i have a working vRA7 installation (very simmilar to the VMware vRA reference architecture for a minimal deployment Page 35)
vRA Appliance & IaaS server internal IP addresses. vRA Appliance is published to the internet via NAT. All hostnames (internal and external a part of the SAN certificate).
Using the Webinterface of vRA -> Everything fine (corp. network and internet)
Now we have some developers accessing the system external via internet with the Cloud Client 4.1 which getting an error message:
CloudClient>vra login userpass --server privatecloud.domain.de --tenant demo --user demo_admin --password ******************
vra-inf-1.server.domain.de is the internal DNS name of my IaaS host. So if i check the reference architecture picture http://pubs.vmware.com/vra-70/topic/com.vmware.ICbase/PDF/vrealize-automation-70-reference-architect... Page 35 the user only need access to the vRA appliance, but not to the IaaS host (which is in my case not reachable from the internet).
If i add a manual entry
to the hostfile of my client, i can connect (but got not authenticated to the IaaS Model Manager)
CloudClient>vra login userpass --server privatecloud.domain.de --tenant demo --user demo_admin --password *******************
vRA 7.0 login: [ACTIVE], session: [INACTIVE], user=[demo_admin], server=[https://privatecloud.domain.de], tenant=[demo]
IaaS Model Manager login: [INACTIVE]
I also attached the logfiles from the cloud client.
Any reason for this?
The cloud client uses some private APIs directly on the IaaS server. If there isn't a need for this access (or use of these commands) then don't worry about it.