vCenter Orchestrator Installation and Configuration Guide vCenter Orchestrator 4.0.1 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new edition. To check for more recent editions of this document, see http://www.vmware.com/support/pubs.
vCenter Orchestrator Installation and Configuration Guide You can find the most up-to-date technical documentation on the VMware Web site at: http://www.vmware.com/support/ The VMware Web site also provides the latest product updates. If you have comments about this documentation, submit your feedback to: docfeedback@vmware.com Copyright © 2008–2010 VMware, Inc. All rights reserved. This product is protected by U.S. and international copyright and intellectual property laws.
Contents Updated Information 5 About This Book 7 1 Introduction to VMware vCenter Orchestrator 9 Key Features of the Orchestrator Platform 9 Orchestrator User Roles and Related Tasks 10 Orchestrator Architecture 11 2 Orchestrator System Requirements 13 Hardware Requirements for Orchestrator 13 Operating Systems Supported by Orchestrator 13 Supported Directory Services 14 Browsers Supported by Orchestrator 14 Orchestrator Database Requirements 14 Level of Internationalization (i18n) Support 14 3 Orchest
vCenter Orchestrator Installation and Configuration Guide Change the Default Password 35 Revert to the Default Password for Orchestrator Configuration 35 Configure the Network Connection 36 Orchestrator Network Ports 36 Change the Default Configuration Ports on the Orchestrator Client Side Import the vCenter SSL Certificate 39 Configuring LDAP Settings 39 Generate the LDAP Connection URL 40 Import the LDAP Server SSL Certificate 41 Specify the Browsing Credentials 42 Define the LDAP Lookup Paths 43 Define
Updated Information This vCenter Orchestrator Installation and Configuration Guide is updated with each release of the product or when necessary. This table provides the update history of the vCenter Orchestrator Installation and Configuration Guide. Revision Description EN-000227-03 n n EN-000227-02 n n n n n n n n EN-000227-01 n n n n n VMware, Inc. Added a user role in “Orchestrator User Roles and Related Tasks,” on page 10.
vCenter Orchestrator Installation and Configuration Guide Revision Description EN-000227-00 Updates for the release of Orchestrator 4.0.1: n n n n n n n n n n n n n n n n n n n n EN-000192-01 n n n n n EN-000192-00 6 Added information about the supported versions of directory service types in “Supported Directory Services,” on page 14. Added information about internationalization support in “Level of Internationalization (i18n) Support,” on page 14.
About This Book The VMware vCenter Orchestrator Installation and Configuration Guide provides information and instructions ® about installing, upgrading and configuring VMware vCenter Orchestrator. Intended Audience This book is intended for advanced vCenter administrators and experienced system administrators who are familiar with virtual machine technology and datacenter operations.
vCenter Orchestrator Installation and Configuration Guide Services provides offerings to help you assess, plan, build, and manage your virtual environment. To access information about education classes, certification programs, and consulting services, go to http://www.vmware.com/services. 8 VMware, Inc.
Introduction to VMware vCenter Orchestrator 1 VMware vCenter Orchestrator is a development and process-automation platform that provides a library of extensible workflows to allow you to create and run automated, configurable processes to manage the VMware vCenter infrastructure as well as other VMware and third-party technologies. Orchestrator exposes every operation in the vCenter Server API, allowing you to integrate all of these operations into your automated processes.
vCenter Orchestrator Installation and Configuration Guide Scripting engine Workflow engine The Mozilla Rhino JavaScript engine provides a way to create new building blocks for Orchestrator Platform. The scripting engine is enhanced with basic version control, variable type checking, name space management and exception handling. It can be used in the following building blocks: n Actions n Workflows n Policies The workflow engine allows you to capture business processes.
Chapter 1 Introduction to VMware vCenter Orchestrator n Running workflows and scheduling tasks n Managing version control of imported elements n Creating new workflows and plug-ins This role has full access to all of the Orchestrator platform capabilities.
vCenter Orchestrator Installation and Configuration Guide 12 VMware, Inc.
Orchestrator System Requirements 2 Your system must meet the technical requirements that are necessary to install and configure VMware vCenter Orchestrator.
vCenter Orchestrator Installation and Configuration Guide n Windows Server 2003 R2 SP2, 64-bit n Windows Server 2003 R2, 32-bit Supported Directory Services Orchestrator requires a working LDAP server on your infrastructure. Orchestrator supports these directory service types. n Windows Server 2003 Active Directory n Windows Server 2008 Active Directory n Novell eDirectory Server 8.8.3 n Sun Java Directory Server Enterprise Edition (DSEE) Version 6.
Chapter 2 Orchestrator System Requirements Table 2-1.
vCenter Orchestrator Installation and Configuration Guide 16 VMware, Inc.
Orchestrator Components Setup Guidelines 3 To enhance the availability and scalability of your Orchestrator setup, install Orchestrator on a server different from the server on which vCenter Server runs. Separating Orchestrator from vCenter Server makes it possible to adjust the operating system to meet the specific recommendations for each service.
vCenter Orchestrator Installation and Configuration Guide Orchestrator Database Setup Orchestrator requires a database to store workflows and actions. Orchestrator server supports Oracle and Microsoft SQL Server databases and provides experimental support for MySQL and PostgreSQL. You can use MySQL and PostgreSQL for testing and evaluation purposes. NOTE The driver for MySQL is not installed with Orchestrator.
Chapter 3 Orchestrator Components Setup Guidelines 4 To make the driver available to VMware vCenter Orchestrator server and VMware vCenter Orchestrator configuration interface, copy mysql-connector-java-x.x.x.jar to the following locations: n VMware vCenter Orchestrator configuration interface: install_directory\VMware\Orchestrator\configuration\jetty\lib\ext\ n VMware vCenter Orchestrator server: install_directory\VMware\Orchestrator\app-server\server\vmo\lib\ 5 Restart the Orchestrator servers.
vCenter Orchestrator Installation and Configuration Guide 20 VMware, Inc.
Installing Orchestrator 4 Orchestrator consists of a server component and a client component. You can install the Orchestrator components on the machine where vCenter Server is installed or on a separate machine. To improve performance, install the Orchestrator server component on a separate machine. To install Orchestrator, you must be either a local Administrator or a domain user that is a member of the Administrators group.
vCenter Orchestrator Installation and Configuration Guide 4 Select a language for the installer and click OK. 5 When the Welcome page appears, click Next. 6 Select I agree to the terms in the license agreement and click Next. 7 Type your user name, organization, and vCenter Server license key, and click Next. 8 Select the type of database to use. Option Action To use the bundled database Click Install SQL Server 2005 Express instance (for small-scale deployments).
Chapter 4 Installing Orchestrator 17 Click Install. Installation might take several minutes. Multiple progress bars appear during the installation of the selected components. 18 When the installation finishes, click Finish. You completed the installation of vCenter Server. The Orchestrator client and server components are installed on your system. What to do next Start the VMware vCenter Orchestrator Configuration service and log in to the Orchestrator configuration interface.
vCenter Orchestrator Installation and Configuration Guide 5 Select the Orchestrator installation directory. CAUTION You cannot install Orchestrator in a directory whose name contains non-ASCII characters. If you are operating in a locale that features non-ASCII characters, you must install Orchestrator in the default location. This is because of a third-party limitation. 6 7 Option Action Accept the default location Click Next to accept the default installation directory C:\Program Files\VMware\Orch
Upgrade Orchestrator with vCenter Server 5 If you installed Orchestrator with the vCenter installer, you can upgrade to the latest version of Orchestrator by upgrading your vCenter Server. The vCenter Server installer detects the previous version and the installation path. Prerequisites n Back up your vCenter environment. n Make sure the vCenter Server upgrade prerequisites and database upgrade prerequisites are met. See the vSphere Upgrade Guide for details.
vCenter Orchestrator Installation and Configuration Guide 9 Enter the database password that corresponds to the username and DSN that the installer displays and click Next. You can omit the database username and password if the DSN is using Windows NT authentication. If you specify a remote SQL Server database that uses Windows NT authentication, the database user and the logged-in user on the vCenter Server machine must be the same.
Upgrade Orchestrator Standalone 6 To upgrade an installation of Orchestrator on a Microsoft Windows server different from the server on which vCenter Server runs, run the latest version of the Orchestrator standalone installer. Prerequisites n Create a backup of the Orchestrator database. n Export the Orchestrator configuration to a local file. n Export your custom workflows and packages. n Stop the VMware vCenter Orchestrator Server.
vCenter Orchestrator Installation and Configuration Guide 7 Select the type of installation that matches your existing installation type and click Next. Option Description Client Installs the Orchestrator client application, which allows you to create and edit workflows. Server Installs the Orchestrator platform. Client-Server Installs the Orchestrator client and server. For example, if you have installed the Orchestrator client, select Client and upgrade your Orchestrator server separately.
Upgrading Orchestrator Applications After Upgrading vCenter Server 7 You must refactor any legacy Orchestrator applications that you wrote for use with VMware Infrastructure 3.5 so that they run with vCenter Server 4.0 and above. Orchestrator provides workflows to help you refactor the applications to the new version. For detailed information about refactoring applications, see the VMware vCenter Orchestrator Developer's Guide. VMware, Inc.
vCenter Orchestrator Installation and Configuration Guide 30 VMware, Inc.
Uninstall Orchestrator 8 You can remove the Orchestrator client and server components from your system by using the Windows Add or Remove Programs Utility from the Control Panel. Prerequisites Save the Orchestrator system settings to a local file. For details, see “Export the Orchestrator Configuration,” on page 56. Procedure 1 From the Windows Start menu, select Settings > Control Panel > Add or Remove Programs. 2 Select vCenter Orchestrator and click Remove.
vCenter Orchestrator Installation and Configuration Guide 32 VMware, Inc.
Configuring Orchestrator 9 VMware vCenter Orchestrator Web Configuration is installed silently with VMware vCenter Server. This is the tool you use to configure the components that are related to the Orchestrator engine, such as network, database, server certificate, and so on. The correct configuration of these components ensures the proper functioning of Lifecycle Manager or any other applications running on the Orchestrator platform.
vCenter Orchestrator Installation and Configuration Guide Start the Orchestrator Configuration Service The VMware vCenter Orchestrator Configuration service startup type is set to Manual by default. You must start it manually before you try to access the Orchestrator configuration interface and after you reboot. If you installed Orchestrator standalone, the Orchestrator Configuration service is already started. Procedure 1 Right-click My Computer on your desktop and select Manage.
Chapter 9 Configuring Orchestrator When you log in to the Orchestrator configuration interface for the first time, you see the installation path, the Orchestrator version, and the server status in the Information tab. The status indicators of all tabs on the left display red triangles, indicating that the components are not configured. What to do next Select a tab and follow the links in the inspector on the right, entering the necessary information until a green circle appears on the selected tab.
vCenter Orchestrator Installation and Configuration Guide 5 Save the password.properties file. 6 Restart the Orchestrator Configuration service. You can log in to the Orchestrator configuration interface with the default credentials. n User name: vmware n Password: vmware Configure the Network Connection When you install Orchestrator, the IP address for your server is set as not set. To change this, you must configure the network settings used by Orchestrator.
Chapter 9 Configuring Orchestrator Table 9-1. VMware vCenter Orchestrator Default Configuration Ports Port Number Protocol Source Target Description Lookup port 8230 TCP vCO Client vCO Server The main port to communicate with the Orchestrator server (JNDI port). All other ports communicate with the Orchestrator smart client through this port. It is part of the Jboss Application server infrastructure.
vCenter Orchestrator Installation and Configuration Guide Table 9-2. VMware vCenter Orchestrator External Communication Ports (Continued) Port Number Protocol Source Target Description SMTP Server port 25 TCP vCO Server SMTP Server The port used for email notifications. vCenter API port 443 TCP vCO Server vCenter Server The vCenter API communication port used by Orchestrator to obtain virtual infrastructure and virtual machine information from orchestrated vCenter Server(s).
Chapter 9 Configuring Orchestrator 3 Save the file as vmo.properties. 4 Repeat the procedure for every Orchestrator client instance. You can log in to the Orchestrator client without adding the lookup port number to the Orchestrator server DNS name or IP address. Import the vCenter SSL Certificate The Orchestrator configuration interface uses a secure connection to communicate with vCenter. You can import the required SSL certificate from a URL or file.
vCenter Orchestrator Installation and Configuration Guide 3 Specify the Browsing Credentials on page 42 Orchestrator must read your LDAP structure to inherit its properties. You can specify the credentials that Orchestrator uses to connect to an LDAP server. 4 Define the LDAP Lookup Paths on page 43 You can define the users and groups lookup information. 5 Define the LDAP Search Options on page 44 You can customize the LDAP search queries and make searching in LDAP more effective.
Chapter 9 Configuring Orchestrator 7 In the Port text box, type the value for the look up port of your LDAP server. NOTE Orchestrator supports Active Directory hierarchical domains structure. If your Domain Controller is configured to use Global Catalog, you must use port 3268. You cannot use the default port 389 to connect to the Global Catalog server. 8 In the Root text box, type the root element of your LDAP service. If your domain name is company.org, your root LDAP is dc=company,dc=org.
vCenter Orchestrator Installation and Configuration Guide Prerequisites n Verify that SSL access is enabled on the LDAP server. n Obtain a self-signed server certificate or a certificate that is signed by a Certificate Authority. Procedure 1 Log in to the Orchestrator configuration interface as vmware. 2 Click Network. 3 In the right pane, click the SSL Certificate tab. 4 Browse to select a certificate file to import. 5 Click Import. A message confirming that the import is successful appears.
Chapter 9 Configuring Orchestrator Define the LDAP Lookup Paths You can define the users and groups lookup information. Two global roles are identified in Orchestrator: Developers and Administrators. The users in the Developers role have editing privileges on all elements. The users in the Administrators role have unrestricted privileges. Administrators can manage permissions, or discharge administration duties on a selected set of elements to any other group or user.
vCenter Orchestrator Installation and Configuration Guide What to do next Define the LDAP search options and apply your changes. Define the LDAP Search Options You can customize the LDAP search queries and make searching in LDAP more effective. Procedure 1 Log in to the Orchestrator configuration interface as vmware. 2 Click LDAP. 3 In the Request timeout text box, enter a value in milliseconds.
Chapter 9 Configuring Orchestrator Table 9-4. Common Active Directory Authentication Errors (Continued) Error Description 701 This user account has expired. 773 The user must reset their password. 775 The user account has been locked. Password Encryption and Hashing Mechanism Orchestrator utilizes PBE with MD5 and DES encryption mechanism to encode the stored passwords used to connect to the database, LDAP, and Orchestrator servers. Table 9-5.
vCenter Orchestrator Installation and Configuration Guide 5 To build or update the table structure for Orchestrator, install or update the database. Option Description Install the database Configures a new database. Update the database Uses the database from your previous Orchestrator installation. After the database is populated, you can reset the database access rights to db_dataread and db_datawrite. 6 Click Apply changes.
Chapter 9 Configuring Orchestrator Identify the SQL Server Authentication Type You can identify whether SQL Server is using Windows NT or SQL Server authentication. Procedure 1 Open the SQL Server Management Studio. 2 Click the Properties tab. 3 Check the connection type. Server Certificate The server certificate is a form of digital identification that is used with HTTPS to authenticate Web applications.
vCenter Orchestrator Installation and Configuration Guide 4 Browse to select the certificate file to import. 5 Enter the password used to decrypt the content of the imported keystore database. The details about the imported server certificate appear in the Server Certificate window. Create a Self-Signed Server Certificate Installing Orchestrator requires that you create a self-signed certificate.
Chapter 9 Configuring Orchestrator Orchestrator uses the server certificate to n Sign all packages before they are exported by attaching your certificate’s public key to each one. n Display a user prompt on importing a package that contains elements signed by untrusted certificates. What to do next You can import this certificate on other servers. Export a Server Certificate The server certificate private key is stored in the vmo_keystore table of the Orchestrator database.
vCenter Orchestrator Installation and Configuration Guide 4 Delete the Orchestrator database, or create a backup if you want to keep old data. The database you bind Orchestrator to must not contain records in the vmo_keystore table. 5 Reinstall the Orchestrator server. 6 (Optional) Import your Orchestrator configuration. 7 Create a new self-signed certificate or import one. 8 Reimport your packages. a Click the Packages view in the Orchestrator client.
Chapter 9 Configuring Orchestrator 5 (Optional) To disable a plug-in, deselect the check box next to it. This action does not remove the plug-in file. 6 Click Apply changes. On the Plug-ins tab, the red triangle changes to a green circle to indicate that the component is now configured correctly. The first time the server boots, it installs the selected plug-ins. What to do next You can now configure the settings for Mail, SSH, and vCenter 4.0 plug-ins.
vCenter Orchestrator Installation and Configuration Guide 5 Click Apply changes. The host is added to the list of SSH connections. 6 (Optional) Configure an entry path on the server. a Click New root folder. b Enter the new path and click Apply changes. The SSH host is available in the Inventory view of the Orchestrator smart client. Configure the vCenter 4.0 Plug-In Orchestrator uses the vCenter Web Service API to control vCenter.
Chapter 9 Configuring Orchestrator 11 Click Apply changes. The URL to the newly configured vCenter Server host is added to the list of defined hosts. 12 Repeat Step 3 through Step 11 for each vCenter Server instance. What to do next If you did not restart the Orchestrator Configuration service after importing the vCenter SSL Certificate, select Startup Options > Restart the vCO configuration server.
vCenter Orchestrator Installation and Configuration Guide Access Rights to Orchestrator Server The type of vCenter Server license you apply in the Orchestrator configuration interface determines whether you get read-only or full access to the Orchestrator server capabilities. Table 9-7. Orchestrator Server Modes vCenter License Edition vCenter Orchestrator Mode Description Standard Server You are granted full read and write privileges to all Orchestrator elements. You can run and edit workflows.
Chapter 9 Configuring Orchestrator Start the Orchestrator Server You can install the Orchestrator server as a service on the Startup Options tab. When you do this, you can start, stop, and restart the service from the Configuration interface. This process is reversible as you can always use the Uninstall vCO server from service option.
vCenter Orchestrator Installation and Configuration Guide Procedure 1 Navigate to the wrapper.conf wrapper configuration file. The wrapper configuration file is in the following location: install_directory/app-server/bin/wrapper.conf 2 Open the wrapper.conf file in an editor. 3 Locate the -wrapper.ping.timeout parameter in the wrapper.conf file, or add it to the file if it does not exist. 4 Set the number of seconds to allow between a ping from the watchdog utility and the response from the service.
Chapter 9 Configuring Orchestrator 3 (Optional) Enter a password to protect the configuration file. Use the same password when you import the configuration. 4 Click Export. 5 Click Save when prompted. You can use the vmo_config_dateReference.vmoconfig file to clone or to restore the system. What to do next For a list of exported configuration settings, see “Orchestrator Configuration Files,” on page 57.
vCenter Orchestrator Installation and Configuration Guide Import the Orchestrator Configuration You can restore the previously exported system configuration if a system failure occurs or when you reinstall Orchestrator. Procedure 1 Install a new Orchestrator instance on a new server. 2 Log in to the Orchestrator configuration interface as vmware. 3 On the General tab, click Import Configuration. 4 (Optional) Enter the protective password you used when exporting the configuration.
Chapter 9 Configuring Orchestrator 7 (Optional) To put the server in Web view development mode, select the Enable Web view development check box. In this mode, all elements in the Web view are loaded from the specified Web view directory and not from the Web view content itself. 8 Click Apply changes. Install an Application An application is a set of plug-ins and packages.
vCenter Orchestrator Installation and Configuration Guide Change the Web View SSL Certificate Orchestrator provides an SSL certificate that controls user access to Web views. You can configure Orchestrator to use a different SSL certificate to control access to Web views. For example, if your company security policy requires you to use their SSL certificates. Procedure 1 Create an SSL certificate by running the keytool Java utility at the command prompt.
Chapter 9 Configuring Orchestrator Procedure 1 Log in to the Orchestrator configuration interface as vmware. 2 Click Log. 3 Select an option from the Log level drop-down menu. Option Description FATAL Only fatal errors are written to the log file. ERROR Errors and fatal errors are written to the log file. WARN Warnings, errors, and fatal errors are written to the log file. INFO Information, warnings, errors, and fatal errors are written to the log file.
vCenter Orchestrator Installation and Configuration Guide 62 VMware, Inc.
Where to Go From Here 10 When you have installed and configured vCenter Orchestrator, you can use Orchestrator to automate frequently repeated processes related to the management of the virtual environment. n Log in to the Orchestrator client, run, and schedule workflows on the vCenter Server inventory objects. n Publish the weboperator Web view and provide browser access to Orchestrator functions to users and user groups. n Set up the user permissions on Orchestrator objects.
vCenter Orchestrator Installation and Configuration Guide 64 VMware, Inc.
Index A availability 17 C certificate database 49 changing the Orchestrator Lookup port 38 check-pointing 9 configuration config files 57 database connection 45, 46 default plug-ins 50 export configuration settings 56 import configuration settings 58 LDAP settings 43 network connection 36 configuration maximums 19 D database connection parameters 45, 46 installation 18 MySQL 18 Oracle 18 PostgreSQL 18 server size 18 setup 18 SQL Server 18 default password 35 default ports command port 36 data port 36 HTT
vCenter Orchestrator Installation and Configuration Guide login 34 M MD5 45 MySQL installing MySQL driver 18 parameters 19 N non-ASCII characters 14, 23, 45 O Orchestrator architecture 11 Orchestrator overview 9 P password 35 PBE 45 persistence 9 plug-ins installing an application 59 Mail plug-in 51 removing a plug-in 53 SSH plug-in 51 vCenter plug-in 52 policy engine 9 R 66 LDAP server 17 vCenter Server 17 SMTP connection 51 SQL authentication type 47 SSL certificate 39 support 7 system requirement
