5.1
Table Of Contents
- Installing and Configuring VMware vCenter Orchestrator
- Contents
- Installing and Configuring VMware vCenter Orchestrator
- Updated Information
- Introduction to VMware vCenter Orchestrator
- Orchestrator System Requirements
- Orchestrator Components Setup
- Installing and Upgrading Orchestrator
- Configuring the Orchestrator Server
- Start the Orchestrator Configuration Service
- Log In to the Orchestrator Configuration Interface
- Configure the Network Connection
- Orchestrator Network Ports
- Import the vCenter Server SSL Certificate
- Selecting the Authentication Type
- Configuring the Orchestrator Database Connection
- Server Certificate
- Configure the Default Plug-Ins
- Importing the vCenter Server License
- Start the Orchestrator Server
- Additional Configuration Options
- Change the Password of the Orchestrator Configuration Interface
- Change the Default Configuration Ports on the Orchestrator Client Side
- Uninstall a Plug-In
- Activate the Service Watchdog Utility
- Export the Orchestrator Configuration
- Import the Orchestrator Configuration
- Configure the Maximum Number of Events and Runs
- Import the Plug-In Licenses
- Orchestrator Log Files
- Configuration Use Cases and Troubleshooting
- Registering Orchestrator with vCenter Single Sign On in the vCenter Server Appliance
- Setting Up Orchestrator to Work with the vSphere Web Client
- Check Whether Orchestrator Is Successfully Registered as an Extension
- Unregister Orchestrator from vCenter Single Sign On
- Enable Orchestrator for Remote Workflow Execution
- Changing SSL Certificates
- Back Up the Orchestrator Configuration and Elements
- Unwanted Server Restarts
- Orchestrator Server Fails to Start
- Revert to the Default Password for Orchestrator Configuration
- Setting System Properties
- Disable Access to the Orchestrator Client By Nonadministrators
- Disable Access to Workflows from Web Service Clients
- Setting Server File System Access for Workflows and JavaScript
- Set JavaScript Access to Operating System Commands
- Set JavaScript Access to Java Classes
- Set Custom Timeout Property
- Modify the Number of Objects a Plug-In Search Obtains
- Modify the Number of Concurrent and Delayed Workflows
- Where to Go From Here
- Index
2 (Optional) Submit the certreq.csr file to a certificate authority, such as VeriSign or Thawte.
Procedures might vary from one CA to another, but they all require a valid proof of your identity.
The CA returns a certificate that you must import.
3 (Optional) Import the SSL certificate in your local keystore.
a Download a root certificate from the CA that signed your certificate.
b Import the root certificate in your keystore by running following command in the Java utility.
keytool -import -alias root -keystore <your_keystore_filename> \
-trustcacerts -file <filename_of_the_root_certificate>
c Import the SSL certificate signed by the CA (the SSL certificate must be in X509 format).
keytool -import -alias mySslCertificate -keystore <your_keystore_filename> \
-trustcacerts -file <your_certificate_filename>
The SSL certificate is installed. You can change the Web views SSL certificate, the SSL certificate for the
Orchestrator configuration interface, or the SSL certificate for the Orchestrator client.
Change the Web Views SSL Certificate
Orchestrator provides an SSL certificate that controls user access to Web views. You can configure Orchestrator
to use a different SSL certificate to control access to Web views, for example if your company security policy
requires you to use their SSL certificates.
Prerequisites
Make sure that you have generated or installed an SSL certificate signed by a CA.
Procedure
1 Open the following Orchestrator application server configuration file in a text editor.
Option Action
If you installed the standalone
version of Orchestrator
Go to
install_directory
\VMware\Orchestrator\app-
server\server\vmo\deploy\jboss-deploy-tomcat\jbossweb-
tomcat55.sar\server.xml.
If the vCenter Server installed
Orchestrator
Go to
install_directory
\VMware\Infrastructure\Orchestrator\app-
server\server\vmo\deploy\jboss-deploy-tomcat\jbossweb-
tomcat55.sar\server.xml.
2 Find the following entry in the server.xml file.
<!-- Define a SSL HTTP/1.1 Connector on port ${ch.dunes.https-server.port} -->
<Connector address="${jboss.bind.address}" protocol="HTTP/1.1" SSLEnabled="true"
clientAuth="false" emptySessionPath="true"
keystoreFile="${java.home}/lib/security/jssecacerts"
keystorePass="dunesdunes"
3 Change the keystoreFile and keystorePass attributes to refer to the <your_keystore_filename> file and
the password you created when you ran the keytool utility.
keystoreFile="/PathToKeystore/<your_keystore_filename>"
keystorePass="NewKeystorePassword"
The keystoreFile attribute should contain slashes as directory separators.
4 Save the server.xml file and restart the Orchestrator server.
Installing and Configuring VMware vCenter Orchestrator
76 VMware, Inc.