5.5.2
Table Of Contents
- Installing and Configuring VMware vCenter Orchestrator
- Contents
- Installing and Configuring VMware vCenter Orchestrator
- Introduction to VMware vCenter Orchestrator
- Orchestrator System Requirements
- Hardware Requirements for Orchestrator
- Hardware Requirements for the Orchestrator Appliance
- Operating Systems Supported by Orchestrator
- Supported Directory Services
- Browsers Supported by Orchestrator
- Orchestrator Database Requirements
- Software Included in the Orchestrator Appliance
- Level of Internationalization Support
- Setting Up Orchestrator Components
- Installing and Upgrading Orchestrator
- Download the vCenter Server Installer
- Install Orchestrator Standalone
- Install the Client Integration Plug-In in the vSphere Web Client
- Download and Deploy the Orchestrator Appliance
- Upgrading Orchestrator 4.0.x Running on a 64-Bit Machine
- Upgrading Orchestrator 4.0.x and Migrating the Configuration Data
- Upgrade Orchestrator Standalone
- Updating Orchestrator Appliance 5.5.x
- Upgrading Orchestrator Appliance 5.1.x and Earlier to 5.5.x
- Upgrade an Orchestrator Cluster
- Uninstall Orchestrator
- Configuring the Orchestrator Server
- Start the Orchestrator Configuration Service
- Log In to the Orchestrator Configuration Interface
- Configure the Network Connection
- Orchestrator Network Ports
- Import the vCenter Server SSL Certificate
- Selecting the Authentication Type
- Configuring the Orchestrator Database Connection
- Server Certificate
- Configure the Orchestrator Plug-Ins
- Importing the vCenter Server License
- Selecting the Orchestrator Server Mode
- Start the Orchestrator Server
- Configuring vCenter Orchestrator in the Orchestrator Appliance
- Configuring Orchestrator by Using the Configuration Plug-In and the REST API
- Additional Configuration Options
- Change the Password of the Orchestrator Configuration Interface
- Change the Default Configuration Ports on the Orchestrator Client Side
- Uninstall a Plug-In
- Activate the Service Watchdog Utility
- Export the Orchestrator Configuration
- Import the Orchestrator Configuration
- Configure the Expiration Period of Events and the Maximum Number of Runs
- Import Licenses for a Plug-In
- Orchestrator Log Files
- Configuration Use Cases and Troubleshooting
- Configuring a Cluster of Orchestrator Server Instances
- Registering Orchestrator with vCenter Single Sign-On in the vCenter Server Appliance
- Setting Up Orchestrator to Work with the vSphere Web Client
- Check Whether Orchestrator Is Successfully Registered as an Extension
- Unregister Orchestrator from vCenter Single Sign-On
- Enable Orchestrator for Remote Workflow Execution
- Changing SSL Certificates
- Back Up the Orchestrator Configuration and Elements
- Unwanted Server Restarts
- Orchestrator Server Fails to Start
- Revert to the Default Password for Orchestrator Configuration
- Setting System Properties
- Disable Access to the Orchestrator Client By Nonadministrators
- Disable Access to Workflows from Web Service Clients
- Setting Server File System Access for Workflows and JavaScript
- Set JavaScript Access to Operating System Commands
- Set JavaScript Access to Java Classes
- Set Custom Timeout Property
- Modify the Number of Objects a Plug-In Search Obtains
- Modify the Number of Concurrent and Delayed Workflows
- Where to Go From Here
- Index
Configuring vCenter Single Sign-On Settings
VMware vCenter Single Sign-On is an authentication service that implements the brokered authentication
architectural pattern. You can configure Orchestrator to connect to a vCenter Single Sign-On server.
The vCenter Single Sign-On server provides an authentication interface called Security Token Service (STS).
Clients send authentication messages to the STS, which checks the user's credentials against one of the
identity sources. Upon successful authentication, STS generates a token.
In vCenter Server versions earlier than vCenter Server 5.1, when a user connects to vCenter Server,
vCenter Server authenticates the user by validating the user against an Active Directory domain or the list of
local operating system users. In vCenter Server 5.1 and later, users authenticate by using vCenter Single
Sign-On.
For versions earlier than vCenter Server 5.1, you must explicitly register each vCenter Server system with
the vSphere Web Client. For vCenter Server 5.1 and later, vCenter Server systems are automatically detected
and are displayed in the vSphere Web Client inventory.
The vCenter Single Sign-On administrative interface is part of the vSphere Web Client. To configure vCenter
Single Sign-On and manage vCenter Single Sign-On users and groups, you log in to the vSphere Web Client
as a user with vCenter Single Sign-On administrator privileges. This might not be the same user as the
vCenter Server administrator. You must provide the credentials on the vSphere Web Client login page, and
upon authentication, you can access the vCenter Single Sign-On administration tool to create users and
assign administrative permissions to other users.
Using the vSphere Web Client, you authenticate to vCenter Single Sign-On by providing your credentials on
the vSphere Web Client login page. You can then view all of the vCenter Server instances for which you
have permissions. After you connect to vCenter Server, no further authentication is required. The actions
that you can perform on objects depend on the user's vCenter Server permissions on those objects.
For more information about vCenter Single Sign-On, see vSphere Security.
After you configure Orchestrator to authenticate through vCenter Single Sign-On, make sure that you
configure it to work with the vCenter Server instances registered with the vSphere Web Client using the
same vCenter Single Sign-On instance.
When you log in to the vSphere Web Client, the Orchestrator Web plug-in communicates with the
Orchestrator server on behalf of the user profile you used to log in.
Import the vCenter Single Sign-On SSL Certificate
To register Orchestrator as a vCenter Single Sign-On solution and configure it to work with vCenter Single
Sign-On, first import the vCenter Single Sign-On SSL certificate.
You can import the vCenter Single Sign-On SSL certificate from the SSL Trust Manager tab in the
Orchestrator configuration interface.
Prerequisites
Install and configure vCenter Single Sign-On.
Procedure
1 Log in to the Orchestrator configuration interface as vmware.
2 Click Network.
3 In the right pane, click the SSL Trust Manager tab.
Chapter 5 Configuring the Orchestrator Server
VMware, Inc. 41