5.5.2
Table Of Contents
- Installing and Configuring VMware vCenter Orchestrator
- Contents
- Installing and Configuring VMware vCenter Orchestrator
- Introduction to VMware vCenter Orchestrator
- Orchestrator System Requirements
- Hardware Requirements for Orchestrator
- Hardware Requirements for the Orchestrator Appliance
- Operating Systems Supported by Orchestrator
- Supported Directory Services
- Browsers Supported by Orchestrator
- Orchestrator Database Requirements
- Software Included in the Orchestrator Appliance
- Level of Internationalization Support
- Setting Up Orchestrator Components
- Installing and Upgrading Orchestrator
- Download the vCenter Server Installer
- Install Orchestrator Standalone
- Install the Client Integration Plug-In in the vSphere Web Client
- Download and Deploy the Orchestrator Appliance
- Upgrading Orchestrator 4.0.x Running on a 64-Bit Machine
- Upgrading Orchestrator 4.0.x and Migrating the Configuration Data
- Upgrade Orchestrator Standalone
- Updating Orchestrator Appliance 5.5.x
- Upgrading Orchestrator Appliance 5.1.x and Earlier to 5.5.x
- Upgrade an Orchestrator Cluster
- Uninstall Orchestrator
- Configuring the Orchestrator Server
- Start the Orchestrator Configuration Service
- Log In to the Orchestrator Configuration Interface
- Configure the Network Connection
- Orchestrator Network Ports
- Import the vCenter Server SSL Certificate
- Selecting the Authentication Type
- Configuring the Orchestrator Database Connection
- Server Certificate
- Configure the Orchestrator Plug-Ins
- Importing the vCenter Server License
- Selecting the Orchestrator Server Mode
- Start the Orchestrator Server
- Configuring vCenter Orchestrator in the Orchestrator Appliance
- Configuring Orchestrator by Using the Configuration Plug-In and the REST API
- Additional Configuration Options
- Change the Password of the Orchestrator Configuration Interface
- Change the Default Configuration Ports on the Orchestrator Client Side
- Uninstall a Plug-In
- Activate the Service Watchdog Utility
- Export the Orchestrator Configuration
- Import the Orchestrator Configuration
- Configure the Expiration Period of Events and the Maximum Number of Runs
- Import Licenses for a Plug-In
- Orchestrator Log Files
- Configuration Use Cases and Troubleshooting
- Configuring a Cluster of Orchestrator Server Instances
- Registering Orchestrator with vCenter Single Sign-On in the vCenter Server Appliance
- Setting Up Orchestrator to Work with the vSphere Web Client
- Check Whether Orchestrator Is Successfully Registered as an Extension
- Unregister Orchestrator from vCenter Single Sign-On
- Enable Orchestrator for Remote Workflow Execution
- Changing SSL Certificates
- Back Up the Orchestrator Configuration and Elements
- Unwanted Server Restarts
- Orchestrator Server Fails to Start
- Revert to the Default Password for Orchestrator Configuration
- Setting System Properties
- Disable Access to the Orchestrator Client By Nonadministrators
- Disable Access to Workflows from Web Service Clients
- Setting Server File System Access for Workflows and JavaScript
- Set JavaScript Access to Operating System Commands
- Set JavaScript Access to Java Classes
- Set Custom Timeout Property
- Modify the Number of Objects a Plug-In Search Obtains
- Modify the Number of Concurrent and Delayed Workflows
- Where to Go From Here
- Index
Configuring LDAP Settings
You can configure Orchestrator to connect to a working LDAP server on your infrastructure to manage user
permissions.
If you are using secure LDAP over SSL, Windows Server 2008 or 2012, and AD, verify that the LDAP Server
Signing Requirements group policy is disabled on the LDAP server.
If you configure Orchestrator to work with LDAP, you cannot use the Orchestrator Web Client for
managing vSphere inventory objects.
IMPORTANT Multiple domains that are not in the same tree, but have a two-way trust, are not supported and
do not work with Orchestrator. The only configuration supported for multi-domain Active Directory is
domain tree. Forest and external trusts are not supported.
1 Import the LDAP Server SSL Certificate on page 44
If your LDAP server uses SSL, you can import the SSL certificate file to the Orchestrator configuration
interface and activate secure connection between Orchestrator and LDAP.
2 Generate the LDAP Connection URL on page 45
The LDAP service provider uses a URL to configure the connection to the directory server. To generate
the LDAP connection URL, you must specify the LDAP host, port, and root.
3 Specify the Browsing Credentials on page 47
Orchestrator must read your LDAP structure to inherit its properties. You can specify the credentials
that Orchestrator uses to connect to an LDAP server.
4 Define the LDAP User and Group Lookup Paths on page 47
You can define the users and groups lookup information.
5 Define the LDAP Search Options on page 48
You can customize the LDAP search queries and make searching in LDAP more effective.
6 Common Active Directory LDAP Errors on page 49
When you encounter the LDAP:error code 49 error message and experience problems connecting to
your LDAP authentication server, you can check which LDAP function is causing the problem.
Import the LDAP Server SSL Certificate
If your LDAP server uses SSL, you can import the SSL certificate file to the Orchestrator configuration
interface and activate secure connection between Orchestrator and LDAP.
You can import the LDAP SSL certificate from the SSL Trust Manager tab in the Orchestrator configuration
interface.
Prerequisites
n
If you are using LDAP servers, Windows 2008 or 2012, and AD, verify that the LDAP Server Signing
Requirements group policy is disabled on the LDAP server.
n
Obtain a self-signed server certificate or a certificate that is signed by a Certificate Authority.
n
Configure your LDAP server for SSL access. See the documentation of your LDAP server for
instructions.
n
Explicitly specify the trusted certificate to perform the SSL authorization correctly.
Procedure
1 Log in to the Orchestrator configuration interface as vmware.
Installing and Configuring VMware vCenter Orchestrator
44 VMware, Inc.