Overview

By providing developers with end-user self-service provisioning of VMs on VMware vSphere can significantly boosts developer productivity by removing friction, reducing delays, and fostering agility in development workflows.

Info

Review the benefits of this approach.

---

Architecture

The diagram illustrates how Rafay enables end-user self-service VM provisioning on VMware vSphere infrastructure, streamlining developer access to virtual machines while maintaining enterprise-grade control and visibility.

Customer Data Center

At the heart of the deployment is the customer’s on-premises data center(s), which houses:

• VMware vCenter and vSphere, responsible for VM lifecycle management.
• Rafay Agent, deployed within the customer environment, which securely interfaces with vCenter using VMware APIs.
• Virtual Machines (VMs) provisioned and managed by vSphere based on user requests.

Rafay Controller & Self-Service Portal

The Rafay Controller (SaaS or Self Hosted in the customer's datacenter) communicates with the Rafay Agent over port 443 (outbound only)—ensuring secure, firewall-friendly connectivity without inbound port requirements. End users interact with the Self-Service Portal, a web based portal provided by Rafay, where they can request VMs as needed.

sequenceDiagram
    participant Developer
    participant SelfServicePortal
    participant RafayController
    participant RafayAgent
    participant vCenter
    participant vSphere
    participant VM

    Developer->>SelfServicePortal: Request VM
    SelfServicePortal->>RafayController: Forward VM request
    RafayController->>RafayAgent: Initiate provisioning workflow
    RafayAgent->>vCenter: Call vCenter API to provision VM
    vCenter->>vSphere: Trigger VM creation
    vSphere->>VM: Instantiate new VM
    VM-->>vSphere: VM Ready
    vSphere-->>vCenter: Notify VM provisioned
    vCenter-->>RafayAgent: Provisioning complete
    RafayAgent-->>RafayController: Status update
    RafayController-->>SelfServicePortal: Notify user
    Developer->>VM: Access via SSH

---

🔒 Security & Access

All communication between the Rafay Controller and the customer environment is outbound and encrypted, preserving perimeter security.

• VM access for users is typically via secure protocols like SSH, and access control policies can be enforced centrally.
• Optional VPN integration ensures secure connectivity for VM access in private environments.