Creating Snapshots for Unmanaged VMs in Aria Automation (vRealize Automation)

-

 In multi-tenant environments powered by Aria Automation (vRealize Automation), it's common for tenants to occasionally request snapshots for unmanaged virtual machines (VMs). These unmanaged VMs exist in vCenter but are not provisioned through vRA and therefore fall outside the standard automation lifecycle.

To address this need without impacting the broader environment or other tenants, we implemented a dedicated catalog item that allows tenants to safely request snapshots for their unmanaged VMs—securely, in isolation, and with auditability.

Here’s how we approached this solution using a custom workflow and catalog configuration in Aria Automation.

The Challenge

Tenants may operate legacy or externally imported VMs that are not managed via vRA’s provisioning engine. Creating snapshots for these VMs traditionally requires manual intervention from infrastructure teams, which:

  • Increases support overhead
  • Introduces potential human errors
  • Offers no self-service capability or tracking

Hence, a self-service, tenant-scoped snapshot request mechanism was needed.

 The Solution Overview

To enable snapshot creation for unmanaged VMs:

  1. We developed a custom vRealize Orchestrator (vRO) workflow to:
    • Accept a VM name as input
    • Validate that the VM exists in vCenter
    • Check if the VM is powered on or off
    • Create a snapshot with optional description and memory state
    • Handle errors gracefully and return status
  2. We created a dedicated vRA catalog item to invoke this workflow.
  3. This catalog item is scoped specifically to the tenant (project), ensuring visibility and access only to authorized users.

Step-by-Step Implementation

1️ Develop the vRO Workflow

We created a new workflow in vRO with the following logic:

  • Inputs:
    • VM name (or select from a filtered list via vCenter query)
    • Snapshot name
    • Description (optional)
    • Include memory (boolean)
  • Workflow Logic:
    • Use vCenter plugin to locate the VM
    • Verify permissions and state
    • Invoke snapshot creation method
    • Return success/failure to vRA
  • Error Handling:
    • VM not found
    • Snapshot already exists
    • Invalid state (e.g., snapshot on suspended VM)

Tip: Ensure the vCenter endpoint is properly configured in vRO and accessible to the workflow.

2️ Create a Custom Catalog Item in Aria Automation

  • Navigate to Service Broker > Content & Policies > Content Sources
  • Create a new vRO workflow content source
  • Sync the newly created workflow
  • Assign the workflow to a content sharing policy scoped to the specific project/tenant
  • Add a custom form to simplify user input and provide validation
  • Publish the catalog item

This ensures the item is only visible to the requesting tenant, reducing clutter and security concerns across other projects.

3️ Testing and Validation

  • Log in as a tenant user and verify the catalog item is visible
  • Submit a request for snapshot creation on an unmanaged VM
  • Check:
    • Request status
    • vCenter snapshot confirmation
    • Logging and audit trail in vRA and vRO

Security and Permissions

Ensure that:

  • The vRO service account has snapshot privileges on the target VMs
  • RBAC is enforced at the project level
  • Tenants can only create snapshots for VMs they own or are allowed to manage

Benefits

  • 🔄 Self-service snapshot creation for unmanaged VMs
  • 🔐 Tenant isolation via scoped catalog items
  • 🔎 Auditable and trackable through Aria Automation
  • 👨‍💻 Less manual work for infrastructure admins
  • 📦 Fully integrated into your existing Aria Automation framework

🚀 Conclusion

With this new implementation, we’ve enhanced the tenant experience in Aria Automation by providing a self-service interface for snapshot creation of unmanaged VMs—without compromising on security or manageability.

This pattern can be extended further to include snapshot deletion, expiration policies, or even integration with approval workflows.

Let me know if you’d like a deep dive into the vRO workflow code or want to extend this feature with lifecycle management. Happy automating! 🧩💻

Screenshots Reference

 

Existing VM with snapshot visible in vCenter



Custom vRO workflow created with input forms and logic to snapshot VMs

 



 

Workflow added to Service Broker as a catalog item, customized with a form and Tenant requests snapshot and selects the VM from dropdown

 



 Request the create a snapshot from Aria Automation in selected the vMs.



 

vRO workflow triggered and snapshot created successfully



 

vCenter shows snapshot applied to target VM


vRA request completed successfully with workflow output.



 

Further Automation

If you need enhancements or additional automation features, feel free to reach out. Your feedback and suggestions are always welcome! HashtagForge 

Comments

Post a Comment

Popular posts from this blog

Bulk import security policies into Palo Alto Networks firewalls

-
Image
To bulk import security policies into Palo Alto Networks firewalls, you'll typically need to leverage the Palo Alto API or CLI with a script. I am using an Excel file (XLS), IP address validation, and mapping source and destination zones, for comprehensive solution to automate the process. 1. Input from XLSX File : You will first need to read the data from the XLS file. 2. Check for Existing Rules : Before creating new rules, you should check if similar rules already exist on the firewall. This could be done by comparing the rule names, source, and destination IPs, and zones. 3. Mapping Source Zone and Destination Zone : Ensure that the source and destination zones are correctly mapped according to your firewall configuration. 4. IP Address Validation : Before adding a rule, you'll need to validate that the IP addresses specified in the file are valid 📝  Flow Diagram  (Text Representation) Further Automation If you need enhancements or additional automation features , fee...
Read more

Automating Tag Creation & Assignment to VMs with vRA + vRO

-
Image
  Use Case Summary A user provisions a VM from vRA. Once the VM is deployed in vCenter , a vRO workflow is triggered via Event Broker subscription. The workflow: Checks if the Tag exists (using REST API to NSX-T). If not found, creates the Tag under the correct category. Assigns the Tag to the newly provisioned VM. This eliminates the need for manual intervention and ensures every VM is tagged correctly for policies, automation, and visibility . High-Level Flow VM Provisioning in vRA User requests VM with required details (e.g., Environment, Owner, Application). Event Broker Subscription After provisioning, vRA triggers a vRO workflow . vRO Workflow Actions Connects to vCenter using REST API. Checks if Tag exists. If exists → Skip creation. If not exists → Create new Tag under category. Assigns Tag to the VM. Result VM is provisioned with the right tags automatically applied . Flow Diagram Steps Start VM Prov...
Read more