Creating vROps Policies and How To Apply Them To Object Groups.

Creating policies in VMware’s vRealize Operations Appliance can be strait forward, if there is a decent understanding of every platform it’s monitoring.  In my last post of this series, I covered the creation of object groups, and that post is important here because policies can be created and assigned to those object groups, allowing the tuning of alerts received for those groups.

Once logged in to the vROps appliance, go into the administration section, and there you will find the policies.


  • VMware has included many base policies in the policy library, which in most cases will be fine for the initial configuration for the appliance, but you may want to create additional policies to suite your specific environment needs.
  • Also take note of the blue film strip in the upper right corner.  This will take you to VMware’s video repository of policies explanation and a brief how-to video.  These video links can be found throughout the configuration of the appliance, and more are added with each release.

To create a new policy click on the green plus sign to get started.  Give the policy a unique name, and it would be good practice to give a description of what the policy is intended to do.  When creating a policy, you have the ability to “start with” a VMware pre-defined policy, and I recommend taking advantage of that until there is a firm understanding of what these policies do.


On the Select Base Policy tab, you can use the drop down menu on the left to get a policy overview of what is being monitored.  In this example, Host system was selected.


Policy Overrides can also be incorporated into this policy.  In other words, if there are certain alerts that you do not want, one of the pre-defined policies may already have those alerts turned off, so those policies can be added to the new policy being created here.  Work smarter, not harder right?


Moving along to the Analysis Settings tab, here you can see how vROps analyses the alerts, determines thresholds, and assigned system badges.  These can be left at their current settings per the policy you are building off of, or you can click on the padlock to the right and make individual changes.  Keep in mind under the “Show changes for” drop down menu, you will have many objects to select to change the analysis settings on.


The Alert/Systems Definitions tab is probably where the majority of time will be spent.  The “Alert Definitions” box at the top is where alerts can be turned on or off based on the base policy used to create this one, or the override policies used.

  • Each management pack installed will have it’s own category for object type.  In other words, “host system” is listed under the vCenter category, but if vCloud Director management pack was installed, it would also have a “host system” under its category.  Each management pack has the ability to add additional alerts for objects referenced in other management packs.  Take time going through each category to see what alerts may need configuring.
  • The State of each alert will either be local with a green check-mark: meaning you enabled it, inherited with a grey check-mark: meaning it is enabled via another policy that was used to create this one, Local with the red crossed out circle: meaning you disabled the alert for the policy, or inherited with a grayed out crossed out circle: meaning it is disabled via another policy that was used to create this one.  Disabling alerts here will still allow the metrics to be collected for the object, you just wont get the alarm for it.
  • The System Definitions section has the same “object type” drop down menu, and you can select the object type here to configure system thresholds for how the symptoms are triggered for the alert selected in the top Alert Definition box above.  I typically do these in tandem.


Finally, you can apply the policy to the custom groups you created before in the Apply Policy to Groups tab.


Once you click save, and go back to the Active Policies tab, you will be able to see the new policy created, and within five minutes, you should see the Affected Objects count rise.  You can see here that I have a policy marked with “D” meaning it is the default appliance policy.  You can set your own policy as default by clicking the blue circle icon with the arrow on the upper left side.  It may take up to 24 hours before the active alert page reflects the settings of the new policy.  Otherwise you can manually clear those alerts.


Previous post to this series: Configuring VMware vRealize Operations Manager Object Groups

Sizing and Installing The VMware vRealize Operations (vROps) Appliance

VMware has a sizing guide that will aid you in determining how many appliances you need to deploy.  If you have multiple data centers, and somewhere north of 200 hosts, and more than 5,000 VMs, I’d recommend at least starting out with two servers configured as Large deployments.  Once you get the built in vSphere adapter collecting for each environment, you can run an audit on the environment using vROps to get the raw numbers, and expand the cluster accordingly.  Come prepared.  Walk through your environments and get a list of how many hosts, data stores, vCenters, and get a rough count of the virtual machines deployed.

KB2093783 has more details on the sizing, and I strongly urge you to visit the KB, as there are links to the latest releases of vROps, and each KB has a sizing guide attachment at the bottom, where you can input the information you collected from your environment to get a more accurate size.


Appliance Manual Installation


Architectural Note

  • Before proceeding be sure you have:
    • The appropriate host resources
    • The appropriate storage
    • IP addresses assigned and entered into DNS
    • a “read-only” account configured in AD and vCenter
    • The appropriate ports opened between data centers listed in VMWare’s documentation


Once you have the latest edition of the vROps appliance ovf downloaded, and after consulting the documentation, use either the vSphere client or web, and deploy the OVF template.  I’ll skip through browsing for, verifying the details of, accepting the licence agreement for, and naming the appliance.

So now you’ve come to the OVF deployment step where you must select the size of your appliance.  No matter the size, the remainder of the deployment is the same, but for this example I will deploy an appliance as Large.

You can deploy the appliance in several sizing configurations depending on the size of your environment and those are: Extra Small, Small, Medium and Large.

  • Extra Small = 2 vCPUs and 8GBs of memory
  • Small = 4 vCPUs and 16GBs of memory
  • Large= 16 vCPUs and 48GBs of memory

You can also choose to deploy a remote collector and they come in two sizes:

  • Standard = 2 vCPUs and 4GBs of memory
  • Large = 4 vCPUs and 16GBs of memory


You will notice that with each selection, VMware has given a definition of what it entails. Choose the one that best suits your needs. Click next

Storage dialog

  • Depending on the size of your environment, vrops VMs can get to over a terabyte in size each
  • Once you’ve made your selection click next
  • Architectural Note – If adding a master replica node to your vROps cluster, I’d recommend keeping the Master and Master Replicas on separate XIVs, or whatever you use to serve up storage to your environment.

Disk Format dialog

  • The default is Lazy Zeroed, and that’s how my environments have been deployed.  I’d strongly advise not using thin provision for this appliance.
  • Once you’ve made your selection click next.

Network Mapping dialog

  • Select the appropriate destination network like a management network, where it can capture traffic from your hosts, VMs, vCenters and datastores.
  • Once you’ve made your selection click next.

Properties dialog

  • Here you can set the Timezone for the appliance, and choose whether to use IPv6
  • Once you’ve filled out the network information, click next

Configuration Verification dialog

  • Read it carefully to be sure there were no fat fingers at play.  Click finish when ready.


Before you proceed in turning on the appliance, you may want to take the opportunity now and expand its disk.  This can be done a couple of ways.  You can expand the existing Hard Disk 2, however keep in mind that the current file system can only see disks under 2TB.  Any disk space allocated over 2TB the appliance wont be able to see.  For my production environment, I increased disk 2 to 1TB in size, and then added 500GB disks as more storage was needed.  Also keep in mind the amount of data you are going to be retaining.  My appliances are configured for 6 months, but this can be changed as needs change.  We’ll go over this later in another post. The cool thing about this appliance is that as you increase the size of disk 2, or add additional storage, the appliance during the power-on process, expands the data partition automatically.

Power up the appliance, open a console to it in vCenter to watch it boot up, and go through some scripted configurations.


  • To get logged in, press ALT + F1 keys.  Enter root for the user, leave the password blank and hit enter.  Now you will be prompted to input the current password, so leave it blank and hit enter.  Now enter a new password, hit enter and enter the new password once more for verification.
  • Now depending on how locked down your environment is, you may not be able to but I always ping out to along with hitting a few internal servers to verify network settings.
  • Also unless you really enjoy VMware’s console, I’d recommend running a couple commands to turn on SSH, so any future administrative tasks can be performed with a putty session.
    • The first command is:  # chkconfig sshd on
      • This enables the sshd service at system boot
    • The second command is: # service sshd start
      • This turns on the sshd service so you can connect to the box with a putty session.


Using Microsoft Edge, Firefox or Chrome, browse to < https ://vrops-appliance-name/ >.  This will redirect you to the Getting started page where you can choose Three options:

Express Installation, where you can set the admin password and that’s pretty much it.


New Installation gives you a few more options to configure, like which NTP server(s) you want to use, and a TLS/SSL certificate you’ve created specifically for this system (or just use the built-in one).


Expand An Existing Installation – this option would be used for additional data nodes or remote collectors as you’ll have the option to pick under “node type”.


For this installation we will select New Installation.  As a rule of thumb and for better appliance performance, I’d use the NTP servers on your network that vCenter and the ESXi hosts are using to keep time in check. Once you’ve made it though the wizard click finish.


It shouldn’t take too long for the master appliance to setup and take you to a log in screen.

You’re not done yet however. You still have to configure your cluster if you have additional data nodes, and remote collectors to add.  If you have a master replica, data nodes, or remote collector, get them connected to the master.  Each will have their own web UI  < https ://vrops-appliance-name/ >, only this time you can use the Expand An Existing Installation Option. You will also need to log into the admin section for some of this <https ://vrops-appliance-name/admin/login.action>

Lets get the master replica added first.  When you use the expand an existing cluster option, you’ll need to add it as a data node.  Then wait for the cluster to expand to it.


Then click the finish adding new nodes button.


To enable HA, you’ll notice in the center of the screen there is a High Availability option, but it is disabled.  Go ahead an click enable


Now select the data node that will be the master replica, make sure enable high availability is checked, and click OK.  This part will take a little while, and the cluster services will be restarted.  After word the High Availability status will be enabled.


Add any remaining data nodes and remote collectors using the Expand An Existing Installation Option.


Architectural Note

  • I’d recommend going into vCenter and adding an anti-affinity rule to keep the master and master replica on separate hosts
  • If you’ve deployed vROps to its own host cluster, I’d recommend turning down vSphere DRS to conservative.  The appliances are usually pretty busy in an active environment, and having one vmotion on you can cause cluster performance degradation, and will throw some interesting alarms within vROps.  It will recover on its own, but better to avoid when possible.


Next up – You”ll need to configure the built in vSphere adapter so you can start collecting data.  I’ll have more on that in my next post.

Next Post: Configuring VMware vRealize Operations Manager Adapters For Data Collection

Recent Post: What Is VMware’s vRealize Operations Manager?