5.5
Table Of Contents
- Installing and Configuring VMware vCenter Orchestrator
- Contents
- Installing and Configuring VMware vCenter Orchestrator
- Introduction to VMware vCenter Orchestrator
- Orchestrator System Requirements
- Hardware Requirements for Orchestrator
- Hardware Requirements for the Orchestrator Appliance
- Operating Systems Supported by Orchestrator
- Supported Directory Services
- Browsers Supported by Orchestrator
- Orchestrator Database Requirements
- Software Included in the Orchestrator Appliance
- Level of Internationalization Support
- Setting Up Orchestrator Components
- Installing and Upgrading Orchestrator
- Download the vCenter Server Installer
- Install Orchestrator Standalone
- Install the Orchestrator Client on a 32-Bit Machine
- Install the Client Integration Plug-In in the vSphere Web Client
- Download and Deploy the Orchestrator Appliance
- Upgrade Orchestrator 4.2.x and 5.1.x Standalone
- Upgrading Orchestrator 4.0.x Running on a 64-Bit Machine
- Upgrading Orchestrator 4.0.x and Migrating the Configuration Data
- Upgrading the Orchestrator Appliance
- Uninstall Orchestrator
- Configuring the Orchestrator Server
- Start the Orchestrator Configuration Service
- Log In to the Orchestrator Configuration Interface
- Configure the Network Connection
- Orchestrator Network Ports
- Import the vCenter Server SSL Certificate
- Selecting the Authentication Type
- Configuring the Orchestrator Database Connection
- Server Certificate
- Configure the Default Plug-Ins
- Importing the vCenter Server License
- Selecting the Orchestrator Server Mode
- Start the Orchestrator Server
- Configuring vCenter Orchestrator in the Orchestrator Appliance
- Configuring Orchestrator by Using the Configuration Plug-In and the REST API
- Configure Network Settings by Using the REST API
- Configuring Authentication Settings by Using the REST API
- Configure the Database Connection by Using the REST API
- Create a Self-Signed Server Certificate by Using the REST API
- Managing SSL Certificates Through the REST API
- Importing Licenses by Using the REST API
- Additional Configuration Options
- Change the Password of the Orchestrator Configuration Interface
- Change the Default Configuration Ports on the Orchestrator Client Side
- Uninstall a Plug-In
- Activate the Service Watchdog Utility
- Export the Orchestrator Configuration
- Import the Orchestrator Configuration
- Configure the Maximum Number of Events and Runs
- Import Licenses for a Plug-In
- Orchestrator Log Files
- Configuration Use Cases and Troubleshooting
- Configuring a Cluster of Orchestrator Server Instances
- Registering Orchestrator with vCenter Single Sign-On in the vCenter Server Appliance
- Setting Up Orchestrator to Work with the vSphere Web Client
- Check Whether Orchestrator Is Successfully Registered as an Extension
- Unregister Orchestrator from vCenter Single Sign-On
- Enable Orchestrator for Remote Workflow Execution
- Changing SSL Certificates
- Back Up the Orchestrator Configuration and Elements
- Unwanted Server Restarts
- Orchestrator Server Fails to Start
- Revert to the Default Password for Orchestrator Configuration
- Setting System Properties
- Disable Access to the Orchestrator Client By Nonadministrators
- Disable Access to Workflows from Web Service Clients
- Setting Server File System Access for Workflows and JavaScript
- Set JavaScript Access to Operating System Commands
- Set JavaScript Access to Java Classes
- Set Custom Timeout Property
- Modify the Number of Objects a Plug-In Search Obtains
- Modify the Number of Concurrent and Delayed Workflows
- Where to Go From Here
- Index
Solution
1 Verify that the remote and the primary Orchestrator servers are up and running.
2 Log in to the Orchestrator configuration interface of the primary Orchestrator server.
3 Click Network.
4 From the IP address drop-down menu select the IP address, which corresponds to the correct subnet
(do not use multi adapter addresses such as 0.0.0.0).
5 Click Apply Changes.
6 In the right pane, click the SSL Trust Manager tab.
7 In the Import from URL text box, type the IP address and port number of the remote Orchestrator
server:
remote_orchestrator_server_IP:8250
8 Click Import.
9 Click the Startup options tab.
10 Click Restart service to restart the Orchestrator server.
If your company policy permits the distribution of SSL keys to multiple servers, you can replicate the SSL
keystore. To do that, copy the contents of the install_directory\app-server\conf\security\jssecacerts
folder from the primary Orchestrator server machine and paste it to the same location on the remote
Orchestrator server machine.
Changing SSL Certificates
By default, the Orchestrator server uses a self-signed SSL certificate to communicate remotely with the
Orchestrator client. Orchestrator also provides an SSL certificate that controls user access to Web views. You
can change the SSL certificates, for example if your company security policy requires you to use its SSL
certificates.
When you attempt to use Orchestrator over a trusted SSL Internet connection, and you open the
Orchestrator configuration interface in a Web browser, you receive warnings that the connection is
untrusted (in Mozilla Firefox) or that problems have been detected with the Web site’s security certificate (in
Internet Explorer).
After you click Continue to this website (not recommended), even if you have imported the SSL certificate
as a trusted store, you continue to see the Certificate Error red notification in the address bar of the Web
browser. You can work with Orchestrator in the Web browser, but a third-party system might not work
properly when attempting to access the API over HTTPS.
You can also receive a certificate warning when you start the Orchestrator client and attempt to connect to
the Orchestrator server over an SSL connection.
You can resolve the problem by installing a certificate signed by a commercial certificate authority (CA) or
by creating a certificate that matches your Orchestrator server name and then importing the certificate in
your local keystore. To stop receiving a certificate warning from the Orchestrator client, add your root CA
certificate to the Orchestrator keystore on the machine on which the Orchestrator client is installed.
Generate a New Certificate
If you plan to change an SSL certificate, you can generate a new certificate. You can generate the new
certificate on the same computer on which Orchestrator is installed or on another computer.
Prerequisites
n
Run the Java keytool utility. You can find the utility on the system on which Orchestrator is installed.
Installing and Configuring VMware vCenter Orchestrator
100 VMware, Inc.