4.2
Table Of Contents
- Installing and Configuring VMware vCenter Orchestrator
- Contents
- Installing and Configuring VMware vCenter Orchestrator
- Updated Information
- Introduction to VMware vCenter Orchestrator
- Orchestrator System Requirements
- Orchestrator Components Setup
- Installing and Upgrading Orchestrator
- Download the vCenter Server Installer
- Install vCenter Server and Orchestrator
- Install Orchestrator Standalone
- Install the Orchestrator Client on a 32-Bit Machine
- Upgrade vCenter Server 4.1 and Orchestrator
- Upgrade Orchestrator 4.1.x Standalone
- Upgrading Orchestrator 4.0.x Running on a 64-Bit Machine
- Upgrading Orchestrator 4.0.x and Migrating the Configuration Data
- Uninstall Orchestrator
- Initial Configuration of the Orchestrator Server
- Start the Orchestrator Configuration Service
- Log In to the Orchestrator Configuration Interface
- Change the Default Password
- Configure the Orchestrator Configuration Interface for Remote Connection
- Configure the Network Connection
- Orchestrator Network Ports
- Import the vCenter Server SSL Certificate
- Configuring LDAP Settings
- Configuring the Orchestrator Database Connection
- Server Certificate
- Configure the Default Plug-Ins
- Import the vCenter Server License
- Start the Orchestrator Server
- Further Configuration Options
- Revert to the Default Password for Orchestrator Configuration
- Change the Default Configuration Ports on the Orchestrator Client Side
- Uninstall a Plug-In
- Activate the Service Watchdog Utility
- Unwanted Server Restarts
- Export the Orchestrator Configuration
- Import the Orchestrator Configuration
- Configure the Maximum Number of Events and Runs
- Import the Plug-In Licenses
- Changing SSL Certificates
- Define the Server Log Level
- Where to Go From Here
- Index
Table 5-5. Database Connection Parameters (Continued)
Connection Parameter Description
Domain (SQL Server only) To use Windows authentication, specify the domain name of the SQL Server machine, for
example company.org.
To use SQL authentication, leave this text box blank.
Use Windows
authentication mode
(NTLMv2)
Select to send NTLMv2 responses when using Windows authentication.
This option is valid only for SQL Server.
Server Certificate
The server certificate is a form of digital identification that is used with HTTPS to authenticate Web
applications. Issued for a particular server and containing information about the server’s public key, the
certificate allows you to sign all elements created in Orchestrator and guarantee authenticity. When the client
receives an element from your server (typically this is a package), they verify your identity and decide whether
to trust your signature.
n
Create a Self-Signed Server Certificate on page 51
Installing Orchestrator or deploying the Orchestrator requires that you create a certificate. You can create
a self-signed certificate to guarantee encrypted communication and a signature for your packages.
However, the recipient cannot be sure that the self-signed package that you are sending is in fact a
package issued by your server and not a third party claiming to be you.
n
Obtain a Server Certificate Signed by a Certificate Authority on page 52
To provide recipients with an acceptable level of trust that the package was created by your server,
certificates are typically signed by a certificate authority (CA). Certificate authorities guarantee that you
are who you claim to be, and as a token of their verification, they sign your certificate with their own.
n
Import a Server Certificate on page 52
You can import a server certificate and use it with Orchestrator.
n
Export a Server Certificate on page 53
The server certificate private key is stored in the vmo_keystore table of the Orchestrator database. In case
you lose or delete this key, or if you bind the Orchestrator server to a different database, the contents of
the exported packages signed with this certificate become unavailable. To ensure that packages are
decrypted on import, you must save this key to a local file.
n
Changing a Self-Signed Server Certificate on page 53
If you want to sign your packages with a server certificate different from the one you used for the initial
Orchestrator configuration, you must export all your packages and change the Orchestrator database.
Create a Self-Signed Server Certificate
Installing Orchestrator or deploying the Orchestrator requires that you create a certificate. You can create a
self-signed certificate to guarantee encrypted communication and a signature for your packages. However,
the recipient cannot be sure that the self-signed package that you are sending is in fact a package issued by
your server and not a third party claiming to be you.
Procedure
1 Log in to the Orchestrator configuration interface as vmware.
2 Click Server Certificate.
3 Click Create certificate database and self-signed server certificate.
4 Type the relevant information.
Chapter 5 Initial Configuration of the Orchestrator Server
VMware, Inc. 51