VMware vCenter Orchestrator - 5.1 User Manual

Using the VMware vCenter Orchestrator
Client
vCenter Orchestrator 5.1
This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new edition. To check for more recent editions of this document, see http://www.vmware.com/support/pubs.
EN-000808-00
You can find the most up-to-date technical documentation on the VMware Web site at:
http://www.vmware.com/support/
The VMware Web site also provides the latest product updates.
If you have comments about this documentation, submit your feedback to:
docfeedback@vmware.com
Copyright © 2008 – 2012 VMware, Inc. All rights reserved. This product is protected by U.S. and international copyright and intellectual property laws. VMware products are covered by one or more patents listed at
http://www.vmware.com/go/patents.
VMware is a registered trademark or trademark of VMware, Inc. in the United States and/or other jurisdictions. All other marks and names mentioned herein may be trademarks of their respective companies.
VMware, Inc.
3401 Hillview Ave. Palo Alto, CA 94304 www.vmware.com
2 VMware, Inc.

Contents

Using the VMware vCenter Orchestrator Client 5
The Orchestrator Client 7
1
Log in to the Orchestrator Client 7
Orchestrator Client Perspectives 8
Orchestrator Views in the Run Perspective 8
Orchestrator Views in the Design Perspective 9
Orchestrator Views in the Administer Perspective 9
User Preferences 10
Access the Orchestrator API Explorer 11
Managing Workflows 13
2
Key Concepts of Workflows 14
Workflow User Permissions 14
Workflow Parameters 14
Workflow Attributes 15
Workflow Schema 15
Workflow Presentation 15
Workflow Tokens 15
Workflow Version History 15
Standard Workflows in the Workflow Library 16
Set User Permissions on a Workflow 16
Run a Workflow 17
Respond to a Request for a User Interaction 18
Scheduling Workflows 19
Schedule a Workflow 19
Edit the Workflow Recurrence Pattern 20
Use Workflow Version History 20
Restore Deleted Workflows 21
Export a Workflow 21
Import a Workflow 21
VMware, Inc.
Managing Policies 23
3
Create a Policy 23
Apply a Policy 24
Using Packages 25
4
Create a Package 25
Set User Permissions on a Package 26
Export a Package 27
Import a Package 28
3
Get a Remote Package 28
Synchronize a Remote Package 29
Remove a Package 30
Using Authorizations 31
5
Create an Authorization Element 31
Configure an Authorization Element 31
Index 33
4 VMware, Inc.

Using the VMware vCenter Orchestrator Client

Using the VMware vCenter Orchestrator Client provides information and instructions about performing tasks in the VMware® vCenter Orchestrator client.
Intended Audience
This information is intended for advanced vSphere administrators and experienced system administrators who are familiar with virtual machine technology and datacenter operations.
VMware, Inc. 5
6 VMware, Inc.

The Orchestrator Client 1

The Orchestrator client is an easy-to-use desktop application. By using the Orchestrator client you can import packages, run and schedule workflows, and manage user permissions.
In addition, by using the Orchestrator client you can also develop workflows and actions as well as create packages and resource elements. For more information, see Developing with VMware vCenter Orchestrator.
This chapter includes the following topics:
n
“Log in to the Orchestrator Client,” on page 7
n
“Orchestrator Client Perspectives,” on page 8
n
“User Preferences,” on page 10
n
“Access the Orchestrator API Explorer,” on page 11

Log in to the Orchestrator Client

To perform general administration tasks or to edit and create workflows, you must log in to the Orchestrator client interface.
The Orchestrator client interface is designed for developers with administrative rights who want to develop workflows, actions, and other custom elements.
VMware, Inc.
IMPORTANT Ensure that the clocks of the Orchestrator server machine and the Orchestrator client machine are synchronized.
Prerequisites
All components of the Orchestrator server must be configured and the Orchestrator server service must be running.
Procedure
1 Log in as an administrator to the machine on which the Orchestrator client is installed.
2 Click Start > Programs > VMware > vCenter Orchestrator Client.
3 In the Host name field, type the IP address to which Orchestrator server is bound.
To check the IP address, log in to the Orchestrator configuration interface and check the IP settings on the Network tab.
4 Log in by using the Orchestrator user name and password.
To check the credentials, log in to the Orchestrator configuration interface and check the credentials on the Authentication tab.
7
5 In the Security Warning window select an option to handle the certificate warning.
The Orchestrator client communicates with the Orchestrator server by using an SSL certificate. A trusted CA does not sign the certificate during installation. Because of this, you receive a certificate warning each time you connect to the Orchestrator server.
Option Description
Ignore
Cancel
Install this certificate and do not display any security warnings for it anymore.
You can change the default SSL certificate with a certificate signed by CA. For more information about changing SSL certificates, see Installing and Configuring VMware vCenter Orchestrator.
The My Orchestrator view appears. This view summarizes the recent activities on the server, shows pending and running workflows, running policies, scheduled tasks, completed workflows, and elements you recently edited.
Click Ignore to continue using the current SSL certificate.
The warning message appears again when you reconnect to the same Orchestrator server, or when you try to synchronize a workflow with a remote Orchestrator server.
Click Cancel to close the window and stop the login process.
Select this check box and click Ignore to install the certificate and stop receiving security warnings.
What to do next
You can import a package, start a workflow, or set root access rights on the system.

Orchestrator Client Perspectives

You can access different views in the Orchestrator client by selecting one of three perspectives. Each perspective offers specific functionality.
You can select a perspective by using the drop-down list on the main menu in the Orchestrator client. The default view is Run.
Perspective Description
Run You can schedule tasks, manage policies, run workflows, access the inventory, and manage permissions from
the My Orchestrator view. This perspective also gives you an overview of recent activities.
Design You can create and modify workflows and actions. You can also manage resources, configuration elements,
and policy templates.
Administer You can access the inventory and manage authorizations, Web views, and packages.

Orchestrator Views in the Run Perspective

From the Run perspective in the Orchestrator client, you can schedule tasks, manage policies, run workflows, access the inventory, and manage permissions.
View Description
My Orchestrator Summarizes the most recent activities on the Orchestrator server, such as recently modified elements,
pending and running workflows, running policies, completed workflows, and workflows that are waiting for user interaction.
You can use the My Orchestrator view to perform common administrative tasks, such as running a workflow, importing a package, and setting root access rights.
Scheduler Displays a list of all scheduled workflows in the system. The workflows are sorted by name or date,
together with their status.
You can use the Scheduler view to create, edit, suspend, resume, and cancel scheduled workflows.
8 VMware, Inc.
Chapter 1 The Orchestrator Client
View Description
Policies Displays existing policies.
You can use the Policies view to create and apply policies.
Workflows Provides access to the Orchestrator workflow library.
You can use the Workflows view to view information about each workflow, create, edit, and run workflows, as well as to interact with the workflows.
Inventory Displays the objects of the plug-ins that are enabled in Orchestrator.
You can use the Inventory view to run workflows on an inventory object.

Orchestrator Views in the Design Perspective

From the Design perspective in the Orchestrator client, you can create and modify workflows and actions. You can also manage resources, configuration elements, and policy templates.
View Description
Workflows Provides access to the Orchestrator workflow library.
You can use the Workflows view to view information about each workflow, create, edit, and run workflows, as well as to interact with the workflows.
Actions Provides access to the libraries of predefined actions.
You can use the Actions view to duplicate actions, export them to a file, or move them to a different module in the actions hierarchical list.
Resources Provides access to the list of resource elements.
You can use the Resources view to import external objects such as images, sysprep files, HTML templates, XML templates, and custom scripts, and use them as resource elements in workflows and Web views.
Configurations Provides access to the available configuration elements.
You can use the Actions view to create configuration elements to define common attributes across an Orchestrator server.
Packages Displays a list of the available packages and where a selected package is used.
You can use the Packages view to add, import, export, and synchronize packages.
Inventory Displays the objects of the plug-ins that are enabled in Orchestrator.
You can use the Inventory view to run workflows on an inventory object.

Orchestrator Views in the Administer Perspective

From the Administer perspective in the Orchestrator client, you can access the inventory and manage authorizations, Web views, and packages.
View Description
Inventory Displays the objects of the plug-ins that are enabled in Orchestrator.
You can use the Inventory view to run workflows on an inventory object.
Policy Templates Displays a list of the available master policies.
You can use the Policy Templates view to create policy templates.
Authorizations Displays a list of the available authorization elements.
You can use the Authorizations view to create and edit authorization elements.
Web views Displays a list of the available Web views.
You can use the Web views view to create, publish, and export Web views to a working folder. You can either modify exported Web views or use them as templates from which to create other Web views. You can also use Web views to access Orchestrator functions from a Web browser.
Packages Displays a list of the available packages and where a selected package is used.
You can use the Packages view to add, import, export, and synchronize packages.
VMware, Inc. 9

User Preferences

You can customize the options displayed to users of the Orchestrator client by using the User preferences tool.
Your preferences are saved on the client side in the vmware-vmo.cfg file.
To set preferences, select Tools > User preferences in the Orchestrator client toolbar.
From the User preferences tool you can change the following preferences.
General Preferences
Table 1-1. Orchestrator Client Customization Options
Option Description
Auto-edit new inserted The new elements that you add open in an editor.
Script compilation delay [ms] The frequency of the background task that compiles the scripts and reports
Show decision scripts The option enables you to see the decision script of the implemented
Delete non empty folder permitted The option enables you to delete a folder together with its subfolders and
Size of run logs (number of lines) The maximum number of lines in the system log that Orchestrator displays
Server log fetch limit The maximum number of lines in the server logs that Orchestrator fetches
Finder maximum size The maximum number of results that the searches return when you search
Check usage when deleting an element (slow) Orchestrator checks whether the element you are trying to delete is
Check OGNL expression Orchestrator validates the OGNL expressions in the workflow
errors in edit mode in milliseconds.
decision functions.
contents.
when you select a workflow run in the Orchestrator client and click
Logs on the Schema tab. The value must be greater than 0.
from the database and displays when you click any of the Events tabs in the Orchestrator client.
The value must be greater than 0.
for elements such as actions or workflows. The value must be greater than 0.
referenced by other elements. If the element is used by another workflow, policy, or action, a warning message appears.
presentations.
NOTE The use of OGNL expressions in workflow presentations is deprecated as of Orchestrator 4.1. Using OGNL expressions in workflow presentations is not supported in Orchestrator 4.1 and later.
Workflows Preferences
Table 1-2. Workflow Editor Customization Options
Option Description
Check task/decision IN/OUT parameters Orchestrator checks whether the input and output parameters of an
activity are correctly bound to the corresponding input or output attribute of the workflow.
Check error in task's scripts Orchestrator validates the script in scriptable task elements.
Check workflow termination Orchestrator checks whether each terminal transition of a workflow with
different possible outcomes is connected to an End Workflow schema element.
10 VMware, Inc.
Chapter 1 The Orchestrator Client
Table 1-2. Workflow Editor Customization Options (Continued)
Option Description
Check unreachable items Orchestrator checks whether all activities are reachable.
Check unused workflow's parameters/attributes
Check for unknown types within plug-ins Orchestrator checks whether all parameters and attributes of a workflow
Check for legacy actions scripting calls Orchestrator detects legacy actions calls and displays a warning message.
Use direct lines as workflow diagram links The connector tool uses direct lines to link the workflow schema elements.
Display workflows in a tree view The workflow selector displays a hierarchical tree viewer instead of the
Edit workflow items in a pop-up window Orchestrator opens a pop-up window in which you can edit the workflow
Display grid in the schema editor Orchestrator displays a grid in the schema editor.
Validate a workflow before running it Orchestrator validates each workflow before running it.
Validate a workflow before saving it Orchestrator validates each workflow before saving it.
Increase the workflow version when clicking save and close
Pop up a workflow user interaction form Orchestrator pops up a workflow user interaction form.
Orchestrator checks whether all parameters and attributes of a workflow are used.
are of a known type.
default list panel.
items.
Orchestrator increases the workflow version when clicking save and close.
Inventory Preferences
You can select the Use contextual menu in inventory option to display the workflows that are available for an inventory object. After the option is enabled, when you right-click an object in the Orchestrator inventory, all workflows applicable to the selected object type are displayed.
Script Editor Preferences
You can customize the scripting engine. For example, you can disable automatic completion of lines, highlight selected lines and brackets, and change the options for default color code formatting.

Access the Orchestrator API Explorer

Orchestrator provides an API Explorer that you can use to search the Orchestrator API and see the documentation for JavaScript objects that you can use in scripted elements.
You can consult an online version of the Scripting API for the vCenter Server plug-in on the Orchestrator documentation home page.
Procedure
1 Log in to the Orchestrator client and select Design or Run from the drop-down menu in the left upper
corner.
2 Select Tools > API Explorer.
The API Explorer appears. You can use it to search all the objects and functions of the Orchestrator API.
What to do next
Use the API Explorer to write scripts for scriptable elements.
VMware, Inc. 11
12 VMware, Inc.

Managing Workflows 2

A workflow is a series of actions and decisions that you run sequentially. Orchestrator provides a library of workflows that perform common management tasks according to best practices. Orchestrator also provides libraries of the individual actions that the workflows perform.
Workflows combine actions, decisions, and results that, when performed in a particular order, complete a specific task or a specific process in a virtual environment. Workflows perform tasks such as provisioning virtual machines, backing up, performing regular maintenance, sending emails, performing SSH operations, managing the physical infrastructure, and other general utility operations. Workflows accept inputs according to their function. You can create workflows that run according to defined schedules, or that run if certain anticipated events occur. Information can be provided by you, by other users, by another workflow or action, or by an external process such as a Web service call from an application. Workflows perform some validation and filtering of information before they run.
Workflows can call upon other workflows. For example, you can reuse in several different workflows a workflow that starts a virtual machine.
You create workflows by using the Orchestrator client interface’s integrated development environment (IDE), that provides access to the workflow library and the ability to run workflows on the workflow engine. The workflow engine can also take objects from external libraries that you plug in to Orchestrator. This ability allows you to customize processes or implement functions that third-party applications provide.
VMware, Inc.
This chapter includes the following topics:
n
“Key Concepts of Workflows,” on page 14
n
“Standard Workflows in the Workflow Library,” on page 16
n
“Set User Permissions on a Workflow,” on page 16
n
“Run a Workflow,” on page 17
n
“Respond to a Request for a User Interaction,” on page 18
n
“Scheduling Workflows,” on page 19
n
“Use Workflow Version History,” on page 20
n
“Restore Deleted Workflows,” on page 21
n
“Export a Workflow,” on page 21
n
“Import a Workflow,” on page 21
13

Key Concepts of Workflows

Workflows consist of a schema, attributes, and parameters. The workflow schema is the main component of a workflow as it defines all the workflow elements and the logical connections between them. The workflow attributes and parameters are the variables that workflows use to transfer data. Orchestrator saves a workflow token every time a workflow runs, recording the details of that specific run of the workflow.

Workflow User Permissions

Orchestrator defines levels of permissions that you can apply to users or groups to allow or deny them access to workflows.
View
Inspect
Execute
Edit
Admin
The Admin permission includes the View, Inspect, Edit, and Execute permissions. All the permissions require the View permission.
If you do not set any permissions on a workflow, the workflow inherits the permissions from the folder that contains it. If you do set permissions on a workflow, those permissions override the permissions of the folder that contains it, even if the permissions of the folder are more restrictive.
The user can view the elements in the workflow, but cannot view the schema or scripting.
The user can view the elements in the workflow, including the schema and scripting.
The user can run the workflow.
The user can edit the workflow.
The user can set permissions on the workflow and has all other permissions.

Workflow Parameters

Workflows receive input parameters and generate output parameters when they run.
Input Parameters
Most workflows require a certain set of input parameters to run. An input parameter is an argument that the workflow processes when it starts. The user, an application, another workflow, or an action passes input parameters to a workflow for the workflow to process when it starts.
For example, if a workflow resets a virtual machine, the workflow requires as an input parameter the name of the virtual machine.
Output Parameters
A workflow's output parameters represent the result from the workflow run. Output parameters can change when a workflow or a workflow element runs. While workflows run, they can receive the output parameters of other workflows as input parameters.
For example, if a workflow creates a snapshot of a virtual machine, the output parameter for the workflow is the resulting snapshot.
14 VMware, Inc.
Chapter 2 Managing Workflows

Workflow Attributes

Workflow elements process data that they receive as input parameters, and set the resulting data as workflow attributes or output parameters.
Read-only workflow attributes act as global constants for a workflow. Writable attributes act as a workflow’s global variables.
You can use attributes to transfer data between the elements of a workflow. You can obtain attributes in the following ways:
n
Define attributes when you create a workflow
n
Set the output parameter of a workflow element as a workflow attribute
n
Inherit attributes from a configuration element

Workflow Schema

A workflow schema is a graphical representation that shows the workflow as a flow diagram of interconnected workflow elements. The workflow schema is the most important element of a workflow as it determines its logic.

Workflow Presentation

When users run a workflow, they provide the values for the input parameters of the workflow in the workflow presentation. When you organize the workflow presentation, consider the type and number of input parameters of the workflow.

Workflow Tokens

A workflow token represents a workflow that is running or has run.
A workflow is an abstract description of a process that defines a generic sequence of steps and a generic set of required input parameters. When you run a workflow with a set of real input parameters, you receive an instance of this abstract workflow that behaves according to the specific input parameters you give it. This specific instance of a completed or a running workflow is called a workflow token.
Workflow Token Attributes
Workflow token attributes are the specific parameters with which a workflow token runs. The workflow token attributes are an aggregation of the workflow's global attributes and the specific input and output parameters with which you run the workflow token.

Workflow Version History

Orchestrator keeps the version history for each workflow, irrespective of whether it is included in the default workflow library or whether the workflow is newly developed. By keeping the version history in the database, you can compare different workflow versions and to revert to a previous workflow version.
Orchestrator creates a new version history item for each workflow when you increase and save the workflow version. Subsequent changes to the workflow do not change the current saved version. The version history is kept in the database along with the workflow itself.
When you delete a workflow or an action, Orchestrator marks the element as deleted in the database without deleting the version history of the element from the database. This way, you can restore deleted workflows and actions.
VMware, Inc. 15

Standard Workflows in the Workflow Library

Orchestrator provides a standard library of workflows that you can use to automate operations in the virtual infrastructure. The workflows in the standard library are locked in the read-only state. To customize a standard workflow, you must create a duplicate of that workflow. Duplicate workflows or custom workflows that you create are fully editable.
For information about the different access rights that you can have when you work with the Orchestrator server depending on the type of vCenter Server license, see Installing and Configuring VMware vCenter Orchestrator.
The contents of the workflow library is accessible through the Workflows view in the Orchestrator client. The standard workflow library provides workflows in the following folders.
JDBC
Locking
Mail
Orchestrator
SQL
SSH
Troubleshooting
vCenter Server
Workflow documentation
XML
Test the communication between a workflow and a database by using the SQL plug-in shipped with Orchestrator.
Demonstrates the locking mechanism for automated processes, that allows workflows to lock the resources they use.
Send and receive emails from workflows.
Automate certain common Orchestrator operations.
Manage databases and database tables, as well as run SQL operations.
Implement the Secure Shell v2 (SSH-2) protocol. These workflows allow you to run remote command and file transfer sessions with password and public key-based authentication. The SSH configuration allows you to specify paths to objects to expose in the Orchestrator inventory through secure connections.
Export application settings and log files to a ZIP archive that you can send to VMware support for troubleshooting.
Access the functions of the vCenter Server API, so that you can incorporate all of the vCenter Server functions into the management processes that you automate by using Orchestrator.
Export information about workflows or workflow categories as PDF files.
A Document Object Model (DOM) XML parser that you can use to process XML files in workflows.

Set User Permissions on a Workflow

You set levels of permission on a workflow to limit the access that users or user groups can have to that workflow.
You can select the users and user groups for which to set permissions from the Orchestrator LDAP server.
Prerequisites
n
Create a workflow.
n
Open the workflow for editing in the workflow editor.
n
Add some elements to the workflow schema.
Procedure
1 Click the Permissions tab.
16 VMware, Inc.
2 Click the Add access rights link to define permissions for a new user or user group.
3 Search for a user or user group.
The search results contain all the users and user groups from the Orchestrator LDAP server that match the search.
4 Select a user or user group and select the appropriate check boxes to set the level of permissions for this
user or user group.
To allow a user to view the workflow, inspect the schema and scripting, run and edit the workflow, and change the permissions, you must select all check boxes.
5 Click Select.
The user or user group appears in the permissions list.
6 Click Save and close to exit the editor.

Run a Workflow

You can perform automated operations in vCenter Server by running workflows from the standard library or workflows that you create.
For example, you can create a virtual machine by running the Create simple virtual machine workflow.
Chapter 2 Managing Workflows
Prerequisites
Verify that you have configured the vCenter Server plug-in. For details, see Installing and Configuring VMware vCenter Orchestrator.
Procedure
1 From the drop-down menu in the Orchestrator client, select Run.
2 Click the Workflows view.
3 In the workflows hierarchical list, open Library > vCenter > Virtual machine management > Basic to
navigate to the Create simple virtual machine workflow.
4 Right-click the Create simple virtual machine workflow and select Start workflow.
5 Provide the general parameters and click Next.
Option Action
Virtual machine name
Virtual machine folder
Size of the new disk in GB
Memory size in MB
Number of virtual CPUs
Virtual machine guest OS
Make the disk thin provisioned
Name the virtual machine orchestrator-test.
a Click Not set for the Virtual machine folder value.
b Select a virtual machine folder from the inventory.
The Select button is inactive until you select an object of the correct type, in this case, VC:VmFolder.
Type an appropriate numeric value.
Type an appropriate numeric value.
Select an appropriate number of CPUs from the Number of virtual CPUs drop-down menu.
Click the Not set link and select a guest operating system from the list.
Select whether to make the disc thin or thick provisioned.
VMware, Inc. 17
6 Provide the infrastructure parameters.
Option Description
Host on which to create the virtual machine
Resource pool
The network to connect to
Datastore in which to store the virtual machine files
7 Click Submit to run the workflow.
A workflow token appears under the Create simple virtual machine workflow, showing the workflow running icon.
8 Click the workflow token to view the status of the workflow as it runs.
9 Click the Events tab in the workflow token view to follow the progress of the workflow token until it
completes.
Click Not set for the Host on which to create the virtual machine value and navigate through the vCenter Server infrastructure hierarchy to a host machine.
Click Not set for the Resource pool value and navigate through the vCenter Server infrastructure hierarchy to a resource pool.
Click Not set for the The network to connect to value and select a network.
Press Enter in the Filter text box to see all the available networks.
Click Not set for the Datastore in which to store the virtual machine value and navigate through the vCenter Server infrastructure hierarchy to a datastore.
10 Click the Inventory view.
11 Navigate through the vCenter Server infrastructure hierarchy to the resource pool you defined.
If the virtual machine does not appear in the list, click the refresh button to reload the inventory.
The orchestrator-test virtual machine is present in the resource pool.
12 (Optional) Right-click the orchestrator-test virtual machine in the Inventory view to see a contextual
list of the workflows that you can run on the orchestrator-test virtual machine.
The Create simple virtual machine workflow ran successfully.
What to do next
You can log in vSphere Client and manage the new virtual machine.

Respond to a Request for a User Interaction

Workflows that require interactions from users during their run suspend their run either until the user provides the required information or until the workflow times out.
Workflows that require user interactions define which users can provide the required information and direct the requests for interaction.
Prerequisites
Verify that at least one workflow is in the Waiting for User Interaction state.
Procedure
1 From the drop-down menu in the Orchestrator client, select Run.
2 Click the My Orchestrator view in the Orchestrator client.
3 Click the Waiting for Input tab.
The Waiting for Input tab lists the workflows that are waiting for user inputs from you or from members of your user group that have permission.
18 VMware, Inc.
4 Double-click a workflow that is waiting for input.
The workflow token that is waiting for input appears in the Workflows hierarchical list with the following
symbol: .
5 Right-click the workflow token and select Answer.
6 Follow the instructions in the input parameters dialog box to provide the information that the workflow
requires.
You provided information to a workflow that was waiting for user input during its run.

Scheduling Workflows

You can schedule a workflow to run once, or multiple times using a recurrence pattern.

Schedule a Workflow

You can schedule a workflow from the Orchestrator client Scheduler or Workflows views. The user credential that starts the workflow is the same as the credential you use to schedule it.
Prerequisites
Chapter 2 Managing Workflows
You must have the Execute privilege to schedule a workflow.
Procedure
1 From the drop-down menu in the Orchestrator client, select Run.
2 Click the Scheduler view.
3 Right-click within the left pane and select Schedule task.
4 (Optional) Select Schedule task as to use another user's credentials to schedule a workflow.
5 Search for the workflow to schedule by typing the name of the workflow, select it, and click Select.
6 Set the start date and time for the workflow.
7 (Optional) Select whether to start the workflow if the scheduled time is in the past.
Option Description
Yes
No
The workflow starts immediately.
The workflow starts at the next set recurrence.
8 (Optional) Select a workflow recurrence pattern.
a From the Recurrence drop-down menu, select the workflow recurrence pattern.
b If you set the workflow to recur, specify an end time and date for the workflow.
9 If the workflow requires input parameters, click Next and provide the necessary information.
10 Click Submit to schedule the workflow.
The scheduled workflow is listed in the Scheduler view. An R appears next to the scheduled workflow to denote that recurrence is set.
What to do next
You can monitor the workflow run and delete the scheduled task from the Scheduler view.
VMware, Inc. 19

Edit the Workflow Recurrence Pattern

A recurrence pattern is used to specify the way in which a given workflow is scheduled. You can edit the recurrence pattern of a workflow from the Scheduler view.
Prerequisites
A recurrent workflow that is scheduled.
Procedure
1 From the drop-down menu in the Orchestrator client, select Run.
2 Click the Scheduler view.
3 Right-click the scheduled workflow whose recurrence pattern you want to edit and select Edit.
4 Click the Recurrence tab.
5 From the drop-down menu, select the recurrence pattern.
You can add an unlimited number of entries to the pattern. You can edit each entry.
The display changes according to the selected pattern.
6 Click Save and close to exit the editor.
The new recurrence pattern for the scheduled workflow appears on the Recurrence tab.
What to do next
You can view details about the different runs of the scheduled workflow on the Workflow Runs tab.

Use Workflow Version History

You can use version history to revert a workflow to a previously saved state. You can revert the workflow state to an earlier or a later workflow version. You can also compare the differences between the current state of the workflow and a saved version of the workflow.
Orchestrator creates a new version history item for each workflow when you increase and save the workflow version. Subsequent changes to the workflow do not change the current saved version. For example, when you create a workflow version 1.0.0 and save it, the state of the workflow is stored in the version history. If you make any changes to the workflow, you can save the workflow state in the Orchestrator client, but you cannot apply the changes to workflow version 1.0.0. To store the changes in the version history, you must create a subsequent workflow version and save it. The version history is kept in the database along with the workflow itself.
When you delete a workflow, Orchestrator marks the element as deleted in the database without deleting the version history of the element from the database. This way, you can restore deleted workflows. See “Restore
Deleted Workflows,” on page 21.
Prerequisites
Open a workflow for editing in the workflow editor.
Procedure
1 Click the General tab in the workflow editor and click Show version history.
2 Select a workflow version and click Diff Against Current to compare the differences.
A window displays the differences between the current workflow version and the selected workflow version.
20 VMware, Inc.
3 Select a workflow version and click Revert to restore the state of the workflow.
CAUTION If you have not saved the current workflow version, it is deleted from the version history and
you cannot revert back to the current version.
The workflow state is reverted to the state of the selected version.

Restore Deleted Workflows

You can restore workflows that have been deleted from the workflow library.
Procedure
1 From the drop-down menu in the Orchestrator client, select Run or Design.
2 Click the Workflows view.
3 Navigate to the workflow folder in which you want to restore deleted workflows.
4 Right-click the folder and select Restore deleted workflows.
5 Select the workflow or workflows that you want to restore and click Restore.
The restored workflows appear in the selected folder.
Chapter 2 Managing Workflows

Export a Workflow

You can export workflows to use them in another Orchestrator server instance.
Procedure
1 From the drop-down menu in the Orchestrator client, select Run.
2 Click the Workflows view.
3 Browse to the workflow you want to export and right-click that workflow.
4 Select Export workflow.
5 Browse to locate the folder in which you want to save the workflow, and click Save.
The workflow is saved on your system as a .workflow file.

Import a Workflow

If you have exported a workflow from one Orchestrator server system you can import it to another Orchestrator server system.
Procedure
1 From the drop-down menu in the Orchestrator client, select Run.
2 Click the Workflows view.
3 Browse to the workflow folder in which you want to import the workflow and right-click it.
4 Select Import workflow.
5 Browse to locate the workflow you want to import, and click Open.
If the workflow already exists in your workflow library, a dialog box with version information appears.
NOTE You cannot import a workflow with an earlier version number than the version number of the existing workflow.
VMware, Inc. 21
The imported workflow appears in the workflow folder that you selected.
22 VMware, Inc.

Managing Policies 3

Policies are event triggers that monitor the activity of the system. Policies respond to predefined events issued by changes in the status or performance of certain defined objects.
Policies are a series of rules, gauges, thresholds and event filters that run certain workflows or scripts when specific predefined events occur in Orchestrator or in the technologies that Orchestrator accesses through plug­ins. Orchestrator constantly evaluates the policy rules as long as the policy is running. For instance, you can implement policy gauges and thresholds that monitor the behavior of vCenter Server objects of the
VC:HostSystem and VC:VirtualMachine types.
Orchestrator defines the following types of policy:
Policy Templates
Policies
You can organize policy templates into folders, for easier navigation.
This chapter includes the following topics:
n
“Create a Policy,” on page 23
n
“Apply a Policy,” on page 24

Create a Policy

You can create a policy to monitor the activity of the system for specific events.
Procedure
1 From the drop-down menu in the Orchestrator client, select Run.
2 Click the Policies view.
3 Right-click within the left pane and select Create new policy.
Master policies. Policy templates are not linked to real objects. They are abstract sets of rules that define the behavior to implement if a certain abstract event occurs. You can see existing policy templates and create templates in the Policy Templates view in the Orchestrator client.
Policies are instances of a template or standalone event triggers that are linked to real objects, and that are triggered by real-life events. You can see existing policies and create policies in the Policies view in the Orchestrator client.
VMware, Inc.
4 Type a name for the policy and click Ok.
The policy appears in the list of policies.
5 Right-click the policy and select Edit.
The policy editor opens.
23
6 On the General tab, edit the startup settings, priority, startup user, and description of the policy.
7 On the Scripting tab, add and remove policy elements, periodic tasks, and trigger events, as well as
manage attributes.
8 On the Events and Logs tabs, view information about the policy.
9 On the Permissions tab, add and remove access rights for users or user groups.
10 Click Save and close to exit the editor.
11 In the Policies view, right-click the policy that you created and select Start policy.

Apply a Policy

You can apply a policy from an existing policy template.
Prerequisites
Verify that you have created a policy template.
Procedure
1 From the drop-down menu in the Orchestrator client, select Run.
2 Click the Policies view.
3 Right-click within the left pane and select Apply Policy.
4 In the Filter text box type the name of the policy template.
5 Select the policy template and click Select.
6 Provide the required policy information and click Submit.
The policy appears in the list of policies.
7 In the Policies view, right-click the policy that you created and select Start policy.
24 VMware, Inc.

Using Packages 4

You can use packages to transport content from one Orchestrator server to another. Packages can contain workflows, actions, policies, Web views, configurations, and resources.
When you add an element to a package, Orchestrator checks for dependencies and adds any dependent elements to the package. For example, if you add a workflow that uses actions or other workflows, Orchestrator adds those actions and workflows to the package.
When you import a package, the server compares the versions of the different elements of its content to matching local elements. The comparison shows the differences in versions between the local and imported elements. The administrator can decide whether to import the whole package, or choose specific elements to import.
Packages feature digital rights management to control how the receiving server can use the content of the package. Orchestrator signs packages and encrypts the packages for data protection. Packages use X509 certificates to monitor which users export and redistribute elements.
This chapter includes the following topics:
n
“Create a Package,” on page 25
n
“Set User Permissions on a Package,” on page 26
n
“Export a Package,” on page 27
n
“Import a Package,” on page 28
n
“Get a Remote Package,” on page 28
n
“Synchronize a Remote Package,” on page 29
n
“Remove a Package,” on page 30

Create a Package

You can export workflows, policies, actions, plug-in references, resources, Web views, and configuration elements in packages. All elements that an element in a package implements are added to the package automatically, to ensure compatibility between versions. If you do not want to add the referenced elements, you can delete them in the package editor.
Prerequisites
Verify that the Orchestrator server contains elements such as workflows, actions, and policies that you can add to a package.
Procedure
1 From the drop-down menu in the Orchestrator client, select Administer.
VMware, Inc.
25
2 Click the Packages view.
3 Right-click in the left pane and select Add package.
4 Type the name of the new package and click Ok.
The syntax for package names is
domain.your_company.folder.package_name
.
For example, com.vmware.myfolder.mypackage.
5 Right-click the package and select Edit.
The package editor opens.
6 On the General tab, add a description for the package.
7 On the Workflows tab, add workflows to the package.
n
Click Insert Workflows (list search) to search for and select workflows in a selection dialog box.
n
Click Insert Workflows (tree browsing) to browse and select folders of workflows from the hierarchical list.
8 On the Policy Templates, Actions, Web View, Configurations, Resources, and Used Plug-Ins tabs, add
policy templates, actions, Web views, configuration elements, resource elements, and plug-ins to the package.
9 Click Save and close to exit the editor.
You created a package and added elements to it.
What to do next
Set user permissions for this package.

Set User Permissions on a Package

You set different levels of permission on a package to limit the access that different users or user groups can have to the contents of that package.
You can select the different users and user groups for which to set permissions from the users and user groups in the Orchestrator LDAP or vCenter Single Sign On server. Orchestrator defines levels of permissions that you can apply to users or groups.
View
Inspect
Edit
Admin
Prerequisites
Create a package, open it for editing in the package editor, and add the necessary elements to the package.
Procedure
1 Click the Permissions tab in the package editor.
2 Click Add access rights to define permissions for a new user or user group.
The user can view the elements in the package, but cannot view the schemas or scripting.
The user can view the elements in the package, including the schemas and scripting.
The user can edit the elements in the package.
The user can set permissions on the elements in the package.
26 VMware, Inc.
3 Search for a user or user group.
The search results show all of the users and user groups that match the search.
4 Select a user or user group.
5 Check the appropriate check boxes to set the level of permissions for this user and click Select.
To allow a user to view the elements, inspect the schema and scripting, run and edit the elements, and change the permissions, you must check all check boxes.
6 Click Save and close to exit the editor.
You created a package and set the appropriate user permissions.

Export a Package

You can export a package and reuse its contents on another Orchestrator server. The system adds the certificates for all of the contents of the exported package. When the package is imported into another server, these certificates are also imported.
Prerequisites
Create a package and add the necessary elements to it.
Chapter 4 Using Packages
Procedure
1 From the drop-down menu in the Orchestrator client, select Administer.
2 Click the Packages view.
3 Right-click the package to export and select Export package.
4 Browse to select a location to save the package.
5 (Optional) Sign the package.
a Click Add target Certificate to sign the package.
b In the list of certificates, select the certificate to use for the exported package.
c Click Select.
6 (Optional) To apply restrictions for the exported package, deselect any of the following options.
Option Description
View contents
Add to package
Edit contents
The importer of the package is allowed to view the JavaScript of the elements contained in the package.
The importer of the package is allowed to redistribute the elements contained in the package.
The importer of the package is allowed to modify the elements contained in the package.
7 (Optional) Deselect the Export version history check box if you do not want to export the version history
of the package.
8 Click Save.
You exported the package.
What to do next
You can use all of the workflows, actions, policies, and Web views from the exported package on another Orchestrator server.
VMware, Inc. 27

Import a Package

To reuse workflows, actions, policies, Web views, and configuration elements from one Orchestrator server on another server, you can import them as a package.
IMPORTANT Packages that Orchestrator 3.2 generates are upwardly compatible with Orchestrator 4.x and 5.1. You can import a package from an Orchestrator 3.2 server to an Orchestrator 4.x or 5.1 server. Packages from Orchestrator 4.x and 5.1 are not backward compatible with Orchestrator 3.2. You cannot import to an Orchestrator 3.2 server a package that an Orchestrator 4.x or 5.1 server generates.
Prerequisites
n
Back up any standard Orchestrator elements that you have modified. If the imported package contains elements whose version number is later than the version number of the elements stored in the Orchestrator database, your changes might be lost.
n
On the remote server, create a package and add the necessary elements to it.
Procedure
1 From the drop-down menu in the Orchestrator client, select Administer.
2 Click the Packages view.
3 Right-click within the left pane and select Import package.
4 Browse to select the package that you want to import and click Open.
Certificate information about the exporter appears.
5 Review the package import details and select Import or Import and trust provider.
The Import package view appears. If the version of the imported package element is later than the version on the server, the system selects the element for import.
6 (Optional) Deselect the elements that you do not want to import.
For example, deselect custom elements for which later versions exist.
7 Click Import selected elements.
The imported package appears in the list of packages.
What to do next
You can use all the workflows, actions, policies, Web views, and configuration elements from the imported package as new building blocks on your Orchestrator server.

Get a Remote Package

You can retrieve a package from a remote Orchestrator server.
Procedure
1 From the drop-down menu in the Orchestrator client, select Administer.
2 Click the Packages view.
3 Right-click within the left pane and select Get remote package.
28 VMware, Inc.
4 Log in to the remote server.
The Orchestrator Synchronization dialog box opens. It displays the differences between the package elements. To view only elements that are different on the local and remote server, select Hide identical from the drop-down menu.
5 Select the package that you want and click Import.
6 View the remote package elements and select an option.
Option Description
None
Update
Does not import the element.
The element is imported from the remote server to the local server.
NOTE If the remote server does not recognize your certificate, you cannot commit and overwrite the elements.
7 Click Synchronize.

Synchronize a Remote Package

The Packages view provides a way to synchronize a package on one Orchestrator server with an existing package on another server.
Chapter 4 Using Packages
Synchronizing packages is the only way to obtain all the elements from the remote server. If you synchronize individual elements, Orchestrator only synchronizes elements that already exist on the local server. To obtain any new elements from the remote server, you must synchronize the package that contains those elements.
Procedure
1 From the drop-down menu in the Orchestrator client, select Administer.
2 Click the Packages view.
3 Right-click the package that you want to synchronize and select Synchronize.
4 Log in to the remote server.
The Orchestrator Synchronization dialog box opens. It displays the differences between the package elements. To view only elements that are different on the local and remote server, select Hide identical from the drop-down menu.
5 View the comparison between the local and remote package elements and select an option.
Option Description
None
Commit
Update
Merge
The local and remote elements have the same version number. No synchronization is required.
The version of the local element is later. The remote element is overwritten.
The version of the remote element is later. The local element is updated. If an element does not exist locally, it is imported from the remote server to the local server.
The local and remote packages are overwritten with a merged list of references. The referenced elements remain unchanged.
NOTE If the remote server does not recognize your certificate, you cannot commit elements.
6 Click Synchronize.
The synchronized package is reloaded.
VMware, Inc. 29
What to do next
You can use the updated package content in workflows, actions, policies, and Web views.

Remove a Package

Workflows and actions, as well as other resources, can be reused in many packages. This is why, before you remove a package, you must decide whether to delete the workflows, actions, policies and other resources contained in the package.
Procedure
1 From the drop-down menu in the Orchestrator client, select Administer.
2 Click the Packages view.
3 Right-click the package to delete and select one of the deletion options.
Option Description
Delete
Delete element with content
Removes the package only from the Packages view.
Removes all workflows, actions, policies, Web views, configurations, plug­in settings or resources that the package contains. Does not remove read-only elements and the plug-in .dar archive.
CAUTION This action might delete elements that are referenced by other packages too. To avoid deleting an element that another package needs, remove any dependencies that you added to the package. To view a list of all the packages, workflows and policies that reference an element, use the Find elements that use this element function.
30 VMware, Inc.

Using Authorizations 5

With authorizations you can manage the permissions of users and user groups over elements of specific types.
This chapter includes the following topics:
n
“Create an Authorization Element,” on page 31
n
“Configure an Authorization Element,” on page 31

Create an Authorization Element

You can create an authorization element to provide different permissions to users or user groups over elements or specific type.
Procedure
1 From the drop-down menu in the Orchestrator client, select Administer.
2 Click the Authorizations view.
3 Right-click within the left pane and select Create Authorization.
4 In the Name text box, type a name for the element.
5 Click Not set and search for an LDAP user group.
6 (Optional) In the Description text box, type a description of the element.
7 Click Submit to create the element.
The authorization element appears in the list of authorizations.
What to do next
Edit the configuration of the authorization element.

Configure an Authorization Element

You can configure references and permissions for an authorization element.
Prerequisites
Verify that you have created an authorization element.
Procedure
1 From the drop-down menu in the Orchestrator client, select Administer.
2 Click the Authorizations view.
VMware, Inc.
31
3 Right-click the authorization element that you want to modify and select Edit.
The authorization element editor opens.
4 (Optional) On the General tab, edit the description of the element.
5 On the References tab, create references to available element types from the tree.
6 On the Permissions tab, set the level of permissions for a user or user group.
7 Click Save and close to exit the editor.
32 VMware, Inc.

Index

A
action, version 15 actions 14 Actions view 9 Administer perspective 9 API Explorer, accessing 11 attributes 14, 15 audience 5 authorization element
configuration 31
creation 31 authorization elements 31 authorizations 31 Authorizations view 9
C
configuration elements 15 Configurations view 9
D
Design perspective 9
E
export workflow 21
exporting 27 getting 28 importing 28 permissions 26 removing 30 restricting reuse 27 signature 25 signing 27
synchronizing 29 Packages view 9 parameters 14 perspectives 8 policies 23 Policies view 8 policy, applying 24 policy creation 23 policy management 23 policy templates 23 Policy Templates view 9
R
recurrent workflows 20 Resources view 9 Run perspective 8
I
import workflow 21 input parameters 14 Inventory view 8, 9
M
My Orchestrator view 7, 8
O
Orchestrator client
credentials 7 customizing 10 login 7 perspectives 8
output parameters 14
P
packages
create 25 deleting 30 digital rights management 25
VMware, Inc. 33
S
Scheduler view 8 scheduling 19 schema 14, 15 standard workflows 16
T
token 14
U
user interactions, responding 18
V
version history 15
W
Web views 9 workflow
export 21
import 21
version 15 workflow attributes 15 workflow parameters 14 workflow presentation 15 workflow token 15 workflow token attributes 15 workflows
library 16
permissions 14, 16
recurrence 20
restoring deleted 21
running 17
scheduling 19
standard 16
version history 20 Workflows view 8, 9
34 VMware, Inc.
Loading...