How to configure the VMware vCenter Orchestrator 4.1

If you have to maintain a large VMware vSphere farm, sooner or later you will realize that the number of the requested Virtual Machines are constantly growing from day to day. And the worst thing is that these requests are usually come via mails or from your supervisor directly (“George from the Developers team needs a new server, could you please support him”). Wouldn’t be nice to automate (and control) these request with pre-defined workflows and a provide a web-based form for the VM ordering?

VMware offers the vCenter Lab Manager ( for scenarios like this, but the vCenter Orchestrator 4.1 ( provides even more. It gives you total freedom, you can create your own workflows and automate your daily tasks within your Cloud. It comes with the vCenter Server, so when you install vCenter, you install Orchestrator as well in the background.

But before you start with workflow developing, you have to configure the Orchestrator. Here are the steps you need to take in order to have your fully functioning Orchestrator Server:

  1. After the vCenter deployment, login to the webpage of the Orchestrator Configurator to finish the installation. For this, open your browser and type the following address:
    http://<Orchestrator ip>:8282
    The Orchestrator ip address is probably the same as your vCenter’s ip address (in case you installed all components on the same machine).
  2. Login with the following username and password: vmware / vmware.

    Orchestrator login
    Orchestrator Configurator login
  3. When you in, choose General from the menu on the left and change the default password to a more secure one.

    Change the password after login
    Change the password after login
  4. When you’re ready, go to the Network configuration panel and check your network parameters. On this tab you can also assign a certificate to secure the connection between the Orchestrator and the vCenter Server. The IP address and DNS name is automatically prefilled.

    Check the IP address, hostname and ports
  5. The next step you need to take is the LDAP configuration. The Orchestrator requires to connect to an LDAP service. It supports Active Directory, eDirectory, and Sun Java System Directory Server, and for evaluation purposes you can turn on the OpenLDAP support as well.
    In our case I chose my test Active Directory server, which listens on port 389 (default port of the LDAP protocol). You also need to set the root of your LDAP tree, in distinguished name format (e.g. dc=domainname, dc=org).
    Tip1: More information on distinguished names: (
    Tip2: How can I get the distinguished names for my AD objects? Use ADSIEdit.msc (

    LDAP configuration part 1
  6. You also need to specify a user (to establish the LDAP connection) and group lookup paths. In case of Active Directory the following formats are accepted:
    -simple user name format (user)
    -distinguished name format (cn=user, ou=employees,dc=domainname,dc=local) note: this is the only supported format for OpenLDAP, Sun and eDirectory
    -principle name format (user@domainname.local)
    -netBEUI (domainname\user

    LDAP configuration part 2
  7. Finally you need to provide an LDAP group for vCO Admins. The members of this group will have administrative privileges for the Orchestrator engine.

    LDAP configuration part 3
  8. When you ready with the LDAP part, go to the Database configuration. The Orchestrator supports the following database engines:
    -Microsoft SQL Server
    -Oracle Server
    -Microsoft SQL Server Express (experimental)
    -MySQL (experimental)
    -PostgreSQL (experimental)
    Note: Before you select the appropriate engine for Orchestrator, you need to create a new, clean database on the database server and refer to it when you configure the Database name

    Database configuration part 1
  9. After  the connection is established, don’t forget to create the database schema for the selected database.

    Install the database
    Install the database
  10. With a Server Certificate, the Orchestrator Server is able to sign all elements created in Orchestrator and guarantee authenticity. In the Server Certificate tab you can assign an existing Server Certificate, obtain a new one from your Certificate Authority or create a Self-Signed one. I chose to create a Self-Signed one since I didn’t have a configured CA in my test environment.

    Configure the Server Certificate
  11. One of the last steps is to configure the Licenses for the Orchestrator. You can do it on the Licenses tab. Please note that if you want to use the vCenter as a license server (Use vCenter license radio button), you need to provide the certificate for the ssl connection.
    SSL certificate for the connection with the vCenter Server

    Otherwise it’s enough to provide your serial number manually.

    Provide the serial for the Orchestrator
  12. We’re almost ready, so go to the Startup Options. Well, it seems to be that we still need to configure the Plugins before start. Click on the Plugins shortcut.
    We need to configure the Plug-ins first

    In the Plugins section, specify the credentials of an account which is in the vCO Admin group (an Active Directory user in our case). This account will be used for setting up the plugins when the Orchestrator server starts.

    You need to provide an account from the vCO Admin group.
  13. The last part is to start the Orchestrator service. Go back to the Startup Options panel and click on the Install vCO server as a service link. Now click on the Start Service button. It takes a while, but after that you have a fully configured Orchestrator Server. If not, try to restart the service, it usually helps.

    Start the services
  14. Test the connection to your Server. Start the Orchestrator Client (C:\Program Files\VMware\Infrastructure\Orchestrator\apps\vCenter Orchestrator Client). Login with a user from the vCO Admin group.

    Login with a user from the vCO Admin group
  15. Here you are. Now you can start to discover the existing Workflows and Actions.

    Workflows and Actions

As a conclusion I would say that while it’s a little bit tricky to configure the VMware Orchestrator, still easier than using it believe me:).


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s