5.5
Table Of Contents
- Installing and Configuring VMware vCenter Orchestrator
- Contents
- Installing and Configuring VMware vCenter Orchestrator
- Introduction to VMware vCenter Orchestrator
- Orchestrator System Requirements
- Hardware Requirements for Orchestrator
- Hardware Requirements for the Orchestrator Appliance
- Operating Systems Supported by Orchestrator
- Supported Directory Services
- Browsers Supported by Orchestrator
- Orchestrator Database Requirements
- Software Included in the Orchestrator Appliance
- Level of Internationalization Support
- Setting Up Orchestrator Components
- Installing and Upgrading Orchestrator
- Download the vCenter Server Installer
- Install Orchestrator Standalone
- Install the Orchestrator Client on a 32-Bit Machine
- Install the Client Integration Plug-In in the vSphere Web Client
- Download and Deploy the Orchestrator Appliance
- Upgrade Orchestrator 4.2.x and 5.1.x Standalone
- Upgrading Orchestrator 4.0.x Running on a 64-Bit Machine
- Upgrading Orchestrator 4.0.x and Migrating the Configuration Data
- Upgrading the Orchestrator Appliance
- Uninstall Orchestrator
- Configuring the Orchestrator Server
- Start the Orchestrator Configuration Service
- Log In to the Orchestrator Configuration Interface
- Configure the Network Connection
- Orchestrator Network Ports
- Import the vCenter Server SSL Certificate
- Selecting the Authentication Type
- Configuring the Orchestrator Database Connection
- Server Certificate
- Configure the Default Plug-Ins
- Importing the vCenter Server License
- Selecting the Orchestrator Server Mode
- Start the Orchestrator Server
- Configuring vCenter Orchestrator in the Orchestrator Appliance
- Configuring Orchestrator by Using the Configuration Plug-In and the REST API
- Configure Network Settings by Using the REST API
- Configuring Authentication Settings by Using the REST API
- Configure the Database Connection by Using the REST API
- Create a Self-Signed Server Certificate by Using the REST API
- Managing SSL Certificates Through the REST API
- Importing Licenses by Using the REST API
- Additional Configuration Options
- Change the Password of the Orchestrator Configuration Interface
- Change the Default Configuration Ports on the Orchestrator Client Side
- Uninstall a Plug-In
- Activate the Service Watchdog Utility
- Export the Orchestrator Configuration
- Import the Orchestrator Configuration
- Configure the Maximum Number of Events and Runs
- Import Licenses for a Plug-In
- Orchestrator Log Files
- Configuration Use Cases and Troubleshooting
- Configuring a Cluster of Orchestrator Server Instances
- Registering Orchestrator with vCenter Single Sign-On in the vCenter Server Appliance
- Setting Up Orchestrator to Work with the vSphere Web Client
- Check Whether Orchestrator Is Successfully Registered as an Extension
- Unregister Orchestrator from vCenter Single Sign-On
- Enable Orchestrator for Remote Workflow Execution
- Changing SSL Certificates
- Back Up the Orchestrator Configuration and Elements
- Unwanted Server Restarts
- Orchestrator Server Fails to Start
- Revert to the Default Password for Orchestrator Configuration
- Setting System Properties
- Disable Access to the Orchestrator Client By Nonadministrators
- Disable Access to Workflows from Web Service Clients
- Setting Server File System Access for Workflows and JavaScript
- Set JavaScript Access to Operating System Commands
- Set JavaScript Access to Java Classes
- Set Custom Timeout Property
- Modify the Number of Objects a Plug-In Search Obtains
- Modify the Number of Concurrent and Delayed Workflows
- Where to Go From Here
- Index
6 (Optional) In the Secondary LDAP host text box, type the IP address or the DNS name of the host on
which your secondary LDAP service runs.
If the primary LDAP host becomes unavailable, Orchestrator verifies user credentials on the secondary
host.
7 In the Port text box, type the value for the lookup port of your LDAP server.
NOTE Orchestrator supports the Active Directory hierarchical domains structure. If your domain
controller is configured to use Global Catalog, you must use port 3268. You cannot use the default port
389 to connect to the Global Catalog server.
8 In the Root text box, type the root element of your LDAP service.
If your domain name is company.org, your root LDAP is dc=company,dc=org.
This is the node used for browsing your service directory after typing the appropriate credentials. For
large service directories, specifying a node in the tree narrows the search and improves performance.
For example, rather than searching in the entire directory, you can specify
ou=employees,dc=company,dc=org. This displays all the users in the Employees group.
9 (Optional) Select Use SSL to activate encrypted certification for the connection between Orchestrator
and LDAP.
If your LDAP uses SSL, you must first import the SSL certificate and restart the Orchestrator
Configuration service. See “Import the LDAP Server SSL Certificate,” on page 44.
10 (Optional) Select Use Global Catalog to allow LDAP referrals when the LDAP client is Active
Directory.
The LDAP server lookup port number changes to 3268. Orchestrator follows the LDAP referrals to find
users and groups in a subdomain that is part of the Active Directory tree to which Orchestrator is
connected. You can add permissions on any groups that can be accessed from your Global Catalog.
Example: Values and Resulting LDAP Connection URL Addresses
Examples of the values that you enter in the required fields and the resulting LDAP connection URL.
n
LDAP host: DomainController
n
Port: 389
n
Root: ou=employees,dc=company,dc=org
Connection URL: ldap://DomainController:389/ou=employees,dc=company,dc=org
n
LDAP host using Global Catalog: 10.23.90.130
n
Port: 3268
n
Root: dc=company,dc=org
Connection URL: ldap://10.23.90.130:3268/dc=company,dc=org
What to do next
Assign credentials to Orchestrator to ensure its access to the LDAP server. See “Specify the Browsing
Credentials,” on page 47.
Installing and Configuring VMware vCenter Orchestrator
46 VMware, Inc.