Installing and Configuring VMware vCenter Orchestrator vCenter Orchestrator 5.1 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new edition. To check for more recent editions of this document, see http://www.vmware.com/support/pubs.
Installing and Configuring VMware vCenter Orchestrator You can find the most up-to-date technical documentation on the VMware Web site at: http://www.vmware.com/support/ The VMware Web site also provides the latest product updates. If you have comments about this documentation, submit your feedback to: docfeedback@vmware.com Copyright © 2008 – 2012 VMware, Inc. All rights reserved. This product is protected by U.S. and international copyright and intellectual property laws.
Contents Installing and Configuring VMware vCenter Orchestrator 7 Updated Information 9 1 Introduction to VMware vCenter Orchestrator 11 Key Features of the Orchestrator Platform 11 Orchestrator User Types and Related Responsibilities 12 Orchestrator Architecture 13 2 Orchestrator System Requirements 15 Hardware Requirements for Orchestrator 15 Operating Systems Supported by Orchestrator Supported Directory Services 15 Browsers Supported by Orchestrator 16 Orchestrator Database Requirements 16 Level o
Installing and Configuring VMware vCenter Orchestrator Import the vCenter Server SSL Certificate 35 Selecting the Authentication Type 36 Configuring vCenter Single Sign On Settings 36 Configuring LDAP Settings 39 Configuring the Orchestrator Database Connection 45 Configure SQL Server Express to Use with Orchestrator 45 Import the Database SSL Certificate 45 Configure the Database Connection 46 Server Certificate 49 Create a Self-Signed Server Certificate 49 Obtain a Server Certificate Signed by a Certific
Contents Enable Orchestrator for Remote Workflow Execution 74 Changing SSL Certificates 75 Generate a New Certificate 75 Install a Certificate from a Certificate Authority 75 Change the Web Views SSL Certificate 76 Change the SSL Certificate of the Orchestrator Configuration Interface Change the SSL Certificate for the Orchestrator Client 77 Back Up the Orchestrator Configuration and Elements 78 Unwanted Server Restarts 80 Orchestrator Server Fails to Start 80 Revert to the Default Password for Orchestrato
Installing and Configuring VMware vCenter Orchestrator 6 VMware, Inc.
Installing and Configuring VMware vCenter Orchestrator Installing and Configuring VMware vCenter Orchestrator provides information and instructions about installing, ® upgrading and configuring VMware vCenter Orchestrator. Intended Audience This information is intended for advanced vSphere administrators and experienced system administrators who are familiar with virtual machine technology and datacenter operations. VMware, Inc.
Installing and Configuring VMware vCenter Orchestrator 8 VMware, Inc.
Updated Information Installing and Configuring VMware vCenter Orchestrator is updated with each release of the product or when necessary. This table provides the update history of Installing and Configuring VMware vCenter Orchestrator. Revision Description EN-000736-01 Updated “Setting Up Orchestrator to Work with the vSphere Web Client,” on page 72 with information about additional verification steps. EN-000736-00 Initial release. VMware, Inc.
Installing and Configuring VMware vCenter Orchestrator 10 VMware, Inc.
Introduction to VMware vCenter Orchestrator 1 VMware vCenter Orchestrator is a development- and process-automation platform that provides a library of extensible workflows to allow you to create and run automated, configurable processes to manage the VMware vSphere infrastructure as well as other VMware and third-party technologies. Orchestrator exposes every operation in the vCenter Server API, allowing you to integrate all of these operations into your automated processes.
Installing and Configuring VMware vCenter Orchestrator Scripting engine Workflow engine The Mozilla Rhino JavaScript engine provides a way to create new building blocks for Orchestrator Platform. The scripting engine is enhanced with basic version control, variable type checking, name space management and exception handling. It can be used in the following building blocks: n Actions n Workflows n Policies The workflow engine allows you to capture business processes.
Chapter 1 Introduction to VMware vCenter Orchestrator Developers n Importing and exporting packages n Enabling and disabling Web views n Running workflows and scheduling tasks n Managing version control of imported elements n Creating new workflows and plug-ins This user type has full access to all of the Orchestrator platform capabilities.
Installing and Configuring VMware vCenter Orchestrator Figure 1-1. VMware vCenter Orchestrator Architecture vCenter Orchestrator Client application browser access workflow engine vCenter Server Directory services or vCenter Single Sign On 14 vCenter Server XML SSH Web services REST/SOAP workflow library SQL SMTP 3rd-party plug-in Orchestrator database VMware, Inc.
Orchestrator System Requirements 2 Your system must meet the technical requirements that are necessary to install and configure Orchestrator. For a list of the supported versions of vCenter Server, see VMware Product Interoperability Matrix.
Installing and Configuring VMware vCenter Orchestrator n Sun Java System Directory Server 6.3 IMPORTANT Multiple domains that have a two-way trust, but are not in the same tree, are not supported and do not work with Orchestrator. The only configuration supported for multi-domain Active Directory is domain tree. Forest and external trusts are unsupported. Browsers Supported by Orchestrator The Orchestrator configuration interface and Web views require a Web browser.
Chapter 2 Orchestrator System Requirements Table 2-1.
Installing and Configuring VMware vCenter Orchestrator 18 VMware, Inc.
3 Orchestrator Components Setup To enhance the availability and scalability of your Orchestrator setup, install Orchestrator on a computer different from the computer on which vCenter Server runs. With such separation, you can adjust the operating system to meet the specific recommendations for each service.
Installing and Configuring VMware vCenter Orchestrator Authentication Methods To authenticate and manage user permissions, Orchestrator requires a connection to an LDAP server or a connection to a vCenter Single Sign On server. Orchestrator supports the following directory service types: Active Directory, eDirectory, and Sun Java System Directory Server. Connect your system to the LDAP server that is physically closest to your Orchestrator server, and avoid connections to remote LDAP servers.
Chapter 3 Orchestrator Components Setup The location of the database is important because almost every activity on the Orchestrator server triggers operations on the database. To avoid latency in the database connection, connect to the database server that is geographically closest to your Orchestrator server and that is on the network with the highest bandwidth. The size of the Orchestrator database varies depending on the setup and how workflow tokens are handled.
Installing and Configuring VMware vCenter Orchestrator 22 VMware, Inc.
Installing and Upgrading Orchestrator 4 Orchestrator consists of a server component and a client component. You can install the Orchestrator components on the machine on which vCenter Server is installed or on a separate machine. To improve performance, install the Orchestrator server component on a separate machine. After you install or upgrade Orchestrator standalone, you must start the Orchestrator Configuration service, and configure Orchestrator by using the Orchestrator configuration interface.
Installing and Configuring VMware vCenter Orchestrator n “Upgrading Orchestrator 4.0.x and Migrating the Configuration Data,” on page 30 n “Uninstall Orchestrator,” on page 30 Download the vCenter Server Installer You must download the installer for vCenter Server, the vSphere Client, and associated vCenter components and support tools. Procedure 1 Download the zip file for vCenter Server from the VMware downloads page at http://www.vmware.com/support/. 2 Extract the files from the zip archive.
Chapter 4 Installing and Upgrading Orchestrator 5 6 Select the type of installation and click Next. Option Description Client Installs the Orchestrator client application, which allows you to create and edit workflows. Server Installs the Orchestrator server platform. Client-Server Installs the Orchestrator client and server. Specify the location for the Orchestrator shortcuts and click Next. CAUTION The name of the shortcuts directory must contain only ASCII characters.
Installing and Configuring VMware vCenter Orchestrator The Orchestrator client component is installed on your system. What to do next You can log in to the Orchestrator client interface and perform general administration tasks and create workflows. Upgrade Orchestrator 4.2.x Standalone To upgrade Orchestrator 4.2.x on a 64-bit Microsoft Windows machine that is different from the machine on which vCenter Server runs, start the latest version of the Orchestrator standalone installer.
Chapter 4 Installing and Upgrading Orchestrator 8 Specify the location for the Orchestrator shortcuts and click Next. CAUTION The name of the shortcuts directory must contain only ASCII characters. 9 Click Install to complete the installation process. 10 Click Done to close the installer. 11 Start the Orchestrator configuration service and log in to the Orchestrator configuration interface. 12 On the Database tab, update the database by clicking Update database.
Installing and Configuring VMware vCenter Orchestrator Procedure 1 Log in to the Orchestrator configuration interface as vmware. 2 On the General tab, click Export Configuration. 3 (Optional) Type a password to protect the configuration file. Use the same password when you import the configuration. 4 Click Export. Orchestrator creates a vmo_config_dateReference.vmoconfig file on the machine on which the Orchestrator server is installed. You can use this file to clone or to restore the system.
Chapter 4 Installing and Upgrading Orchestrator Procedure 1 Start the Orchestrator installer. In the software installer directory, browse to the C:\install_directory\vCenter-Server\vCO\ folder and double-click vCenterOrchestrator.exe. The file contains installers for the client and the server components. 2 Click Next. 3 Accept the terms in the license agreement and click Next. 4 Either accept the default destination folders or click Change to select another location, and click Next.
Installing and Configuring VMware vCenter Orchestrator 4 Browse to select the .vmoconfig file you exported from your previous installation. 5 Select whether to override the Orchestrator internal certificate and network settings. Select the check box only if you want to restore your Orchestrator configuration and the .vmoconfig file is the backup file of the same Orchestrator configuration.
Configuring the Orchestrator Server 5 The Orchestrator Web Configuration tool is installed silently with vCenter Server or when you install Orchestrator standalone. To use the tool, you must first start the Orchestrator Configuration Service. You can use the Orchestrator Web Configuration tool to configure the components that are related to the Orchestrator engine, such as network, database, server certificate, and so on.
Installing and Configuring VMware vCenter Orchestrator Start the Orchestrator Configuration Service If you have installed Orchestrator as a part of the vCenter Server installation, the Orchestrator Configuration service does not start by default. You must start it manually before you try to access the Orchestrator configuration interface. If you installed Orchestrator standalone, the Orchestrator Configuration service is already started.
Chapter 5 Configuring the Orchestrator Server 3 Change the default password, and click Apply changes. The next time you log in to the Orchestrator configuration interface, you can use your new password. You successfully logged in to the Orchestrator configuration interface. Configure the Network Connection When you install Orchestrator, the IP address that the Orchestrator client interface uses to communicate to the server is not set automatically.
Installing and Configuring VMware vCenter Orchestrator Table 5-1. VMware vCenter Orchestrator Default Configuration Ports Port Number Protocol Source Target Description Lookup port 8230 TCP Orchestrator client Orchestrator server The main port to communicate with the Orchestrator server (JNDI port). All other ports communicate with the Orchestrator client through this port. It is part of the JBoss application server infrastructure.
Chapter 5 Configuring the Orchestrator Server Table 5-2. VMware vCenter Orchestrator External Communication Ports (Continued) Port Number Protocol Source Target Description Oracle 1521 TCP Orchestrator server Oracle DB Server The port used to communicate with the Oracle Database Server that is configured as the Orchestrator database. SMTP Server port 25 TCP Orchestrator server SMTP Server The port used for email notifications.
Installing and Configuring VMware vCenter Orchestrator Selecting the Authentication Type Orchestrator requires an authentication method to work properly and manage user permissions. You must select an authentication method so that you can work with Orchestrator. Orchestrator 5.1 supports two types of authentications: LDAP authentication Orchestrator connects to a working LDAP server. vCenter Single Sign On authentication Orchestrator authenticates through vCenter Single Sign On.
Chapter 5 Configuring the Orchestrator Server Procedure 1 Log in to the Orchestrator configuration interface as vmware. 2 Click Network. 3 In the right pane, click the SSL Trust Manager tab. 4 Load the vCenter Single Sign On SSL certificate from a URL or a file.
Installing and Configuring VMware vCenter Orchestrator 7 Complete the vCenter Single Sign On configuration. a (Optional) Filter the list of available groups by typing search criteria in the Groups filter text box and pressing Enter. b Select a vCO Admin domain and group from the drop-down menu. c (Optional) Modify the value for the time difference between a client clock and a domain controller clock. The default clock tolerance value is 300 seconds. 8 Click Accept Orchestrator Configuration.
Chapter 5 Configuring the Orchestrator Server Configuring LDAP Settings You can configure Orchestrator to connect to a working LDAP server on your infrastructure to manage user permissions. If you are using secure LDAP over SSL, Windows Server 2003 or 2008, and AD, verify that the LDAP Server Signing Requirements group policy is disabled on the LDAP server. If you configure Orchestrator to work with LDAP, you will not be able to use the Orchestrator Web Client for managing vSphere inventory objects.
Installing and Configuring VMware vCenter Orchestrator 3 In the right pane, click the SSL Trust Manager tab. 4 Browse to select a certificate file to import. 5 Load the LDAP SSL certificate from a URL or a file. Option Action Import from URL Type the URL of the LDAP server: https://your_LDAP_server_IP_address or your_LDAP_server_IP_address:port Import from file 6 Obtain the LDAP SSL certificate file and browse to import it. Click Import.
Chapter 5 Configuring the Orchestrator Server 6 (Optional) In the Secondary LDAP host text box, type the IP address or the DNS name of the host on which your secondary LDAP service runs. If the primary LDAP host becomes unavailable, Orchestrator verifies user credentials on the secondary host. 7 In the Port text box, type the value for the lookup port of your LDAP server. NOTE Orchestrator supports the Active Directory hierarchical domains structure.
Installing and Configuring VMware vCenter Orchestrator Specify the Browsing Credentials Orchestrator must read your LDAP structure to inherit its properties. You can specify the credentials that Orchestrator uses to connect to an LDAP server. Prerequisites Ensure that you have a working LDAP service in your infrastructure and have generated the LDAP connection URL. Procedure 1 Log in to the Orchestrator configuration interface as vmware. 2 Click Authentication.
Chapter 5 Configuring the Orchestrator Server 4 Specify the primary and secondary LDAP hosts, the lookup port of the LDAP server, the root element, and the browsing credentials. 5 Define the User lookup base. This is the LDAP container (the top-level domain name or organizational unit) where Orchestrator searches for potential users. a Click Search and type the top-level domain name or organizational unit.
Installing and Configuring VMware vCenter Orchestrator 4 In the Request timeout text box, type a value in milliseconds. This value determines the period during which the Orchestrator server sends a query to the service directory, the directory searches, and sends a reply. If the timeout period elapses, modify this value to check whether the timeout occurs in the Orchestrator server.
Chapter 5 Configuring the Orchestrator Server Configuring the Orchestrator Database Connection The Orchestrator server requires a database in which to store data. To establish a connection with the database, you must configure the connection parameters. Install a relational database management system (RDBMS) and create a new database for Orchestrator. You can also use the vCenter Server datasource.
Installing and Configuring VMware vCenter Orchestrator Procedure 1 Log in to the Orchestrator configuration interface as vmware. 2 Click Network. 3 In the right pane, click the SSL Trust Manager tab. 4 Load the database SSL certificate from a URL or a file. Option Action Import from URL Type the URL of the database server: https://your_database_server_IP_address or your_database_server_IP_address:port Import from file 5 Obtain the database SSL certificate file and browse to import it.
Chapter 5 Configuring the Orchestrator Server 3 4 From the Select the database type drop-down menu, select the type of database that you want Orchestrator server to use. Option Description Oracle Configures Orchestrator to work with an Oracle database instance. SQL Server Configures Orchestrator to work with a Microsoft SQL Server or Microsoft SQL Server Express database instance. MySQL Configures Orchestrator to work with a MySQL database instance.
Installing and Configuring VMware vCenter Orchestrator 5 (Optional) Build or update the table structure for Orchestrator. Option Description Create the database tables Builds a new table structure for the Orchestrator database. Update the database Uses the database from your previous Orchestrator installation and updates the table structure. After the database is populated, you can reset the database access rights to db_dataread and db_datawrite. 6 Click Apply changes.
Chapter 5 Configuring the Orchestrator Server Server Certificate The server certificate is a form of digital identification that is used to authenticate Web applications. Issued for a particular server and containing information about the server’s public key, the certificate allows you to sign all elements created in Orchestrator and guarantee authenticity.
Installing and Configuring VMware vCenter Orchestrator Obtain a Server Certificate Signed by a Certificate Authority To provide recipients with an acceptable level of trust that the package was created by your server, certificates are typically signed by a certificate authority (CA). Certificate authorities guarantee that you are who you claim to be, and as a token of their verification, they sign your certificate with their own. Procedure 1 Log in to the Orchestrator configuration interface as vmware.
Chapter 5 Configuring the Orchestrator Server Export a Server Certificate The server certificate private key is stored in the vmo_keystore table of the Orchestrator database. In case you lose or delete this key, or if you bind the Orchestrator server to a different database, the contents of the exported packages signed with this certificate become unavailable. To ensure that packages are decrypted on import, you must save this key to a local file.
Installing and Configuring VMware vCenter Orchestrator You can export the Orchestrator configuration by using the Orchestrator configuration interface. For more information, see “Export the Orchestrator Configuration,” on page 27. 4 (Optional) Back up your database if you want to retain the old data. The database that you bind Orchestrator to must not contain records in the vmo_keystore table. 5 Create a new self-signed certificate or import a server certificate signed by a certification authority.
Chapter 5 Configuring the Orchestrator Server 3 Type the credentials for a user who is a member of the Orchestrator administrators group that you specified on the Authentication tab. When the Orchestrator server starts, the system uses these credentials to set up the plug-ins. The system checks the enabled plug-ins and performs any necessary internal installations such as package import, policy run, script launch, and so on. 4 (Optional) To disable a plug-in, deselect the check box next to it.
Installing and Configuring VMware vCenter Orchestrator 4 In the Host name text box, type the host to access with SSH through Orchestrator. NOTE No username and password are required because Orchestrator uses the credentials of the currently logged-in user to run SSH commands. You must reproduce the accounts you want to work on SSH on target hosts from the LDAP server. 5 Click Apply changes. The host is added to the list of SSH connections. 6 (Optional) Configure an entry path on the server.
Chapter 5 Configuring the Orchestrator Server 8 Select the method you want to use to manage user access on the vCenter Server system. Option Description Share a unique session Allows Orchestrator to create only one connection to vCenter Server. In the User name and Password text boxes, type the credentials for Orchestrator to use to establish the connection to the vCenter Server host.
Installing and Configuring VMware vCenter Orchestrator Install a New Plug-In as a VMOAPP File After you configure the default Orchestrator plug-ins, you might want to install a new .vmoapp plug-in. Procedure 1 Log in to the Orchestrator configuration interface as vmware. 2 On the General tab, click Install Application. 3 Click the magnifying glass icon. 4 Browse to locate the .vmoapp file, and click Open. 5 Click Install. The tab for the plug-in appears in the Orchestrator configuration interface.
Chapter 5 Configuring the Orchestrator Server d In the Path text box, use the default value, /sdk. This is the location of the SDK that you use to connect to your vCenter Server instance. e In the User name and Password text boxes, type the credentials that Orchestrator must use to establish the connection to vCenter Server. The user you select must be a valid user with administrative privileges on your vCenter Server, preferably at the top of the vSphere tree structure.
Installing and Configuring VMware vCenter Orchestrator Table 5-4. Orchestrator Server Modes (Continued) vCenter Server License Edition vCenter Orchestrator Mode Description Essentials Player You are granted read privileges on all Orchestrator elements. You can run workflows but you cannot edit them. Evaluation Server You are granted full read and write privileges to all Orchestrator elements. You can run and edit workflows. NOTE All predefined workflows are locked as read-only by design.
Additional Configuration Options 6 You can use the Orchestrator configuration interface to change the default Orchestrator behavior.
Installing and Configuring VMware vCenter Orchestrator Change the Default Configuration Ports on the Orchestrator Client Side If you change the default network ports in the Orchestrator configuration interface, your changes are applied only on the Orchestrator server side. To connect to the server with the client, you must change the configuration of all Orchestrator client instances or connect to the server by using your Orchestrator server DNS name or IP address followed by the new lookup port number.
Chapter 6 Additional Configuration Options 4 Restart the vCenter Orchestrator services. The plug-in is removed from the Orchestrator configuration interface. 5 Delete the plug-in configuration files. n If the plug-in has its configuration stored in a configuration file in the default configuration directory, delete that file from the following path: install_directory/app-server/server/vmo/conf/plugins/.
Installing and Configuring VMware vCenter Orchestrator 4 Set the number of seconds to allow between a ping from the watchdog utility and the response from the service. The default timeout is 0 seconds, which means that the utility is deactivated. For example, you can increase the timeout period to 30 seconds by setting the parameter as follows: -wrapper.ping.timeout=30 5 Save and close the wrapper.conf file. 6 Log in to the Orchestrator configuration interface as vmware.
Chapter 6 Additional Configuration Options Table 6-1. Settings Not Saved During Configuration Export Setting Description Licenses Manually imported licenses are not exported. They are stored in the Orchestrator database. Server The server configuration is reset to Unknown. You must install the Orchestrator server as a Windows service again. Table 6-2. Settings Saved During Configuration Export Setting Description passwordencryptor.key The key used to encrypt the sensitive data.
Installing and Configuring VMware vCenter Orchestrator 3 Type the password you used when exporting the configuration. This step is not necessary if you have not specified a password. 4 Browse to select the .vmoconfig file you exported from your previous installation. 5 Select whether to override the Orchestrator internal certificate and network settings. Select the check box only if you want to restore your Orchestrator configuration and the .
Chapter 6 Additional Configuration Options Import the Plug-In Licenses The set of plug-ins that Orchestrator includes does not require a license. If you add a plug-in that requires a license, you must import it in the Orchestrator configuration interface. Procedure 1 Log in to the Orchestrator configuration interface as vmware. 2 Click Licenses. 3 On the Licenses tab, click Plug-in Licenses. 4 In the Serial number text box, type your plug-in license key. 5 Click Apply changes.
Installing and Configuring VMware vCenter Orchestrator Table 6-3. Orchestrator Log Files (Continued) Filename Location Description vco-configuration.log install_directory\configuratio n\jetty\logs Provides information about the configuration and validation of each component of vCO. This is the jetty service running on the vCO server. The request.log file in the same folder might be more useful to view the history of actions taken during the configuration of vCO. vso.log install_directory\apps This
Chapter 6 Additional Configuration Options Persistent Logs Persistent logs (server logs) track past workflow run logs and are stored in the Orchestrator database. To avoid increasing the database infinitely, specify the number of logs stored per element (workflows and policies) in the Orchestrator configuration interface. If you increase the default value of 50MB, the query requires more space and time.
Installing and Configuring VMware vCenter Orchestrator Change the Size of Server Logs If a server log regenerates multiple times a day, it becomes difficult to determine what causes problems. To prevent this, you can change the default size of the server log. The default size of the server log is 5MB. Procedure 1 2 Navigate to the following folder on the Orchestrator server system.
Chapter 6 Additional Configuration Options Procedure 1 Click the Workflows view in the Orchestrator client. 2 In the workflows hierarchical list, open Library > Troubleshooting and navigate to the Export logs and application settings workflow. 3 Right-click the Export logs and application settings workflow and select Start workflow. 4 (Optional) Type the path to the folder on the vCO server in which to store the output ZIP archive.
Installing and Configuring VMware vCenter Orchestrator 3 Find the following entry: 4 Change the conversion pattern. Where value_name is the name of the available diagnostic values.
Configuration Use Cases and Troubleshooting 7 You can configure the Orchestrator server to work with the vCenter Server appliance, you can also uninstall plug-ins from Orchestrator, or change the self-signed certificates. The configuration use cases provide task flows that you can perform to meet specific configuration requirements of your Orchestrator server system, as well as troubleshooting topics to understand and solve a problem, if a workaround exists.
Installing and Configuring VMware vCenter Orchestrator You import certificates from the Orchestrator configuration interface. For more information about importing certificates, see “Import the vCenter Server SSL Certificate,” on page 35 and “Import the vCenter Single Sign On SSL Certificate,” on page 36. n For importing the SSL certificate of the vCenter Server instance running in the appliance, in the Import from URL text box, type your_vcenter_server_appliance_ip_address:vcenter_server_api_port.
Chapter 7 Configuration Use Cases and Troubleshooting If you want to see more workflows displayed in the pop-up menu when you right-click a vSphere inventory object, you can associate workflows with the different vSphere object types. For more information, see vCenter Server and Host Management. You can now run Orchestrator workflows on the objects in your vSphere inventory by using the vSphere Web Client.
Installing and Configuring VMware vCenter Orchestrator What to do next You can register Orchestrator with another vCenter Single Sign On server or change the authentication type to LDAP authentication. Enable Orchestrator for Remote Workflow Execution Remote workflow execution might not start. Problem When you try to run a remote workflow from one Orchestrator server over another Orchestrator server, the workflow might not start.
Chapter 7 Configuration Use Cases and Troubleshooting Changing SSL Certificates By default, the Orchestrator server uses a self-signed SSL certificate to communicate remotely with the Orchestrator client. Orchestrator also provides an SSL certificate that controls user access to Web views. You can change the SSL certificates, for example if your company security policy requires you to use its SSL certificates. Generate a New Certificate To change an SSL certificate, you can generate a new certificate.
Installing and Configuring VMware vCenter Orchestrator 2 (Optional) Submit the certreq.csr file to a certificate authority, such as VeriSign or Thawte. Procedures might vary from one CA to another, but they all require a valid proof of your identity. The CA returns a certificate that you must import. 3 (Optional) Import the SSL certificate in your local keystore. a Download a root certificate from the CA that signed your certificate.
Chapter 7 Configuration Use Cases and Troubleshooting You changed the SSL certificate that the Orchestrator server uses to control access to Web views. Change the SSL Certificate of the Orchestrator Configuration Interface You can configure the Orchestrator configuration server to use a different SSL certificate, for example if your company security policy requires you to use their SSL certificates. Prerequisites Make sure that you have generated or installed an SSL certificate signed by a CA.
Installing and Configuring VMware vCenter Orchestrator Procedure 1 2 Open the following Orchestrator application server service file in a text editor. Option Action If you installed the standalone version of Orchestrator Go to install_directory\VMware\Orchestrator\appserver\server\vmo\conf\jboss-service.xml. If the vCenter Server installed Orchestrator Go to install_directory\VMware\Infrastructure\Orchestrator\appserver\server\vmo\conf\jboss-service.xml.
Chapter 7 Configuration Use Cases and Troubleshooting 5 Log in to the Orchestrator client application. 6 Create a package that contains all the Orchestrator elements that you created or edited. a Click the Packages view. b Click the menu button in the title bar of the Packages list and select Add package. c Name the new package and click OK. The syntax for package names is domain.your_company.folder.package_name. For example, com.vmware.myfolder.mypackage.
Installing and Configuring VMware vCenter Orchestrator f Review the package import details and select Import or Import and trust provider. The Import package view appears. If the version of the imported package element is later than the version on the server, the system selects the element for import. g Deselect the elements that you do not want to import. For example, deselect custom elements for which later versions exist. h Click Import selected elements.
Chapter 7 Configuration Use Cases and Troubleshooting Revert to the Default Password for Orchestrator Configuration If the default password for the Orchestrator configuration interface is changed, you cannot retrieve it because Orchestrator uses encryption to encode passwords. You can revert to the default password vmware if the current password is not known. Procedure 1 Navigate to the following folder on the Orchestrator server system.
Installing and Configuring VMware vCenter Orchestrator 82 VMware, Inc.
Setting System Properties 8 You can set system properties to change the default Orchestrator behavior.
Installing and Configuring VMware vCenter Orchestrator 3 Add the following line to the vmo.properties configuration file. #Disable Orchestrator client connection com.vmware.o11n.smart-client-disabled = true 4 Save the vmo.properties file. 5 Restart the Orchestrator server. You disabled access to the Orchestrator client to all users other than members of the Orchestrator administrator group.
Chapter 8 Setting System Properties Rules in the js-io-rights.conf File Permitting Write Access to the Orchestrator System The js-io-rights.conf file contains rules that permit write access to defined directories in the server file system. Mandatory Content of the js-io-rights.conf File Each line of the js-io-rights.conf file must contain the following information.
Installing and Configuring VMware vCenter Orchestrator Set Server File System Access for Workflows and JavaScript To change the parts of the server file system that workflows and the Orchestrator API can access, modify the js-io-rights.conf configuration file. The js-io-rights.conf file is created when a workflow tries to access the Orchestrator server file system. If the js-io-rights.conf file does not exist on your system, you can create it manually with the default content.
Chapter 8 Setting System Properties 2 Navigate to the Orchestrator configuration directory. Option Action If you installed Orchestrator with the vCenter Server installer Go to If you installed Orchestrator standalone Go to install_directory\VMware\Infrastructure\Orchestrator\appser ver\server\vmo\conf. install_directory\VMware\Orchestrator\appserver\server\vm o\conf. 3 Create the js-io-rights.conf file and open it in a text editor. 4 Type the default js-io-rights.conf file content.
Installing and Configuring VMware vCenter Orchestrator 5 Restart the Orchestrator server. You granted permissions to Orchestrator applications to run local commands in the Orchestrator server host operating system. NOTE By setting the com.vmware.js.allow-local-process system property to true, you allow the Command scripting class to write anywhere in the file system. This property overrides any file system access permissions that you set in the js-io-rights.conf file for the Command scripting class only.
Chapter 8 Setting System Properties Set Custom Timeout Property When vCenter is overloaded, it takes more time to return the response to the Orchestrator server than the 20000 milliseconds set by default. To prevent this situation, you must modify the Orchestrator configuration file to increase the default timeout period. If the default timeout period expires before the completion of certain operations, the Orchestrator server log contains errors.
Installing and Configuring VMware vCenter Orchestrator 2 Open the XML configuration file of the plug-in for which you want to change the number of search results. 3 Add the following line to the XML configuration file for the plug-in. 50 This line sets the number of search results to return to 50. 4 Save the XML configuration file. 5 (Optional) Repeat Step 2 through Step 4 for each plug-in to modify. 6 Restart the Orchestrator server.
Where to Go From Here 9 When you have installed and configured vCenter Orchestrator, you can use Orchestrator to automate frequently repeated processes related to the management of the virtual environment. n Log in to the Orchestrator client, run, and schedule workflows on the vCenter Server inventory objects or other objects that Orchestrator accesses through its plug-ins. n Publish the weboperator Web view and provide browser access to Orchestrator workflows to users and user groups.
Installing and Configuring VMware vCenter Orchestrator 92 VMware, Inc.
Index A additional configuration options 59 audience 7 authentication type 36 availability 19 B back up, configuration 78 C certificate database 51 changing the Orchestrator Lookup port 60 check-pointing 11 Command scripting class 87 configuration config files 62 database connection 45, 46 default plug-ins 52 export configuration settings 27, 62 import configuration settings 29, 63 LDAP settings 42 network connection 33 configuration maximums 19 configuring Orchestrator in the vSphere Web Client 72 Orche
Installing and Configuring VMware vCenter Orchestrator installing Orchestrator vCenter Orchestrator client installers 25 vCenter Orchestrator standalone installer 24, 28 internationalization 16 J JavaScript 88 js-io-rights.conf file 84, 86 js-io-rights.conf file, content 85 js-io-rights.
Index service watchdog utility timeout parameter 61 troubleshooting server restarts 80 services starting 32, 58 VMware vCenter Orchestrator Configuration 32 VMware vCenter Orchestrator Server 58 setup guidelines directory services 20 LDAP server 20 vCenter Server 19 vCenter Single Sign On 20 SMTP connection 53 SQL Express, configuring SQL Express 45 SSL certificate 35 SSL certificate, import 36 SSL certificates 75 system properties 83, 88–90 system requirements directory services 15 hardware 15 operating s
Installing and Configuring VMware vCenter Orchestrator 96 VMware, Inc.
