4.0
Table Of Contents
- vCenter Orchestrator Administration Guide
- Contents
- Updated Information
- About This Book
- Introduction to VMware vCenter Orchestrator
- The Orchestrator Client
- Managing Workflows
- Creating Resource Elements
- Using Plug-Ins
- Managing Actions
- Using Packages
- Setting System Properties
- Disable Access to the Orchestrator Client By Nonadministrators
- Disable Access to Workflows from Web Service Clients
- Setting Server File System Access from Workflows and JavaScript
- Set JavaScript Access to Operating System Commands
- Set JavaScript Access to Java Classes
- Set Custom Timeout Property
- Modify the Number of Objects a Plug-In Search Obtains
- Maintenance and Recovery
- Index
3 Add the following line to the vmo.properties configuration file.
#Disable Orchestrator client connection
com.vmware.o11n.smart-client-disabled = true
4 Save the vmo.properties file.
5 Restart the Orchestrator server.
You disabled access to the Orchestrator client to all users other than members of the Orchestrator administrator
LDAP group.
Disable Access to Workflows from Web Service Clients
You can configure the Orchestrator server to deny access to Web service requests, to prevent malicious attempts
from Web service clients to access sensitive servers.
By default, Orchestrator permits access to workflows from Web service clients. You disable access to workflows
from Web service clients by setting a system property in the Orchestrator configuration file, vmo.properties.
IMPORTANT If the vmo.properties configuration file does not contain this property, or if the property is set to
false, Orchestrator permits access to workflows from Web services.
Procedure
1 Navigate to the following folder on the Orchestrator server system.
Option Action
If you installed Orchestrator with the
vCenter Server installer
Go to
install_directory
\VMware\Infrastructure\Orchestrator\app-
server\server\vmo\conf.
If you installed the standalone
version of Orchestrator
Go to
install_directory
\VMware\Orchestrator\app-
server\server\vmo\conf.
2 Open the vmo.properties configuration file in a text editor.
3 Add the following line to the vmo.properties configuration file.
#Disable Web service access
com.vmware.o11n.web-service-disabled = true
4 Save the vmo.properties file.
5 Restart the Orchestrator server.
You disabled access to workflows Web service clients. The Orchestrator server only answers Web service client
calls from the echo() or echoWorkflow() methods, for testing purposes.
Setting Server File System Access from Workflows and JavaScript
Orchestrator limits access to the server file system from workflows and JavaScript to specific directories. You
can extend access to other parts of the server file system by modifying the js-io-rights.conf Orchestrator
configuration file.
The js-io-rights.conf file is created when a workflow tries to access the Orchestrator server file system.
The js-io-rights.conf file contains rules that permit write access to defined directories in the server file
system.
vCenter Orchestrator Administration Guide
64 VMware, Inc.