Let’s talk about vRealize Automation SaltStack Config

In October 2020 VMware acquired SaltStack and has been working on its integration with vRealize Automation ever since. Personally I didn’t get into SaltStack immediately, I just didn’t have the time. It was not until the beginning of 2022 when I started my SaltStack journey. In this post I want to clear up some things I ran in to when first discovering vRealize Automation SaltStack Config.

What’s in a name

One of the first things I’ve learned was how SaltStack is actually called these days. Officially at VMware it is called vRealize Automation SaltStack Config, in short vRA SSC or even just vSSC. Before the acquisition it was just Salt, SaltStack or SaltStack Enterprise.

So why is this important?

There are a number of customers that where already using SaltStack before the acquisition. Knowing all flavours of a product name can help while talking with these customers.

To illustrate the naming of components as it is today I have created this image.

As you can see, the whole product is called vRealize Automation SaltStack Config depicted in yellow. Then, in blue, we have the Salt Open components. Note that these components can still be used stand-alone today. The green bits reference the SaltStack Config parts which where previously called Salt Enterprise.

vRealize Automation SaltStack Config Components

Salt (also known as Salt Open)

Salt is the core of the product. It is built on a dynamic communication bus. Salt can be used for data-driven orchestration, remote execution and desired state configuration management. To find out more about Salt Open visit the Salt Project page here.

RaaS (also known as eAPI)

RaaS (Returner as a Service) provides RPC endpoints to receive management commands from the vRealize Automation SaltStack Config user interface as well as RPC control endpoints to interface with connected Salt Master(s). The RaaS component brings the enterprise features like job scheduling, management of multiple masters, target groups for minions, role-based-access and more.

Salt Master (also known as Salt Controller)

The Salt Master is the core of vRealize Automation SaltStack Config and manages the endpoints on your network (referred to as Salt Minions). When you issue a command from SaltStack Config web interface (such as a job), the command goes to the Salt Master which places it on the message bus for distribution to the targeted minions. In a stand alone setup (ie. just Salt Open) all commands are issued from the Salt Master directly.

Master plugin

The Master Plugin is installed on the Salt Master. It allows the Salt Master to communicate with the RaaS/eAPI service. The Master Plugin allows the Salt Master to access jobs or processes initiated by SaltStack Config, as well as external data that are stored on the PostgreSQL database.


vRealize Automation SaltStack Config uses a PostgreSQL database to store minion data, job returns, event data, files and pillar data, local user accounts, as well as additional settings for the user interface. This component is not used when only using the Salt Open without the SaltStack Config part.


vRealize Automation SaltStack Config uses a Redis in-memory database to store certain types of data in temporary storage, such as cached data. It also uses temporary data storage to distribute queued work to background workers. This component is not used when only using the Salt Open without the SaltStack Config part.

Salt Minion (also know as Salt Agent)

Salt Minions are the agents which are controlling the host on which they are running. A Salt Minion must be installed on each controlled virtual machine (or device). The Salt minion picks commands from the event bus and replies with the results of said commands. There are also so called Salt Minion Proxies that are used when an agent cannot be installed on a device.

vRealize Automation SaltStack Config installation types

Now that we understand what components are in play and how to name them we can look at how vRA SSC can be installed. In general there are 2 ways of installing vRealize Automation SaltStack Config (or 3 if add the cloud version). The official documentation can be found here.

vRealize Suite Lifecycle Manager install

The first option is to use vRSLCM to do the installation. This is a pretty easy way to install vRA SSC into your environment. Simply download the binaries into vRSLCM and install it into an existing vRA Environment in vRSLCM. After the workflow is done you will have 1 additional appliance with all components (excluding Salt Minions) connected to your vRealize Automation instance. After the installation you can start installing Minions on your deployed VM’s or add the Minion install to your vRA cloud templates.

There is one big caveat with this method of installing vRA SSC, its scalability. This single appliance install will only handle about 1000 minions (in general) and there is no way of scaling this up or out. That means this type of install is only recommended for testing and lab purposes.

Note, at the time of writing VMware has just released version 8.8 of vRA SSC, maybe in future releases this limitation will change, but for now be careful with this type of install.

SaltStack Cloud

SaltStack Cloud is also an option. This is where you subscribe to a cloud instance of vRA SSC which you can use to manage your endpoints. The infrastructure is pre-installed in the cloud and all you need to do is connect your Minions to the cloud Salt Master. I don’t know how the backend looks (since it is a managed service) but it might be a mixture of a single appliance install and what is called a standard install (explained next). Again, there are limitations to the amount of Minions supported, so be mindful of this.

Standard install

The VMware recommended, but also more complex option is to use the standard install. With this method each component will land on its own virtual machine. This option does allow for scaling up or out depending on your needs. In the most basic form expect to have 4 separate nodes, 1 RaaS, 1 Salt Master, 1 PostgreSQL and 1 Redis. Deployments with a single Salt Master can also be integrated with vRealize Automation in the same way as the vRSLCM installation does it.

This basic setup can later be expanded to include multiple RaaS nodes behind a load balancer or a number of additional Salt Masters (with or without multi-master mode clustering).

Just be careful with multi-master setups (a more robust way of doing Salt Masters) as this is currently not supported from vRA perspective.

Note, at the time of writing VMware has just released version 8.8 of vRA SSC, maybe in future releases this limitation on multi-master will change.


I hope this clarifies some of the very basics for understanding vRA SSC. Of course there is a lot more to be said about this product. But I really started to grasp what vRA SSC installation is all about after learning these basics. This post only covered generic and (some of) the theoretical install part of the product. Once you have this part figured out you will quickly move into actually installing, configuring and using vRA SSC.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.