Ever wanted to test an Active Directory Schema update or an entire chain of applications before and after a major update? You can do this with an Isolated Test Environment. But creating these environments can be time consuming work. So why not automate the creation of it and just schedule it? In this blog I will explain how to do this with RES ONE Automation. I will also take a look at test environment as a service through RES ONE Identity Director self service store.
Isolated Test Environment
So what is an Isolated Test Environment? It is an exact copy from your production environment but with only the bare minimum needed to test in it. It is also in a separate network and the isolation part means that this separate network can not connect to the production network and vice versa. Because the networks can’t see each other you can use the same IP addresses in both environments and this of course means that you don’t have to customize your servers in the test environment. There is no chance that a test user will accidentally contact a production database or mail server. So if you want to test an AD Schema update you only need to copy your Domain Controllers and a client device to the separate network. Then turn on the Domain Controllers and the client, update the Schema and test if the client can still access the domain. This is of course a really small test environment. Real world test environments can be really large and include all kinds of servers.
Creating a Isolated Test Environment
Before Virtualization creating a Isolated Test Environments was nearly impossible. You would need the exact same hardware as in production and then need a ghosting tool to create images from production and restore them on the test machines. This process could take up to days or even weeks. These days we all use virtualization platforms like VMware vSphere and a great feature of this is the ability of cloning a server. With one click you can clone your Virtual Machine like the Domain Controller and after that change the network adapter to a separate test network / Vlan. So if it is so easy to do, why would you automate it? Because it can still be really time consuming. Imagine if you need to create a large Isolated Test Environment for a chain of applications and testers want their same workspace environment (For Example XenDesktop) in the Test Environment. You would need to clone the Domain Controllers, File Servers, Database server, Application Servers, Citrix Servers, VDI’s and RES servers. This can easily add up to 20 virtual machines with each one you need to clone and wait for it to finish, which can take hours, and change the networks. Because the cloning can have performance impact on your production environment it is usually done after office hours, so this means overtime. When you automate the creation of the Test Environment you can schedule it to create it after office hours on its own.
Automate the creation of the Isolated Test Environment
One of the great features of RES ONE Automation is the ability to install connectors to expand the out of the box functionality. RES has released a connector to connect with VMware vCenter, you can download this on the RES Hub here. After installing the connector you will get the following extra tasks:
As you can see this includes a task called vCenter Virtual Machine Creation on which you can select clone. Before you can use these tasks there are some Variables that need your input:
So armed with these task I started to build a cloning module. It needs to do the following things:
- Clone a Production VM
- Change the Network on the virtual adapter
- Boot the VM
- Have the ability to refresh the test environment by deleting an existing clone
Here is what I came up with:
First it will shut down and delete the clone if it already exists, you can set this with a parameter. Then it will clone the production machine and after that it will change the network on the virtual adapter. When that is done it will boot the clone if you want to with a parameter. Here are the parameters used in this module:
You can see in this example that I will clone DC-PROD to DC-TEST. There is no clone already so I checked “No” at DeleteClone. I checked “Yes” at bootVM to automatically boot the clone when done. It will change the network on the virtual adapter to Test. The clone will be created in the Test resource pool on the esx-prod-01 host.
You can combine this module multiple times into projects to copy all domain controllers or all file servers.
After that you can combine the projects into one Runbook.
This Runbook can then be scheduled to run outside office hours. For instance, you get a request to build a test environment of the complete SAP environment. You can select the projects you need into one runbook. Schedule it to run on saturday while you enjoy your weekend. When you get back on monday the test environment is created and automatically turned on. You can also create multiple Runbooks and run them in parallel with RES ONE Automation 10.1 to create the clones faster. *vSphere tasks can only be performed on agents with PowerCLI installed.
So how about cloning with XenServer? Out of the box RES ONE Automation comes with a couple of tasks you can do on a XenServer agent but cloning isn’t one of them. But since XenServer is Linux based and comes with its own command line I created a SSH task in RES ONE Automation which will perform a “XE VM-Clone” on the XenServer.
Don’t forget to enter the credentials in the XenServer Credentials variable.
XenServer does have a few limitations: the VM needs to be turned off. You could add a XE VM-Shutdown to the command line in the SSH Task. Changing the network on the virtual adapter needs to be done manually.
The modules I created can be downloaded from the RES Hub.
Self Service Isolated Test Environment
Often the request of a test environment comes from a Functional Application manager who needs the environment for a big update. So why not let them create the test environment themselves? Usually this is because they don’t have access to RES ONE Automation or VMware and for good reasons. But with the power of RES ONE Identity Director (formerly known as Service Store), users can get a Service to request a Test Environment. All you, the IT-admin, need to do is approve it and then it will be automatically delivered to the user. This will save you lots of time and makes for a better experience for the end users.
I hope this was informative. For questions or comments you can always give a reaction in the comment section or contact me: