In VMware Cloud Foundation (VCF) 5.2, Aria Automation (formerly vRealize Automation) manages
resource provisioning and access control. The requirements involve role-based access, environment
isolation, and workload placement flexibility. Let’s analyze each option:
Option A: Separate tenants will be configured for Development and Production
Aria Automation in VCF 5.2 operates as a single-tenant application by default, integrated with SDDC
Manager and vCenter. Multi-tenancy (separate tenants) is an advanced configuration typically used
for service providers, not standard VCF private cloud designs. The VMware Aria Automation
Installation Guide notes that multi-tenancy adds complexity and isn’t required for environment
segregation within a single organization. Instead, projects and cloud zones handle these needs,
making this unnecessary.
Option B: Users’ access to resources will be controlled by tenant membership
Tenant membership applies in multi-tenant setups, where users are assigned to distinct tenants (e.g.,
Dev vs. Prod). Since VCF 5.2 typically uses a single tenant, and the requirements can be met with
projects (group-based access), this isn’t a must-have decision. The VCF 5.2 Architectural Guide favors
project-based access over tenant separation for organizational control, rendering this optional.
Option C: Users’ access to resources will be controlled by project membership
Projects in Aria Automation group users and define their access to resources (e.g., cloud zones,
policies). To meet the first requirement (access based on company organization) and the second
(developers provisioning only to Development), projects can restrict developers to a “Dev” project
linked to a Development cloud zone, while other teams (e.g., ops) access Production/DMZ via
separate projects. The VMware Aria Automation Administration Guide confirms projects as the
primary mechanism for role-based access in VCF, making this a required decision.
Option D: Separate cloud zones will be configured for Development and Production
Cloud zones in Aria Automation map to vSphere clusters or resource pools (e.g., Development,
Production, DMZ clusters). To satisfy the second requirement (developers limited to Development)
and the third (Production workloads on DMZ or Production clusters), separate cloud zones ensure
environment isolation and placement flexibility. The VCF 5.2 Architectural Guide mandates cloud
zones for workload segregation, tying them to projects for access control, making this essential.
Conclusion:
C: Project membership enforces user access per organization and restricts developers to
Development, meeting the first two requirements.
D: Separate cloud zones isolate Development from Production/DMZ, enabling precise workload
placement per the third requirement.
These decisions align with Aria Automation’s design in VCF 5.2.
Reference:
VMware Cloud Foundation 5.2 Architectural Guide (docs.vmware.com): Aria Automation Design and
Cloud Zones.
VMware Aria Automation Administration Guide (docs.vmware.com): Projects and Access Control.
VMware Aria Automation Installation Guide (docs.vmware.com): Tenancy Options in VCF.
