Automating Rubrik with vRO Part 3: Authenticate with Rubrik via REST

In this post I’m going to walk you through utilizing the vRO workflow Eric Shanks and I developed for creating a Rubrik session over REST. This is the first workflow in the series, and without it, none of the subsequent workflows can be utilized..

Why do I need this workflow?

In order to complete REST requests against the Rubrik API, an authenticated session is required. This workflow authenticates with the Rubrik REST API, and returns an authentication token. This token is encoded into a base64 token for use in subsequent REST calls.

How was this workflow coded?

For all the coding details, please see As this is a co-blog series, Eric Shanks is posting the coding details on his blog, and i’m posting the how to here. A list to the entire series can be found here.

Pre Requisites:

1. Rubrik Appliance configured and ready to receive REST calls
2. vRealize Orchestrator installed and configured
3. Rubrik REST Host and Operations configured
4. Download the vRO workflow package from Flowgrab

Step 1: Import the Rubrik vRO workflow package

Import the vRO package you downloaded from Flowgrab.

You will find the following objects now available to you in Orchestrator:





Configuration Elements


Step 2: Configure REST Operation for your environment (Only required if you didn’t complete this piece in part 2)

Select the “Rubrik_Authenticate” workflow and Edit it.


In the General Attributes section, select the REST Operation


Now select the one you configured for your environment (see Part 2)


Your end result should look something like this:


Step 3: Configure your username and password

Go over to Configuration Elements in vRealize Orchestrator and edit the Rubrik-Login configuration element.


Update the username and password for your Rubrik Appliance. Save and Exit.

Step 4: Test Authentication

Now to enjoy the fruits of our labor! Run the “Rubrik_Authenticate” workflow.

Check the Logs and you should see a result similar this:


Make sure you see a Status code returned of “200”, and a Token returned at the bottom. This is the token that will then be passed out for all additional REST Operations. Without it, none of the future workflows in the series will work.

That’s it for now!





Automating Rubrik with vRO Part 2: Setup Rubrik REST Host

In this 2nd post of the series on automation Rubrik with vRO, I’m going to walk you through setting up your REST Host and REST Operations in vRealize Orchestrator. This step is required for all subsequent workflows to work.

Step 1: Add your Rubrik REST Host

First of all make sure you have the vRealize Orchestrator REST plugin installed. The REST plugin should have been configured automatically when you installed vRealize Orchestrator.

This workflow which comes with vRealize Orchestrator to add your Rubrik Appliance. If like most users, you have more than one Rubrik appliance, go ahead and repeat this process to add all of them.

  • Go to the Library of vRO Workflows
  • Expand Library > HTTP-REST > Configuration
  • Run “Add a REST Host”
  • Fill in the name, for example “Rubrik Chicago 1”. This will help you identify which Rubrik Appliance you are making REST calls to in the future so it helps to think about it now.
  • Fill in the URL. This is in the following format “https://yourrubrikdnsnamehere:443″
  • Connection Timeout – leave this as 30 seconds unless you have a specific reason to change it.
  • Operation timeout – leave this as 60 seconds unless you have a specific reason to change it.
  • Select yes for accepting the certificate silently.

  • Click Next and configure any proxy settings if required.
  • For Authentication Type select “None”


We use none because we will be creating our own authentication token as part of the REST action elements.

  • Select No for SSL unless you need to verify X.509 certificate.

Step 2: Add REST Operations

Now that you have your REST Host added, you need to add the REST Operations we are going to use in the subsequent workflows.

1. REST Operation: Request – Token from Rubrik

  • Go to Library > HTTP-REST > Configuration > Run “Add a Rest Operation”
  • Parent Host: Select the Rubrik REST Host we configured in Step 1
  • Name: Give the Operation a Name. In our case we used “Request-Token from Rubrik”
  • Template URL: type in “/login
  • HTTP Method: Select POST
  • Click Submit when done.

Here is a screenshot of what your configuration should look like.


2. REST Operation: Get Rubrik VM

  • Run the “Add a REST Operation” workflow again.
  • Parent Host: Select the Rubrik REST Host we configured in Step 1
  • Name: Give the Operation a Name. In our case we used “GetRubrikVM”
  • Template URL: type in “/vm
  • HTTP Method: Select GET
  • Click Submit when done.


Now we need to update the GetVM workflow we imported to utilize the REST Operation.

  • Go over to the Rubrik workflows you imported from FlowGrab and Edit the Rubrik_GetVMID workflow.

Screen Shot 2015-08-27 at 9.34.52 AM

  • Go to the General Tab and Update the REST Operation to be the one we just added.


3. REST Operation: Assign VM to SLA

  • Run the “Add a REST Operation” workflow again.
  • Parent Host: Select the Rubrik REST Host we configured in Step 1
  • Name: Give the Operation a Name. In our case we used “Assign VM to SLA”
  • Template URL: type in “/vm/{id}
  • HTTP Method: Select PATCH
  • Click Submit when done.


As before, we need to update the corresponding workflow.

  • Go over to the Rubrik workflows you imported from FlowGrab and Edit the “Rubrik_AssignVMtoSLADomain” workflow.

Screen Shot 2015-08-27 at 9.40.13 AM

  • Go to the General Tab and Update the REST Operation to be the one we just added.

Screen Shot 2015-08-27 at 9.39.53 AM

4. REST Operation: Assign VM to SLA

  • Run the “Add a REST Operation” workflow again.
  • Parent Host: Select the Rubrik REST Host we configured in Step 1
  • Name: Give the Operation a Name. In our case we used “GetSLADomain”
  • Template URL: type in “/slaDomain
  • HTTP Method: Select GET
  • Click Submit when done.


As before, we need to update the corresponding workflow.

  • Go over to the Rubrik workflows you imported from FlowGrab and Edit the “Rubrik_AuthenticateAndGetSLADomainIDs” workflow.

Screen Shot 2015-08-27 at 9.41.37 AM

  • Go to the General Tab and Update the REST Operation to be the one we just added.

Screen Shot 2015-08-27 at 9.41.42 AM


That’s it, the REST Host and Operations are all configured. We will try to work on a workflow to automate creating these in the future, but for now you are all set for part 3, where we will start utilizing each workflow.

Don’t forget to check out by Eric Shanks for details on how we created all of the workflows and actions.

Automating Rubrik with vRealize Orchestrator Part 1: Introduction


After seeing Rubrik be unveiled at VFD5 this year, a lot of us were very excited to get our hands on the gear. We were impressed by the simplicity and easy access to REST APIs which meant this was another product which deserves some VMware vRO Workflow attention.

Working with my colleague Eric Shanks, along with Chris Wahl at Rubrik, we decided to build a vRO workflow package to automate some of the key tasks. Thankfully our Backup specialist John Affatati already had an appliance racked in the Ahead lab and we were able to get up and running quickly!

Eric and I split the work up, and as such this is a co-blogger series. For information on where to get the workflows and how to get them up and running, you will find those posts here on Systems Game. For a deeper dive into how the REST calls were created, Eric is posting those on his blog at

So let’s begin!

For starters. Make sure you go over to FlowGrab and download our vRO workflow package we published. This contains all of the workflows/actions/configuration elements which will be discussed in the series. All of the code is provided Open Source and is freely available for you to modify.

The series, and workflows are broken down into the following posts:

  1. Introduction – This post
  2. vRO REST Configuration for Rubrik
  3. vRO Workflow: Authenticate with Rubrik
  4. vRO Workflow: Get Rubrik VM information
  5. vRO Workflow: Get Rubrik SLA Domain IDs
  6. vRO Workflow: Assign SLA Domain to Virtual Machine

Following the conclusion of Part 6, I will then show how you can integrate this into vRealize Automation (or any Cloud catalog), so that you can give your users a backup choice when they are requesting new virtual machines.


Enjoy, and as always please provide Eric and I as much feedback as possible.

Ahead Tech Summit 2015 – Building a Highly Automated Hybrid Cloud – and thank you!

As most people know, I work for Ahead, a Partner based out of Chicago. I have been here for over a year and have loved every minute of my time there, continuing to evolve the work my predecessor, Alex Mattson, started here as an Automation/Cloud specialist.

2 weeks ago, we hosted our 2nd Ahead Tech Summit and I was fortunate enough to be asked to present on Building a Highly Automated Hybrid Cloud. The video of my presentation is below.

This is the 2nd year I’ve presented at the Tech Summit, attendance was up and it was an absolute joy. We had more to showcase and I love talking about this. Many customers approached me afterwards and said they really enjoyed the presentation. As always I love feedback and hearing how I can improve, so please post your thoughts in the comments section below.

In addition, as I watched this back, I did want to thank some people who have really helped me grow into a better presenter. When I compared this talk, to my one last year, it feels like it was night and day.

Kim Jahnz – another good friend of mine who I met as a TAM at TransUnion. Kim helped catapult my career, pushing to get me a talk at VMworld in 2013 on Self Healing Datacenter which was extremely successful. The feedback from the customers was great, and I thank you so much Kim for pushing me to do this at a time I almost said no due to other personal commitments.

Sean Sergent – Sean and I worked together in the UK when we developed our own consultancy practice. Thank you for all the leaderships you demonstrated to me and learning by “osmosis” as you once described it. Many of the behaviours I have today are a result of the work we did in the UK.

Adam Cavaliere – my good friend and colleague from Tintri. We worked together at TransUnion and Catamaran. At TransUnion we completed our first presentation together in front of a large audience showing the benefits of VMware. It’s amazing to think how nervous we were there, and now see the things we are doing today. Thanks for being a great friend and being an absolutely pain in the ass when we worked together at TU, but we did achieve great things!

Eric Kaplan – Our CTO at Ahead, who makes sure I remained on track with both of my Tech Summit presentations. Thanks (I think) for always filling up my Trello board with 5 minute meetings. I’m sure I heard that from Chris Wahl once as well.

Justin Lauer – You said one thing to me at dinner last year that I still think about. “I don’t think that nervous feeling you get before you go up for a presentation ever goes away”. I think this says a lot…I think it’s because we care so much and want to achieve great things.

Chris Wahl – 30 minutes sitting with you and getting presentation tips is something I hope to do again.”Don’t say so!”

Alex Mattson – Thanks for recommending me to Ahead. I loved our lunches and chats about Automation when we were at Catamaran. Many of those discussions and ideas we had floating around have helped shape the process we have today.

Rob Warren – Thank you for your amazing leaderships and rules to live by. Everything has a standard. There’s a standard for everything. Standardize, Procedurize, Automate…enough said 🙂

Frank Denneman – For minor tips, and recommending to me that I don’t orange drink juice the morning of my VMworld presentation.

Doug Barnes – For your amazing attention to detail when we started out in Automation and being a great friend. Would not be where I am today in this space if I hadn’t worked with you in the beginning.

Nick Rodriguez – For the 16 revisions you worked on with me to make an amazing PowerPoint deck.

Plus everyone at Ahead and many others. Definitely did not get this far alone, and I’m very pleased to be able to go on stage and present about the things I love to do in this space.

So with that said. Thank you and enjoy! is now!

As anyone who follows my blog knows, it goes in bursts. I spend a ton of time working with clients on all things Cloud and Automation, but never have enough time to blog about it or get the info out there. Hopefully now that is about to change, and a new name makes all that happen right….right???

Why Systems Game?

I decided my little pun on NIC and my name has come to an end, and most of all I felt like a nice fresh coat of paint was in order. I wanted to think of something that really encompassed what I do on a daily basis. Automation, Orchestration, and Cloud are all related to systems, and well, since I absolutely love my job, and treat it as fun more than work, I figured it was more like a game.
The 2 came together and now we have

What’s coming?

I have a list of about 20+ posts to write at the moment around all my work with vRealize Automation, UCS director, the Microsoft stack, vRealize Orchestrator. Starting early next week I will be publishing an awesome series I’ve been working on for some Tintri Storage Automation. Following that I will be publishing a lengthy series on Building a Cloud with vRealize Automation and vRealize Orchestrator, combined with Puppet for Configuration Management.

Thanks for reading, and as always feedback is greatly appreciated!

vCO Workflow: Change VM Port Group for VM on Standard vSwitch

I was surprised recently to find that no builtin workflow existed for changing the backing information for a VM if you aren’t using a VDS. Now, before I go any further, I’m a big fan of moving to a vSphere Distributed Switch mode,l but there are certainly cases where you might encounter a standard vSwitch environment which you need to automate port group changes upon.

The Approach:

Essentially when it comes to changing NIC settings on a VM, you have to change the “Backing” information for the NIC associated with the VM. In my case this was for VMs which were just built as part of an overall automation process, and had only one NIC.

Step 1: Create Action Item.

I created an action item which has 2 inputs.

“vm” of type VC:VirtualMachine – This is basically so you can select the VM in vCO that you want to modify

“vSwitchPGName” of type String – This is so you can pass in the string value of the portgroup name for the vSwitch.


The code I then used is below. I’ve commented it but please let me know if you have any questions.

var spec = new VcVirtualMachineConfigSpec(); // Initialize a Virtual Machine Config Spec first
var myDeviceChange = new Array(); // Create an array to hold all of your changes
var devices = vm.config.hardware.device;

//Find devices that are VMXNET3 or E1000
for (var i in devices)
		if 	(
				(devices[i] instanceof VcVirtualVmxnet3) ||
				(devices[i] instanceof VcVirtualE1000) 
			System.log("The device we are going to modify is: " + devices[i]);
			var nicChangeSpec = new VcVirtualDeviceConfigSpec(); //This is the specification for the Network adapter we are going to change
			nicChangeSpec.operation = VcVirtualDeviceConfigSpecOperation.edit; //Use edit as we are going to be modifying a NIC
			nicChangeSpec.device = new VcVirtualE1000;
			nicChangeSpec.device.key = devices[i].key; 
			System.log("NicChangeSpec key is : " + nicChangeSpec.device.key);

			nicChangeSpec.device.addressType = devices[i].addressType;
			nicChangeSpec.device.macAddress = devices[i].macAddress;

			System.log("Adding backing info" ) ;
			//Add backing information

			nicChangeSpec.device.backing = new VcVirtualEthernetCardNetworkBackingInfo();
			System.log("Backing info for nicChangeSpec is : " + nicChangeSpec.backing);
			nicChangeSpec.device.backing.deviceName = vSwitchPGName; //Change the backing to the portgroup input
			System.log("Backing info for deviceName on nicChangeSpec is : " + nicChangeSpec.device.backing.deviceName);

			//Push change spec to device change variable


spec.deviceChange = myDeviceChange;
System.log("DeviceChange Spec is: " + spec.deviceChange);
return vm.reconfigVM_Task(spec);

Step 2:

I created a simple workflow which calls this action item and then has a vim3WaitTaskEnd so we can be sure the task is completed before moving on to any other workflows. This is useful if you are going to be incorporating this action into a larger process.

Update Port Group for vSwitch

Running the workflow gives you this simple presentation.

vSwitchPG 2

And that’s basically all there is to it. Select your VM, type in your PortGroup name, and voila!

For a vDS, VMware included a workflow out of the box in vCO so there is no need to create any of the above.


vRealize Air Automation

I posted a new blog posted on the ThinkAhead Blog this morning around vRealize Air Automation which was recently announced at VMworld.

I am excited to see vCAC become simpler and easier to deploy. This means more time to work on vCO workflows and truly understanding the business cases, rather than troubleshooting the management tool.

So now we have… vRAA! (vRAWWWRRR). Definitely nicer to say than vCAKE.

vNick Returning

After a while working on and various other projects, I’ve decided to fire up again.

My wife has kindly agreed to provide me with some new graphics, including a vNick with 2 years. This should please some people out there.

The blog will continue to focus on automation, but with a greater focus on Service Catalog enabled with vCAC and ServiceNow.

Expect more in the coming days, especially as VMworld gets underway!

Chicago VMUG Tomorrow!

Hoping to see lots of people at the Chicago VMUG tomorrow. If anyone isn’t already aware of the event, I recommend you go to

Amy Manley (Twitter:  @wyrdgirl, Blog:, and I will be presenting “Real World Automation with vCO” at 3:45pm. We are hoping to give a nice overview of how vCO Automation and Self Healing Datacenter Concepts can be used in the real world.

Look forward to meeting lots of you there and at the Nimble event afterwards!

Workflow: Find the SDRS Pod for a datastore name, and Refresh Recommendations

Summary/Use Cases:

This workflow can be used as part of a self healing solution to ensure SDRS runs whenever you get a datastore alarm. (see Self Healing Datacenter). This ensures SDRS immediately runs and can balance the storage in the cluster.


  • Datastore Name: Type = String

Outputs: None

The Workflow:


How it works:

  1. Takes the Datastore string passed to it and then searches vCenter for a Datastore Object matching the stringtext. This is stored as type VC:Datastore.
  2. Looks through all of the SDRS PODs declared in your general attributes to see if any of them contain the Datastore object found in step 1.
  3. If there is a match, it stores this as the variable “podToRunSDRSOn”, and stops searching.
  4. Run’s refresh recommendations on the pod “podToRunSDRSOn”.

 The Code:

Only 1 scriptable task has been used above, and i’m considering making it an action item if I don’t expand on the workflow further.

//Search vCenter for a Datastore matching the name

var dataStoreObject = System.getModule 
dataStore = dataStoreObject[0];
System.log("Datastore Object Found is " + dataStore);
//Now we have the datastore in question, we need to find out which SDRS POD the Datastore 
is a member of.

//Checking the array of pods
for (var i in podsArray)
 System.log("Checking POD: " + i + "in podsArray. The current POD is" + podsArray 

 //Grab the child entitys of the pod and put them in the arrayCheckDatastore

checkDatastore = podsArray[i].childEntity;

//Now check each datastore against the original one we found to verify the 
objects are the same

for (var t in checkDatastore) 
 System.log ("Datastore at object " + t + "is : " + 
 if (checkDatastore[t] == dataStore) 
 System.log("Datastore Match. The pod we need to 
run SDRS on is " + podsArray[i]);
 podToRunSDRSOn = podsArray[i];
 System.log("There was no match...we could not 
find an SDRS POD");
System.log("CHECKING COMPLETE: Pod to run SDRS on is : " + podToRunSDRSOn);


if (podToRunSDRSOn != null)
var m = podToRunSDRSOn.vimHost.storageResourceManager;
task = m.refreshStorageDrsRecommendation(podToRunSDRSOn);