VMware vRealize Orchestrator - 6.0.1, vRealize Orchestrator - 6.0 Installation Manual

Installing and Configuring VMware

vRealize Orchestrator

vRealize Orchestrator 6.0.1

This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new edition. To check for more recent editions of this document, see http://www.vmware.com/support/pubs.

EN-001378-00

Installing and Configuring VMware vRealize Orchestrator

You can find the most up-to-date technical documentation on the VMware Web site at:

http://www.vmware.com/support/

The VMware Web site also provides the latest product updates.

If you have comments about this documentation, submit your feedback to:

docfeedback@vmware.com

VMware, Inc.

3401 Hillview Ave. Palo Alto, CA 94304 www.vmware.com

2 VMware, Inc.

Installing and Configuring VMware vRealize Orchestrator 7

Introduction to VMware vRealize Orchestrator 9

Key Features of the Orchestrator Platform 9

Orchestrator User Types and Related Responsibilities 10

Orchestrator Architecture 11

Orchestrator Plug-Ins 12

Orchestrator System Requirements 13

Hardware Requirements for Orchestrator 13

Hardware Requirements for the Orchestrator Appliance 13

Operating Systems Supported by Orchestrator 14

Supported Directory Services 14

Browsers Supported by Orchestrator 14

Orchestrator Database Requirements 14

Software Included in the Orchestrator Appliance 15

Level of Internationalization Support 15

Setting Up Orchestrator Components 17

Orchestrator Configuration Maximums 17

vCenter Server Setup 18

Authentication Methods 18

Setting Up the Orchestrator Database 18

VMware, Inc.

Installing and Upgrading Orchestrator 21

Install Orchestrator Standalone 21

Install the Client Integration Plug-In 22

Download and Deploy the Orchestrator Appliance 23

Power On the Orchestrator Appliance and Open the Home Page 25

Change the Root Password 25

Enable or Disable SSH Administrator Login on the vRealize Orchestrator Appliance 25

Configure Network Settings for the Orchestrator Appliance 26

Upgrade Orchestrator Standalone 26

Create an Archive for Upgrading Orchestrator 28

Upgrade Orchestrator Appliance 5.5.x to 6.0.1 30

Upgrading Orchestrator Appliance 5.5 and Earlier 30

Upgrade an Orchestrator Cluster 31

Uninstall Orchestrator 32

Configuring vRealize Orchestrator 33

Start the Orchestrator Configuration Service 34

Installing and Configuring VMware vRealize Orchestrator

Configure the Network Connection 35

Orchestrator Network Ports 36

Import the vCenter Server SSL Certificate 37

Selecting the Authentication Type 38

Configuring vCenter Single Sign-On Settings 39

Configuring LDAP Settings 42

Configuring the Orchestrator Database Connection 48

Configure SQL Server Express to Use with Orchestrator 48

Import the Database SSL Certificate 49

Configure the Database Connection 50

Server Certificate 52

Create a Self-Signed Server Certificate 53

Obtain a Server Certificate Signed by a Certificate Authority 53

Import a Server Certificate 54

Export a Server Certificate 54

Changing a Self-Signed Server Certificate 55

Configure the Orchestrator Plug-Ins 56

Define the Default SMTP Connection 57

Configure the SSH Plug-In 57

Configure the vCenter Server Plug-In 58

Installing a New Plug-In 58

Importing the vCenter Server License 59

Import the vCenter Server License 59

Add the vCenter Server License Key Manually 60

Access Rights to Orchestrator Server 60

Selecting the Orchestrator Server Mode 61

Configure an Orchestrator Cluster 61

Configure Orchestrator to Work with the vSphere 6.0 Infrastructure 63

Start the Orchestrator Server 63

Configuring vRealize Orchestrator in the Orchestrator Appliance 65

Configure the vCenter Server Plug-In 66

Import a vCenter Server SSL Certificate and License 66

Configuring Orchestrator by Using the Configuration Plug-In and the REST

API 69

Configure the Network Settings 70

Configuring Authentication Settings by Using the REST API 70

Configure LDAP Authentication by Using the REST API 71

Configure the Database Connection by Using the REST API 73

Create a Self-Signed Server Certificate by Using the REST API 74

Managing SSL Certificates by Using the REST API 75

Delete an SSL Certificate by Using the REST API 75

Import SSL Certificates by Using the REST API 75

4 VMware, Inc.

Importing Licenses by Using the REST API 76

Import the vCenter Server License by Using the REST API 76

Enter a License Key by Using the REST API 77

Contents

Additional Configuration Options 79

Change the Password of the Orchestrator Configuration Interface 79

Uninstall a Plug-In 80

Export the Orchestrator Configuration 81

Orchestrator Configuration Files 81

Import the Orchestrator Configuration 82

Configure the Expiration Period of Events and the Maximum Number of Runs 83

Import Licenses for a Plug-In 83

Orchestrator Log Files 84

Logging Persistence 85

Define the Server Log Level 86

Change the Size of Server Logs 86

Export Orchestrator Log Files 87

Filter the Orchestrator Log Files 88

Configuration Use Cases and Troubleshooting 89

Configuring a Cluster of Orchestrator Server Instances 89

Registering Orchestrator with vCenter Single Sign-On in the vCenter Server Appliance 91

Setting Up Orchestrator to Work with the vSphere Web Client 92

Check Whether Orchestrator Is Successfully Registered as an Extension 93

Unregister Orchestrator from vCenter Single Sign-On 93

Create an Archive for Upgrading Orchestrator 94

Changing SSL Certificates 95

Generate a New Certificate 96

Install a Certificate from a Certificate Authority 97

Adding the Certificate to the Local Store 97

Change the Certificate of the Orchestrator Appliance Management Site 98

Back Up the Orchestrator Configuration and Elements 98

Orchestrator Server Fails to Start 100

Revert to the Default Password for Orchestrator Configuration 101

Setting System Properties 103

Disable Access to the Orchestrator Client By Nonadministrators 103

Disable Access to Workflows from Web Service Clients 104

Setting Server File System Access for Workflows and JavaScript 104

Rules in the js-io-rights.conf File Permitting Write Access to the Orchestrator System 105

Set Server File System Access for Workflows and JavaScript 105

Create and Locate the js-io-rights.conf File in the Orchestrator Appliance 106

Manually Create the js-io-rights.conf File on Windows Systems 107

Set JavaScript Access to Operating System Commands 107

Set JavaScript Access to Java Classes 108

Set Custom Timeout Property 109

Modify the Number of Objects a Plug-In Search Obtains 109

Modify the Number of Concurrent and Pending Workflows 110

VMware, Inc. 5

Installing and Configuring VMware vRealize Orchestrator

Where to Go From Here 111

Index 115

6 VMware, Inc.

Installing and Configuring VMware vRealize Orchestrator

Installing and Configuring VMware vRealize Orchestrator provides information and instructions about installing, upgrading and configuring VMware® vRealize Orchestrator.

Intended Audience

This information is intended for advanced vSphere administrators and experienced system administrators who are familiar with virtual machine technology and datacenter operations.

VMware, Inc. 7

Installing and Configuring VMware vRealize Orchestrator

8 VMware, Inc.

Introduction to

VMware vRealize Orchestrator 1

VMware vRealize Orchestrator is a development- and process-automation platform that provides a library of extensible workflows to allow you to create and run automated, configurable processes to manage the VMware vSphere infrastructure as well as other VMware and third-party technologies.

Orchestrator exposes every operation in the vCenter Server API, allowing you to integrate all of these operations into your automated processes. Orchestrator also allows you to integrate with other management and administration solutions through its open plug-in architecture.

This chapter includes the following topics:

“Key Features of the Orchestrator Platform,” on page 9

“Orchestrator User Types and Related Responsibilities,” on page 10

“Orchestrator Architecture,” on page 11

“Orchestrator Plug-Ins,” on page 12

Key Features of the Orchestrator Platform

Orchestrator is composed of three distinct layers: an orchestration platform that provides the common features required for an orchestration tool, a plug-in architecture to integrate control of subsystems, and a library of workflows. Orchestrator is an open platform that can be extended with new plug-ins and libraries, and can be integrated into larger architectures through a REST API.

The following list presents the key Orchestrator features.

Persistence

Central management

Check-pointing

Versioning

Production grade external databases are used to store relevant information, such as processes, workflow states, and configuration information.

Orchestrator provides a central way to manage your processes. The application server-based platform, with full version history, allows you to have scripts and process-related primitives in one place. This way, you can avoid scripts without versioning and proper change control spread on your servers.

Every step of a workflow is saved in the database, which allows you to restart the server without losing state and context. This feature is especially useful for long-running processes.

All Orchestrator Platform objects have an associated version history. This feature allows basic change management when distributing processes to different project stages or locations.

VMware, Inc. 9

Installing and Configuring VMware vRealize Orchestrator

Scripting engine

Workflow engine

Policy engine

Security

The Mozilla Rhino JavaScript engine provides a way to create new building blocks for Orchestrator Platform. The scripting engine is enhanced with basic version control, variable type checking, name space management and exception handling. It can be used in the following building blocks:

Actions

Workflows

Policies

The workflow engine allows you to capture business processes. It uses the following objects to create a step-by-step process automation in workflows:

Workflows and actions that Orchestrator provides.

Custom building blocks created by the customer

Objects that plug-ins add to Orchestrator

Users, other workflows, a schedule, or a policy can start workflows.

The policy engine allows monitoring and event generation to react to changing conditions in the Orchestrator server or plugged-in technology. Policies can aggregate events from the platform or any of the plug-ins, which allows you to handle changing conditions on any of the integrated technologies.

Orchestrator provides the following advanced security functions:

Public Key Infrastructure (PKI) to sign and encrypt content imported

and exported between servers

Digital Rights Management (DRM) to control how exported content

might be viewed, edited and redistributed

Secure Sockets Layer (SSL) encrypted communications between the

desktop client and the server and HTTPS access to the Web front end.

Advanced access rights management to provide control over access to

processes and the objects manipulated by these processes.

Orchestrator User Types and Related Responsibilities

Orchestrator provides different tools and interfaces based on the specific responsibilities of the two global user roles: Administrators and End Users. Orchestrator developers also have administrative rights and are responsible for creating workflows and additional applications.

Users with Full Rights

Administrators

This role has full access to all of the Orchestrator platform capabilities. Basic administrative responsibilities include the following items:

Installing and configuring Orchestrator

Managing access rights for Orchestrator and applications

Importing and exporting packages

Running workflows and scheduling tasks

Managing version control of imported elements

10 VMware, Inc.

Creating new workflows and plug-ins

XML SSH SQL SMTP

3rd-party

plug-in

workflow engine

Orchestrator

database

vRealize

Orchestrator

Client application

Web services REST/SOAP

browser

access

Directory services

or vCenter

Single Sign On

vCenter

Server

vCenter

Server

workflow library

Chapter 1 Introduction to VMware vRealize Orchestrator

Developers

This user type has full access to all of the Orchestrator platform capabilities. Developers are granted access to the Orchestrator client interface and have the following responsibilities:

Users with Limited Rights

End Users

This role has access to only the Web front end. End users can run and schedule workflows and policies that the administrators or developers make available in a browser.

Orchestrator Architecture

Orchestrator contains a workflow library and a workflow engine to allow you to create and run workflows that automate orchestration processes. You run workflows on the objects of different technologies that Orchestrator accesses through a series of plug-ins.

Orchestrator provides a standard set of plug-ins, including a plug-in for vCenter Server, to allow you to orchestrate tasks in the different environments that the plug-ins expose.

Orchestrator also presents an open architecture to allow you to plug in external third-party applications to the orchestration platform. You can run workflows on the objects of the plugged-in technologies that you define yourself. Orchestrator connects to an authentication provider to manage user accounts, and to a database to store information from the workflows that it runs. You can access Orchestrator, the Orchestrator workflows, and the objects it exposes through the Orchestrator client interface, or through Web services.

Creating applications to extend the Orchestrator platform functionality

Automating processes by customizing existing workflows and creating new workflows and plug-ins

Figure 1‑1. VMware vRealize Orchestrator Architecture

VMware, Inc. 11

Installing and Configuring VMware vRealize Orchestrator

Orchestrator Plug-Ins

Plug-ins allow you to use Orchestrator to access and control external technologies and applications. Exposing an external technology in an Orchestrator plug-in allows you to incorporate objects and functions in workflows that access the objects and functions of that external technology.

The external technologies that you can access by using plug-ins can include virtualization management tools, email systems, databases, directory services, and remote control interfaces.

Orchestrator provides a set of standard plug-ins that you can use to incorporate into workflows such technologies as the VMware vCenter Server API and email capabilities. In addition, you can use the Orchestrator open plug-in architecture to develop plug-ins to access other applications.

The Orchestrator plug-ins that VMware develops are distributed as .vmoapp files. For more information about the Orchestrator plug-ins that VMware develops and distributes, see

http://www.vmware.com/support/pubs/vco_plugins_pubs.html. For more information about third-party

Orchestrator plug-ins, see https://solutionexchange.vmware.com/store/vco.

12 VMware, Inc.

Orchestrator System Requirements 2

Your system must meet the technical requirements that are necessary for Orchestrator to work properly.

For a list of the supported versions of vCenter Server, the vSphere Web Client, vCloud Automation Center, and other VMware solutions, as well as compatible database versions, see VMware Product Interoperability

Matrix.

This chapter includes the following topics:

“Hardware Requirements for Orchestrator,” on page 13

“Hardware Requirements for the Orchestrator Appliance,” on page 13

“Operating Systems Supported by Orchestrator,” on page 14

“Supported Directory Services,” on page 14

“Browsers Supported by Orchestrator,” on page 14

“Orchestrator Database Requirements,” on page 14

“Software Included in the Orchestrator Appliance,” on page 15

“Level of Internationalization Support,” on page 15

Hardware Requirements for Orchestrator

Verify that your system meets the minimum hardware requirements before you install Orchestrator.

2.0 GHz or faster Intel or AMD x64 processor. At least two CPUs are recommended. Processor

requirements might differ if your database runs on the same hardware.

4 GB RAM. You might need more RAM if your database runs on the same hardware.

4 GB disk space. You might need more storage if your database runs on the same hardware.

A free static IP address.

Hardware Requirements for the Orchestrator Appliance

The Orchestrator Appliance is a preconfigured Linux-based virtual machine. Before you deploy the appliance, verify that your system meets the minimum hardware requirements.

The Orchestrator Appliance has the following hardware configuration:

2 CPUs

3 GB of memory

VMware, Inc.

Installing and Configuring VMware vRealize Orchestrator

12 GB hard disk

Do not reduce the default memory size, because the Orchestrator server requires at least 2 GB of free memory.

Operating Systems Supported by Orchestrator

You can install the Orchestrator server only on 64-bit operating systems.

Orchestrator is also available as a virtual appliance running on a SUSE Linux Enterprise Server.

For a list of the operating systems supported by Orchestrator, see Supported host operating systems for

VMware vCenter Server installation.

Supported Directory Services

If you plan to use an LDAP server for authentication, ensure that you set up and configure a working LDAP server.

NOTE LDAP authentication is deprecated.

Orchestrator supports these directory service types.

Windows Server 2008 Active Directory

Windows Server 2012 Active Directory

OpenLDAP

Novell eDirectory Server 8.8.3

Sun Java System Directory Server 6.3

IMPORTANT Multiple domains that have a two-way trust, but are not in the same tree, are not supported and do not work with Orchestrator. The only configuration supported for multi-domain Active Directory is domain tree. Forest and external trusts are not supported.

Browsers Supported by Orchestrator

The Orchestrator configuration interface requires a Web browser.

You must have one of the following browsers to connect to the Orchestrator configuration interface.

Microsoft Internet Explorer 10 or later

Mozilla Firefox

Google Chrome

Orchestrator Database Requirements

The Orchestrator server requires a database. For small-scale deployments, you can use the preconfigured Orchestrator database. For better performance in a production environment, use a separate database for Orchestrator.

NOTE To ensure efficient CPU and memory usage, consider hosting the Orchestrator database and the Orchestrator server on different machines. Verify that at least 1 GB of free disk space is available on each machine.

For a list of the supported database versions, see VMware Product Interoperability Matrix.

14 VMware, Inc.

Software Included in the Orchestrator Appliance

The Orchestrator Appliance is a preconfigured virtual machine optimized for running Orchestrator. The appliance is distributed with preinstalled software.

The Orchestrator Appliance package contains the following software:

SUSE Linux Enterprise Server 11 Update 1 for VMware, 64-bit edition

PostgreSQL

OpenLDAP

Orchestrator

The default Orchestrator Appliance database configuration is suitable for small- or medium-scale environment. The default OpenLDAP configuration is suitable for experimental and testing purposes only. To use the Orchestrator Appliance in a production environment, you must set up a new database and directory service, and configure the Orchestrator server to work with them. You can also configure the Orchestrator server to work with VMware vCenter Single Sign-On. For more information about configuring external LDAP or vCenter Single Sign-On, see “Selecting the Authentication Type,” on page 38. For information about configuring a database for production environments, see “Setting Up the Orchestrator

Database,” on page 18.

Chapter 2 Orchestrator System Requirements

NOTE LDAP authentication is deprecated.

Level of Internationalization Support

Orchestrator supports internationalization level 1.

Non-ASCII Character Support in Orchestrator

Although Orchestrator is not localized, it can run on a non-English operating system and support nonASCII text.

Table 2‑1. Non-ASCII Character Support in Orchestrator GUI

Support for Non-ASCII Characters

Orchestrator Item Description Field Name Field

Action Yes No No No

Folder Yes Yes - -

Configuration element Yes Yes - No

Package Yes Yes - -

Policy Yes Yes - -

Policy template Yes Yes - -

Resource element Yes Yes - -

Workflow Yes Yes No No

Workflow presentation display group and input step

Yes Yes - -

Input and Output Parameters Attributes

VMware, Inc. 15

Installing and Configuring VMware vRealize Orchestrator

Non-ASCII Character Support for Oracle Databases

To store characters in the correct format in an Oracle database, set the NLS_CHARACTER_SET parameter to

AL32UTF8 before configuring the database connection and building the table structure for Orchestrator. This

setting is crucial for an internationalized environment.

16 VMware, Inc.

Setting Up Orchestrator Components 3

You can install Orchestrator on a computer running Microsoft Windows or you can download and deploy the Orchestrator Appliance. In both cases, the Orchestrator server is preconfigured, and after successful installation or deployment, the service starts automatically.

To enhance the availability and scalability of your Orchestrator setup, you can follow several guidelines :

Install Orchestrator on a computer different from the computer on which vCenter Server runs.

Install and configure a database and configure Orchestrator to connect to it.

Install and configure a VMware vCenter Single Sign-On server and configure Orchestrator to work with

it.

This chapter includes the following topics:

“Orchestrator Configuration Maximums,” on page 17

“vCenter Server Setup,” on page 18

“Authentication Methods,” on page 18

“Setting Up the Orchestrator Database,” on page 18

Orchestrator Configuration Maximums

When you configure Orchestrator, verify that you stay at or below the supported maximums.

Table 3‑1. Orchestrator Configuration Maximums

Item Maximum

Connected vCenter Server systems 20

Connected ESX/ESXi servers 1280

Connected virtual machines spread over vCenter Server systems 35000

Concurrent running workflows 300

VMware, Inc. 17

Installing and Configuring VMware vRealize Orchestrator

vCenter Server Setup

Increasing the number of vCenter Server instances in your Orchestrator setup causes Orchestrator to manage more sessions. Each active session results in activity on the corresponding vCenter Server, and too many active sessions can cause Orchestrator to experience timeouts when more than 10 vCenter Server connections occur.

For a list of the supported versions of vCenter Server, see VMware Product Interoperability Matrix.

NOTE You can run multiple vCenter Server instances on different virtual machines in your Orchestrator setup if your network has sufficient bandwidth and latency. If you are using LAN to improve the communication between Orchestrator and vCenter Server, a 100 Mb line is mandatory.

Authentication Methods

To authenticate and manage user permissions, Orchestrator requires a connection to an LDAP server or a connection to a Single Sign-On server.

Orchestrator supports the Active Directory, OpenLDAP, eDirectory, and Sun Java System Directory Server directory service types.

NOTE LDAP authentication is deprecated.

If you download and deploy the Orchestrator Appliance, the Orchestrator server is preconfigured to work with the OpenLDAP server distributed together with the appliance. The default OpenLDAP configuration is suitable for small- or medium-scale environment. To use Orchestrator in a production environment, you must set up either an LDAP server or a vCenter Single Sign-On server and configure Orchestrator to work with it.

To use LDAP server, you must connect your system to the LDAP server that is physically closest to your Orchestrator server, and avoid connections to remote LDAP servers. Long response times for LDAP queries can lead to slower performance of the whole system.

To improve the performance of the LDAP queries, keep the user and group lookup base as narrow as possible. Limit the users to targeted groups that need access, rather than to whole organizations with many users who do not need access. The resources that you need depend on the combination of database and directory service you choose. For recommendations, see the documentation for your LDAP server.

To use the vCenter Single Sign-On authentication method, you must first install vCenter Single Sign-On. You must configure the Orchestrator server to use the vCenter Single Sign-On server that you installed and configured.

To use Single Sign-On authentication through vCloud Automation Center, you must run the Register Orchestrator in vCloud Automation Center component registry workflow in the Orchestrator client.

Setting Up the Orchestrator Database

Orchestrator requires a database to store workflows and actions.

The Orchestrator server is preconfigured to use an embedded database, which is suitable for testing purposes only. You must configure Orchestrator to use a separate database by using the Orchestrator configuration interface. When the database is embedded, you cannot set up Orchestrator to work in cluster mode, or change the license and the server certificate from the Orchestrator configuration interface. To change the server certificates without changing the database settings, you must run the configuration workflows by using either the Orchestrator client or the REST API. For more information about running the configuration workflows by using the Orchestrator client, see Using the VMware vRealize OrchestratorPlug-Ins. For detailed instructions about running the configuration workflows by using the REST API, see Chapter 7,

“Configuring Orchestrator by Using the Configuration Plug-In and the REST API,” on page 69.

18 VMware, Inc.

Chapter 3 Setting Up Orchestrator Components

To use Orchestrator in a production environment, you must configure the Orchestrator server to use a dedicated Orchestrator database.

If you download and deploy the Orchestrator Appliance, the Orchestrator server is preconfigured to work with the PostgreSQL database distributed with the appliance. The default Orchestrator Appliance database configuration is suitable for small- or medium-scale environment. To use Orchestrator in a production environment, you must set up a database and configure Orchestrator to work with it.

Orchestrator server supports Oracle, Microsoft SQL Server, and PostgreSQL databases. Orchestrator can work with Microsoft SQL Server Express in small-scale environments consisting of up to 5 hosts and 50 virtual machines. For details about using SQL Server Express with Orchestrator, see “Configure SQL Server

Express to Use with Orchestrator,” on page 48.

The common workflow for setting up the Orchestrator database consists of the following steps:

1 Create a new database. For more information about creating a new database, see the documentation of

your database provider.

2 Enable the database for remote connection. For an example, see “Configure SQL Server Express to Use

with Orchestrator,” on page 48.

3 Configure the database connection parameters. For more information, see “Configuring the

Orchestrator Database Connection,” on page 48.

If you plan to set up an Orchestrator cluster, you must configure the database to accept multiple connections so that it can accept connections from the different Orchestrator server instances in the cluster.

The database setup can affect Orchestrator performance. Install the database on a machine other than the one on which the Orchestrator server is installed. This approach ensures that the JVM and database server do not share CPU, RAM, and I/O.

The location of the database is important because almost every activity on the Orchestrator server triggers operations on the database. To avoid latency in the database connection, connect to the database server that is geographically closest to your Orchestrator server and that is on the network with the highest available bandwidth.

The size of the Orchestrator database varies depending on the setup and how workflow tokens are handled. Allow for approximately 50 KB for each vCenter Server object and 4 KB for each workflow run.

CAUTION Verify that at least 1 GB of disk space is available on the machine where the Orchestrator database is installed and on the machine where the Orchestrator server is installed.

Insufficient disk storage space might cause the Orchestrator server and client to not function correctly.

VMware, Inc. 19

Installing and Configuring VMware vRealize Orchestrator

20 VMware, Inc.

Installing and Upgrading

Orchestrator 4

Orchestrator consists of a server component and a client component. You can download and deploy the Orchestrator Appliance or install Orchestrator standalone on a Windows machine.

You can install the Orchestrator configuration server on 64-bit Windows machines only. The Orchestrator client can run on 64-bit Windows, Linux, and Mac machines.

To install Orchestrator, you must be either a local administrator or a domain user that is a member of the administrators group.

To use Orchestrator, you must start the Orchestrator Server service and then start the Orchestrator client.

If you need to change the default Orchestrator configuration settings, you can start the Orchestrator Configuration service and change the settings by using the Orchestrator configuration interface. You can also run the Orchestrator configuration workflows by using either the Orchestrator client or the REST API.

This chapter includes the following topics:

“Install Orchestrator Standalone,” on page 21

“Install the Client Integration Plug-In,” on page 22

“Download and Deploy the Orchestrator Appliance,” on page 23

“Upgrade Orchestrator Standalone,” on page 26

“Create an Archive for Upgrading Orchestrator,” on page 28

“Upgrade Orchestrator Appliance 5.5.x to 6.0.1,” on page 30

“Upgrading Orchestrator Appliance 5.5 and Earlier,” on page 30

“Upgrade an Orchestrator Cluster,” on page 31

“Uninstall Orchestrator,” on page 32

Install Orchestrator Standalone

For production environments and to enhance the scalability of your Orchestrator setup, install Orchestrator on a dedicated Windows machine.

The Orchestrator client and server can run on 64-bit Windows machines.

NOTE If you try to install Orchestrator on a 64-bit machine on which an instance of Orchestrator 4.0.x is running, the 64-bit installer does not detect the earlier version of Orchestrator. As a result, two versions of Orchestrator are installed and coexist.

VMware, Inc.

Installing and Configuring VMware vRealize Orchestrator

Prerequisites

Verify that your hardware meets the Orchestrator system requirements. See “Hardware Requirements

for Orchestrator,” on page 13.

Download the vRealize Orchestrator installer from the VMware Web site.

Procedure

1 Start the Orchestrator installer.

Browse to the download location of the installer and start vRealizeOrchestrator-6.0.0.exe

2 Click Next.

3 Accept the terms in the license agreement and click Next.

4 Either accept the default destination folders or click Change to select another location, and click Next.

CAUTION You cannot install Orchestrator in a directory whose name contains non-ASCII characters. If you are operating in a locale that features non-ASCII characters, you must install Orchestrator in the default location.

5 Select the type of installation and click Next.

Option Description

Client

Server

Client-Server

6 Select the location for the Orchestrator shortcuts and click Next.

Installs the Orchestrator client application, which allows you to create and edit workflows.

Installs the Orchestrator server platform.

Installs the Orchestrator client and server.

CAUTION The name of the shortcuts directory must contain only ASCII characters.

7 Click Install to start the installation process.

8 Click Done to close the installer.

What to do next

To start configuring Orchestrator, start the VMware vRealize Orchestrator Configuration service and log in to the Orchestrator configuration interface at: https://orchestrator_server_DNS_name_or_IP_address:8283/vcoconfig or https://localhost:8283/vco-config.

Install the Client Integration Plug-In

The Client Integration Plug-in provides access to a virtual machine's console in the vSphere Web Client, and provides access to other vSphere infrastructure features.

You use the Client Integration Plug-in to deploy OVF or OVA templates and transfer files with the datastore browser. You can also use the Client Integration Plug-in to connect virtual devices that reside on a client computer to a virtual machine.

Install the Client Integration Plug-in only once to enable all the functionality the plug-in delivers. You must close the Web browser before installing the plug-in.

If you install the Client Integration Plug-in from an Internet Explorer browser, you must first disable Protected Mode and enable pop-up windows on your Web browser. Internet Explorer identifies the Client Integration Plug-in as being on the Internet instead of on the local intranet. In such cases, the plug-in is not installed correctly because Protected Mode is enabled for the Internet.

22 VMware, Inc.

Chapter 4 Installing and Upgrading Orchestrator

You cannot launch the virtual machine console in Internet Explorer without the Client Integration Plug-in. In other supported browsers, the virtual machine console can run without the plug-in.

The Client Integration Plug-in also lets you log in to the vSphere Web Client by using Windows session credentials.

For information about supported browsers and operating systems, see the vSphere Installation and Setup documentation.

Watch the video "Installing the Client Integration Plug-In" for information about the Client Integration PlugIn:

Installing the Client Integration Plug-In (http://link.brightcove.com/services/player/bcpid2296383276001?bctid=ref:video_client_plug_in)

Prerequisites

If you use Microsoft Internet Explorer, disable Protected Mode.

Procedure

1 In the vSphere Web Client, navigate to a link to download the Client Integration Plug-in.

Option Description

vSphere Web Client login page

Guest OS Details panel

OVF deployment wizard

Virtual machine console

a Open a Web browser and type the URL for the vSphere Web Client.

b At the bottom of the vSphere Web Client login page, click Download

Client Integration Plug-in.

This option is not available for browsers that run on a Mac OS.

a Select a virtual machine in the inventory and click the Summary tab.

b Click Download Plug-in.

a Select a host in the inventory and select Actions > All vCenter Actions

> Deploy OVF Template.

b Click Download Client Integration Plug-in.

This option is not available for Microsoft Internet Explorer, and for browsers that run on a Mac OS.

a Select a virtual machine in the inventory, click the Summary tab, and

click Launch Console.

b At the top right corner of the virtual machine console window, click

Download Client Integration Plugin.

2 If the browser blocks the installation either by issuing certificate errors or by running a pop-up blocker,

follow the Help instructions for your browser to resolve the problem.

Download and Deploy the Orchestrator Appliance

As an alternative to installing vRealize Orchestrator on a Windows computer, you can download and deploy the Orchestrator Appliance.

Prerequisites

Verify that your computing environment meets the following conditions:

vCenter Server is installed and running.

The host on which you are deploying the appliance has enough free disk space.

The Client Integration plug-in is installed before you deploy an OVF template. This plug-in enables

OVF deployment on your local file system.

If your system is isolated and without Internet access, you must download either the .vmdk and .ovf files, or the .ova file for the appliance from the VMware Web site, and save the files in the same folder.

VMware, Inc. 23

Installing and Configuring VMware vRealize Orchestrator

Procedure

1 Log in to the vSphere Web Client as an administrator.

2 In the vSphere Web Client, select an inventory object that is a valid parent object of a virtual machine,

such as a datacenter, folder, cluster, resource pool, or host.

3 Select Actions > Deploy OVF Template.

4 Type the path or the URL to the .ovf or .ova file and click Next.

5 Review the OVF details and click Next.

6 Accept the terms in the license agreement and click Next.

7 Type a name and location for the deployed appliance, and click Next.

8 Select a host, cluster, resource pool, or vApp as a destination on which you want the appliance to run,

and click Next.

9 Select a format in which you want to save the appliance's virtual disk and the storage.

Format Description

Thick provisioned Lazy Zeroed

Thick Provisioned Eager Zeroed

Thin provisioned format

10 (Optional) Configure the network settings, and click Next.

Creates a virtual disk in a default thick format. The space required for the virtual disk is allocated when the virtual disk is created. If any data remains on the physical device, it is not erased during creation, but is zeroed out on demand later on first write from the virtual machine.

Supports clustering features such as Fault Tolerance. The space required for the virtual disk is allocated when the virtual disk is created. If any data remains on the physical device, it is zeroed out when the virtual disk is created. It might take much longer to create disks in this format than to create disks in other formats.

Saves storage space. For the thin disk, you provision as much datastore space as the disk requires based on the value that you select for the disk size. The thin disk starts small and at first, uses only as much datastore space as the disk needs for its initial operations.

By default the Orchestrator Appliance uses DHCP. You can also change this setting manually and assign a fixed IP address from the appliance Web console.

11 Review the properties of the appliance and set initial passwords for the root user account and for the

vmware user in the Orchestrator Configuration interface.

Your initial passwords must be at least eight characters long, and must contain at least one digit, special character, and uppercase letter.

IMPORTANT The password for the root account of the Orchestrator Appliance expires after 365 days. You can increase the expiry time for an account by logging in to the Orchestrator Appliance as root, and running passwd -x number_of_days name_of_account. If you want to increase the Orchestrator Appliance root password to infinity, run passwd -x 99999 root.

12 Review the Ready to Complete page and click Finish.

The Orchestrator Appliance is successfully deployed.

24 VMware, Inc.

Chapter 4 Installing and Upgrading Orchestrator

Power On the Orchestrator Appliance and Open the Home Page

To use the Orchestrator Appliance, you must first power it on and get an IP address for the virtual appliance.

Procedure

1 Log in to the vSphere Web Client as an administrator.

2 Right-click the Orchestrator Appliance and select Power > Power On.

3 On the Summary tab, view the Orchestrator Appliance IP address.

4 In a Web browser, go to the IP address of your Orchestrator Appliance virtual machine.

http://orchestrator_appliance_ip

Change the Root Password

For security reasons, you can change the root password of the Orchestrator Appliance.

passwd -x number_of_days name_of_account. If you want to increase the Orchestrator Appliance root

password to infinity, run the passwd -x 99999 root command.

Prerequisites

Download and deploy the Orchestrator Appliance.

Verify that the appliance is up and running.

Procedure

1 In a Web browser, go to https://orchestrator_appliance_ip:5480.

2 Type the appliance user name and password.

3 Click the Admin tab.

4 In the Current administrator password text box, type the current root password.

5 Type the new password in the New administrator password and Retype new administrator password

text boxes.

6 Click Change password.

You successfully changed the password of the root Linux user of the Orchestrator Appliance.

Enable or Disable SSH Administrator Login on the vRealize Orchestrator Appliance

You can enable or disable the ability to log in as root to the Orchestrator Appliance using SSH.

Prerequisites

Download and deploy the Orchestrator Appliance.

Verify that the appliance is up and running.

Procedure

1 In a Web browser, go to https://orchestrator_appliance_ip:5480.

VMware, Inc. 25

Installing and Configuring VMware vRealize Orchestrator

2 Log in as root.

3 On the Admin tab, click Toggle SSH setting to allow log in as root to the Orchestrator Appliance using

SSH.

4 (Optional) Click Toggle SSH setting again to prevent log in as root to the Orchestrator Appliance using

SSH.

Configure Network Settings for the Orchestrator Appliance

Configure network settings for the Orchestrator Appliance to assign a static IP address and define the proxy settings.

Prerequisites

Download and deploy the Orchestrator Appliance.

Verify that the appliance is up and running.

Procedure

1 In a Web browser, go to https://orchestrator_appliance_ip:5480.

2 Log in as root.

3 On the Network tab, click Address.

4 Select the method by which the appliance obtains IP address settings.

Option Description

DHCP

Static

Obtains IP settings from a DHCP server. This is the default setting.

Uses static IP settings. Type the IP address, netmask, and gateway.

Depending on your network settings, you might have to select IPv4 and IPv6 address types.

5 (Optional) Type the necessary network configuration information.

6 Click Save Settings.

7 (Optional) Set the proxy settings and click Save Settings.

Upgrade Orchestrator Standalone

To upgrade Orchestrator on a 64-bit Microsoft Windows machine that is different from the machine on which vCenter Server runs, run the latest version of the Orchestrator standalone installer.

Prerequisites

Create a backup of the Orchestrator database.

Back up your Orchestrator configuration, custom workflows, and packages. See “Back Up the

Orchestrator Configuration and Elements,” on page 98.

Download the vRealize Orchestrator installer from the VMware Web site.

26 VMware, Inc.

Chapter 4 Installing and Upgrading Orchestrator

Procedure

1 Stop the Orchestrator server services.

a Select Start > Programs > Administrative Tools > Services.

b In the right pane, right-click VMware vRealize Orchestrator Server and select Stop.

c In the right pane, right-click VMware vRealize Orchestrator Configuration and select Stop.

2 (Optional) Back up your Orchestrator plug-in files and their configurations so that you can import them

after the upgrade.

Option Action

To back up the plug-ins

To back up the plug-in configurations

Copy the files from install_directory\VMware\Orchestrator\app- server\plugins to your backup location.

Copy the files from install_directory\VMware\Orchestrator\app- server\conf\plugins to your backup location.

3 Start the Orchestrator installer.

Browse to the download location of the installer and start vRealizeOrchestrator-6.0.0.exe

4 Click Next.

5 Accept the terms in the license agreement and click Next.

6 Select Continue with update to upgrade Orchestrator.

7 After the installer detects the installation directory, click Next .

You cannot change the installation directory when you are upgrading Orchestrator. To change this parameter, you must perform a new installation.

8 Select the upgrade that matches your existing Orchestrator installation and click Next.

Option Description

Client

Server

Client-Server

Upgrades the Orchestrator client application.

Upgrades the Orchestrator server platform.

Upgrades the Orchestrator client and server.

For example, if you have installed only the Orchestrator client, select Client and then upgrade your Orchestrator server separately.

IMPORTANT The versions of the Orchestrator client and server must be the same.

9 Select the location for the Orchestrator shortcuts and click Next.

CAUTION The name of the shortcuts directory must contain only ASCII characters.

10 Click Install to start the installation process.

11 Click Done to close the installer.

VMware, Inc. 27

Installing and Configuring VMware vRealize Orchestrator

12 (Optional) Import the backed up plug-in files to your new Orchestrator version.

Option Action

To import the plug-ins

To import the plug-in configurations

Orchestrator automatically upgrades the plug-ins that are installed with it by default. Import only changed plug-in files.

13 Start the Orchestrator configuration service and log in to the Orchestrator configuration interface.

14 Reimport the SSL certificate for the licensed vCenter Server and start the Orchestrator server.

15 On the Plug-ins tab, click Reload all plug-ins.

16 On the Startup Options tab, click Restart the vRO configuration server.

17 Click Start service to start the Orchestrator server.

You upgraded to the latest version of Orchestrator. The existing Orchestrator configuration is preserved.

Copy the backed up files to install_directory\VMware\Orchestrator\app-server\plugins.

Copy the backed up files to

install_directory\VMware\Orchestrator\appserver\conf\plugins.

Create an Archive for Upgrading Orchestrator

If you upgrade Orchestrator by upgrading vCenter Server 5.0 or later to vCenter Server 6.0, the

vco_export.zip archive, located at %VMWARE_CIS_HOME%/vco might not get created automatically and your

configuration might not be migrated.

Problem

During the export phase of the upgrade, Orchestrator upgrade script collects configuration files and data, and stores them in the vco_export.zip archive. In some cases the archive might not be created automatically and must be created manually if you want to preserve the data after the update.

Cause

During an export, Orchestrator accesses the Windows registry to find the necessary data. If Orchestrator cannot access that data, the automatic export does not occur.

Solution

1 Create the vco_export.zip archive manually with the necessary data, and save it to %VMWARE_CIS_HOME

%/vco.

The export archive must contain the following files:

28 VMware, Inc.

Chapter 4 Installing and Upgrading Orchestrator

Table 4‑1. Contents of vco_export.zip

File Location Description

Plug-in DAR files

vmo_config.zip

Properties files

jssecacerts

On Orchestrator 5.5.x:

install_directory\VMwar e\Orchestrator\appserver\plugins

On Orchestrator 5.1 or earlier:

install_directory\VMwar e\Orchestrator\appserver\server\vmo\plugins

The location varies. After you export the file, you receive a message with the location of the file.

On Orchestrator 5.5.x:

install_directory\VMwar e\Orchestrator\appserver\conf

On Orchestrator 5.1 or earlier:

install_directory\VMwar e\Orchestrator\appserver\server\vmo\conf

On Orchestrator 4.2.x:

install_directory\VMwar e\Orchestrator\jre\lib\se curity\jssecacerts

A copy of the plug-in .dar files. During the import phase, plug-ins are not downgraded. Orchestrator imports only the plug-in configuration but a .dar file is not substituded by an earlier version. If a source plug-in is not installed on the destination system, it is imported and disabled. Source plug-ins might not be verified for Orchestrator 6.0.1 and might cause errors.

This file has the same content as the .vmoconfig file generated by the Orchestrator Configuration's Export

Configuration option found on the General tab.

All of the .properties files located in the folder. The folder may also include custom defined properties. The file sso.properties is present only if the source system is configured to use Single Sign-On.

This file is included only in Orchestrator 4.2.x. In later versions, the file is a part of vmo_config.zip. It contains the Certificate Authorities certificates, which are imported through the Orchestrator configuration interface.

2 Use the archive to migrate your configuration.

a Log in to the Orchestrator configuration interface as vmware.

b On the General tab, click Import Configuration.

c Type the password you used when exporting the configuration.

This step is not necessary if you have not specified a password.

d Browse to select the vco_export.zip file.

e Select whether to override the Orchestrator internal certificate and network settings.

Select the check box only if you want to restore your Orchestrator configuration and the

vco_export.zip file is the backup file of the same Orchestrator configuration.

If you import the configuration to duplicate the Orchestrator environment, for example for scaling purposes, leave the check box unselected. Otherwise you might have problems with the certificates when Orchestrator tries to identify against vCenter Server, vCenter Single Sign-On or the vSphere Web Client.

f Click Import.

VMware, Inc. 29

Installing and Configuring VMware vRealize Orchestrator

Upgrade Orchestrator Appliance 5.5.x to 6.0.1

You can upgrade Orchestrator Appliance 5.5.x to 6.0.1 with packages that VMware publishes. You must perform the upgrade through the Orchestrator Appliance configuration portal.

You can upgrade your existing Orchestrator Appliance 5.5.x to 6.0.1 by using the Orchestrator Appliance configuration portal on port 5480. After you upgrade the Orchestrator Appliance, your plug-in settings are preserved.

Prerequisites

Unmount all network file systems.

Procedure

1 Access the VMware vRealize Orchestrator Appliance configuration portal at https://orchestrator_server:

5480/ .

2 Log in to the Orchestrator Appliance configuration portal as an administrator.

3 On the Update tab, click Check Updates.

The system checks for available updates.

4 If any updates are available, click Install Updates.

To proceed with the upgrade, you must accept the VMware End User License Agreement.

5 To complete the update, restart the Orchestrator Appliance.

6 (Optional) On the Update tab, verify that Orchestrator Appliance 6.0.1 has been successfully installed.

7 If there are any changes to the vCenter Server certificates during the upgrade of vCenter Server, you

must import the correct vCenter Server certificates and restart the Orchestrator Appliance.

You have successfully upgraded the Orchestrator Appliance to version 6.0.1.

What to do next

Verify that the Orchestrator Appliance vco user account has sufficient permissions for all custom files and folders.

Import the SSL certificates for each vCenter Server instance that you defined. See “Import the vCenter

Server SSL Certificate,” on page 37.

Upgrading Orchestrator Appliance 5.5 and Earlier

To upgrade Orchestrator Appliance with version 5.5 or earlier to 6.0, you must deploy the latest Orchestrator Appliance and migrate your current Orchestrator configuration, plug-ins, and data to the newly deployed Orchestrator Appliance manually.

After you upgrade the Orchestrator Appliance, your plug-in settings are preserved. If you want to configure the Orchestrator server to work with vCenter Single Sign-On, you must provide the vCenter Single Sign-On credentials on the Plug-ins tab of the Orchestrator configuration interface.

The following use case illustrates how to upgrade your existing Orchestrator Appliance by exporting its configuration and importing it to a newly deployed Orchestrator Appliance.

1 Verify that your Orchestrator Appliance is configured with an external database, certificates, licenses,

and so on.

2 Export the Orchestrator configuration.

See “Export the Orchestrator Configuration,” on page 81.

30 VMware, Inc.

+ 88 hidden pages