VMware vRealize Orchestrator - 7.0 Installation Manual
Installing and Configuring VMware
vRealize Orchestrator
vRealize Orchestrator 7.0
This document supports the version of each product listed and
supports all subsequent versions until the document is
replaced by a new edition. To check for more recent editions
of this document, see http://www.vmware.com/support/pubs.
EN-001859-00
Installing and Configuring VMware vRealize Orchestrator
You can find the most up-to-date technical documentation on the VMware Web site at:
http://www.vmware.com/support/
The VMware Web site also provides the latest product updates.
If you have comments about this documentation, submit your feedback to:
docfeedback@vmware.com
Copyright © 2008–2015 VMware, Inc. All rights reserved. Copyright and trademark information.
VMware, Inc.
3401 Hillview Ave.
Palo Alto, CA 94304
www.vmware.com
2 VMware, Inc.
Contents
Installing and Configuring VMware vRealize Orchestrator 7
Introduction to VMware vRealize Orchestrator 9
1
Key Features of the Orchestrator Platform 9
Orchestrator User Types and Related Responsibilities 11
Orchestrator Architecture 11
Orchestrator Plug-Ins 12
Orchestrator System Requirements 13
2
Hardware Requirements for the Orchestrator Appliance 13
Operating Systems Supported by Orchestrator 13
Supported Directory Services 14
Browsers Supported by Orchestrator 14
Orchestrator Database Requirements 14
Software Included in the Orchestrator Appliance 14
Level of Internationalization Support 15
Setting Up Orchestrator Components 17
3
vCenter Server Setup 17
Authentication Methods 17
Setting Up the Orchestrator Database 18
Installing and Upgrading Orchestrator 21
4
Install the Client Integration Plug-In 21
Download and Deploy the Orchestrator Appliance 22
Power On the Orchestrator Appliance and Open the Home Page 23
Change the Root Password 23
Enable or Disable SSH Administrator Login on the vRealize Orchestrator Appliance 24
Configure Network Settings for the Orchestrator Appliance 24
Upgrade Orchestrator Appliance 5.5.x and Later to 7.0 25
Upgrade an Orchestrator Cluster 26
VMware, Inc.
Configuring vRealize Orchestrator in the Orchestrator Appliance 27
5
Log In to Control Center 28
Orchestrator Network Ports 28
Selecting the Authentication Type 29
Configuring LDAP Settings 30
Configuring vRealize Automation Authentication 35
Configuring vCenter Single Sign-On Settings 35
Configuring the Orchestrator Database Connection 37
Import the Database SSL Certificate 38
3
Installing and Configuring VMware vRealize Orchestrator
Configure the Database Connection 38
Export the Orchestrator Database 40
Import an Orchestrator Database 40
Manage Certificates 40
Import a Self-Signed Certificate to the Orchestrator Trust Store 41
Generate a Self-Signed Server Certificate 42
Import an Orchestrator Server SSL Certificate 42
Package Signing Certificate 43
Configure the Orchestrator Plug-Ins 43
Enable Debug Logging for the Orchestrator Plug-Ins 43
Installing a New Plug-In 44
Reinstall Plug-Ins 44
Start the Orchestrator Server 44
Orchestrator Availability and Scalability 45
Configure an Orchestrator Cluster 45
Configuring a Load Balancer 46
Configuring the Customer Experience Improvement Program 50
Categories of Information That VMware Receives 50
Join the Customer Experience Improvement Program 50
Using the API services 51
6
Managing SSL Certificates and Keystores by Using the REST API 51
Delete an SSL Certificate by Using the REST API 51
Import SSL Certificates by Using the REST API 52
Create a Keystore by Using the REST API 53
Delete a Keystore by Using the REST API 53
Add a Key by Using the REST API 53
Automating the Orchestrator Configuration by Using the Control Center REST API 54
Additional Configuration Options 55
7
Create New Users in Control Center 55
Uninstall a Plug-In 55
Export the Orchestrator Configuration 56
Orchestrator Server Configuration Files 57
Import the Orchestrator Configuration 57
Migrating the Orchestrator Configuration 58
Migrate the Orchestrator Configuration 58
Configure the Workflow Run Properties 59
Orchestrator Log Files 60
Logging Persistence 61
Configure Logs 61
Export Orchestrator Log Files 62
Inspect the Workflow Logs 62
Filter the Orchestrator Logs 63
Configuration Use Cases and Troubleshooting 65
8
Register Orchestrator as a vCenter Server Extension 65
Unregister Orchestrator Authentication 66
4 VMware, Inc.
Changing SSL Certificates 66
Adding a Certificate to the Local Store 66
Change the Certificate of the Orchestrator Appliance Management Site 67
Cancel Running Workflows 67
Enable Orchestrator Server Debugging 68
Back Up the Orchestrator Configuration and Elements 68
Backing Up and Restoring vRealize Orchestrator 70
Back Up vRealize Orchestrator 71
Restore a vRealize Orchestrator Instance 72
Disaster Recovery of Orchestrator by Using Site Recovery Manager 73
Configure Virtual Machines for vSphere Replication 73
Create Protection Groups 73
Create a Recovery Plan 74
Organize Recovery Plans in Folders 75
Edit a Recovery Plan 75
Contents
Setting System Properties 77
9
Disable Access to the Orchestrator Client By Nonadministrators 77
Setting Server File System Access for Workflows and JavaScript 78
Rules in the js-io-rights.conf File Permitting Write Access to the Orchestrator System 78
Set Server File System Access for Workflows and JavaScript 78
Set JavaScript Access to Operating System Commands 79
Set JavaScript Access to Java Classes 80
Set Custom Timeout Property 80
Where to Go From Here 83
10
Log In to the Orchestrator Client from the Orchestrator Appliance Web Console 83
Index 85
VMware, Inc. 5
Installing and Configuring VMware vRealize Orchestrator
6 VMware, Inc.
Installing and Configuring VMware vRealize Orchestrator
Installing and Configuring VMware vRealize Orchestrator provides information and instructions about
installing, upgrading and configuring VMware® vRealize Orchestrator.
Intended Audience
This information is intended for advanced vSphere administrators and experienced system administrators
who are familiar with virtual machine technology and datacenter operations.
VMware, Inc. 7
Installing and Configuring VMware vRealize Orchestrator
8 VMware, Inc.
Introduction to
VMware vRealize Orchestrator 1
VMware vRealize Orchestrator is a development- and process-automation platform that provides a library
of extensible workflows to allow you to create and run automated, configurable processes to manage
VMware products as well as other third-party technologies.
vRealize Orchestrator automates management and operational tasks of both VMware and third-party
applications such as service desks, change management systems, and IT asset management systems.
This chapter includes the following topics:
“Key Features of the Orchestrator Platform,” on page 9
n
“Orchestrator User Types and Related Responsibilities,” on page 11
n
“Orchestrator Architecture,” on page 11
n
“Orchestrator Plug-Ins,” on page 12
n
Key Features of the Orchestrator Platform
Orchestrator is composed of three distinct layers: an orchestration platform that provides the common
features required for an orchestration tool, a plug-in architecture to integrate control of subsystems, and a
library of workflows. Orchestrator is an open platform that can be extended with new plug-ins and libraries,
and can be integrated into larger architectures through a REST API.
The following list presents the key Orchestrator features.
Persistence
Central management
VMware, Inc. 9
Production grade databases are used to store relevant information, such as
processes, workflow states, and configuration information.
Orchestrator provides a central way to manage your processes. The
application server-based platform, with full version history, allows you to
have scripts and process-related primitives in one place. This way, you can
avoid scripts without versioning and proper change control spread on your
servers.
Installing and Configuring VMware vRealize Orchestrator
Check-pointing
Control Center
Versioning
Scripting engine
Every step of a workflow is saved in the database, which allows you to
restart the server without losing state and context. This feature is especially
useful for long-running processes.
The Control Center interface increases the administrative efficiency of
vRealize Orchestrator instances by providing a centralized administrative
interface for runtime operations, workflow monitoring, unified log access
and configurations, and correlation between the workflow runs and system
resources. The vRealize Orchestrator logging mechanism has been optimized
with an additional log file that gathers various performance metrics for
vRealize Orchestrator engine throughput.
All Orchestrator Platform objects have an associated version history. This
feature allows basic change management when distributing processes to
different project stages or locations.
The Mozilla Rhino JavaScript engine provides a way to create new building
blocks for Orchestrator Platform. The scripting engine is enhanced with basic
version control, variable type checking, name space management and
exception handling. It can be used in the following building blocks:
Actions
n
Workflows
n
Policies
n
Workflow engine
Policy engine
Security
The workflow engine allows you to capture business processes. It uses the
following objects to create a step-by-step process automation in workflows:
Workflows and actions that Orchestrator provides.
n
Custom building blocks created by the customer
n
Objects that plug-ins add to Orchestrator
n
Users, other workflows, a schedule, or a policy can start workflows.
The policy engine allows monitoring and event generation to react to
changing conditions in the Orchestrator server or plugged-in technology.
Policies can aggregate events from the platform or any of the plug-ins, which
allows you to handle changing conditions on any of the integrated
technologies.
Orchestrator provides the following advanced security functions:
Public Key Infrastructure (PKI) to sign and encrypt content imported
n
and exported between servers
Digital Rights Management (DRM) to control how exported content
n
might be viewed, edited and redistributed
Secure Sockets Layer (SSL) encrypted communications between the
n
desktop client and the server and HTTPS access to the Web front end.
Advanced access rights management to provide control over access to
n
processes and the objects manipulated by these processes.
10 VMware, Inc.
Chapter 1 Introduction to VMware vRealize Orchestrator
Orchestrator User Types and Related Responsibilities
Orchestrator provides different tools and interfaces based on the specific responsibilities of the global user
roles. In Orchestrator, you can have users with full rights, that are a part of the administrator group
(Administrators) and users with limited rights, that are not part of the administrator group (End Users).
Users with Full Rights
Orchestrator administrators and developers have equal administrative rights, but are divided in terms of
responsibilities.
Administrators
Developers
Users with Limited Rights
End Users
This role has full access to all of the Orchestrator platform capabilities. Basic
administrative responsibilities include the following items:
Installing and configuring Orchestrator
n
Managing access rights for Orchestrator and applications
n
Importing and exporting packages
n
Running workflows and scheduling tasks
n
Managing version control of imported elements
n
Creating new workflows and plug-ins
n
This user type has full access to all of the Orchestrator platform capabilities.
Developers are granted access to the Orchestrator client interface and have
the following responsibilities:
Creating applications to extend the Orchestrator platform functionality
n
Automating processes by customizing existing workflows and creating
n
new workflows and plug-ins
End users can run and schedule workflows and policies that the
administrators or developers make available in the Orchestrator client.
Orchestrator Architecture
Orchestrator contains a workflow library and a workflow engine to allow you to create and run workflows
that automate orchestration processes. You run workflows on the objects of different technologies that
Orchestrator accesses through a series of plug-ins.
Orchestrator provides a standard set of plug-ins, including a plug-in for vCenter Server, to allow you to
orchestrate tasks in the different environments that the plug-ins expose.
Orchestrator also presents an open architecture to allow you to plug in external third-party applications to
the orchestration platform. You can run workflows on the objects of the plugged-in technologies that you
define yourself. Orchestrator connects to an authentication provider to manage user accounts, and to a
database to store information from the workflows that it runs. You can access Orchestrator, the Orchestrator
workflows, and the objects it exposes through the Orchestrator client interface, or through Web services.
VMware, Inc. 11
Authentication
Providers
vCenter
Server
Orchestrator
database
vRealize Orchestrator
Client application
Web services REST
workflow libraryworkflow engine
vCenter
Server
XML SSH SQL SMTP 3rd-party
plug-in
Installing and Configuring VMware vRealize Orchestrator
Figure 1‑1. VMware vRealize Orchestrator Architecture
Orchestrator Plug-Ins
Plug-ins allow you to use Orchestrator to access and control external technologies and applications.
Exposing an external technology in an Orchestrator plug-in allows you to incorporate objects and functions
in workflows that access the objects and functions of that external technology.
The external technologies that you can access by using plug-ins can include virtualization management
tools, email systems, databases, directory services, and remote control interfaces.
Orchestrator provides a set of standard plug-ins that you can use to incorporate into workflows such
technologies as the VMware vCenter Server API and email capabilities. By using the plug-ins, you can
automate the delivery of new IT services or adapt the capabilities of existing vRealize Automation
infrastructure and application services. In addition, you can use the Orchestrator open plug-in architecture
to develop plug-ins to access other applications.
The Orchestrator plug-ins that VMware develops are distributed as .vmoapp files. For more information
about the Orchestrator plug-ins that VMware develops and distributes, see
http://www.vmware.com/support/pubs/vco_plugins_pubs.html. For more information about third-party
Orchestrator plug-ins, see https://solutionexchange.vmware.com/store/vco.
12 VMware, Inc.
Orchestrator System Requirements 2
Your system must meet the technical requirements that are necessary for Orchestrator to work properly.
For a list of the supported versions of vCenter Server, the vSphere Web Client, vRealize Automation, and
other VMware solutions, as well as compatible database versions, see VMware Product Interoperability
Matrix.
This chapter includes the following topics:
“Hardware Requirements for the Orchestrator Appliance,” on page 13
n
“Operating Systems Supported by Orchestrator,” on page 13
n
“Supported Directory Services,” on page 14
n
“Browsers Supported by Orchestrator,” on page 14
n
“Orchestrator Database Requirements,” on page 14
n
“Software Included in the Orchestrator Appliance,” on page 14
n
“Level of Internationalization Support,” on page 15
n
Hardware Requirements for the Orchestrator Appliance
The Orchestrator Appliance is a preconfigured Linux-based virtual machine. Before you deploy the
appliance, verify that your system meets the minimum hardware requirements.
The Orchestrator Appliance has the following hardware configuration:
2 CPUs
n
4 GB of memory
n
12 GB hard disk
n
Do not reduce the default memory size, because the Orchestrator server requires at least 2 GB of free
memory.
Operating Systems Supported by Orchestrator
You can install the Orchestrator server only on 64-bit operating systems.
Orchestrator is also available as a virtual appliance running on a SUSE Linux Enterprise Server.
VMware, Inc.
13
Installing and Configuring VMware vRealize Orchestrator
Supported Directory Services
If you plan to use an LDAP server for authentication, ensure that you set up and configure a working LDAP
server.
NOTE LDAP authentication is deprecated.
Orchestrator supports these directory service types.
Windows Server Active Directory
n
OpenLDAP
n
IMPORTANT Multiple domains that have a two-way trust, but are not in the same tree, are not supported and
do not work with Orchestrator. The only configuration supported for multi-domain Active Directory is
domain tree. Forest and external trusts are not supported.
Browsers Supported by Orchestrator
Control Center requires a Web browser.
You must use one of the following browsers to connect to Control Center.
Microsoft Internet Explorer 10 or later
n
Mozilla Firefox
n
Google Chrome
n
Orchestrator Database Requirements
The Orchestrator server requires a database. The preconfigured in Orchestrator PostgreSQL database is
production ready and suitable for small-scale and medium-scale environments. You can also use an external
database, depending on your needs.
For a list of the supported database versions, see VMware Product Interoperability Matrix.
Software Included in the Orchestrator Appliance
The Orchestrator Appliance is a preconfigured virtual machine optimized for running Orchestrator. The
appliance is distributed with preinstalled software.
The Orchestrator Appliance package contains the following software:
SUSE Linux Enterprise Server 11 Update 3 for VMware, 64-bit edition
n
Embedded PostgreSQL
n
In-Process ApacheDS LDAP
n
Orchestrator
n
The default Orchestrator Appliance database configuration is suitable for small- or medium-scale
environment. The default in-process LDAP configuration is suitable for experimental and testing purposes
only. To use the Orchestrator Appliance in a production environment, you must set up a new directory
service, and configure the Orchestrator server to work with it. You can also configure the Orchestrator
14 VMware, Inc.
server to work with VMware vCenter Single Sign-On. For more information about configuring external
LDAP or Single Sign-On, see “Selecting the Authentication Type,” on page 29. For information about
configuring a database for production environments, see “Setting Up the Orchestrator Database,” on
page 18.
NOTE LDAP authentication is deprecated.
Level of Internationalization Support
Orchestrator supports internationalization level 1.
Non-ASCII Character Support in Orchestrator
Although Orchestrator is not localized, it can run on a non-English operating system and support nonASCII text.
Table 2‑1. Non-ASCII Character Support in Orchestrator GUI
Support for Non-ASCII Characters
Orchestrator Item Description Field Name Field
Action Yes No No No
Folder Yes Yes - -
Configuration element Yes Yes - No
Package Yes Yes - -
Policy Yes Yes - -
Policy template Yes Yes - -
Resource element Yes Yes - -
Workflow Yes Yes No No
Workflow
presentation display
group and input step
Yes Yes - -
Chapter 2 Orchestrator System Requirements
Input and Output
Parameters Attributes
Non-ASCII Character Support for Oracle Databases
To store characters in the correct format in an Oracle database, set the NLS_CHARACTER_SET parameter to
AL32UTF8 before configuring the database connection and building the table structure for Orchestrator. This
setting is crucial for an internationalized environment.
VMware, Inc. 15
Installing and Configuring VMware vRealize Orchestrator
16 VMware, Inc.
Setting Up Orchestrator Components 3
When you download and deploy the Orchestrator Appliance, the Orchestrator server is preconfigured.
After deployment, the service starts automatically.
To enhance the availability and scalability of your Orchestrator setup, follow these guidelines :
Install and configure a database and configure Orchestrator to connect to it.
n
Install and configure an authentication provider and configure Orchestrator to work with it.
n
This chapter includes the following topics:
“vCenter Server Setup,” on page 17
n
“Authentication Methods,” on page 17
n
“Setting Up the Orchestrator Database,” on page 18
n
vCenter Server Setup
Increasing the number of vCenter Server instances in your Orchestrator setup causes Orchestrator to
manage more sessions. Each active session results in activity on the corresponding vCenter Server, and too
many active sessions can cause Orchestrator to experience timeouts when more than 10 vCenter Server
connections occur.
For a list of the supported versions of vCenter Server, see VMware Product Interoperability Matrix.
NOTE You can run multiple vCenter Server instances on different virtual machines in your Orchestrator
setup if your network has sufficient bandwidth and latency. If you are using LAN to improve the
communication between Orchestrator and vCenter Server, a 100 Mb line is mandatory.
Authentication Methods
To authenticate and manage user permissions, Orchestrator requires a connection to an LDAP server, a
connection to a Single Sign-On server, or a connection to vRealize Automation.
NOTE LDAP authentication is deprecated.
When you download and deploy the Orchestrator Appliance, the Orchestrator server is preconfigured to
work with the in-process ApacheDS LDAP server distributed with the appliance. The default in-process
LDAP configuration is suitable testing purposes only. To use Orchestrator in a production environment, you
must set up either an LDAP server, a vCenter Single Sign-On server, or set up a connection with vRealize
Automation and configure Orchestrator to work with it.
VMware, Inc.
17
Installing and Configuring VMware vRealize Orchestrator
Connect to the LDAP server that is physically closest to your Orchestrator server to avoid long response
times for LDAP queries that slow down system performance. Orchestrator supports the Active Directory
and OpenLDAP service types.
To improve the performance of the LDAP queries, keep the user and group lookup base as narrow as
possible. Limit the users to targeted groups that need access, rather than including whole organizations with
many users who do not need access. The resources that you need depend on the combination of database
and directory service you choose. For recommendations, see the documentation for your LDAP server.
To use the vCenter Single Sign-On authentication method, you must first install vCenter Single Sign-On.
You must configure the Orchestrator server to use the vCenter Single Sign-On server that you installed and
configured.
You can use Single Sign-On authentication through vRealize Automation and vSphere from the
authentication settings in Control Center.
Setting Up the Orchestrator Database
Orchestrator requires a database to store workflows and actions.
The Orchestrator server is preconfigured to use an embedded database, which is suitable for small-scale
production purposes only. If you want to use Orchestrator in a full-scale environment, you must configure
Orchestrator to use a separate database by using Control Center. When the database is In-process
(DerbyDB), you cannot set up Orchestrator to work in a cluster, or change the license and the server
certificate from Control Center.
To use Orchestrator in a production environment, you must configure the Orchestrator server to use a
dedicated separate Orchestrator database.
When you download and deploy the Orchestrator Appliance, the Orchestrator server is preconfigured to
work with the embedded PostgreSQL database distributed with the appliance. The default
Orchestrator Appliance database configuration is production ready, but suitable for a small-scale
environment. To use Orchestrator in a full-scale production environment, you must set up a separate
database and configure Orchestrator to work with it.
Orchestrator server supports Oracle, Microsoft SQL Server, and PostgreSQL databases.
The common workflow for setting up the Orchestrator database consists of the following steps:
1 Create a new database. For more information about creating a new database, see the documentation of
your database provider.
2 Enable the database for remote connection.
3 Configure the database connection parameters. For more information, see “Configuring the
Orchestrator Database Connection,” on page 37.
If you plan to set up an Orchestrator cluster, you must configure the database to accept multiple connections
so that it can accept connections from the different Orchestrator server instances in the cluster.
The database setup can affect Orchestrator performance. Install the database on a machine other than the
one on which the Orchestrator server is installed. This approach ensures that the JVM and database server
do not share CPU, RAM, and I/O.
The location of the database is important because almost every activity on the Orchestrator server triggers
operations on the database. To avoid latency in the database connection, connect to the database server that
is geographically closest to your Orchestrator server and that is on the network with the highest available
bandwidth.
18 VMware, Inc.
Chapter 3 Setting Up Orchestrator Components
The size of the Orchestrator database varies depending on the setup and how workflow tokens are handled.
Allow for approximately 50 KB for each vCenter Server object and 4 KB for each workflow run.
CAUTION Verify that at least 1 GB of disk space is available on the machine where the Orchestrator database
is installed and on the machine where the Orchestrator server is installed.
Insufficient disk storage space might cause the Orchestrator server and client to not function correctly.
VMware, Inc. 19
Installing and Configuring VMware vRealize Orchestrator
20 VMware, Inc.
Installing and Upgrading
Orchestrator 4
Orchestrator consists of a server component and a client component.
The Orchestrator installable client can run on 64-bit Windows, Linux, and Mac machines.
To use Orchestrator, you must start the Orchestrator Server service and then start the Orchestrator client.
You can change the default Orchestrator configuration settings by using the Orchestrator Control Center.
This chapter includes the following topics:
“Install the Client Integration Plug-In,” on page 21
n
“Download and Deploy the Orchestrator Appliance,” on page 22
n
“Upgrade Orchestrator Appliance 5.5.x and Later to 7.0,” on page 25
n
“Upgrade an Orchestrator Cluster,” on page 26
n
Install the Client Integration Plug-In
The Client Integration Plug-in provides access to a virtual machine's console in the vSphere Web Client, and
provides access to other vSphere infrastructure features. The Client Integration Plug-in also lets you log in to
the vSphere Web Client by using Windows session credentials.
VMware, Inc.
You use the Client Integration Plug-in to deploy OVF or OVA templates and transfer files with the datastore
browser. You can also use the Client Integration Plug-in to connect virtual devices that reside on a client
computer to a virtual machine.
Install the Client Integration Plug-in only once to enable all the functionality the plug-in delivers. You must
close the Web browser before installing the plug-in.
If you install the Client Integration Plug-in from an Internet Explorer browser, you must first disable
Protected Mode and enable pop-up windows on your Web browser. Internet Explorer identifies the Client
Integration Plug-in as being on the Internet instead of on the local intranet. In such cases, the plug-in is not
installed correctly because Protected Mode is enabled for the Internet.
For information about supported browsers and operating systems, see the vSphere Installation and Setup
documentation.
Watch the video "Installing the Client Integration Plug-In" for information about the Client Integration PlugIn:
Installing the Client Integration Plug-In
(http://link.brightcove.com/services/player/bcpid2296383276001?bctid=ref:video_client_plug_in)
Prerequisites
If you use Microsoft Internet Explorer, disable Protected Mode.
21
Installing and Configuring VMware vRealize Orchestrator
Procedure
1 In the vSphere Web Client, navigate to a link to download the Client Integration Plug-in.
Option Description
vSphere Web Client login page
OVF deployment wizard
a Open a Web browser and type the URL for the vSphere Web Client.
b At the bottom of the vSphere Web Client login page, click Download
Client Integration Plug-in.
NOTE If the Client Integration Plug-In is already installed on your
system, you will not see the link to download the plug-in. If you
uninstall the Client Integration Plug-In, the link to download it will
display on the vSphere Web Client login page.
a Select a host in the inventory and select Actions > All vCenter Actions
> Deploy OVF Template.
b Click Download Client Integration Plug-in.
2 If the browser blocks the installation either by issuing certificate errors or by running a pop-up blocker,
follow the Help instructions for your browser to resolve the problem.
Download and Deploy the Orchestrator Appliance
Download and deploy the Orchestrator Appliance.
Prerequisites
Verify that your computing environment meets the following conditions:
vCenter Server is installed and running.
n
The host on which you are deploying the appliance has enough free disk space.
n
The Client Integration plug-in is installed before you deploy an OVF template. This plug-in enables
n
OVF deployment on your local file system.
If your system is isolated and without Internet access, you must download either the .vmdk and .ovf files, or
the .ova file for the appliance from the VMware Web site, and save the files in the same folder.
Procedure
1 Log in to the vSphere Web Client as an administrator.
2 In the vSphere Web Client, select an inventory object that is a valid parent object of a virtual machine,
such as a datacenter, folder, cluster, resource pool, or host.
3 Select Actions > Deploy OVF Template.
4 Type the path or the URL to the .ovf or .ova file and click Next.
5 Review the OVF details and click Next.
6 Accept the terms in the license agreement and click Next.
7 Type a name and location for the deployed appliance, and click Next.
8 Select a host, cluster, resource pool, or vApp as a destination on which you want the appliance to run,
and click Next.
22 VMware, Inc.
Chapter 4 Installing and Upgrading Orchestrator
9 Select a format in which you want to save the appliance's virtual disk and the storage.
Format Description
Thick provisioned Lazy Zeroed
Thick Provisioned Eager Zeroed
Thin provisioned format
Creates a virtual disk in a default thick format. The space required for the
virtual disk is allocated when the virtual disk is created. If any data
remains on the physical device, it is not erased during creation, but is
zeroed out on demand later on first write from the virtual machine.
Supports clustering features such as Fault Tolerance. The space required
for the virtual disk is allocated when the virtual disk is created. If any data
remains on the physical device, it is zeroed out when the virtual disk is
created. It might take much longer to create disks in this format than to
create disks in other formats.
Saves storage space. For the thin disk, you provision as much datastore
space as the disk requires based on the value that you select for the disk
size. The thin disk starts small and at first, uses only as much datastore
space as the disk needs for its initial operations.
10 (Optional) Configure the network settings, and click Next.
By default the Orchestrator Appliance uses DHCP. You can also change this setting manually and
assign a fixed IP address from the appliance Web console.
11 Review the properties of the appliance and set initial passwords for the root user account.
Your initial passwords must be at least eight characters long, and must contain at least one digit, special
character, and uppercase letter.
IMPORTANT The password for the root account of the Orchestrator Appliance expires after 365 days.
You can increase the expiry time for an account by logging in to the Orchestrator Appliance as root, and
running passwd -x number_of_days name_of_account. If you want to increase the
Orchestrator Appliance root password to infinity, run passwd -x 99999 root.
12 Review the Ready to Complete page and click Finish.
The Orchestrator Appliance is successfully deployed.
Power On the Orchestrator Appliance and Open the Home Page
To use the Orchestrator Appliance, you must first power it on and get an IP address for the virtual
appliance.
Procedure
1 Log in to the vSphere Web Client as an administrator.
2 Right-click the Orchestrator Appliance and select Power > Power On.
3 On the Summary tab, view the Orchestrator Appliance IP address.
4 In a Web browser, go to the IP address of your Orchestrator Appliance virtual machine.
http://orchestrator_appliance_ip
Change the Root Password
For security reasons, you can change the root password of the Orchestrator Appliance.
IMPORTANT The password for the root account of the Orchestrator Appliance expires after 365 days. You can
increase the expiry time for an account by logging in to the Orchestrator Appliance as root, and running
passwd -x number_of_days name_of_account. If you want to increase the Orchestrator Appliance root
password to infinity, run the passwd -x 99999 root command.
VMware, Inc. 23
Installing and Configuring VMware vRealize Orchestrator
Prerequisites
Download and deploy the Orchestrator Appliance.
n
Verify that the appliance is up and running.
n
Procedure
1 In a Web browser, go to https://orchestrator_appliance_ip:5480.
2 Type the appliance user name and password.
3 Click the Admin tab.
4 In the Current administrator password text box, type the current root password.
5 Type the new password in the New administrator password and Retype new administrator password
text boxes.
6 Click Change password.
You successfully changed the password of the root Linux user of the Orchestrator Appliance.
Enable or Disable SSH Administrator Login on the vRealize Orchestrator Appliance
You can enable or disable the ability to log in as root to the Orchestrator Appliance using SSH.
Prerequisites
Download and deploy the Orchestrator Appliance.
n
Verify that the appliance is up and running.
n
Procedure
1 In a Web browser, go to https://orchestrator_appliance_ip:5480.
2 Log in as root.
3 On the Admin tab, select SSH service enabled to enable the Orchestrator SSH service.
4 (Optional) Click Administrator SSH login enabled to allow log in as root to the Orchestrator Appliance
using SSH.
5 Click Save Settings.
SSH Status appears as Running.
Configure Network Settings for the Orchestrator Appliance
Configure network settings for the Orchestrator Appliance to assign a static IP address and define the proxy
settings.
Prerequisites
Download and deploy the Orchestrator Appliance.
n
Verify that the appliance is up and running.
n
Procedure
1 In a Web browser, go to https://orchestrator_appliance_ip:5480.
2 Log in as root.
3 On the Network tab, click Address.
24 VMware, Inc.
Chapter 4 Installing and Upgrading Orchestrator
4 Select the method by which the appliance obtains IP address settings.
Option Description
DHCP
Static
Obtains IP settings from a DHCP server. This is the default setting.
Uses static IP settings. Type the IP address, netmask, and gateway.
Depending on your network settings, you might have to select IPv4 and IPv6 address types.
5 (Optional) Type the necessary network configuration information.
6 Click Save Settings.
7 (Optional) Set the proxy settings and click Save Settings.
Upgrade Orchestrator Appliance 5.5.x and Later to 7.0
You can upgrade Orchestrator Appliance 5.5.x and later to 7.0 with packages that VMware publishes. You
must perform the upgrade through the Orchestrator Appliance configuration portal.
You can upgrade your existing Orchestrator Appliance 5.5.x and later to 7.0 by using the
Orchestrator Appliance configuration portal on port 5480. After you upgrade the Orchestrator Appliance,
your plug-in settings are preserved.
Prerequisites
Unmount all network file systems.
Procedure
1 Access the VMware vRealize Orchestrator Appliance configuration portal at https://orchestrator_server:
5480/ and log in as an administrator.
2 On the Update tab, click Check Updates.
The system checks for available updates.
3 If any updates are available, click Install Updates.
To proceed with the upgrade, you must accept the VMware End User License Agreement.
4 To complete the update, restart the Orchestrator Appliance.
5 (Optional) On the Update tab, verify that the latest version of the Orchestrator Appliance is successfully
installed.
6 Restart the Orchestrator Appliance.
You have successfully upgraded the Orchestrator Appliance to 7.0.
What to do next
Verify that Orchestrator is configured properly at the Validate Configuration page in Control Center.
Verify that the Orchestrator Appliance vco user account has sufficient permissions for all custom files and
folders.
Import the SSL certificates for each vCenter Server instance that you defined. See “Import a Self-Signed
Certificate to the Orchestrator Trust Store,” on page 41.
VMware, Inc. 25
Installing and Configuring VMware vRealize Orchestrator
Upgrade an Orchestrator Cluster
In the cluster, multiple Orchestrator server instances work together. If you have already set up a cluster of
Orchestrator server instances, you can upgrade the cluster to the latest Orchestrator version by upgrading
its nodes.
Procedure
1 Power off all Orchestrator servers in the cluster.
2 Upgrade one of the Orchestrator server instances in the cluster.
3 Start the configuration service of the Orchestrator server you upgraded and log in to Control Center as
root.
4 Click Orchestrator Node Settings.
5 Enter values for the settings and click Save.
Option Description
Number of active nodes
Heartbeat interval (in seconds)
Number of failover heartbeats
6 Upgrade all other Orchestrator server instances in the cluster.
The maximum number of active Orchestrator server instances in the
cluster.
Active nodes are the Orchestrator server instances that run workflows and
respond to client requests. If an active Orchestrator node stops responding,
it is replaced by one of the inactive Orchestrator server instances.
The default number of active Orchestrator nodes in a cluster is one.
The time interval, in seconds, between two network heartbeats that an
Orchestrator node sends to show that it is running.
The default value is 30 seconds.
The number of heartbeats that can be missed before an Orchestrator node
is considered failed.
The default value is 5 heartbeats.
7 Start all the Orchestrator nodes in the cluster.
26 VMware, Inc.
Configuring vRealize Orchestrator in
the Orchestrator Appliance 5
Although the Orchestrator Appliance is a preconfigured Linux-based virtual machine, you must configure
the default vCenter Server plug-in as well as the other default Orchestrator plug-ins. In addition, you might
also want to change the Orchestrator settings.
If you want to use the Orchestrator Appliance in a medium or large-scale environment, change the
authentication provider to ensure optimal performance.
NOTE LDAP authentication is deprecated.
The Orchestrator Appliance contains a preconfigured PostgreSQL database and an in-process ApacheDS
LDAP server. The PostgreSQL database and ApacheDS LDAP server are accessible only locally from the
virtual appliance Linux console.
Preconfigured Software Default User Group, if any, and User Password
Embedded PostgreSQL User: vmware vmware
In-Process ApacheDS LDAP User group: admins
User: vcoadmin
By default the admin user is set up as an Orchestrator administrator.
In-Process ApacheDS LDAP User group: users
User: vcouser
vcoadmin
vcouser
VMware, Inc.
Embedded PostgreSQL is suitable for small-scale and medium-scale production environments. In-Process
ApacheDS LDAP is suitable for testing purposes only. To use the Orchestrator appliance in a large-scale
production environment, replace the embedded PostgreSQL with an external database instance and inprocess ApacheDS LDAP with a directory service with external support or with vRealize Automation
authentication. For more information about setting up an external database, see “Configuring the
Orchestrator Database Connection,” on page 37. For information about setting up an external directory
service or vRealize Automation authentication, see “Selecting the Authentication Type,” on page 29.
Additionally, you can configure the Orchestrator server to work with vCenter Single Sign-On that is
integrated in the vCenter Server Appliance.
This chapter includes the following topics:
“Log In to Control Center,” on page 28
n
“Orchestrator Network Ports,” on page 28
n
“Selecting the Authentication Type,” on page 29
n
“Configuring the Orchestrator Database Connection,” on page 37
n
“Manage Certificates,” on page 40
n
27
Loading...