protects European Union data subjects' fundamental right to privacy and the protection of personal data. It introduces robust requirements that will raise and harmonize standards for data protection, security, and compliance.
Use logical expressions to define policy application within Service Broker. Policy criteria are now applicable at the deployment and resource level for tag-based control at the desired level of abstraction.
Define your preferred IP mode between DHCP, Static or Mixed for private, outbound and routed networks.
Enable the provisioning and management of network resources, including load balancers and Virtual Machine NICs, that can be consumed via projects and templates leveraging tags.
Completing Cloud Security Alliance (CSA) Consensus Assessments Initiative Questionnaire (CAIQ). CAIQ provides industry-accepted ways to document what security controls exist in IaaS, PaaS and SaaS offerings.
Track your incurred costs per project and deployment. Configure cost basis for Private and Public Cloud resources.
System & Organization Control (SOC) Reports are independent third-party examination reports that demonstrate how VMware Cloud on AWS achieves key compliance controls and objectives to meet SOC 2, Type 1 requirements. The purpose of these reports is to help you and your auditors understand the controls established to support operations and compliance.
ISO 27018 is a code of practice that focuses on protection of personal data in the cloud. It is based on ISO information security standard 27002 and provides implementation guidance on ISO 27002 controls applicable to public cloud Personally Identifiable Information (PII). It also provides a set of additional controls and associated guidance intended to address public cloud PII protection requirements not addressed by the existing ISO 27002 control set.
SO/IEC 27001:2013 specifies the requirements for establishing, implementing, maintaining and continually improving an information security management system within the context of the organization.
ISO 27017 provides guidance on the information security aspects of cloud computing, recommending the implementation of cloud-specific information security controls that supplement the guidance of the ISO 27002 and ISO 27001 standards.
Pipeline/Task failure processes. Execute a pipeline as a rollback task on pipeline failure. Automated rollback of VMware Cloud Template deployments to a previous version. Automated Rollback Kubernetes Cluster deployments to previous YAML version.
Framework for executing custom code blocks as object in pipeline. Build integration with platforms outside of Code Stream into your pipeline. Interact with developer native languages (Python 2/3, NodeJs, BASH).
Troubleshoot placement logic with simple and complex configurations. Combine Project, Flavor, Image and Constraint tags and simulate resulting placement.
Quickly implement CI/CD pipelines against on premises and cloud resources. Integrate Docker and Git endpoints from template engine. Apply post process build tests (Junit, JaCoCo, Checkstyle, FindBugs).
Connect users to resources. Define project-level access to resources by assigning cloud zones, Kubernetes zones and VMware Cloud Templates to projects. Monitor your costs at a project level. Apply project-level customer properties for extensibility.
Trigger Code Stream pipelines from a docker push. Feed Docker based inputs into Pipeline. Leverage parameterized values within Pipeline with inputs to create more flexible pipelines.
Design cloud agnostic templates and provision workloads to any cloud based on the defined policies. Establish size profiles across clouds with flavor mapping. Relate images across clouds with image mappings and apply image level constraints to control placement per image. Consume network capabilities across clouds and configure network capabilities and subnets in each cloud. Consume storage constructs native to clouds. Cloud Agnostic objects supported across AWS, Azure, GCP and VMware: Machines, Load Balancers, Networks, Security Groups and Storage Volumes
Cloud-Init based image customization for Linux images. Leveraged across multiple public and private cloud implementations.
Expose cloud account resources to projects
Iterate on, release and restore VMware Cloud Templates natively. Use the native VCS to compare versions both graphically and as scripts.
VMware Aria Automation availability in AWS US West (Oregon), enables hosting in that region.
Consume Puppet roles with Puppet Enterprise. Support for machines without a public IP address is included.
Expose AWS CloudFormation Templates as catalog item and apply consumption and accessibility rules. Simple onboarding of existing AWS CloudFormation Templates.
Immediate resource discovery across multiple clouds including compute, networks, virtual machines, storage objects and volumes.
Interact with user service requests by using inputs in VMware Cloud Templates and reference relevant values in the YAML properties.
Personalized service catalog experience with project and role-based access control and resource guardrails for consumption via APIs or storefront interface.
Schedule notifications on tasks in the form of an email, a Jira ticket or any external system that can receive webhooks. Attach approval steps to control execution of critical stages
Apply tags across resources and enable workload placement to a zone based on rules.
Comprehensive automation and governance solution for VMware Cloud on AWS including: Simple account setup, VMware Cloud Template endpoint, existing workload onboarding, lifecycle management and governance.
VMware Aria Cost integration brings costing transparency for public cloud resources at the deployment and project level for native AWS and Azure. VMware Aria Cost powered by CloudHealth required.
Connect with most popular developer and DevOps ecosystem tools including: Agent, Artifactory, Kubernetes, Bamboo, Jenkins, Docker, Docker Registry, Email, Git, Jira, PCF, Microsoft Team Foundation Server, vRealize Orchestrator.
Execute pipeline off of a webhook from code review in Gerrit
Bring existing compute and attached storage resources from multiple clouds under management and expose Day 2 actions. Apply one-off onboarding or define ongoing rule-based plans and bring existing, brownfield, infrastructure under VMware Aria Automation management for consistent operations. Assign to projects and define custom properties for onboarded resources for simpler organization.
Track key delivery KPIs with out-of-the-box pipeline dashboards. Metrics monitored include: Mean time to detection, mean time to failure, mean time between deliveries, mean time to repair, top stage failures and top task failures. Create custom dashboards to focus on metrics that are critical to your business.
Execute pipelines from Code commit or pull request. Access properties from Git as part of commit. Automate code execution through developer native constructs.
Cyber Essentials aims to help organisations implement basic levels of protection against cyber attack, demonstrating to their customers that they take cyber security seriously.
Ready to Get Started?
Set up, deploy and manage any workload on any cloud.
Talk to an Expert
Thank you for your interest in VMware VMware Aria Automation
A member of our team will be in touch shortly.