vCenter Orchestrator Installation and Configuration Guide vCenter Orchestrator 4.1 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new edition. To check for more recent editions of this document, see http://www.vmware.com/support/pubs.
vCenter Orchestrator Installation and Configuration Guide You can find the most up-to-date technical documentation on the VMware Web site at: http://www.vmware.com/support/ The VMware Web site also provides the latest product updates. If you have comments about this documentation, submit your feedback to: docfeedback@vmware.com Copyright © 2008–2010 VMware, Inc. All rights reserved. This product is protected by U.S. and international copyright and intellectual property laws.
Contents Updated Information 5 About This Book 7 1 Introduction to VMware vCenter Orchestrator 9 Key Features of the Orchestrator Platform 9 Orchestrator User Roles and Related Tasks 10 Orchestrator Architecture 11 Deprecated Features in Orchestrator 4.
vCenter Orchestrator Installation and Configuration Guide Log In to the Orchestrator Configuration Interface 34 Change the Default Password 35 Revert to the Default Password for Orchestrator Configuration 35 Configure the Network Connection 36 Orchestrator Network Ports 36 Change the Default Configuration Ports on the Orchestrator Client Side Import the vCenter Server SSL Certificate 39 Configuring LDAP Settings 39 Generate the LDAP Connection URL 40 Import the LDAP Server SSL Certificate 41 Specify the Br
Updated Information The vCenter Orchestrator Installation and Configuration Guide is updated with each release of the product or when necessary. This table provides the update history of the vCenter Orchestrator Installation and Configuration Guide. Revision Description EN-000321-03 n n n n n n n n EN-000321-02 n n n n n EN-000321-01 n n n EN-000321-00 VMware, Inc. Removed the information related to the experimental support of OpenLDAP, PostgreSQL and MySQL.
vCenter Orchestrator Installation and Configuration Guide 6 VMware, Inc.
About This Book The VMware vCenter Orchestrator Installation and Configuration Guide provides information and instructions ® about installing, upgrading and configuring VMware vCenter Orchestrator. Intended Audience This book is intended for advanced vCenter administrators and experienced system administrators who are familiar with virtual machine technology and datacenter operations.
vCenter Orchestrator Installation and Configuration Guide Services provides offerings to help you assess, plan, build, and manage your virtual environment. To access information about education classes, certification programs, and consulting services, go to http://www.vmware.com/services. 8 VMware, Inc.
Introduction to VMware vCenter Orchestrator 1 VMware vCenter Orchestrator is a development and process-automation platform that provides a library of extensible workflows to allow you to create and run automated, configurable processes to manage the VMware vCenter infrastructure as well as other VMware and third-party technologies. Orchestrator exposes every operation in the vCenter Server API, allowing you to integrate all of these operations into your automated processes.
vCenter Orchestrator Installation and Configuration Guide Scripting engine Workflow engine The Mozilla Rhino JavaScript engine provides a way to create new building blocks for Orchestrator Platform. The scripting engine is enhanced with basic version control, variable type checking, name space management and exception handling. It can be used in the following building blocks: n Actions n Workflows n Policies The workflow engine allows you to capture business processes.
Chapter 1 Introduction to VMware vCenter Orchestrator n Running workflows and scheduling tasks n Managing version control of imported elements n Creating new workflows and plug-ins This role has full access to all of the Orchestrator platform capabilities.
vCenter Orchestrator Installation and Configuration Guide Deprecated Features in Orchestrator 4.1 The following features are deprecated as of Orchestrator 4.1. Development of these features is not supported in releases of Orchestrator later than 4.1. 12 n Authorizations n OGNL expressions in workflow presentations n Policies VMware, Inc.
Orchestrator System Requirements 2 Your system must meet the technical requirements that are necessary to install and configure VMware vCenter Orchestrator.
vCenter Orchestrator Installation and Configuration Guide Browsers Supported by Orchestrator The Orchestrator configuration and Web view interfaces require a Web browser. You must have one of the following browsers to connect to the Orchestrator configuration interface and Web views. n Microsoft Internet Explorer 7.0 n Mozilla Firefox 3.0 (build 3.0.6 or later) n Mozilla Firefox 3.
Chapter 2 Orchestrator System Requirements Non-ASCII Character Support for Oracle Databases To store characters in the correct format in an Oracle database, set the NLS_CHARACTER_SET parameter to AL32UTF8 before configuring the database connection and building the table structure for Orchestrator. This setting is crucial for an internationalized environment. VMware, Inc.
vCenter Orchestrator Installation and Configuration Guide 16 VMware, Inc.
3 Orchestrator Components Setup Guidelines To enhance the availability and scalability of your Orchestrator setup, install Orchestrator on a server different from the server on which vCenter Server runs. Separating Orchestrator from vCenter Server makes it possible to adjust the operating system to meet the specific recommendations for each service.
vCenter Orchestrator Installation and Configuration Guide Directory Services Setup Orchestrator requires a connection to an LDAP server. Orchestrator supports the following directory service types: Active Directory, eDirectory, and Sun Java System Directory Server. Connect your system to the LDAP server that is physically closest to your Orchestrator server, and avoid connections to remote LDAP servers. Long response times for LDAP queries can lead to slower performance of the whole system.
Installing and Upgrading Orchestrator 4 Orchestrator consists of a server component and a client component. You can install the Orchestrator components on the machine where vCenter Server is installed or on a separate machine. To improve performance, install the Orchestrator server component on a separate machine. You can install the Orchestrator configuration server on 64-bit Windows machines only. The Orchestrator client can run on both 32-bit and 64-bit Windows machines.
vCenter Orchestrator Installation and Configuration Guide Procedure 1 2 Download the vCenter Server installation package from the VMware Web site. Option Description Use ISO image The filename is VMware-VIMSetup-xx-4.a.b-yyyy.iso, where a and b are major and minor version, xx is the two-character language code, and yyyy is the build number. Use ZIP archive The filename is VMware-VIMSetup-xx-4.a.b-yyyy.
Chapter 4 Installing and Upgrading Orchestrator 11 12 Select the installation mode and click Next. Option Description Create a standalone VMware vCenter Server instance Use this option for standalone mode or for the first vCenter Server installation when you are forming a new linked mode group. Join a VMware vCenter Server group using linked mode to share information Enables the vSphere client to view, search, and manage data across multiple vCenter Server systems.
vCenter Orchestrator Installation and Configuration Guide Procedure 1 Download the vCenter Server installation package from the VMware Web site. Option Description Use ISO image The filename is VMware-VIMSetup-xx-4.a.b-yyyy.iso, where a and b are major and minor version, xx is the two-character language code, and yyyy is the build number. Use ZIP archive The filename is VMware-VIMSetup-xx-4.a.b-yyyy.
Chapter 4 Installing and Upgrading Orchestrator Install the Orchestrator Client on a 32-Bit Machine The Orchestrator client is a desktop application that allows you to import packages, run and schedule workflows, and manage user permissions. You can use the standalone Orchestrator client installer on a 32-bit machine only. For details about installing the Orchestrator client on a 64-bit machine, see “Install Orchestrator Standalone,” on page 21.
vCenter Orchestrator Installation and Configuration Guide 24 VMware, Inc.
Upgrading to Orchestrator 4.1 and Migrating the Orchestrator Data 5 When you upgrade vCenter Orchestrator with vCenter Server, you can install vCenter Server on a new machine. You might want to do this to move from a 32-bit to a 64-bit architecture. The vCenter Server 4.1 installation media include a data migration tool that you can use to migrate configuration data from the original vCenter Server machine to the new machine.
vCenter Orchestrator Installation and Configuration Guide Back Up the Orchestrator Configuration Data Use the data migration tool that is included in the vCenter Server 4.1 installation media to back up the existing Orchestrator configuration and restore it to a new Orchestrator instance. Migrating Orchestrator configuration settings by using the data migration tool is only possible when Orchestrator is installed silently with vCenter Server.
Chapter 5 Upgrading to Orchestrator 4.1 and Migrating the Orchestrator Data What to do next Back up any standard Orchestrator elements that you modified. During the database upgrade, elements with a higher version number silently overwrite the existing elements. See “Back Up Modified and Custom Orchestrator Elements,” on page 27.
vCenter Orchestrator Installation and Configuration Guide Procedure 1 2 Download the vCenter Server installation package from the VMware Web site. Option Description Use ISO image The filename is VMware-VIMSetup-xx-4.a.b-yyyy.iso, where a and b are major and minor version, xx is the two-character language code, and yyyy is the build number. Use ZIP archive The filename is VMware-VIMSetup-xx-4.a.b-yyyy.
Chapter 5 Upgrading to Orchestrator 4.1 and Migrating the Orchestrator Data 11 Enter the port numbers to use or accept the port numbers that were imported from the source vCenter Server installation and click Next. For a list of required ports, see the ESX and vCenter Server Installation Guide. 12 Select the vCenter Server configuration that best describes your setup and click Next. 13 Click Install. Installation might take several minutes. If the install script fails, check the generated backup.
vCenter Orchestrator Installation and Configuration Guide 30 VMware, Inc.
Uninstall Orchestrator 6 You can remove the Orchestrator client and server components from your system by using the Windows Add or Remove Programs Utility from the Control Panel. Prerequisites Save the Orchestrator system settings to a local file. For details, see “Export the Orchestrator Configuration,” on page 57. Back up custom workflows and plug-ins. Procedure 1 From the Windows Start menu, select Settings > Control Panel > Add or Remove Programs. 2 Select vCenter Orchestrator and click Remove.
vCenter Orchestrator Installation and Configuration Guide 32 VMware, Inc.
Configuring Orchestrator 7 VMware vCenter Orchestrator Web Configuration is installed silently with VMware vCenter Server. This is the tool you use to configure the components that are related to the Orchestrator engine, such as network, database, server certificate, and so on. The correct configuration of these components ensures the proper functioning of Lifecycle Manager or any other applications running on the Orchestrator platform.
vCenter Orchestrator Installation and Configuration Guide Start the Orchestrator Configuration Service The VMware vCenter Orchestrator Configuration service startup type is set to Manual by default. You must start it manually before you try to access the Orchestrator configuration interface and after you reboot the Orchestrator server. If you installed Orchestrator standalone, the Orchestrator Configuration service is already started. Procedure 1 Right-click My Computer on your desktop and select Manage.
Chapter 7 Configuring Orchestrator When you log in to the Orchestrator configuration interface for the first time, you see the installation path, the Orchestrator version, and the server status in the Information tab. The status indicators of all tabs on the left display red triangles, indicating that the components are not configured. What to do next Select a tab and follow the links in the inspector on the right, entering the necessary information until a green circle appears on the selected tab.
vCenter Orchestrator Installation and Configuration Guide 5 Save the password.properties file. 6 Restart the Orchestrator Configuration service. You can log in to the Orchestrator configuration interface with the default credentials. n User name: vmware n Password: vmware Configure the Network Connection When you install Orchestrator, the IP address that the Orchestrator client interface uses to communicate to the server is not set automatically.
Chapter 7 Configuring Orchestrator Table 7-1. VMware vCenter Orchestrator Default Configuration Ports Port Number Protocol Source Target Description Lookup port 8230 TCP Orchestrator client Orchestrator server The main port to communicate with the Orchestrator server (JNDI port). All other ports communicate with the Orchestrator client through this port. It is part of the JBoss application server infrastructure.
vCenter Orchestrator Installation and Configuration Guide Table 7-2. VMware vCenter Orchestrator External Communication Ports (Continued) Port Number Protocol Source Target Description SMTP Server port 25 TCP Orchestrator server SMTP Server The port used for email notifications.
Chapter 7 Configuring Orchestrator You can log in to the Orchestrator client without adding the lookup port number to the Orchestrator server DNS name or IP address. Import the vCenter Server SSL Certificate The Orchestrator configuration interface uses a secure connection to communicate with vCenter Server. You can import the required SSL certificate from a URL or file. Procedure 1 Log in to the Orchestrator configuration interface as vmware. 2 Click Network.
vCenter Orchestrator Installation and Configuration Guide 4 Define the LDAP User and Group Lookup Paths on page 42 You can define the users and groups lookup information. 5 Define the LDAP Search Options on page 44 You can customize the LDAP search queries and make searching in LDAP more effective.
Chapter 7 Configuring Orchestrator 8 (Optional) Select Use SSL to activate encrypted certification for the connection between Orchestrator and LDAP. If your LDAP uses SSL, you must first import the SSL certificate and restart the Orchestrator Configuration service. See “Import the LDAP Server SSL Certificate,” on page 41. 9 (Optional) Select Use Global Catalog to allow LDAP referrals when the LDAP client is Active Directory. The LDAP server lookup port number changes to 3268.
vCenter Orchestrator Installation and Configuration Guide 5 Click Import. A message confirming that the import is successful appears. 6 Click Startup Options. 7 Click Restart the vCO configuration server to restart the Orchestrator Configuration service after adding a new SSL certificate. The imported certificate appears in the Imported SSL certificates list. You activated secure connection between Orchestrator and your LDAP server.
Chapter 7 Configuring Orchestrator Prerequisites You must have a working LDAP service on your infrastructure. Procedure 1 Log in to the Orchestrator configuration interface as vmware. 2 Click LDAP. 3 Specify the primary and secondary LDAP hosts, the lookup port of the LDAP server, the root element, and the browsing credentials. 4 Define the User lookup base. This is the LDAP container (the top-level domain name or organizational unit) where Orchestrator searches for potential users.
vCenter Orchestrator Installation and Configuration Guide Define the LDAP Search Options You can customize the LDAP search queries and make searching in LDAP more effective. Procedure 1 Log in to the Orchestrator configuration interface as vmware. 2 Click LDAP. 3 In the Request timeout text box, enter a value in milliseconds. This value determines the period during which the Orchestrator server sends a query to the service directory, the directory searches, and sends a reply.
Chapter 7 Configuring Orchestrator Table 7-4. Common Active Directory Authentication Errors (Continued) Error Description 773 The user must reset their password. 775 The user account has been locked. Password Encryption and Hashing Mechanism Orchestrator utilizes PBE with MD5 and DES encryption mechanism to encode the stored passwords used to connect to the database, LDAP, and Orchestrator servers. Table 7-5.
vCenter Orchestrator Installation and Configuration Guide 5 To build or update the table structure for Orchestrator, install or update the database. Option Description Install the database Builds a new table structure for the Orchestrator database. Update the database Uses the database from your previous Orchestrator installation and updates the table structure. After the database is populated, you can reset the database access rights to db_dataread and db_datawrite. 6 Click Apply changes.
Chapter 7 Configuring Orchestrator 3 Check the connection type. Configure SQL Server Express to Use with Orchestrator You can use Microsoft SQL Server Express in small-scale environments. Orchestrator can work with SQL Server Express when the deployment does not exceed 5 hosts and 50 virtual machines. To use SQL Server Express with Orchestrator, you must configure the database to enable TCP/IP. Procedure 1 Log in as an administrator to the machine on which SQL Server Express is installed.
vCenter Orchestrator Installation and Configuration Guide 4 Export a Server Certificate on page 49 The server certificate private key is stored in the vmo_keystore table of the Orchestrator database. In case you lose or delete this key, or if you bind the Orchestrator server to a different database, the content of the exported packages signed with this certificate will become unavailable. To ensure that packages are decrypted on import, you must save this key to a local file.
Chapter 7 Configuring Orchestrator Obtain a Server Certificate Signed by a Certificate Authority To provide recipients with an acceptable level of trust that the package was created by your server, certificates are typically signed by a Certificate Authority (CA). Certificate Authorities guarantee that you are who you claim to be, and as a token of their verification, they sign your certificate with their own. Prerequisites Create a self-signed server certificate or import an existing server certificate.
vCenter Orchestrator Installation and Configuration Guide 6 Save the vmo-server.vmokeystore file when prompted. Change a Self-Signed Server Certificate If you want to sign your packages with a server certificate different from the one you used for the initial Orchestrator configuration, you need to export all your packages and reinstall the Orchestrator server. Procedure 1 Export all your packages. a Click the Packages view in the Orchestrator client.
Chapter 7 Configuring Orchestrator Procedure 1 Log in to the Orchestrator configuration interface as vmware. 2 Click Plug-ins. 3 Type the credentials for a user who is a member of the Orchestrator Administration group that you specified on the LDAP tab. When the Orchestrator server starts, the system uses these credentials to set up the plug-ins. The system checks the enabled plug-ins and performs any necessary internal installations such as package import, policy run, script launch, and so on.
vCenter Orchestrator Installation and Configuration Guide Text box Description User name Enter a valid email account. This is the email account Orchestrator uses to send emails. 4 Password Enter the password associated with the user name. From name and address Enter the sender information to appear in all emails sent by Orchestrator. Click Apply changes. Configure the SSH Plug-In You can set up the SSH plug-in to ensure encrypted connections.
Chapter 7 Configuring Orchestrator 7 (Optional) Select the Secure channel check box to establish a secure connection to your vCenter Server host. 8 In the Path text box, use the default value, /sdk. This is the location of the SDK that you use to connect to your vCenter Server instance. 9 In the User name and Password text boxes, type the credentials for Orchestrator to use to establish the connection to the vCenter Server host.
vCenter Orchestrator Installation and Configuration Guide 5 In the Orchestrator client, click the Packages view. 6 Right-click the package to delete and select Delete element with content. NOTE Orchestrator elements that are locked in the read-only state, for example workflows in the standard library, are not deleted. You removed all custom workflows and actions, policies, Web views, configurations, settings, and resources that the plug-in contains.
Chapter 7 Configuring Orchestrator d In the Path text box, use the default value, /sdk. This is the location of the SDK that you use to connect to your vCenter Server instance. e In the User name and Password text boxes, type the credentials for Orchestrator to use to establish the connection to vCenter. The user you select must be a valid user with administrative privileges on your vCenter Server, preferably at the top of the vCenter tree structure. To view details, click License details.
vCenter Orchestrator Installation and Configuration Guide n Not available n Stopped To see the Orchestrator server status, update the page by clicking the Refresh link. What to do next You can save and export the Orchestrator configuration file so that it can be imported later if needed. See “Export the Orchestrator Configuration,” on page 57. Activate the Service Watchdog Utility Orchestrator provides a watchdog utility that checks for the activity of the Orchestrator server service.
Chapter 7 Configuring Orchestrator Cause The problem occurs when the Orchestrator server is running with a heavy load, for example if you have connected Orchestrator to many vCenter Server instances that are running many virtual machines, or if the server is performing swapping. Solution If you experience this behavior, extend the watchdog timeout period by increasing the timeout parameter in the wrapper.conf configuration file.
vCenter Orchestrator Installation and Configuration Guide Table 7-8. Settings Not Saved During Configuration Export File Description certificate Certificates are not exported. Most certificates are stored in the Orchestrator database. However, the vCenter Server certificate is not stored in the database. You must store it in a separate location, or import it again when you import an Orchestrator configuration. licenses Manually imported licenses are not exported.
Chapter 7 Configuring Orchestrator Configure the Maximum Number of Events and Runs You can define the maximum number of events stored in the database and the maximum number of workflow runs. Each event corresponds to a change in the state of a workflow or policy and is stored in the database. When the maximum number of events set for a workflow or policy is reached, the database deletes the oldest event to store the new event. Each time you run a workflow, a workflow token is created in the database.
vCenter Orchestrator Installation and Configuration Guide 2 On the General tab, click Install Application. 3 Browse to select the .vmoapp file to install. 4 Click Install. What to do next Every time you install an application, a validation is made on the server configuration. In most cases, you must perform additional configuration steps on a tab that the new application adds to the Orchestrator configuration interface.
Chapter 7 Configuring Orchestrator 3 Find the following entry at line 44 in the server.xml file. PAGE 62vCenter Orchestrator Installation and Configuration Guide The new log level is applied to any new messages that the server generates, without restarting the server. The logs are stored in install_directory\app-server\server\vmo\log\. 62 VMware, Inc.
Where to Go From Here 8 When you have installed and configured vCenter Orchestrator, you can use Orchestrator to automate frequently repeated processes related to the management of the virtual environment. n Log in to the Orchestrator client, run, and schedule workflows on the vCenter Server inventory objects or other objects that Orchestrator accesses through its plug-ins. n Publish the weboperator Web view and provide browser access to Orchestrator workflows to users and user groups.
vCenter Orchestrator Installation and Configuration Guide 64 VMware, Inc.
Index A authorizations 12 availability 17 C certificate database 49, 50 changing the Orchestrator Lookup port 38 check-pointing 9 configuration config files 57 database connection 45, 46 default plug-ins 50 export configuration settings 57 import configuration settings 58 LDAP settings 42 network connection 36 configuration maximums 17 D data migration tool back up customized elements 27 data migration 25 export configuration settings 26 import configuration settings 27 database connection parameters 45,
vCenter Orchestrator Installation and Configuration Guide 701 44 773 44 775 44 license importing plug-in licenses 60 importing vCenter Server license 54 Orchestrator server access rights 54 load balancing 51 login 34 M MD5 45 N non-ASCII characters 14, 21, 45 O OGNL expressions 12 Orchestrator architecture 11 Orchestrator installed on a 32-bit machine 25 Orchestrator installed on a 64-bit machine 29 Orchestrator overview 9 P password 35 PBE 45 persistence 9 plug-ins installing an application 59 Mail pl
