5.5
Table Of Contents
- Installing and Configuring VMware vCenter Orchestrator
- Contents
- Installing and Configuring VMware vCenter Orchestrator
- Introduction to VMware vCenter Orchestrator
- Orchestrator System Requirements
- Hardware Requirements for Orchestrator
- Hardware Requirements for the Orchestrator Appliance
- Operating Systems Supported by Orchestrator
- Supported Directory Services
- Browsers Supported by Orchestrator
- Orchestrator Database Requirements
- Software Included in the Orchestrator Appliance
- Level of Internationalization Support
- Setting Up Orchestrator Components
- Installing and Upgrading Orchestrator
- Download the vCenter Server Installer
- Install Orchestrator Standalone
- Install the Orchestrator Client on a 32-Bit Machine
- Install the Client Integration Plug-In in the vSphere Web Client
- Download and Deploy the Orchestrator Appliance
- Upgrade Orchestrator 4.2.x and 5.1.x Standalone
- Upgrading Orchestrator 4.0.x Running on a 64-Bit Machine
- Upgrading Orchestrator 4.0.x and Migrating the Configuration Data
- Upgrading the Orchestrator Appliance
- Uninstall Orchestrator
- Configuring the Orchestrator Server
- Start the Orchestrator Configuration Service
- Log In to the Orchestrator Configuration Interface
- Configure the Network Connection
- Orchestrator Network Ports
- Import the vCenter Server SSL Certificate
- Selecting the Authentication Type
- Configuring the Orchestrator Database Connection
- Server Certificate
- Configure the Default Plug-Ins
- Importing the vCenter Server License
- Selecting the Orchestrator Server Mode
- Start the Orchestrator Server
- Configuring vCenter Orchestrator in the Orchestrator Appliance
- Configuring Orchestrator by Using the Configuration Plug-In and the REST API
- Configure Network Settings by Using the REST API
- Configuring Authentication Settings by Using the REST API
- Configure the Database Connection by Using the REST API
- Create a Self-Signed Server Certificate by Using the REST API
- Managing SSL Certificates Through the REST API
- Importing Licenses by Using the REST API
- Additional Configuration Options
- Change the Password of the Orchestrator Configuration Interface
- Change the Default Configuration Ports on the Orchestrator Client Side
- Uninstall a Plug-In
- Activate the Service Watchdog Utility
- Export the Orchestrator Configuration
- Import the Orchestrator Configuration
- Configure the Maximum Number of Events and Runs
- Import Licenses for a Plug-In
- Orchestrator Log Files
- Configuration Use Cases and Troubleshooting
- Configuring a Cluster of Orchestrator Server Instances
- Registering Orchestrator with vCenter Single Sign-On in the vCenter Server Appliance
- Setting Up Orchestrator to Work with the vSphere Web Client
- Check Whether Orchestrator Is Successfully Registered as an Extension
- Unregister Orchestrator from vCenter Single Sign-On
- Enable Orchestrator for Remote Workflow Execution
- Changing SSL Certificates
- Back Up the Orchestrator Configuration and Elements
- Unwanted Server Restarts
- Orchestrator Server Fails to Start
- Revert to the Default Password for Orchestrator Configuration
- Setting System Properties
- Disable Access to the Orchestrator Client By Nonadministrators
- Disable Access to Workflows from Web Service Clients
- Setting Server File System Access for Workflows and JavaScript
- Set JavaScript Access to Operating System Commands
- Set JavaScript Access to Java Classes
- Set Custom Timeout Property
- Modify the Number of Objects a Plug-In Search Obtains
- Modify the Number of Concurrent and Delayed Workflows
- Where to Go From Here
- Index
7 Browse and select Trusted Root Certification Authorities.
8 Complete the wizard and restart Internet Explorer.
9 Navigate to the Orchestrator server over your SSL connection.
You no longer receive warnings and you do not receive a Certificate Error on the right within the address
bar.
Other applications and systems (such as VMware Service Manager) must have access to the Orchestrator
SOAP and REST APIs over SSL connection.
Change the Certificate of the Orchestrator Appliance Management Site
The Orchestrator Appliance uses light-httpd to run its own management site. You can change the SSL
certificate of the Orchestrator Appliance management site, for example if your company security policy
requires you to use its SSL certificates.
Prerequisites
By default the Orchestrator Appliance SSL certificate and private key are stored in a PEM file, which is
located at: /opt/vmware/etc/lighttpd/server.pem. To install a new certificate, ensure that you export your
new SSL certificate and private key from the Java keystore to a PEM file.
Procedure
1 Log in to the Orchestrator Appliance Linux console as root.
2 Locate the /opt/vmware/etc/lighttpd/lighttpd.conf file and open it in an editor.
3 Find the following line:
#### SSL engine
ssl.engine = "enable"
ssl.pemfile = "/opt/vmware/etc/lighttpd/server.pem"
4 Change the ssl.pemfile attribute to point to the PEM file containing your new SSL certificate and
private key.
5 Save the lighttpd.conf file.
6 Run the following command to restart the light-httpd server.
service vami-lighttp restart
You successfully changed the certificate of the Orchestrator Appliance management site.
Back Up the Orchestrator Configuration and Elements
You can take a snapshot of your system configuration at any moment and import this configuration into a
new Orchestrator instance to back up your Orchestrator configuration. You can also back up the
Orchestrator elements that you modified.
If you edit any standard workflows, actions, policies, Web views, or configuration elements, and then
import a package containing the same elements with a higher version number, your changes to the elements
are lost. To make modified and custom elements available after the upgrade, you must export them in a
package before you start the upgrade procedure.
Each Orchestrator server instance has unique certificates and each vCenter Server plug-in instance has a
unique ID. The certificates and the unique ID define the identity of the Orchestrator server and the
vCenter Server plug-in. If you do not export the Orchestrator configuration or back up the Orchestrator
elements for backup purposes, make sure that you change these identifiers.
Chapter 9 Configuration Use Cases and Troubleshooting
VMware, Inc. 103