5.1
Table Of Contents
- Installing and Configuring VMware vCenter Orchestrator
- Contents
- Installing and Configuring VMware vCenter Orchestrator
- Updated Information
- Introduction to VMware vCenter Orchestrator
- Orchestrator System Requirements
- Orchestrator Components Setup
- Installing and Upgrading Orchestrator
- Configuring the Orchestrator Server
- Start the Orchestrator Configuration Service
- Log In to the Orchestrator Configuration Interface
- Configure the Network Connection
- Orchestrator Network Ports
- Import the vCenter Server SSL Certificate
- Selecting the Authentication Type
- Configuring the Orchestrator Database Connection
- Server Certificate
- Configure the Default Plug-Ins
- Importing the vCenter Server License
- Start the Orchestrator Server
- Additional Configuration Options
- Change the Password of the Orchestrator Configuration Interface
- Change the Default Configuration Ports on the Orchestrator Client Side
- Uninstall a Plug-In
- Activate the Service Watchdog Utility
- Export the Orchestrator Configuration
- Import the Orchestrator Configuration
- Configure the Maximum Number of Events and Runs
- Import the Plug-In Licenses
- Orchestrator Log Files
- Configuration Use Cases and Troubleshooting
- Registering Orchestrator with vCenter Single Sign On in the vCenter Server Appliance
- Setting Up Orchestrator to Work with the vSphere Web Client
- Check Whether Orchestrator Is Successfully Registered as an Extension
- Unregister Orchestrator from vCenter Single Sign On
- Enable Orchestrator for Remote Workflow Execution
- Changing SSL Certificates
- Back Up the Orchestrator Configuration and Elements
- Unwanted Server Restarts
- Orchestrator Server Fails to Start
- Revert to the Default Password for Orchestrator Configuration
- Setting System Properties
- Disable Access to the Orchestrator Client By Nonadministrators
- Disable Access to Workflows from Web Service Clients
- Setting Server File System Access for Workflows and JavaScript
- Set JavaScript Access to Operating System Commands
- Set JavaScript Access to Java Classes
- Set Custom Timeout Property
- Modify the Number of Objects a Plug-In Search Obtains
- Modify the Number of Concurrent and Delayed Workflows
- Where to Go From Here
- Index
Selecting the Authentication Type
Orchestrator requires an authentication method to work properly and manage user permissions. You must
select an authentication method so that you can work with Orchestrator.
Orchestrator 5.1 supports two types of authentications:
LDAP authentication
Orchestrator connects to a working LDAP server.
vCenter Single Sign On
authentication
Orchestrator authenticates through vCenter Single Sign On.
IMPORTANT If you want to use vCenter Orchestrator through the vSphere Web Client for managing vSphere
inventory objects, you must configure Orchestrator to authenticate through vCenter Single Sign On.
Configuring vCenter Single Sign On Settings
VMware vCenter Single Sign On is an authentication service that implements the brokered authentication
architectural pattern. You can configure Orchestrator to connect to a vCenter Single Sign On server.
The vCenter Single Sign On server provides an authentication interface called Security Token Service (STS).
Clients send authentication messages to the STS, which checks the user's credentials against one of the identity
sources. Upon successful authentication, STS generates a token.
In vCenter Server versions earlier than vCenter Server 5.1, when a user connects to vCenter Server,
vCenter Server authenticates the user by validating the user against an Active Directory domain or the list of
local operating system users. In vCenter Server 5.1, users authenticate through vCenter Single Sign On.
The vCenter Single Sign On administrative interface is part of the vSphere Web Client. To configure vCenter
Single Sign On and manage vCenter Single Sign On users and groups, you log in to the vSphere Web Client
as a user with vCenter Single Sign On administrator privileges. This might not be the same user as the
vCenter Server administrator. Enter the credentials on the vSphere Web Client login page and upon
authentication, you can access the vCenter Single Sign On administration tool to create users and assign
administrative permissions to other users.
Using the vSphere Web Client, you authenticate to vCenter Single Sign On by entering your credentials on the
vSphere Web Client login page. You can then view all of the vCenter Server instances for which you have
permissions. After you connect to vCenter Server, no further authentication is required. The actions that you
can perform on objects depend on the user's vCenter Server permissions on those objects.
For more information about vCenter Single Sign On, see vSphere Security.
After you configure Orchestrator to authenticate through vCenter Single Sign On, make sure that you configure
it to work with the vCenter Server instances registered with the vSphere Web Client using the same vCenter
Single Sign On instance.
When you log in to the vSphere Web Client, the Orchestrator Web plug-in communicates with the Orchestrator
server on behalf of the user profile you used to log in.
Import the vCenter Single Sign On SSL Certificate
To register Orchestrator as a vCenter Single Sign On solution and configure it to work with vCenter Single
Sign On, first import the vCenter Single Sign On SSL certificate.
You can import the vCenter Single Sign On SSL certificate from the SSL Trust Manager tab in the Orchestrator
configuration interface.
Prerequisites
Install and configure vCenter Single Sign On.
Installing and Configuring VMware vCenter Orchestrator
36 VMware, Inc.