VMware vCenter Orchestrator - 5.5 Installation Manual

Installing and Configuring VMware

vCenter Orchestrator

vCenter Orchestrator 5.5

This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new edition. To check for more recent editions of this document, see http://www.vmware.com/support/pubs.

EN-001132-00

Installing and Configuring VMware vCenter Orchestrator

You can find the most up-to-date technical documentation on the VMware Web site at:

http://www.vmware.com/support/

The VMware Web site also provides the latest product updates.

If you have comments about this documentation, submit your feedback to:

docfeedback@vmware.com

Copyright © 2008–2013 VMware, Inc. All rights reserved. This product is protected by U.S. and international copyright and intellectual property laws. VMware products are covered by one or more patents listed at

http://www.vmware.com/go/patents.

VMware is a registered trademark or trademark of VMware, Inc. in the United States and other jurisdictions. All other marks and names mentioned herein may be trademarks of their respective companies.

VMware, Inc.

3401 Hillview Ave. Palo Alto, CA 94304 www.vmware.com

2 VMware, Inc.

Installing and Configuring VMware vCenter Orchestrator 7

Introduction to VMware vCenter Orchestrator 9

Key Features of the Orchestrator Platform 9

Orchestrator User Types and Related Responsibilities 10

Orchestrator Architecture 11

Orchestrator Plug-Ins 12

Orchestrator System Requirements 13

Hardware Requirements for Orchestrator 13

Hardware Requirements for the Orchestrator Appliance 13

Operating Systems Supported by Orchestrator 14

Supported Directory Services 14

Browsers Supported by Orchestrator 14

Orchestrator Database Requirements 14

Software Included in the Orchestrator Appliance 15

Level of Internationalization Support 15

Setting Up Orchestrator Components 17

Orchestrator Configuration Maximums 17

vCenter Server Setup 18

Authentication Methods 18

Orchestrator Database Setup 18

VMware, Inc.

Installing and Upgrading Orchestrator 21

Download the vCenter Server Installer 22

Install Orchestrator Standalone 22

Install the Orchestrator Client on a 32-Bit Machine 23

Install the Client Integration Plug-In in the vSphere Web Client 24

Download and Deploy the Orchestrator Appliance 25

Power On the Orchestrator Appliance and Open the Home Page 26

Change the Root Password 26

Enable or Disable SSH Administrator Login on the vCenter Orchestrator Appliance 27

Configure Network Settings for the Orchestrator Appliance 27

Upgrade Orchestrator 4.2.x and 5.1.x Standalone 28

Upgrading Orchestrator 4.0.x Running on a 64-Bit Machine 29

Export the Orchestrator Configuration 30

Uninstall Orchestrator 30

Install Orchestrator Standalone 31

Import the Orchestrator Configuration 32

Upgrading Orchestrator 4.0.x and Migrating the Configuration Data 32

Installing and Configuring VMware vCenter Orchestrator

Upgrading the Orchestrator Appliance 33

Uninstall Orchestrator 33

Configuring the Orchestrator Server 35

Start the Orchestrator Configuration Service 36

Configure the Network Connection 37

Orchestrator Network Ports 38

Import the vCenter Server SSL Certificate 39

Selecting the Authentication Type 40

Configuring vCenter Single Sign-On Settings 41

Configuring LDAP Settings 44

Configuring the Orchestrator Database Connection 50

Configure SQL Server Express to Use with Orchestrator 50

Import the Database SSL Certificate 51

Configure the Database Connection 51

Server Certificate 54

Create a Self-Signed Server Certificate 55

Obtain a Server Certificate Signed by a Certificate Authority 55

Import a Server Certificate 56

Export a Server Certificate 56

Changing a Self-Signed Server Certificate 56

Configure the Default Plug-Ins 58

Define the Default SMTP Connection 58

Configure the SSH Plug-In 59

Configure the vCenter Server Plug-In 59

Installing a New Plug-In 60

Importing the vCenter Server License 61

Import the vCenter Server License 61

Add the vCenter Server License Key Manually 62

Access Rights to Orchestrator Server 63

Selecting the Orchestrator Server Mode 63

Configure an Orchestrator Cluster 64

Start the Orchestrator Server 65

Configuring vCenter Orchestrator in the Orchestrator Appliance 67

Configure the vCenter Server Plug-In 68

Import a vCenter Server SSL Certificate and License 69

Configuring Orchestrator by Using the Configuration Plug-In and the REST

API 71

Configure Network Settings by Using the REST API 71

Configuring Authentication Settings by Using the REST API 72

Configure LDAP Authentication by Using the REST API 72

Configure the Database Connection by Using the REST API 74

Create a Self-Signed Server Certificate by Using the REST API 76

4 VMware, Inc.

Managing SSL Certificates by Using the REST API 76

Delete an SSL Certificate by Using the REST API 77

Import SSL Certificates by Using the REST API 77

Importing Licenses by Using the REST API 78

Import the vCenter Server License by Using the REST API 78

Enter a License Key by Using the REST API 79

Contents

Additional Configuration Options 81

Change the Password of the Orchestrator Configuration Interface 81

Change the Default Configuration Ports on the Orchestrator Client Side 82

Uninstall a Plug-In 82

Activate the Service Watchdog Utility 83

Export the Orchestrator Configuration 84

Orchestrator Configuration Files 85

Import the Orchestrator Configuration 86

Configure the Maximum Number of Events and Runs 86

Import Licenses for a Plug-In 87

Orchestrator Log Files 88

Logging Persistence 89

Define the Server Log Level 90

Change the Size of Server Logs 91

Export Orchestrator Log Files 92

Loss of Server Logs 92

Filter the Orchestrator Log Files 92

Configuration Use Cases and Troubleshooting 95

Configuring a Cluster of Orchestrator Server Instances 95

Registering Orchestrator with vCenter Single Sign-On in the vCenter Server Appliance 97

Setting Up Orchestrator to Work with the vSphere Web Client 98

Check Whether Orchestrator Is Successfully Registered as an Extension 98

Unregister Orchestrator from vCenter Single Sign-On 99

Enable Orchestrator for Remote Workflow Execution 99

Changing SSL Certificates 100

Generate a New Certificate 100

Install a Certificate from a Certificate Authority 102

Adding the Certificate to the Local Store 102

Change the Certificate of the Orchestrator Appliance Management Site 103

Back Up the Orchestrator Configuration and Elements 103

Unwanted Server Restarts 105

Orchestrator Server Fails to Start 105

Revert to the Default Password for Orchestrator Configuration 106

Setting System Properties 107

Disable Access to the Orchestrator Client By Nonadministrators 107

Disable Access to Workflows from Web Service Clients 108

Setting Server File System Access for Workflows and JavaScript 109

Rules in the js-io-rights.conf File Permitting Write Access to the Orchestrator System 109

Set Server File System Access for Workflows and JavaScript 110

VMware, Inc. 5

Installing and Configuring VMware vCenter Orchestrator

Create and Locate the js-io-rights.conf File in the Orchestrator Appliance 111

Manually Create the js-io-rights.conf File on Windows Systems 111

Set JavaScript Access to Operating System Commands 112

Set JavaScript Access to Java Classes 113

Set Custom Timeout Property 114

Modify the Number of Objects a Plug-In Search Obtains 114

Modify the Number of Concurrent and Pending Workflows 115

Where to Go From Here 117

Download and Install the Orchestrator Client from the Orchestrator Appliance Web Console 120

Index 121

6 VMware, Inc.

Installing and Configuring VMware vCenter Orchestrator

Installing and Configuring VMware vCenter Orchestrator provides information and instructions about installing, upgrading and configuring VMware® vCenter Orchestrator.

Intended Audience

This information is intended for advanced vSphere administrators and experienced system administrators who are familiar with virtual machine technology and datacenter operations.

VMware, Inc. 7

Installing and Configuring VMware vCenter Orchestrator

8 VMware, Inc.

Introduction to VMware vCenter

Orchestrator 1

VMware vCenter Orchestrator is a development- and process-automation platform that provides a library of extensible workflows to allow you to create and run automated, configurable processes to manage the VMware vSphere infrastructure as well as other VMware and third-party technologies.

Orchestrator exposes every operation in the vCenter Server API, allowing you to integrate all of these operations into your automated processes. Orchestrator also allows you to integrate with other management and administration solutions through its open plug-in architecture.

This chapter includes the following topics:

“Key Features of the Orchestrator Platform,” on page 9

“Orchestrator User Types and Related Responsibilities,” on page 10

“Orchestrator Architecture,” on page 11

“Orchestrator Plug-Ins,” on page 12

Key Features of the Orchestrator Platform

Orchestrator is composed of three distinct layers: an orchestration platform that provides the common features required for an orchestration tool, a plug-in architecture to integrate control of subsystems, and a library of workflows. Orchestrator is an open platform that can be extended with new plug-ins and libraries, and can be integrated into larger architectures through a SOAP or REST API.

The following list presents the key Orchestrator features.

Persistence

Central management

Check-pointing

Versioning

Production grade external databases are used to store relevant information, such as processes, workflow states, and configuration information.

Orchestrator provides a central way to manage your processes. The application server-based platform, with full version history, allows you to have scripts and process-related primitives in one place. This way, you can avoid scripts without versioning and proper change control spread on your servers.

Every step of a workflow is saved in the database, which allows you to restart the server without losing state and context. This feature is especially useful for long-running processes.

All Orchestrator Platform objects have an associated version history. This feature allows basic change management when distributing processes to different project stages or locations.

VMware, Inc. 9

Installing and Configuring VMware vCenter Orchestrator

Scripting engine

Workflow engine

Policy engine

Web 2.0 front end

The Mozilla Rhino JavaScript engine provides a way to create new building blocks for Orchestrator Platform. The scripting engine is enhanced with basic version control, variable type checking, name space management and exception handling. It can be used in the following building blocks:

Actions

Workflows

Policies

The workflow engine allows you to capture business processes. It uses the following objects to create a step-by-step process automation in workflows:

Workflows and actions that Orchestrator provides.

Custom building blocks created by the customer

Objects that plug-ins add to Orchestrator

Users, other workflows, a schedule, or a policy can start workflows.

The policy engine allows monitoring and event generation to react to changing conditions in the Orchestrator server or plugged-in technology. Policies can aggregate events from the platform or any of the plug-ins, which allows you to handle changing conditions on any of the integrated technologies.

The Web 2.0 front end allows you to integrate Orchestrator functions into Web-based interfaces, using Web views. For example, you can create Web views that add buttons to start workflows from a page in your company's Intranet. It provides a library of user customizable components to access vCO orchestrated objects and uses Ajax technology to dynamically update content without reloading complete pages.

Security

Orchestrator provides the following advanced security functions:

Public Key Infrastructure (PKI) to sign and encrypt content imported

and exported between servers

Digital Rights Management (DRM) to control how exported content

might be viewed, edited and redistributed

Secure Sockets Layer (SSL) encrypted communications between the

desktop client and the server and HTTPS access to the Web front end.

Advanced access rights management to provide control over access to

processes and the objects manipulated by these processes.

Orchestrator User Types and Related Responsibilities

Orchestrator provides different tools and interfaces based on the specific responsibilities of the two global user roles: Administrators and End Users. Orchestrator developers also have administrative rights and are responsible for creating workflows and additional applications.

Users with Full Rights

Administrators

This role has full access to all of the Orchestrator platform capabilities. Basic administrative responsibilities include the following items:

Installing and configuring Orchestrator

10 VMware, Inc.

Chapter 1 Introduction to VMware vCenter Orchestrator

Managing access rights for Orchestrator and applications

Importing and exporting packages

Enabling and disabling Web views

Running workflows and scheduling tasks

Managing version control of imported elements

Creating new workflows and plug-ins

Developers

This user type has full access to all of the Orchestrator platform capabilities. Developers are granted access to the Orchestrator client interface and have the following responsibilities:

Users with Limited Rights

End Users

This role has access to only the Web front end. End users can run and schedule workflows and policies that the administrators or developers make available in a browser by using Web views.

Orchestrator Architecture

Orchestrator contains a workflow library and a workflow engine to allow you to create and run workflows that automate orchestration processes. You run workflows on the objects of different technologies that Orchestrator accesses through a series of plug-ins.

Orchestrator provides a standard set of plug-ins, including a plug-in for vCenter Server, to allow you to orchestrate tasks in the different environments that the plug-ins expose.

Creating applications to extend the Orchestrator platform functionality

Automating processes by customizing existing workflows and creating new workflows and plug-ins

Customizing Web front ends for automated processes, using Web 2.0 tools.

Orchestrator also presents an open architecture to allow you to plug in external third-party applications to the orchestration platform. You can run workflows on the objects of the plugged-in technologies that you define yourself. Orchestrator connects to a directory services server to manage user accounts, and to a database to store information from the workflows that it runs. You can access Orchestrator, the Orchestrator workflows, and the objects it exposes through the Orchestrator client interface, through a Web browser, or through Web services.

VMware, Inc. 11

Orchestrator

database

workflow library

vCenter

Server

XML SSH SQL SMTP

3rd-party

plug-in

workflow engine

browser

access

vCenter

Orchestrator

Client application

vCenter

Server

Directory services

or vCenter

Single Sign On

Web services

REST/SOAP

Installing and Configuring VMware vCenter Orchestrator

Figure 1‑1. VMware vCenter Orchestrator Architecture

Orchestrator Plug-Ins

Plug-ins allow you to use Orchestrator to access and control external technologies and applications. Exposing an external technology in an Orchestrator plug-in allows you to incorporate objects and functions in workflows that access the objects and functions of that external technology.

The external technologies that you can access by using plug-ins can include virtualization management tools, email systems, databases, directory services, and remote control interfaces.

Orchestrator provides a set of standard plug-ins that you can use to incorporate into workflows such technologies as the VMware vCenter Server API and email capabilities. In addition, you can use the Orchestrator open plug-in architecture to develop plug-ins to access other applications.

The Orchestrator plug-ins that VMware develops are distributed as .vmoapp files, which you can obtain from the VMware Web site at

http://www.vmware.com/products/datacenter-virtualization/vcenter-orchestrator/plugins.html. For more

information about the Orchestrator plug-ins that VMware develops and distributes, see

http://www.vmware.com/support/pubs/vco_plugins_pubs.html.

12 VMware, Inc.

Orchestrator System Requirements 2

Your system must meet the technical requirements that are necessary for Orchestrator to work properly.

For a list of the supported versions of vCenter Server, see VMware Product Interoperability Matrix.

This chapter includes the following topics:

“Hardware Requirements for Orchestrator,” on page 13

“Hardware Requirements for the Orchestrator Appliance,” on page 13

“Operating Systems Supported by Orchestrator,” on page 14

“Supported Directory Services,” on page 14

“Browsers Supported by Orchestrator,” on page 14

“Orchestrator Database Requirements,” on page 14

“Software Included in the Orchestrator Appliance,” on page 15

“Level of Internationalization Support,” on page 15

Hardware Requirements for Orchestrator

Verify that your system meets the minimum hardware requirements before you install Orchestrator.

2.0GHz or faster Intel or AMD x86 processor. At least two CPUs are recommended. Processor

requirements might differ if your database runs on the same hardware.

4GB RAM. You might need more RAM if your database runs on the same hardware.

2GB disk space. You might need more storage if your database runs on the same hardware.

A free static IP address.

Hardware Requirements for the Orchestrator Appliance

The Orchestrator Appliance is a preconfigured Linux-based virtual machine. Before you deploy the appliance, verify that your system meets the minimum hardware requirements.

The Orchestrator Appliance has the following hardware configuration:

2 CPUs

3GB of memory

7GB hard disk

Do not reduce the default memory size, because the Orchestrator server requires at least 2GB of free memory.

VMware, Inc.

Installing and Configuring VMware vCenter Orchestrator

Operating Systems Supported by Orchestrator

You can install the Orchestrator 5.5 server only on 64-bit operating systems.

Orchestrator is also available as a virtual appliance running on a SUSE Linux Enterprise Server.

For a list of the operating systems supported by Orchestrator, see the VMware Compatibility Guide.

Supported Directory Services

If you plan to use an LDAP server for authentication, ensure that you set up and configure a working LDAP server.

Orchestrator supports these directory service types.

Windows Server 2008 Active Directory

Windows Server 2012 Active Directory

OpenLDAP

Novell eDirectory Server 8.8.3

Sun Java System Directory Server 6.3

IMPORTANT Multiple domains that have a two-way trust, but are not in the same tree, are not supported and do not work with Orchestrator. The only configuration supported for multi-domain Active Directory is domain tree. Forest and external trusts are not supported.

Browsers Supported by Orchestrator

The Orchestrator configuration interface and Web views require a Web browser.

You must have one of the following browsers to connect to the Orchestrator configuration interface and Web views.

Microsoft Internet Explorer 7 and later

Mozilla Firefox 10 and later

Orchestrator Database Requirements

The Orchestrator server requires a database. For small-scale deployments, you can use the SQL Server Express database that is bundled with vCenter Server or the preconfigured Orchestrator database. For better performance in a production environment, use a separate database for Orchestrator.

NOTE To ensure efficient CPU and memory usage, consider hosting the Orchestrator database and the Orchestrator server on different machines. Verify that at least 1GB of free disk space is available on each machine.

Orchestrator supports Oracle 11g, SQL Server 2005, SQL Server 2008, SQL Server 2012, SQL Server Express, and PostgreSQL. When you use the standard installation on Microsoft Windows, you can also set up Orchestrator to use the vCenter Server database.

14 VMware, Inc.

Software Included in the Orchestrator Appliance

The Orchestrator Appliance is a preconfigured virtual machine optimized for running Orchestrator. The appliance is distributed with preinstalled software.

The Orchestrator Appliance package contains the following software:

SUSE Linux Enterprise Server 11 Update 1 for VMware, 64-bit edition

PostgreSQL

OpenLDAP

Orchestrator 5.5

The default Orchestrator Appliance database configuration is suitable for small- or medium-scale environment. The default OpenLDAP configuration is suitable for experimental and testing purposes only. To use the Orchestrator Appliance in a production environment, you must set up a new database and directory service, and configure the Orchestrator server to work with them. You can also configure the Orchestrator server to work with VMware vCenter Single Sign-On. For more information about configuring external LDAP or vCenter Single Sign-On, see “Selecting the Authentication Type,” on page 40. For information about configuring a database for production environments, see “Orchestrator Database Setup,” on page 18.

Chapter 2 Orchestrator System Requirements

Level of Internationalization Support

Orchestrator supports internationalization level 1.

Non-ASCII Character Support in Orchestrator

Although Orchestrator is not localized, it can run on a non-English operating system and support nonASCII text.

Table 2‑1. Non-ASCII Character Support in Orchestrator GUI

Support for Non-ASCII Characters

Orchestrator Item Description Field Name Field

Action Yes No No No

Folder Yes Yes - -

Configuration element Yes Yes - No

Package Yes Yes - -

Policy Yes Yes - -

Policy template Yes Yes - -

Resource element Yes Yes - -

Web view Yes Yes - No

Workflow Yes Yes No No

Workflow presentation display group and input step

Yes Yes - -

Input and Output Parameters Attributes

VMware, Inc. 15

Installing and Configuring VMware vCenter Orchestrator

Non-ASCII Character Support for Oracle Databases

To store characters in the correct format in an Oracle database, set the NLS_CHARACTER_SET parameter to

AL32UTF8 before configuring the database connection and building the table structure for Orchestrator. This

setting is crucial for an internationalized environment.

16 VMware, Inc.

Setting Up Orchestrator Components 3

You can install Orchestrator on a computer running Microsoft Windows or you can download and deploy the Orchestrator Appliance. In both cases, the Orchestrator server is preconfigured, and after successful installation or deployment, the service starts automatically.

To enhance the availability and scalability of your Orchestrator setup, you can follow several guidelines :

Install Orchestrator on a computer different from the computer on which vCenter Server runs.

Install and configure a database and configure Orchestrator to connect to it.

Install and configure an LDAP server or a VMware vCenter Single Sign-On server and configure

Orchestrator to work with it.

This chapter includes the following topics:

“Orchestrator Configuration Maximums,” on page 17

“vCenter Server Setup,” on page 18

“Authentication Methods,” on page 18

“Orchestrator Database Setup,” on page 18

Orchestrator Configuration Maximums

When you configure Orchestrator, verify that you stay at or below the supported maximums.

Table 3‑1. Orchestrator Configuration Maximums

Item Maximum

Connected vCenter Server systems 20

Connected ESX/ESXi servers 1280

Connected virtual machines spread over vCenter Server systems 35000

Connected virtual machines spread over vCenter Server systems per an Orchestrator cluster node

Concurrent running workflows 300

VMware, Inc. 17

15000

Installing and Configuring VMware vCenter Orchestrator

vCenter Server Setup

Increasing the number of vCenter Server instances in your Orchestrator setup causes Orchestrator to manage more sessions. Each active session results in activity on the corresponding vCenter Server, and too many active sessions can cause Orchestrator to experience timeouts when more than 10 vCenter Server connections occur.

For a list of the supported versions of vCenter Server, see VMware Product Interoperability Matrix.

NOTE You can run multiple vCenter Server instances on different virtual machines in your Orchestrator setup if your network has sufficient bandwidth and latency. If you are using LAN to improve the communication between Orchestrator and vCenter Server, a 100Mb line is mandatory.

Authentication Methods

To authenticate and manage user permissions, Orchestrator requires a connection to an LDAP server or a connection to a vCenter Single Sign-On server.

Orchestrator supports the Active Directory, OpenLDAP, eDirectory, and Sun Java System Directory Server directory service types.

When you install Orchestrator together with vCenter Server, the Orchestrator server is preconfigured to use vCenter Single Sign-On as an authentication method.

When you install Orchestrator standalone, it is preconfigured to use an embedded LDAP server. The embedded LDAP server is suitable for testing purposes only. If you want to use Orchestrator with an LDAP server in a production environment, you must set up a separate LDAP server and configure Orchestrator to connect to it.

If you download and deploy the Orchestrator Appliance, the Orchestrator server is preconfigured to work with the OpenLDAP server distributed together with the appliance. The default OpenLDAP configuration is suitable for small- or medium-scale environment. To use Orchestrator in a production environment, you must set up either an LDAP server or a vCenter Single Sign-On server and configure Orchestrator to work with it.

To use LDAP server, you must connect your system to the LDAP server that is physically closest to your Orchestrator server, and avoid connections to remote LDAP servers. Long response times for LDAP queries can lead to slower performance of the whole system.

To improve the performance of the LDAP queries, keep the user and group lookup base as narrow as possible. Limit the users to targeted groups that need access, rather than to whole organizations with many users who do not need access. The resources that you need depend on the combination of database and directory service you choose. For recommendations, see the documentation for your LDAP server.

To use the vCenter Single Sign-On authentication method, you must first install vCenter Single Sign-On. If you install Orchestrator separately from vCenter Server and want to use vCenter Single Sign-On, you must configure the Orchestrator server to use the vCenter Single Sign-On server that you installed and configured.

Orchestrator Database Setup

Orchestrator requires a database to store workflows and actions.

If you install Orchestrator together with vCenter Server, the Orchestrator server is preconfigured to use the vCenter Server datasource (vDB) and no additional configuration of the database is required. However, if you need to use a separate database, you can configure Orchestrator to use a dedicated database by using the Orchestrator configuration interface.

18 VMware, Inc.

Chapter 3 Setting Up Orchestrator Components

If you install Orchestrator separately from vCenter Server, the Orchestrator server is preconfigured to use an embedded database, which is suitable for testing purposes only. When the database is embedded, you cannot set up Orchestrator to work in cluster mode, or change the license and the server certificate from the Orchestrator configuration interface. To change the server certificates without changing the database settings, you must run the configuration workflows by using either the Orchestrator client or the REST API. For more information about running the configuration workflows by using the Orchestrator client, see Using the VMware vCenter Orchestrator Plug-Ins. For detailed instructions about running the configuration workflows by using the REST API, see Chapter 7, “Configuring Orchestrator by Using the Configuration

Plug-In and the REST API,” on page 71.

To use Orchestrator in a production environment, you must set up a dedicated Orchestrator database. You can configure the Orchestrator server to use either the vCenter Server datasource, or another database that you have created for the Orchestrator server.

If you download and deploy the Orchestrator Appliance, the Orchestrator server is preconfigured to work with the PostgreSQL database distributed with the appliance. The default Orchestrator Appliance database configuration is suitable for small- or medium-scale environment. To use Orchestrator in a production environment, you must set up a database and configure Orchestrator to work with it.

Orchestrator server supports Oracle, Microsoft SQL Server, and PostgreSQL databases. Orchestrator can work with Microsoft SQL Server Express in small-scale environments consisting of up to 5 hosts and 50 virtual machines.

For details about using SQL Server Express with Orchestrator, see “Configure SQL Server Express to Use

with Orchestrator,” on page 50.

The common workflow for setting up the Orchestrator database consists of the following steps:

1 Create a new database. For more information about creating a new database, see the documentation of

your database provider.

2 Enable the database for remote connection. For an example, see “Configure SQL Server Express to Use

with Orchestrator,” on page 50.

3 Configure the database connection parameters. For more information, see “Configuring the

Orchestrator Database Connection,” on page 50.

If you plan to set up an Orchestrator cluster, you must configure the database to accept multiple connections so that it can accept connections from the different Orchestrator server instances in the cluster.

The database setup can affect Orchestrator performance. Install the database on a machine other than the one on which the Orchestrator server is installed. This approach avoids the JVM and DB server having to share CPU, RAM, and I/O.

The location of the database is important because almost every activity on the Orchestrator server triggers operations on the database. To avoid latency in the database connection, connect to the database server that is geographically closest to your Orchestrator server and that is on the network with the highest available bandwidth.

The size of the Orchestrator database varies depending on the setup and how workflow tokens are handled. Allow for approximately 50KB for each vCenter Server object and 4KB for each workflow run.

CAUTION Verify that at least 1GB of disk space is available on the machine where the Orchestrator database is installed and on the machine where the Orchestrator server is installed.

Insufficient disk storage space might cause the Orchestrator server and client to not function correctly.

VMware, Inc. 19

Installing and Configuring VMware vCenter Orchestrator

20 VMware, Inc.

Installing and Upgrading

Orchestrator 4

Orchestrator consists of a server component and a client component. You can install the Orchestrator components on the machine on which vCenter Server is installed or on a separate machine. You can also download and deploy the Orchestrator Appliance. To improve performance, install the Orchestrator server component on a separate machine.

You can install the Orchestrator configuration server on 64-bit Windows machines only. The Orchestrator client can run on both 32-bit and 64-bit Windows, Linux, and Mac machines.

To install Orchestrator, you must be either a local administrator or a domain user that is a member of the administrators group.

You can install and upgrade Orchestrator standalone or during the vCenter Server installation or upgrade. When you install vCenter Server 5.5, Orchestrator 5.5 is silently installed on your system as an additional component. To use Orchestrator, you must verify that the Orchestrator Server service has started and then start the Orchestrator client. Any user from the vCenter Server administrator group that you have provided during the vCenter Server installation, is an Orchestrator administrator.

If you need to change the default Orchestrator configuration settings, you can start the Orchestrator Configuration service and change the settings by using the Orchestrator configuration interface. You can also run the Orchestrator configuration workflows by using either the Orchestrator client or the REST API.

For information about the vCenter Server software and hardware requirements, prerequisites, and installation steps, see vSphere Installation and Setup.

For information about upgrading vCenter Server, see vSphere Upgrade.

After you upgrade vCenter Server and Orchestrator, you must reimport the SSL certificate for the licensed vCenter Server and start the Orchestrator server. For more information about importing the vCenter Server SSL certificate, see “Import the vCenter Server SSL Certificate,” on page 39.

IMPORTANT Each installation of the Orchestrator server has a unique certificate. To run remote workflows from one Orchestrator server over another Orchestrator server, ensure that you either replace the SSL keystore, or maintain separate SSL keypairs and use the trust manager. See “Enable Orchestrator for Remote

Workflow Execution,” on page 99.

This chapter includes the following topics:

“Download the vCenter Server Installer,” on page 22

“Install Orchestrator Standalone,” on page 22

“Install the Orchestrator Client on a 32-Bit Machine,” on page 23

“Install the Client Integration Plug-In in the vSphere Web Client,” on page 24

“Download and Deploy the Orchestrator Appliance,” on page 25

VMware, Inc.

Installing and Configuring VMware vCenter Orchestrator

“Upgrade Orchestrator 4.2.x and 5.1.x Standalone,” on page 28

“Upgrading Orchestrator 4.0.x Running on a 64-Bit Machine,” on page 29

“Upgrading Orchestrator 4.0.x and Migrating the Configuration Data,” on page 32

“Upgrading the Orchestrator Appliance,” on page 33

“Uninstall Orchestrator,” on page 33

Download the vCenter Server Installer

Download the installer for vCenter Server, the vSphere Web Client, and associated vCenter components and support tools.

Procedure

1 Download the zip file for vCenter Server from the VMware downloads page at

http://www.vmware.com/support/.

2 Extract the files from the zip archive.

Install Orchestrator Standalone

For production environments and to enhance the scalability of your Orchestrator setup, install Orchestrator on a dedicated Windows machine.

You can install the Orchestrator server only on a 64-bit operating system platform.

The Orchestrator client can run on both 32-bit and 64-bit Windows machines.

You can install the Orchestrator client on a 32-bit machine. For more information, see “Install the

Orchestrator Client on a 32-Bit Machine,” on page 23.

NOTE If you try to install Orchestrator 5.5 on a 64-bit machine on which an instance of Orchestrator 4.0.x is running, the 64-bit installer does not detect the earlier version of Orchestrator. As a result, two versions of Orchestrator are installed and coexist.

Prerequisites

Verify that your hardware meets the Orchestrator system requirements. See “Hardware Requirements

for Orchestrator,” on page 13.

Download the vCenter Server 5.5 installer from the VMware Web site.

Procedure

1 Start the Orchestrator installer.

In the directory containing the installer, browse to the download_directory\vCenter-Server\vCO\ folder and double-click vCenterOrchestrator.exe.

The file contains installers for the client and the server components.

2 Click Next.

3 Accept the terms in the license agreement and click Next.

4 Either accept the default destination folders or click Change to select another location, and click Next.

CAUTION You cannot install Orchestrator in a directory whose name contains non-ASCII characters. If you are operating in a locale that features non-ASCII characters, you must install Orchestrator in the default location.

22 VMware, Inc.

Chapter 4 Installing and Upgrading Orchestrator

5 Select the type of installation and click Next.

Option Description

Client

Server

Client-Server

Installs the Orchestrator client application, which allows you to create and edit workflows.

Installs the Orchestrator server platform.

Installs the Orchestrator client and server.

6 Select the location for the Orchestrator shortcuts and click Next.

CAUTION The name of the shortcuts directory must contain only ASCII characters.

7 Click Install to start the installation process.

8 Click Done to close the installer.

What to do next

To start configuring Orchestrator, start the VMware vCenter Orchestrator Configuration service and log in to the Orchestrator configuration interface at: https://orchestrator_server_DNS_name_or_IP_address:8283 or https://localhost:8283.

Install the Orchestrator Client on a 32-Bit Machine

The Orchestrator client is a desktop application that lets you import packages, create, run, and schedule workflows, as well as manage user permissions. If you install vCenter Server, the Orchestrator client is installed silently on your system. You can install the Orchestrator client only on a 32-bit machine.

You can use the standalone Orchestrator client installer on a 32-bit machine only.

Procedure

1 Log in to the 32-bit machine as an administrator.

2 Download the Orchestrator client installer.

You can download the Orchestrator client 32-bit installer either from the VMware Web site or by clicking the Download vCenter Orchestrator Client installable link on the Orchestrator home page.

3 Double-click the vCenter Orchestrator client distribution file and click Next.

The filename is vCenterOrchestratorClient-5.a.b.-yyy.exe, where a and b are major and minor version, and yyy is the build number.

4 Accept the terms in the license agreement and click Next.

5 Either accept the default destination folders or click Change to select another location, and click Next.

6 Select the location for the Orchestrator shortcuts and click Next.

CAUTION The name of the shortcuts directory must contain only ASCII characters.

7 Review the summary and click Next.

8 Click Install to start the installation process.

VMware, Inc. 23

Installing and Configuring VMware vCenter Orchestrator

9 Click Done to close the installer.

The Orchestrator client component is installed on your system.

What to do next

You can log in to the Orchestrator client interface to perform general administration tasks and create workflows.

Install the Client Integration Plug-In in the vSphere Web Client

The Client Integration Plug-in provides access to a virtual machine's console in the vSphere Web Client, and provides access to other vSphere infrastructure features.

You use the Client Integration Plug-in to deploy OVF or OVA templates and transfer files with the datastore browser. You can also use the Client Integration Plug-in to connect virtual devices that reside on a client computer to a virtual machine.

Install the Client Integration Plug-in only once to enable all the functionality the plug-in delivers. You must close the Web browser before installing the plug-in.

If you install the Client Integration Plug-in from an Internet Explorer browser, you must first disable Protected Mode and enable pop-up windows on your Web browser. Internet Explorer identifies the Client Integration Plug-in as being on the Internet instead of on the local intranet. In such cases, the plug-in is not installed correctly because Protected Mode is enabled for the Internet.

You cannot launch the virtual machine console in Internet Explorer without the Client Integration Plug-in. In other supported browsers, the virtual machine console can run without the plug-in.

The Client Integration Plug-in also lets you log in to the vSphere Web Client by using Windows session credentials.

For information about supported browsers and operating systems, see the vSphere Installation and Setup documentation.

Prerequisites

If you use Microsoft Internet Explorer, disable Protected Mode.

Procedure

1 In the vSphere Web Client, navigate to a link to download the Client Integration Plug-in.

Option Description

vSphere Web Client login page

Guest OS Details panel

OVF deployment wizard

Virtual machine console

a Open a Web browser and type the URL for the vSphere Web Client.

b At the bottom of the vSphere Web Client login page, click Download

Client Integration Plug-in.

This option is not available for browsers that run on a Mac OS.

a Select a virtual machine in the inventory and click the Summary tab.

b Click Download Plug-in.

a Select a host in the inventory and select Actions > All vCenter Actions

> Deploy OVF Template.

b Click Download Client Integration Plug-in.

This option is not available for Microsoft Internet Explorer, and for browsers that run on a Mac OS.

a Select a virtual machine in the inventory, click the Summary tab, and

click Launch Console.

b At the top right corner of the virtual machine console window, click

Download Client Integration Plugin.

24 VMware, Inc.

Chapter 4 Installing and Upgrading Orchestrator

2 If the browser blocks the installation either by issuing certificate errors or by running a pop-up blocker,

follow the Help instructions for your browser to resolve the problem.

Download and Deploy the Orchestrator Appliance

As an alternative to installing vCenter Orchestrator on a Windows computer, you can download and deploy the Orchestrator Appliance.

Prerequisites

Verify that your computing environment meets the following conditions:

vCenter Server is installed and running.

The host on which you are deploying the appliance has enough free disk space.

The Client Integration plug-in is installed before you deploy an OVF template. This plug-in enables

OVF deployment on your local file system.

If your system is isolated and without Internet access, you must download either the .vmdk and .ovf files, or the .ova file for the appliance from the vSphere 5 download page on the VMware Web site, and save the files in the same folder.

Procedure

1 Log in to the vSphere Web Client as an administrator.

2 In the vSphere Web Client, select an inventory object that is a valid parent object of a virtual machine,

such as a datacenter, folder, cluster, resource pool, or host.

3 Select Actions > All vCenter Actions > Deploy OVF Template.

4 Type the path or the URL to the .ovf or .ova file and click Next.

5 Review the OVF details and click Next.

6 Accept the terms in the license agreement and click Next.

7 Type a name and location for the deployed appliance, and click Next.

8 Select a host, cluster, resource pool, or vApp as a destination on which you want the appliance to run,

and click Next.

9 Select a format in which you want to save the appliance's virtual disk and the storage.

Format Description

Thick provisioned Lazy Zeroed

Thick Provisioned Eager Zeroed

Thin provisioned format

Creates a virtual disk in a default thick format. The space required for the virtual disk is allocated when the virtual disk is created. If any data remains on the physical device, it is not erased during creation, but is zeroed out on demand later on first write from the virtual machine.

Supports clustering features such as Fault Tolerance. The space required for the virtual disk is allocated when the virtual disk is created. If any data remains on the physical device, it is zeroed out when the virtual disk is created. It might take much longer to create disks in this format than to create disks in other formats.

Saves storage space. For the thin disk, you provision as much datastore space as the disk requires based on the value that you select for the disk size. The thin disk starts small and at first, uses only as much datastore space as the disk needs for its initial operations.

10 (Optional) Configure the network settings, and click Next.

By default the Orchestrator Appliance uses DHCP. You can also change this setting manually and assign a fixed IP address from the appliance Web console.

VMware, Inc. 25

Installing and Configuring VMware vCenter Orchestrator

11 Review the properties of the appliance and set initial passwords for the root user account and for the

vmware user in the Orchestrator Configuration interface.

Your initial passwords must be at least eight characters long, and must contain at least one digit, special character, and uppercase letter.

IMPORTANT The password for the root account of the Orchestrator Appliance expires after 365 days. You can increase the expiry time for an account by logging in to the Orchestrator Appliance as root, and running passwd -x number_of_days name_of_account. If you want to increase the Orchestrator Appliance root password to infinity, run passwd -x 99999 root.

12 Review the Ready to Complete page and click Finish.

The Orchestrator Appliance is successfully deployed.

Power On the Orchestrator Appliance and Open the Home Page

To use the Orchestrator Appliance, you must first power it on and get an IP address for the virtual appliance.

Procedure

1 Log in to the vSphere Web Client as an administrator.

2 Right-click the Orchestrator Appliance and select Power > Power On.

3 On the Summary tab, view the Orchestrator Appliance IP address.

4 In a Web browser, go to the IP address of your Orchestrator Appliance virtual machine.

http://orchestrator_appliance_ip

Change the Root Password

For security reasons, you can change the root password of the Orchestrator Appliance.

passwd -x number_of_days name_of_account. If you want to increase the Orchestrator Appliance root

password to infinity, run the passwd -x 99999 root command.

Prerequisites

Download and deploy the Orchestrator Appliance.

Verify that the appliance is up and running.

Procedure

1 In a Web browser, go to https://orchestrator_appliance_ip:5480.

2 Type the appliance user name and password.

3 Click the Admin tab.

4 In the Current administrator password text box, type the current root password.

5 Type the new password in the New administrator password and Retype new administrator password

text boxes.

6 Click Change password.

You successfully changed the password of the root Linux user of the Orchestrator Appliance.

26 VMware, Inc.

Chapter 4 Installing and Upgrading Orchestrator

Enable or Disable SSH Administrator Login on the vCenter Orchestrator Appliance

You can enable or disable the ability to log in as root to the Orchestrator Appliance using SSH.

Prerequisites

Download and deploy the Orchestrator Appliance.

Verify that the appliance is up and running.

Procedure

1 In a Web browser, go to https://orchestrator_appliance_ip:5480.

2 Log in as root.

3 On the Admin tab, click Toggle SSH setting to allow log in as root to the Orchestrator Appliance using

SSH.

4 (Optional) Click Toggle SSH setting again to prevent log in as root to the Orchestrator Appliance using

SSH.

Configure Network Settings for the Orchestrator Appliance

Configure network settings for the Orchestrator Appliance to assign a static IP address and define the proxy settings.

Prerequisites

Download and deploy the Orchestrator Appliance.

Verify that the appliance is up and running.

Procedure

1 In a Web browser, go to https://orchestrator_appliance_ip:5480.

2 Log in as root.

3 On the Network tab, click Address.

4 Select the method by which the appliance obtains IP address settings.

Option Description

DHCP

Static

Obtains IP settings from a DHCP server. This is the default setting.

Uses static IP settings. Type the IP address, netmask, and gateway.

Depending on your network settings, you might have to select IPv4 and IPv6 address types.

5 (Optional) Type the necessary network configuration information.

6 Click Save Settings.

7 (Optional) Set the proxy settings and click Save Settings.

VMware, Inc. 27

Installing and Configuring VMware vCenter Orchestrator

Upgrade Orchestrator 4.2.x and 5.1.x Standalone

To upgrade Orchestrator 4.2.x or Orchestrator 5.1.x on a 64-bit Microsoft Windows machine that is different from the machine on which vCenter Server runs, run the latest version of the Orchestrator standalone installer.

Prerequisites

Create a backup of the Orchestrator database.

Back up your Orchestrator configuration, custom workflows, and packages. See “Back Up the

Orchestrator Configuration and Elements,” on page 103.

Download the vCenter Server 5.5 installer from the VMware Web site.

Procedure

1 Stop the Orchestrator server services.

a Select Start > Programs > Administrative Tools > Services.

b In the right pane, right-click VMware vCenter Orchestrator Server and select Stop.

c In the right pane, right-click VMware vCenter Orchestrator Configuration and select Stop.

2 Back up your Orchestrator plug-in files and their configurations so that you can import them after the

upgrade.

Option Action

To back up the plug-ins

To back up the plug-in configurations

Copy the files from install_directory\VMware\Orchestrator\app- server\server\vmo\plugins to your backup location.

Copy the files from install_directory\VMware\Orchestrator\app- server\server\vmo\conf\plugins to your backup location.

3 Start the Orchestrator installer.

In the directory containing the installer, browse to the download_directory\vCenter-Server\vCO\ folder and double-click vCenterOrchestrator.exe.

The file contains installers for the client and the server components.

4 Click Next.

5 Accept the terms in the license agreement and click Next.

6 Select Continue with update to upgrade Orchestrator.

7 After the installer detects the installation directory, click Next .

You cannot change the installation directory when you are upgrading Orchestrator. To change this parameter, you must perform a new installation.

8 Select the upgrade that matches your existing Orchestrator installation and click Next.

Option Description

Client

Server

Client-Server

Upgrades the Orchestrator client application.

Upgrades the Orchestrator server platform.

Upgrades the Orchestrator client and server.

28 VMware, Inc.

Chapter 4 Installing and Upgrading Orchestrator

For example, if you have installed only the Orchestrator client, select Client and then upgrade your Orchestrator server separately.

IMPORTANT The versions of the Orchestrator client and server must be the same.

9 Select the location for the Orchestrator shortcuts and click Next.

CAUTION The name of the shortcuts directory must contain only ASCII characters.

10 Click Install to start the installation process.

11 Click Done to close the installer.

12 Import the backed up plug-in files to your new Orchestrator version.

Option Action

To import the plug-ins

To import the plug-in configurations

Copy the backed up files to

install_directory\VMware\Orchestrator\appserver\server\vmo\plugins.

Copy the backed up files to

install_directory\VMware\Orchestrator\appserver\server\vmo\conf\plugins.

Import only changed plug-in files.

13 Start the Orchestrator configuration service and log in to the Orchestrator configuration interface.

14 Reimport the SSL certificate for the licensed vCenter Server and start the Orchestrator server.

15 On the Plug-ins tab, click Reload all plug-ins.

16 On the Startup Options tab, click Restart the vCO Configuration server.

17 Click Start service to start the Orchestrator server.

You upgraded to the latest version of Orchestrator. The existing Orchestrator configuration is preserved.

Upgrading Orchestrator 4.0.x Running on a 64-Bit Machine

If vCenter Orchestrator 4.0.x is installed on the same 64-bit machine as vCenter Server 4.0 and later update releases, you cannot upgrade Orchestrator by upgrading to vCenter Server 5.5.

VMware does not support the in-place upgrade of a standalone Orchestrator 4.0.x instance running on a 64bit machine.

To upgrade to Orchestrator 5.5, you must export the Orchestrator configuration settings, uninstall the existing Orchestrator instance, run the Orchestrator installer, and import the configuration settings.

1 Export the Orchestrator Configuration on page 30

The Orchestrator configuration interface provides a mechanism to export the Orchestrator configuration settings to a local file. This mechanism allows you to take a snapshot of your system configuration at any moment and import this configuration into a new Orchestrator instance.

2 Uninstall Orchestrator on page 30

You can remove the Orchestrator client and server components from your system by using Add or Remove Programs.

3 Install Orchestrator Standalone on page 31

For production environments and to enhance the scalability of your Orchestrator setup, install Orchestrator on a dedicated Windows machine.

VMware, Inc. 29

Installing and Configuring VMware vCenter Orchestrator

4 Import the Orchestrator Configuration on page 32

You can restore the previously exported system configuration when you reinstall Orchestrator or if a system failure occurs.

Export the Orchestrator Configuration

You should export and save your configuration settings on a regular basis, especially when making modifications, performing maintenance tasks, or upgrading the system.

For a list of exported configuration settings, see “Orchestrator Configuration Files,” on page 85.

IMPORTANT Keep the file with the exported configuration safe and secure, because it contains sensitive administrative information.

Procedure

1 Log in to the Orchestrator configuration interface as vmware.

2 On the General tab, click Export Configuration.

3 (Optional) Type a password to protect the configuration file.

Use the same password when you import the configuration.

4 Click Export.

Orchestrator creates a vmo_config_dateReference.vmoconfig file on the machine on which the Orchestrator server is installed. You can use this file to clone or to restore the system.

Uninstall Orchestrator

You can remove the Orchestrator client and server components from your system by using Add or Remove Programs.

Prerequisites

Save the Orchestrator configuration settings to a local file. For more details, see “Export the

Orchestrator Configuration,” on page 30.

Back up custom workflows and plug-ins.

Procedure

1 From the Windows Start menu, select Settings > Control Panel > Add or Remove Programs.

2 Select vCenter Orchestrator and click Remove.

3 Click Uninstall in the Uninstall vCenter Orchestrator window.

A message confirms that all items have been successfully removed.

4 Click Done.

Orchestrator is uninstalled from your system.

30 VMware, Inc.

+ 94 hidden pages