5.5
Table Of Contents
- Installing and Configuring VMware vCenter Orchestrator
- Contents
- Installing and Configuring VMware vCenter Orchestrator
- Introduction to VMware vCenter Orchestrator
- Orchestrator System Requirements
- Hardware Requirements for Orchestrator
- Hardware Requirements for the Orchestrator Appliance
- Operating Systems Supported by Orchestrator
- Supported Directory Services
- Browsers Supported by Orchestrator
- Orchestrator Database Requirements
- Software Included in the Orchestrator Appliance
- Level of Internationalization Support
- Setting Up Orchestrator Components
- Installing and Upgrading Orchestrator
- Download the vCenter Server Installer
- Install Orchestrator Standalone
- Install the Orchestrator Client on a 32-Bit Machine
- Install the Client Integration Plug-In in the vSphere Web Client
- Download and Deploy the Orchestrator Appliance
- Upgrade Orchestrator 4.2.x and 5.1.x Standalone
- Upgrading Orchestrator 4.0.x Running on a 64-Bit Machine
- Upgrading Orchestrator 4.0.x and Migrating the Configuration Data
- Upgrading the Orchestrator Appliance
- Uninstall Orchestrator
- Configuring the Orchestrator Server
- Start the Orchestrator Configuration Service
- Log In to the Orchestrator Configuration Interface
- Configure the Network Connection
- Orchestrator Network Ports
- Import the vCenter Server SSL Certificate
- Selecting the Authentication Type
- Configuring the Orchestrator Database Connection
- Server Certificate
- Configure the Default Plug-Ins
- Importing the vCenter Server License
- Selecting the Orchestrator Server Mode
- Start the Orchestrator Server
- Configuring vCenter Orchestrator in the Orchestrator Appliance
- Configuring Orchestrator by Using the Configuration Plug-In and the REST API
- Configure Network Settings by Using the REST API
- Configuring Authentication Settings by Using the REST API
- Configure the Database Connection by Using the REST API
- Create a Self-Signed Server Certificate by Using the REST API
- Managing SSL Certificates Through the REST API
- Importing Licenses by Using the REST API
- Additional Configuration Options
- Change the Password of the Orchestrator Configuration Interface
- Change the Default Configuration Ports on the Orchestrator Client Side
- Uninstall a Plug-In
- Activate the Service Watchdog Utility
- Export the Orchestrator Configuration
- Import the Orchestrator Configuration
- Configure the Maximum Number of Events and Runs
- Import Licenses for a Plug-In
- Orchestrator Log Files
- Configuration Use Cases and Troubleshooting
- Configuring a Cluster of Orchestrator Server Instances
- Registering Orchestrator with vCenter Single Sign-On in the vCenter Server Appliance
- Setting Up Orchestrator to Work with the vSphere Web Client
- Check Whether Orchestrator Is Successfully Registered as an Extension
- Unregister Orchestrator from vCenter Single Sign-On
- Enable Orchestrator for Remote Workflow Execution
- Changing SSL Certificates
- Back Up the Orchestrator Configuration and Elements
- Unwanted Server Restarts
- Orchestrator Server Fails to Start
- Revert to the Default Password for Orchestrator Configuration
- Setting System Properties
- Disable Access to the Orchestrator Client By Nonadministrators
- Disable Access to Workflows from Web Service Clients
- Setting Server File System Access for Workflows and JavaScript
- Set JavaScript Access to Operating System Commands
- Set JavaScript Access to Java Classes
- Set Custom Timeout Property
- Modify the Number of Objects a Plug-In Search Obtains
- Modify the Number of Concurrent and Delayed Workflows
- Where to Go From Here
- Index
11 Click Apply.
12 Build or update the database as necessary and click Apply changes.
You successfully configured Orchestrator to work with SQL Server Express by using Windows
authentication mode.
Server Certificate
The Package Signing Certificate is a form of digital identification that is used to guarantee encrypted
communication and a signature for your Orchestrator packages.
Issued for a particular server and containing information about the server’s public key, the certificate allows
you to sign all elements created in Orchestrator and guarantee authenticity. When the client receives an
element from your server, typically a package, the client verifies your identity and decides whether to trust
your signature.
IMPORTANT You cannot change the server certificate by using the Orchestrator configuration interface if
Orchestrator uses an embedded database. To change the server certificates without changing the database
settings, you must run the configuration workflows by using either the Orchestrator client or the REST API.
For more information about running the configuration workflows by using the Orchestrator client, see Using
the VMware vCenter Orchestrator Plug-Ins. For detailed instructions about running the configuration
workflows by using the REST API, see Chapter 7, “Configuring Orchestrator by Using the Configuration
Plug-In and the REST API,” on page 71.
n
Create a Self-Signed Server Certificate on page 55
Installing Orchestrator or deploying the Orchestrator requires that you create a certificate. You can
create a self-signed certificate to guarantee encrypted communication and a signature for your
packages. However, the recipient cannot be sure that the self-signed package that you are sending is in
fact a package issued by your server and not a third party claiming to be you.
n
Obtain a Server Certificate Signed by a Certificate Authority on page 55
To provide recipients with an acceptable level of trust that the package was created by your server,
certificates are typically signed by a certificate authority (CA). Certificate authorities guarantee that
you are who you claim to be, and as a token of their verification, they sign your certificate with their
own.
n
Import a Server Certificate on page 56
You can import a server certificate and use it with Orchestrator.
n
Export a Server Certificate on page 56
The server certificate private key is stored in the vmo_keystore table of the Orchestrator database. In
case you lose or delete this key, or if you bind the Orchestrator server to a different database, the
contents of the exported packages signed with this certificate become unavailable. To ensure that
packages are decrypted on import, you must save this key to a local file.
n
Changing a Self-Signed Server Certificate on page 56
If you want to sign your packages with a server certificate different from the one you used for the
initial Orchestrator configuration, you must export all your packages and change the Orchestrator
database.
Installing and Configuring VMware vCenter Orchestrator
54 VMware, Inc.