My first vCenter Orchestrator Workflow – Part 2 – Installing vCenter Orchestrator

orchestrate2Welcome to the second part of My first vCenter Orchestrator Workflow series.  Now before we can really get into the functionality of vCenter Orchestrator we obviously need to go through the task of getting vCO installed and configured. VMware has provided a couple of different ways to do this; one being installing on a Windows box, normally on the same server as your vCenter Server. And the second being through the download of a virtual appliance. For the sake of this series I will go over the installation and configuration of the appliance as it seems to be the trickier of the two.  If you go with the windows installation it is simply included as an installable package on the vCenter Server media.

So first off you need to go and download the vCO appliance through your myvmware account.   vCO is bundled in with vCenter Server so if you have a copy of vCenter you are good to go with vCO (I think foundation only comes with the ability to run workflows and not edit)   From here you simply need to import the ovf appliance into your environment using the typical  File -> Deploy OVF Template and power it on.

Once the appliance has fully booted you will notice that it displays a slew of URLs and information.  Don’t worry!  By simply pointing your browser to the IP address of your vCO server you will see the same list – you don’t need to remember all of the ports.   There are a couple we need to pay close attention to here; Orchestrator Configuration (used to perform Orchestrater setup, plugins, ssl certs, etc – this is the main ui you will work in) and Appliance Configuration (the setup pages to manage your actual appliance settings, such as networking, ntp, admin passwords, etc.. )

For your documentation (more so mine) I’m going to list the default usernames and passwords for vCO below as it can be tricky trying to find some of them in the documentation.

Orchestrator Configuration – vmware/vmware – will prompt for new password when you first login
Appliance configuration – root/vmware – change password manually in the ‘Admin’ section.

So to get started let’s browse to Appliance Configuration – As described above here is where you can perform appliance related tasks such as setting up ntp, networking and change your root password. If you have used any VMware virtual appliances before you should be somewhat familiar with this interface.


Same look and feel as most VMware Virtual Appliances

Once you have your network settings configured we can continue on to the Orchestrator Configuration. This is the main interface for configuring all things Orchestrator. We have quite a bit of work to do here so lets get started. After logging in with the default credentials (vmware/vmware) you will be prompted to change the password so go ahead and do so.  Now we need to setup our Orchestrator appliance to listen on the proper IP address which set in the appliance configuration as well as work with the new SSO service that was shipped with vSphere 5.1. To do this we will first stop the Orchestrator server service. This can be done through the ‘Startup Options’ section on the left hand menu, then clicking ‘Stop Service’.



For the network listener, simply select the ‘Network’ menu on the left hand side, then select your IP Address in the associated dropdown box, then click ‘Apply Changes’ Easy peasy so far – well, now we are about to explore SSO and SSL Certificates – yikes!

In the same section (network) select the SSL Trust Manager tab. Here is where we list all of our imported ssl certificates. In order for SSO to work we need import a couple certs; one from our vCenter Server and the other from our SSO service. To do this there are a couple of URLs we need to know.

First enter in the following URL (https://IP_of_vCenter:443/ and click the import button. The certificate should be displayed in your browser. Simply click ‘Import’ once again to pull it into vCO.

Importing SSL Certificates

Importing SSL Certificates

Next we need to repeat the exact same steps excepting using https://IP_of_vCenter:7444/ as the URL.

Now that we have the required certificates we need to setup Orchestrator to point to SSO for authentication purposes which is done by, you guessed it, the Authentication section. Switch your authentication mode dropdown from LDAP Authentication (default) to SSO Authentication. Then you need to input your SSO Host – This will be the same as your vCenter unless you have explicitly installed SSO elsewhere in your environment. Also we need an admin username and password on your SSO host. Remember a way back when when you installed SSO and it was prompting you for admin usernames/passwords – I hope you remember these because we need them now. By default if you didn’t make to many changes your username might be admin@SYSTEM-DOMAIN – unfortunately I can’t help you with your password 🙂 Once done select ‘Register Orchestrator’.

vCO will authenticate users using the SSO installation included in vSphere 5.1

vCO will authenticate users using the SSO installation included in vSphere 5.1

On the next page you can actually put more restrictions on who can and can’t be a vCO administrator. I left all defaults here and simply clicked ‘Accept Orchestrator Configuration’.  Basically you are configuring what users or groups can be vCO admins.

Alright, almost there – Now let’s go ahead and get the vCenter Server plugin installed and activated – we will go a little more in depth with plugins later so I’ll leave most of the details out that this point.  Simply select your Plug-ins menu and enter in a username and password in the boxes provided (SSO should be working now), select the checkbox next to the vCenter Plug-in and click ‘Apply Changes’ .

Installing the vCenter Plug-in

Installing the vCenter Plug-in

This might be a good time to give your vCO server a nice clean reboot or at least restart the services under Startup Options.  As you can see there are a few plug-ins stating they will perform the installation at the next server setup.  Either way you should see a vCenter Server menu option appear, once it’s there select it, then go to the ‘New vCenter Server Host’ tab. Fill in all of the information in regards to your vCenter Server

Adding a vCenter Server

Adding a vCenter Server

As you can see most the options here are pretty basic with the exception of the user strategies.  Basically ‘Share a unique session’ will result in orchestrator creating only one connection back to your vCenter Server.  This will certainly use less resources and may be ‘secure-enough’ for some small deployments.  The ‘Session per user’ option will actually execute the workflows under the user credentials of the user that is logged into Orchestrator.  This does have the ability to use a few more resources however provides a bit more secure and audit-able environment.  I used the ‘Share a unique’ session as I’m just running through my lab at this point.

OK, i told you we had a lot of work to do in here – but for the most part we have things configured now. If you want to double check you can log in to your vSphere Web Client, Select the vCenter Orchestrator item on the left hand navigation menu and you should be able to drill down and see your new vCO server registered.  If not and you have followed all these instructions to a tee with no break, you may want to give your vCO server a reboot and have a look. It should be there  🙂

vCO registered within the vSphere Web Client

vCO registered within the vSphere Web Client

At this point you can give yourself a huge pat on the back.  You’ve now succesfully setup and configured the vCO virtual appliance and have registered it within your vCenter Server.  In the next portion of this series I will discuss how to create a small test/sample workflow in order to test our integration between vCenter Orchestrator and the vSphere Web Client.

My first vCenter Orchestrator Workflow