HP Insight Orchestration 6.3 User Guide
• User Token – The security token to be used in calls back to Insight Orchestration.
• Date – Date and time at which the flow was triggered by Insight Orchestration.
NOTE: These parameters are required in the workflow definition even if the parameters are not
used within the workflow.
Insight Orchestration and Operations Orchestration communication
Insight Orchestration uses HTTPS communication with the Operations Orchestration Server to invoke
Operations Orchestration workflows and pass any data needed by the workflow. The Operations
Orchestration Server may be located on the same CMS as Insight Orchestration, or may be on a
separate server. HP recommends that Insight Orchestration and Operations Orchestration be on
the same trusted corporate network.
The Operations Orchestration workflow runs with Windows Local System privilege and can be
customized to run arbitrary actions such as file system reads, open network connections or send
email.
For some Operations Orchestration flows, Insight Orchestration waits for a user response before
moving to the next step of an infrastructure’s lifecycle. Insight Orchestration passes a unique, one
time use User Token to these Operations Orchestration flows to Administrator-defined email
recipients. This token is used to authenticate the user response. Insight Orchestration waits until the
User Token is passed back to the Insight Orchestration Service with the correct request ID before
moving to the next step of the infrastructure service’s lifecycle.
By default, these flows send email containing the URL of a response page to the Insight Orchestration
administrator. This URL contains the User Token and the ID of the request. The administrator opens
the URL in a web browser, and is given a form that allows them to Continue or Reject the request.
Clicking either Continue or Reject opens a HTTPS connection to the Insight Orchestration service
and passes the user token, request ID and requested action. If Insight Orchestration confirms that
the user token for the request ID is correct, then Insight Orchestration Continues or Cancels the
request as appropriate.
If the User Token was intercepted, it is possible for an unauthorized user to approve, reject, continue
or cancel a step of a request on an infrastructure service. However, an administrator will notice
that the infrastructure service continued without his direct action and could then take steps to correct
the problem.
Administrative actions
Administrative Actions are Operations Orchestration Workflow processes invoked during lifecycle
of an infrastructure service.
• Manual OS Deployment—Insight Orchestration waits for Continued or Canceled response
from user
• Manual Storage Provisioning—Insight Orchestration waits for Continued or Canceled response
from user
• Manual Storage Removal—Insight Orchestration waits for Continued or Canceled response
from user
• Manual Disk Scrubbing—Insight Orchestration waits for Continued or Canceled response
from user
• Request Approval—Insight Orchestration waits for Approved or Rejected response from user
• Service Begin Action
• Service End Action
• Global Service End Action
• User Notification
• User Pool Notification
• Service Lease Notification
132 HP Operations Orchestration communication security