Using Terraform to deploy vRealize Network Insight Cloud Collector to VMware Cloud on AWS

That’s a long post title, right?! Well, a lot of moving parts for this one. 😉

Terraform is a powerful tool to achieve infrastructure-as-code. You can do many things, from configuring Cisco ACI to creating and maintaining a VMware Cloud on AWS and everything in between. There’s also a vSphere provider that allows you to deploy VMs from OVA templates. That’s where this story begins.

vRealize Network Insight Cloud has a platform where the data is stored and a collector, which does the collecting. This collector needs to be placed as close to the data source as possible. For VMware Cloud on AWS, that means placing the collector inside each SDDC that it’s monitoring.

A customer wanted to automate the deployment of the collectors using Terraform. So far, all automated deployments were done using a PowerShell script, so I was eager to give this a try. It turns out it’s quite simple. 

The vSphere Provider for Terraform has an option to deploy OVFs and fill their configuration parameters. William Lam has a great article from when that support was released with more information.

Using that OVF support, I translated the appliance settings we used in the PowerShell script to a Terraform config. The only challenge that I came across was that the vSphere provider doesn’t dare change OVF settings with the flag userConfigurable set to false

The vRNI collector only has 1 configurable setting during deployment, which is the shared secret (mostly because that’s too long to type into the console). Its configuration (network, passwords, etc.) is done in the console using the setup command. With PowerCLI (Import-VApp), you can still configure settings that have set userConfigurable to false. With the vSphere provider for Terraform, you can not.

Simple enough solution, though – I unzipped the collector OVA, changed the userConfigurable flags to true, and recreated the OVA. The Terraform config below is using that collector OVA; it downloads it from AWS S3.

Terraform config

Below is the entire terraform config file. It’s straightforward enough so I won’t comment on every line. Make sure you go through it and make modifications to the settings. Things like the vSphere credentials, appliance network settings, Proxy_Shared_Secret, etc. 

provider "vsphere" {
   user           = "[email protected]"
   password       = "yourpassword"
   vsphere_server = ""
   # If you have a self-signed cert
   allow_unverified_ssl = true
 data "vsphere_datacenter" "datacenter" {
   name = "SDDC-Datacenter"
 data "vsphere_datastore" "datastore" {
   name          = "WorkloadDatastore"
   datacenter_id =
 data "vsphere_resource_pool" "pool" {
   name          = "Cluster-1/Resources/Compute-ResourcePool"
   datacenter_id =
 data "vsphere_network" "network" {
   name          = "my-segment-network"
   datacenter_id =
 data "vsphere_host" "host" {
   name          = ""
   datacenter_id =
 resource "vsphere_virtual_machine" "vmFromRemoteOvf" {
   resource_pool_id =
   datastore_id =
   datacenter_id =
   host_system_id =
   wait_for_guest_net_timeout = 0
   wait_for_guest_ip_timeout = 0
   name = "vRNI-Cloud-Collector-01"
   num_cpus = 4
   memory = 12288
   network_interface {
     network_id =
   ovf_deploy {
     remote_ovf_url = ""
     disk_provisioning = "thin"
     deployment_option = "medium"
     ovf_network_map = {
       "VM Network" =
   vapp {
     properties = {
       "IP_Address" = "",
       "Netmask" = "",
       "Default_Gateway" = "",
       "DNS" = "",
       "Domain_Search" = "vrni.cmbu.local",
       "NTP" = "",
       "SSH_User_Password" = "VMware1!",
       "CLI_User_Password" = "VMware1!",
       "Auto-Configure" = "True",
       "Proxy_Shared_Secret" = "FpUdK00Gk10bM9Xt84sMfI+ct..etc.."

The appliance size is set to a medium collector with 4 vCPUs and 12GB of RAM. If you need a large collector, change the resources in line with the documentation.

If you’re not aware, the Proxy_Shared_Secret is generated in vRNI and contains the information needed for the collector to pair with vRNI. This is the same for both vRNI on-premises and vRNI Cloud. 

Terraform Apply

It’s pretty interesting to see this deployment (or any Terraform-backed deployment 😉 ).

When running this for the first time, download the vSphere provider using:

[terraform]$ terraform init

Initializing the backend...

Initializing provider plugins...
- Finding latest version of hashicorp/vsphere...
- Installing hashicorp/vsphere v1.25.0...
- Installed hashicorp/vsphere v1.25.0 (signed by HashiCorp)

Terraform has been successfully initialized!

Then deploy!

[terraform]$ terraform apply
vsphere_virtual_machine.vmFromRemoteOvf: Refreshing state... [id=423090c1-01d1-44a8-5af8-4476b811521c]

An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
+ create

Terraform will perform the following actions:

# vsphere_virtual_machine.vmFromRemoteOvf will be created
+ resource "vsphere_virtual_machine" "vmFromRemoteOvf" {

+ ovf_deploy {
+ allow_unverified_ssl_cert = false
+ deployment_option = "medium"
+ disk_provisioning = "thin"
+ ovf_network_map = {
+ "VM Network" = "network-o1009"
+ remote_ovf_url = ""

+ vapp {
+ properties = {
+ "Auto-Configure" = "True"
+ "CLI_User_Password" = "VMware1!"
+ "DNS" = ""
+ "Default_Gateway" = ""
+ "Domain_Search" = "vrni.cmbu.local"
+ "IP_Address" = ""
+ "NTP" = ""
+ "Netmask" = ""
+ "Proxy_Shared_Secret" = "FpUdK00Gk10bM..etc"
+ "SSH_User_Password" = "VMware1!"

Plan: 1 to add, 0 to change, 0 to destroy.

Do you want to perform these actions?
Terraform will perform the actions described above.
Only 'yes' will be accepted to approve.

Enter a value: yes

vsphere_virtual_machine.vmFromRemoteOvf: Creating...
vsphere_virtual_machine.vmFromRemoteOvf: Still creating... [10s elapsed]
vsphere_virtual_machine.vmFromRemoteOvf: Still creating... [20s elapsed]
vsphere_virtual_machine.vmFromRemoteOvf: Still creating... [2m40s elapsed]
vsphere_virtual_machine.vmFromRemoteOvf: Creation complete after 2m46s [id=423011cb-1f8b-f408-8254-75c2ac1648c4]

Apply complete! Resources: 1 added, 0 changed, 0 destroyed.

When this is done, the appliance will be running and the collector will be initializing. Give it between 5 to 10 minutes and you’ll see this lovely message in vRealize Network Insight Cloud:

vRNI Cloud after Terraform apply

Share the wealth!


  1. Great option thank you are you going to get Terraform doing more of the functions that the scripts perform i.e. add Applications etc?

    • Martijn

      October 4, 2022 at 12:58

      Hey Craig, that’s not on my list, no. That’ll require a custom vRNI provider for Terraform and this is using the vSphere provider.

Leave a Reply

Your email address will not be published. Required fields are marked *

© 2022 Lostdomain

Theme by Anders NorénUp ↑