1.2.0
Table Of Contents
- Lifecycle Manager Installation and Configuration Guide
- Contents
- About This Book
- Introducing LCM
- Installing and Configuring Orchestrator
- Orchestrator Components Setup Guidelines
- Install Orchestrator
- Configuring Orchestrator
- Check Configuration Readiness
- Log In to the Orchestrator Configuration Interface
- Change the Default Password
- Revert to the Default Password for Orchestrator Configuration
- Configure the Network Connection
- Change the Default Configuration Ports on the Orchestrator Client Side
- Import the vCenter SSL Certificate
- Configuring LDAP Settings
- Password Encryption and Hashing Mechanism
- Configure the Database Connection
- Server Certificate
- Configure the Default Plug-Ins
- Import the vCenter Server License
- Start the Orchestrator Server
- Export the Orchestrator Configuration
- Import the Orchestrator Configuration
- Configure the Maximum Number of Events and Runs
- Change the Web View SSL Certificate
- Define the Server Log Level
- Maintenance and Recovery
- Controlling Orchestrator Access
- Installing and Configuring LCM
- Installing LCM
- Configuring LCM
- Check Configuration Readiness
- Initial Configuration of Lifecycle Manager
- Configure the LCM Web View
- Set Approval Requirements
- Configure Archiving Settings
- Change Authorization Groups
- Change the Naming Convention for Virtual Machines
- Enable Email Notifications
- Configure Email Notification Content
- Configure Currency and Date Formats
- Upgrading Orchestrator and LCM
- Uninstall LCM and Orchestrator
- Index
Controlling Orchestrator Access 8
You can control access to Orchestrator to improve security.
This chapter includes the following topics:
n
“Disable Access to the Orchestrator Client by Nonadministrators,” on page 59
n
“Disable Access to Workflows from Web Service Clients,” on page 60
Disable Access to the Orchestrator Client by Nonadministrators
When using LCM, the best practice is to limit access to the Orchestrator client only to administrators.
By default, all users who are granted execute permissions can connect to the Orchestrator client. However, you
can limit access to the Orchestrator client to Orchestrator administrators by setting a system property in the
vmo.properties Orchestrator configuration file.
IMPORTANT If the vmo.properties configuration file does not contain this property, or if the property is set to
false, Orchestrator permits access to the Orchestrator client by all users.
Procedure
1 Navigate to the following folder on the Orchestrator server system.
installation_directory
\VMware\Orchestrator\app-server\server\vmo\conf
2 Open the vmo.properties configuration file in a text editor.
3 Add the following line to the vmo.properties configuration file.
#Disable Orchestrator client connection
com.vmware.o11n.smart-client-disabled = true
4 Save the vmo.properties file.
5 Restart the Orchestrator server.
You disabled access to the Orchestrator client to all users other than members of the Orchestrator administrator
LDAP group.
VMware, Inc.
59