1.1.0
Table Of Contents
- Lifecycle Manager Installation and Configuration Guide
- Contents
- Updated Information
- About This Book
- Understanding LCM
- LCM Installation Process
- Installing and Configuring Orchestrator
- Orchestrator System Requirements
- Install Orchestrator
- Orchestrator Components Setup Guidelines
- Configuring Orchestrator
- Check Configuration Readiness
- Log In to the Orchestrator Configuration Interface
- Change the Default Password
- Configure the Network Connection
- Import the vCenter SSL Certificate
- Configuring LDAP Settings
- Password Encryption and Hashing Mechanism
- Configure the Database Connection
- Server Certificate
- Configure the Default Plug-Ins
- Import the vCenter Server License
- Start the Orchestrator Server
- Export the Orchestrator Configuration
- Import the Orchestrator Configuration
- Configure the Maximum Number of Events and Runs
- Change the Web View SSL Certificate
- Define the Server Log Level
- Maintenance and Recovery
- Controlling Orchestrator Access
- Installing and Configuring LCM
- Installing LCM
- Migrating to LCM 1.1
- Configuring LCM
- Check Configuration Readiness
- Initial Configuration of Lifecycle Manager
- Configure the LCM Web View
- Set Approval Requirements
- Configure Archiving Settings
- Change Authorization Groups
- Change the Naming Convention for Virtual Machines
- Enable Email Notifications
- Configure Email Notification Content
- Configure Currency and Date Formats
- Uninstall LCM and Orchestrator
- Index
What to do next
For disaster recovery purposes, you can save the certificate private key to a local file.
Obtain a Server Certificate Signed by a Certificate Authority
To provide recipients with an acceptable level of trust that the package was created by your server, certificates
are typically signed by a Certificate Authority (CA). Certificate Authorities guarantee that you are who you
claim to be, and as a token of their verification, they sign your certificate with their own.
Prerequisites
Create a self-signed server certificate or import an existing server certificate.
Procedure
1 Log in to the Orchestrator configuration interface as vmware.
2 Click Server Certificate.
3 Generate a Certificate Signing Request (CSR).
a Click Export certificate signing request.
b Save the VSOcertificate.csr file in your file system when prompted.
4 Send the CSR file to a Certificate Authority, such as Verisign or Thawte.
Procedures might vary from one CA to another, but they all require a valid proof of your identity.
CA returns a Certificate Signing Request that you must import. This is an exact copy of your actual
certificate and the CA signature.
5 Click Import certificate signing request signed by GA and select the file sent by your CA.
Orchestrator uses the server certificate to
n
Sign all packages before they are exported by attaching your certificate’s public key to each one.
n
Display a user prompt on importing a package that contains elements signed by untrusted certificates.
What to do next
You can import this certificate on other servers.
Export a Server Certificate
The server certificate private key is stored in the vmo_keystore table of the Orchestrator database. In case you
lose or delete this key, or if you bind the Orchestrator server to a different database, the content of the exported
packages signed with this certificate will become unavailable. To ensure that packages are decrypted on import,
you must save this key to a local file.
Prerequisites
You must have created or imported a server certificate.
Procedure
1 Log in to the Orchestrator configuration interface as vmware.
2 Click Server Certificate.
3 Click Export certificate database.
4 Enter a password to encrypt the content of the exported keystore database.
You must enter this password again when importing the file.
Chapter 6 Configuring Orchestrator
VMware, Inc. 37