Thursday 26 May 2016

Azure PaaS Cloud Services

In our couple of blog post related to Azure we discussed about Understanding Microsoft AzureVirtual Networks ,Azure ManagementTools , Azure Virtual Machines ,Demystified Azure Websites and Securing Azure Virtual Machines .

In this article will talk about Azure Paas Cloud Services which can be used to host websites or any other web service that can be addressed through HTTP protocol. 

Before we proceed further with PaaS cloud service it is important to understand that when we talk about a Cloud Service we are referring to either a Cloud Service that is used for hosting the IaaS virtual machine like your on premises infrastructure or a cloud service which is used to host web and worker roles.

Paas Cloud Service
  • PaaS Cloud Service can include web roles (For hosting the front end of the cloud services IIS) and worker roles for the execution of the asynchronous tasks.
  • We can create multiple instances of web roles and worker roles to achieve scalability.
  • Azure Storage account and SQL database are used for storing the information about your PaaS cloud Service.
  • Developers can create PaaS cloud service by Visual Studio by making the use of Publishing Wizard.
  • Service Code deployment can also be done from the Azure Portal by uploading the configuration files and the service package.
  • PaaS can run in various phases (Development),(Staging),(Production).
  • During Development Cloud Service is running on Developer's Local Machine
  • During Staging Cloud Service is deployed to Staging Slot.
  • For Production Cloud Service is Deployed to a Production Slot.

Tuesday 24 May 2016

Securing Azure Virtual Machines

We discussed about Understanding Microsoft AzureVirtual Networks ,Azure Management Tools , Azure Virtual Machines and Demystified Azure Websites earlier in our post related to Microsoft Azure Series.

Dedicated this article for understanding the various aspects related to securing Azure Virtual Machines running in Windows Azure.

Network Security Groups aka NSG's

  • NSG's can be used for controlling the traffic to Virtual Machine in a Virtual Network.
  • Quite like an alternative to ACL (Access Control List) and contains Access Control Rules that Allow or Deny traffic to specific VM's or to the entire Vm's in Subnet.
  • To work with NSG's Regional vNet's need to be created.
  • Not Compatible with any vNet's which are associated to an Affinity Group
  • When we associate NSG's to a subnet the ACL rules would be applied to all the VM's which are part of that subnet.
Firewall Rules
  • Firewall Rules can be used to Allow or Deny connections through VM firewall.
  • We can VM firewall rules by configuring Windows Firewall on each Virtual Machine manually or can also make use of Group Policies. 
  • For RDP, Remote PowerShell, and SSH, the configuration of access through firewalls is automatic.
  • Moreover for other endpoints we can always go ahead and manually add the required port details.
  • By Default RDP and PowerShell are secured using Self Signed Certificates.
  • Moreover Certificates linked to Trusted Certificate Authority can also be used.
  • For Linux-based VMs, exposing SSH to the Internet from the cloud can present a security weakness. 
  • Make Sure to Setup unique userid's apart from Root and Admin.
  • The endpoint should be configured on private key/certificate SSH authentication. 
  • The Azure Management Portal accepts SSH public keys encapsulated in an X509 certificate.


  • When it comes to Windows Azure it provides a highly Secure environment , moreover we can make use of BITLOCKER for encrypting sensitive data.

For More information refer Microsoft Azure Essentials

Wednesday 18 May 2016

Back to Basics - Part 8 Host Profiles

In our couple of blog post related to Back to Basics Series we discussed about Virtual Machine Files (Part1), Standard Switches (Part2), vCenter Server (Part 3),Templates (Part4) vApp Part 5, Migration Part 6,Cloning Part 7, and we also discussed about the various tasks related to building Home Lab Part1Part 2Part 3,Part 4 and Part 5.

So here we are in another back to basics post in which will be focussing on Host Profiles another important feature used when it comes to consistent configuration deployment of ESXi in your environment.

Host Profiles Overview
  • The Host Profiles feature enables you to export configuration settings from a reference host and save them as a portable set of policies, known as host profile.
  • Using the Host Profiles Eliminate the need of of maintaining per host configurations and ensure the configuration consistency across entire data center.
  • Host Profile is one of the Licensed Feature and is available with an Enterprise Plus License.
  • Host Profiles can be used to Automate host configuration across a large number of hosts and clusters. 
  • We can use Host Profiles to simplify the host provisioning process, configure multiple hosts in a similar way, and reduce the time spent on configuring and deploying new VMware ESX/ESXi hosts.
  • We can also use Host Profiles to monitor for host configuration changes, detect errors in host configuration, and ensure that the hosts are brought back into a compliant state.
  • Host Profile is mainly composed of Two Parts i.e Configuration Details - Describes policies that govern how a host configuration should look, including details about each specific configuration settings. And Compliance details – Describes a set of checks that are performed to ensure that the host is configured as specified in the profile.

The Process

Step 1: Create a Host Profile, using the reference host. To create a host profile, VMware vCenter Server retrieves and encapsulates the configuration settings of an existing VMware ESX/ESXi host into a description that can be used as a template for configuring other hosts. 

Step 2: Attach a profile to a host or cluster. After you create a host profile, you can attach it to a particular host or cluster. This enables you to compare the configuration of a host against the appropriate host profile.

Step 3: Check the host’s compliance against a profile. Once a host profile is created and attached with a set of hosts or clusters, VMware vCenter Server monitors the configuration settings of the attached entities and detects any deviations from the specified “Master” configuration encapsulated by the host profile. 

Step 4: Apply the host profile of the reference host to other hosts or clusters of hosts. If there is a deviation, VMware vCenter Server determines the configuration that applies to a host. To bring noncompliant hosts back to the desired state, the VMware vCenter Server Agent applies a host profile by passing host configuration change commands to the VMware ESX/ESXi host agent through the vSphere API.

For More Information Refer vSphere Documentation Center

Tuesday 17 May 2016

Securing vSphere Infrastructure

Most of the time when delivering vSphere Courses i got similar question from my audience in which they are concerned about Securing their vSphere infrastructure, So thought of dedicating an article in my blog post.

Securing vSphere involves various aspects which are not only limited to vCenter Server but also securing your ESXi and Virtual Machine. 

Securing vCenter Server

  • Install vCenter Server using a Service Account instead of Windows Account.
  • Service Account used must be the Administrator on the Local Machine.
  • Grant less Privileges to the vCenter Server DB user, moreover we may need some privileges for the installation and certainly can be removed once the installation is done.
  • Remove all expired certificates and ensure there are no logs exist related to failed installation of vCenter Server.
  • Set Up NTP for each node in your environment as the certificate infrastructure requires an accurate time stamp and will not work correctly if nodes are out of sync.
  • Ensure the applications uses unique service accounts when connecting to vCenter Server.
  • By Default vpx user password is changed automatically in 30 days which can be changed as per the Organization Standards, however ensure that the ageing policy is not too short.
  • Create a Custom Role with appropriate privileges and assign it to other administrators as not all Administrator users must have Administrator Role.
  • For improved security, avoid putting the vCenter Server system on any network other than a management network, and ensure that vSphere management traffic is on a restricted network.
  • Communications between client components and a vCenter Server system or ESXi hosts are protected by SSL-based encryption by default. Linux versions of these components do not perform certificate validation. Consider restricting the use of these clients.

Securing ESXi
  • By Default SSH and ESXi Shell Services are not running and only the Root user is allowed to login to DCUI, SSH and Shell should always be considered as a last resort for troubleshooting and timeout should be set properly to avoid Risks.
  • Firewall Ports are opened if you start the corresponding service make use of web client to manage the firewall ports.
  • Use Scripted Installation and Auto Deploy for provisioning of your ESXi hosts.
  • VMware Certificate Authority (VMCA) provisions each ESXi host with a signed certificate that has VMCA as the root certificate authority by default. If company policy requires it, we can replace the existing certificates with certificates that are signed by a third-party CA.
  • To protect the integrity of the ESXi host, do not allow users to install unsigned (community-supported) VIBs. An unsigned VIB contains code that is not certified by, accepted by, or supported by VMware or its partners.
  • Following are the acceptance level supported  VMware Certified, VMware Accepted, Partner Supported, Community Supported.
  • If our ESXi host is managed by a vCenter Server, perform management tasks through the vSphere Web Client.
  • Set a highly complex password for the root account and limit the use of the root account.
  • Best practice is to ensure that any account with the Administrator role on an ESXi host is assigned to a specific user with a named account.

Securing Virtual Machine
  • Ensure that anti-virus software, anti-spy ware, intrusion detection, and other protection are enabled for every virtual machine in your virtual infrastructure.
  • We can use templates that can contain a hardened, patched, and properly configured operating system to create other, application-specific templates, or you can use the application template to deploy virtual machines.
  •  Use native remote management services, such as terminal services and SSH, to interact with virtual machines.
  • Limit the connections to the console to as few connections as necessary.
  • We can make use Shares and Resource pools to prevent a denial of service attack that causes one virtual machine to consume so much of the host’s resources that other virtual machines on the same host cannot perform their intended functions.
  • Disable unused services in the operating system and Disconnect unused physical devices, such as CD/DVD drives, floppy drives, and USB adaptors.
  • Disable Copy and Paste Operations Between Guest Operating System and Remote Console.

Above Mentioned  are few points which i have covered and is not an exhaustive list for a complete list for securing your vSphere Infrastructure Refer vSphere Security Guide

Friday 13 May 2016

Back to Basics - Part 7 Cloning

In our couple of blog post related to Back to Basics Series we discussed about Virtual Machine Files (Part1) Standard Switches (Part2) vCenter Server (Part 3) Templates (Part4) vApp Part 5 Migration Part 6 and we also discussed about the various tasks related to building Home Lab Part1Part 2Part 3,Part 4 and Part 5.

In this article will be discussing about another way of provisioning Virtual Machines using another important feature of vSphere i.e Cloning.


  • Cloning is an alternative way of deploying the Virtual Machine.
  • Cloning a VM will create an exact duplicate copy of the Virtual Machine with same configuration and the software.
  • Cloning Process can be initiated on both Powered On and Powered Off Virtual Machines.
  • While Cloning a Virtual Machine 3 options are available i.e (Clone to a Virtual Machine, Clone to Template, Clone to Template in Library).
  • Cloning can be done only if we are connected to vCenter Server either through vSphere Client or Web Client, we can not clone VM by directly connecting to ESXi host using the vSphere Client.
  • Apart from cloning a VM we can also clone a vApp (Cloning a vApp is similar to cloning a virtual machine).
  • Clone a Role - You can make a copy of an existing role, rename it, and later edit it. When you make a copy, the new role is not applied to any users or groups and objects. You must assign the role to users or groups and objects.
  • Clone Host Profile is a cloned copy of existing host profile.

For More Information Refer vSphere Documentation Center

Wednesday 11 May 2016

vRealize Orchestrator Overview

  • vRealize Orchestrator/ vCenter Server Orchestrator is a workflow engine that enables users and external systems to execute and monitor workflows.
  • Packaged with VMware vSphere and available to all VMware vCenter Server customers at no extra charges.
  • The automation capabilities of vCenter Orchestrator reduce delivery times and human error.

  • Automating IT processes using vCenter Orchestrator workflows makes the processes reproducible, so the processes provide the same result each time they run.
  • vCO can run multiple workflows in parallel,perform checkpointing.
  • The JBoss-based workflow engine stores the state of each running workflow consistently and persistently in the vCenter Orchestrator database, so workflows continue without data loss at the state that they were in when the service stopped.
  • Workflow execution continues even after a hard restart of the vCenter Orchestrator service. Processes remain stable even when the vCenter Orchestrator server crashes.

Thursday 5 May 2016

Back to Basics - Part 6 Migration

In our couple of blog post related to Back to Basics Series we discussed about Virtual Machine Files (Part1) Standard Switches (Part2) vCenter Server (Part 3) Templates (Part4) vApp Part 5 and we also discussed about the various tasks related to building Home Lab Part1Part 2Part 3,Part 4 and Part 5.
In this article we will be discussing about the various types of Migration methods and will understand their functionalities.

Types of Migration -

Cold: Migrating a Powered Off Virtual Machine to a New Host / Datastore.

When doing Cold Migration we can change both host and datastore across vCenter servers without the need of shared storage and similar CPU families.

Suspended: Migrating a Suspended Virtual Machine to New Host/ Datastore. 

When doing the Suspended migration both host and datastore can be changed across vCenter Servers again without the need of shared storage however CPU should be of same families.

Long Distance vMotion Migration - VMware vSphere 6.0 adds functionality to migrate virtual machines over long distances. 

We can now perform reliable migrations between hosts and sites that are separated by high network round-trip latency times. 

Few things to which our environment must comply before proceeding further with Long distance vMotion Migration.

1) A RTT (round-trip time) latency of 150 milliseconds or less, between hosts.

2) Our license must cover vMotion across long distances. The cross vCenter and long distance vMotion features require an Enterprise Plus license. For more information, see Compare vSphere Editions.

3) We must place the traffic related to virtual machine files transfer to the destination host on the provisioning TCP/IP stack. For more information, see the Place Traffic for Cold Migration, Cloning, and Snapshots on the Provisioning TCP/IP Stack section in the vCenter Server Host Management guide.

vMotion : Migrating a VM when it is Powered On to a New Host.

When performing the vMotion we are trying to change the host of the VM wherein both the source and destination host have the access to shared storage. 

While performing the vMotion migration we also need to ensure other prerequisites like both Source and Destination Host Cpu should be same family otherwise Enhanced vMotion Compatibility can be used and baseline can be created to ensure the vMotion is done without any errors.

Few other prerequisites should be taken care of like creation of VMkernel port on both the ESXi and dedicating it for carrying the vMotion Traffic.

How vMotion Works ! Behind the Cover

1) While doing the vMotion Virtual Machine Memory state is copied over the vMotion Network.(Created Using VMkernel Port and dedicating for vMotion Traffic)

2) As the user is currently accessing the VM on the Source host a list of modified pages is maintained separately in Memory Bitmap.

3) Once Most of the memory pages has been copied from the Source to Destination the VM is Stunned/Paused, during this stunned period the remaining amount of Memory as well as the Memory Bitmap is also copied from the Source to Destination ESXi host.

4) As soon as the stunned process is initiated the VM is initialized and start running on the Destination ESXi hosts.

5) GARP (Gratuitous Address Resolution Protocol) requests notifies the Physical Switch about the New location of the VM.

Storage vMotion : Migrating the Files of Powered On VM from one Datastore to another datastore. 

When Performing the Storage vMotion all the blocks are copied from source datastore to destination datastore.

If any changes post copying of these blocks occurs Mirror Driver synchronised the changed blocks.

Storage vMotion operation can be performed internally by VMkernel (Data mover) or can be offloaded directly to the underlying array if the underlying array supports Hardware Acceleration (VMware vSphere API for Array Integration) aka VAAI

Wednesday 4 May 2016

Back to Basics - Part 5 vApp

In our couple of blog post related to Back to Basics Series we discussed about Virtual Machine Files (Part1) Standard Switches (Part2) vCenter Server (Part 3) Templates (Part4) and we also discussed about the various tasks related to building Home Lab Part1Part 2Part 3,Part 4 and Part 5.

In this blog will discuss about one of the vSphere Feature vApp! No we are not talking about Virtual Appliance, but one of the features used in vSphere which act as a container for your Virtual Machine.


  • You can use VMware vSphere as a platform for running applications, in addition to using it as a platform for running virtual machines.
  • The applications can be packaged to run directly on top of VMware vSphere. 
  • The format of how the applications are packaged and managed is called VMware vApp.
  • A vApp is a container, like a resource pool and can contain one or more virtual machines
  • The vApp metadata resides in the vCenter Server's database, so a vApp can be distributed across multiple ESX/ESXi hosts. 
  • This information can be lost if the vCenter Server database is cleared or if a standalone ESX/ESXi host that contains a vApp is removed from vCenter Server. 
  • Distribution format can be Open Virtualization Format (OVF) and Open Virtualization Appliance (OVA).
  • VM's Residing inside the vApp can be prioritised for Power On and Power OFF operations.

Back To Basics Part 4 - Templates

In our couple of blog post related to Back to Basics Series we discussed about Virtual Machine Files (Part1) Standard Switches (Part2) vCenter Server (Part 3) and we also discussed about the various tasks related to building Home Lab Part1Part 2Part 3,Part 4 and Part 5.

Let's Talk about Templates which is one of the important feature used being a VMware vSphere Administrator in day to day activities.

Template -

  • Master Copy, Base Image, Golden Image which can be used for future deployments of Virtual Machines.
  • Includes Guest OS, VM configuration.
  • Make the Provisioning of VM much faster and free from any user related errors.
  • Options which are available when working with the templates Clone To template and Convert to Template and Clone To Template.
  • Clone to Template Will Clone the Template out of VM and will offer us a choice of format to store the VM disks - Same Format as source, Thin Provisioned, Thick Provisioned Lazy Zeroed, Thick Provisioned Eager Zeroed.
  • When Cloning to Template VM state can be Powered On or Powered Off.
  • Convert to Template will convert the Virtual Machine into a template or in other words the .vmx Configuration file of the VM will get converted into .vmtx template configuration file.
  • When Converting to Template VM Must Be Powered Off.
  • Clone To Template is used to create a new template from existing one.
  • When Deploying the VM from template we need to provide the Name, location, Host and datastore information.

Updating Template -
  • For updating the template to include latest patches and updates no need of creating another template rather we can make use of same existing template by updating it and using it for future deployments, which now contains all the latest updates and release.
  • To do the same first convert the Template back to VM.
  • Make Appropriate changes to the VM (include latest patches and updates).
  • Convert the VM back to Template.

Tuesday 3 May 2016

Wait Is Over- It's Time to Caste Your Vote

As most of you are aware that every year a list of Top Virtualization Blogger is released by v-sphere-land  and Virtualization bloggers around the world are nominated for the same.

Last year over 2,200 people voted from all over the world and when the votes were tallied the top 50 bloggers were revealed. Now it’s time to do it all over again as new blogs are born and old blogs fade away and bloggers move up and down the rankings. When casting your votes please keep the following in mind about the blogs.

Here’s your chance to show your appreciation to the bloggers for all their hard work by picking your favourites which will determine the top blogs for 2016.

Few Details to take into account before you start voting.
  • You can now pick 12 of your favorite blogs (last year was 10) and also rank them in your order of preference after you pick your 12. The results will be weighted with a #1 ranking getting 12 points and a #12 ranking getting 1 point. Point totals will be tabulated and from them the top 50 will be determined.
  • Blogs are listed on the ballot in alphabetical order, the current top 50 blogs are highlighted with their current ranking in parentheses and are also bolded so they stand out. So please go through the whole list when making your choices.
  • Note there was a new minimum blog post requirement implemented this year to be eligible for Top vBlog voting, any blog that did not have at least 10 blog posts in 2015 is not included in the voting.
  • Again this year we also having voting in special categories to help distinguish certain types of blogs. 
  • Best New Blog – Blog must have been started in 2015
  • Best Storage Blog – Must have greater than 50% posts as storage related
  • Best Independent Blog – Must not work for VMware or a Technology Partner (i.e. EMC, Dell, IBM, Unitrends, etc.), basically this means customers, resellers and integrators only.
  • Best Scripting Blog – Must have greater than 50% posts as scripting related
  • Best VDI Blog – Must have greater than 50% posts as VDI related
  • Best Podcast – Easy one, you must have a podcast
  • The categories are independent of the general voting so first pick and rank your top 12 overall favorite blogs and then choose your favorite blog in each category.
  • Voting will run until 5/27, afterwards the results will be determined and announced on a special live podcast with myself, John Troyer and a special guest from VMTurbo.
  • Duplicate vote protection is enabled, we’ll be using geolocation, IP addresses & cookies to protect against duplicate votes.  
  • If you are not familiar with a blog you can click on it in the survey to view it or use vLaunchpad to see links to them all. Try not to pick blogs based just on names but also take content into account.

    Cast Your Vote here                                    TopvBlog2016

Monday 2 May 2016

Using PowerCLI to Manage the Lifecycle of Virtual Machines

Back To Basics - Part 3 vCenter Server

In our couple of blog post related to Back to Basics Series we discussed about Virtual Machine Files (Part1) Standard Switches (Part2) and also discussed about the various tasks related to building Home Lab Part1, Part 2, Part 3,Part 4 and Part 5.

Above are the highlighted links for the same which i would suggest you to refer for a better understanding.

In this post we will be talking about vCenter Server and will understand the various services related to vCenter Server in vSphere 6

Yes will be talking about the two different nodes in VMware vSphere 6 (Platform Services Controller and vCenter Server) and will look at the various services running in those nodes.

  • vCenter Server act as a Centralized Management Solution which help us to manage ESXi hosts and there associated Virtual Machine.
  • Can be installed on a Windows Machine and can be deployed as an Appliance. (Preconfigured Virtual Machine running with SLES).
  • vCenter Server Provides Advance features like HA, DRS,FT,vMotion,SvMotion.
Architectural Components
  • vCenter Single Sign On - Authentication Engine can be configured to work with different identity sources (AD, AD Over LDAP, LDAP). Administrator is the default user which is created when SSO is successfully installed. vSphere local is the default domain which can be changed during the installation.
  • vCenter Server Database - Stores security roles, performance data, both embedded and external database can be used. Embedded (Postgress SQL) External (SQL and Oracle).
  • Web Client and vSphere Client - vSphere Client can be used to connect to ESXi hosts directly or to vCenter server and Web Client can be used to connect to vCenter Server not directly to ESXi hosts.
Now let's talk about the two different nodes which we pointed during the initial phase of the this blog post.

When it comes to the installation both the PSC and the vCenter can be installed on the same machine or it can be installed separately depending upon the design requirements.

During the installation phase there are two nodes which are installed one is Platform Services Controller and the other is vCenter Server and each one of them have their own internal services which are running as described below.

Platform Services Controller
  • vCenter SSO - Authentication broker and security token exchange infrastructure.
  • VMware License Server - Provides Centralized License management for various vSphere products and also the products that integrate with vSphere
  • Look Up Service - The Lookup Service enables different components of vSphere to find one another in a secure way.
  • VMware Certificate Authority - Issues certificates for VMware solution users, machine certificates for machines on which services are running, and ESXi host certificates.
  • Certificate Store - Repository for storing the certificates.
  • VMware Directory Services - Handles SAML certificate management for authentication in conjunction with vCenter Single Sign-On.

vCenter Server
  • VMware vSphere Auto Deploy - Support tool which can help to provisioned multiple Physical hosts with ESXi software. For a better understanding refer one of the old post i dedicated related to the same Auto Deploy 
  • VMware vSphere ESXi Dump CollectorESXi can be configured to dump the VMkernel memory to a network server, rather than to a disk, when the system has encountered a critical failure. The VMware vSphere ESXi Dump Collector is used to collects such memory dumps over the network.
  • VMware vSphere Syslog Collector - Can Be used to enable ESXi system logs to be directed to the server over the network, rather than on a Local Disk.
  • Inventory Service - Inventory Service stores vCenter Server application and inventory data, which helps us to search and access inventory objects across linked vCenter Server instances.
  •  vSphere Web Client (Server) - Helps to connect to vCenter Server using a web browser.

For More Information Refer VMware vSphere 6 Documentation Center

Sunday 1 May 2016

What's New vRealize Automation 7

With the release of vRealize Automation 7 there are few important features which are added with this release and also few deprecated features.

Updated Features
  • Installation wizard based on deployment needs: Minimal (Express) and Enterprise (Distributed and High Availability) Installations.
  • Embedded authentication service by using VMware Identity Manager.
  • Converged Application Services in vRealize Automation Appliance.
  • Reduced minimal number of appliances for HA configuration.
  • Automated embedded PostgreSQL clustering with manual failover.
  • Automated embedded vRealize Orchestrator clustering.
  • Support native Active Directory for all tenants.
  • Multiple domains to single tenant.
  • Single domain to multiple tenants.
  • Full branding capabilities.
  • Third-party SAML token support.
  • Smart card support.
  • Multi-factor authentication.
  • Single unified model for both machine and application blueprints:
  • Blueprint as code and human-readable.
  • Create in editor of choice and stored in source control.
  • Import and export in the same or multiple vRealize Automation 7.0 instances.
  • Customer-requested machine and application blueprints provided.
  • Additional blueprints available on the VMware Solutions Exchange.
  • Automated connectivity to existing or on-demand networks.
  • On-demand dedicated NSX load balancer.
  • Simplified blueprint authoring for vCloud Air and vCloud Director.
  • Introduce vRealize Orchestrator Control Center for easy monitoring and troubleshooting.
  • Centralized Server administration and easy cluster setup.
  • Workflow troubleshooting and enhanced log monitoring.

Deprecated Features
  • vRealize Automation Application Services has been merged into vRealize Automation.
  •  The infrastructure and application blueprint authoring experiences are converged into a unified designer canvas.
  • The event broker is a new event-based extensibility feature that replaces vCloud Automation Center Designer (CDK) and life cycle Callouts. 
  • The workflow stubs are being replaced by the event broker workflow subscriptions. They are still available, supported, and they can be used, but they are planned to be removed in a future version of vRealize Automation. To ensure future product compatibility, you should use the event broker workflow subscriptions to run custom workflows based on state changes.

For More Information Refer vRA 7 Release Notes