If you have to maintain a large VMware vSphere farm, sooner or later you will realize that the number of the requested Virtual Machines are constantly growing from day to day. And the worst thing is that these requests are usually come via mails or from your supervisor directly (“George from the Developers team needs a new server, could you please support him”). Wouldn’t be nice to automate (and control) these request with pre-defined workflows and a provide a web-based form for the VM ordering?
VMware offers the vCenter Lab Manager (http://bit.ly/f3MLYA) for scenarios like this, but the vCenter Orchestrator 4.1 (http://bit.ly/ge3fo2) provides even more. It gives you total freedom, you can create your own workflows and automate your daily tasks within your Cloud. It comes with the vCenter Server, so when you install vCenter, you install Orchestrator as well in the background.
But before you start with workflow developing, you have to configure the Orchestrator. Here are the steps you need to take in order to have your fully functioning Orchestrator Server:
- After the vCenter deployment, login to the webpage of the Orchestrator Configurator to finish the installation. For this, open your browser and type the following address:
The Orchestrator ip address is probably the same as your vCenter’s ip address (in case you installed all components on the same machine).
- Login with the following username and password: vmware / vmware.
- When you in, choose General from the menu on the left and change the default password to a more secure one.
- When you’re ready, go to the Network configuration panel and check your network parameters. On this tab you can also assign a certificate to secure the connection between the Orchestrator and the vCenter Server. The IP address and DNS name is automatically prefilled.
- The next step you need to take is the LDAP configuration. The Orchestrator requires to connect to an LDAP service. It supports Active Directory, eDirectory, and Sun Java System Directory Server, and for evaluation purposes you can turn on the OpenLDAP support as well.
In our case I chose my test Active Directory server, which listens on port 389 (default port of the LDAP protocol). You also need to set the root of your LDAP tree, in distinguished name format (e.g. dc=domainname, dc=org).
Tip1: More information on distinguished names: (http://bit.ly/gJO6Qi).
Tip2: How can I get the distinguished names for my AD objects? Use ADSIEdit.msc (http://bit.ly/i947pv)
- You also need to specify a user (to establish the LDAP connection) and group lookup paths. In case of Active Directory the following formats are accepted:
-simple user name format (user)
-distinguished name format (cn=user, ou=employees,dc=domainname,dc=local) note: this is the only supported format for OpenLDAP, Sun and eDirectory
-principle name format (email@example.com)
- Finally you need to provide an LDAP group for vCO Admins. The members of this group will have administrative privileges for the Orchestrator engine.
- When you ready with the LDAP part, go to the Database configuration. The Orchestrator supports the following database engines:
-Microsoft SQL Server
-Microsoft SQL Server Express (experimental)
Note: Before you select the appropriate engine for Orchestrator, you need to create a new, clean database on the database server and refer to it when you configure the Database name.
- After the connection is established, don’t forget to create the database schema for the selected database.
- With a Server Certificate, the Orchestrator Server is able to sign all elements created in Orchestrator and guarantee authenticity. In the Server Certificate tab you can assign an existing Server Certificate, obtain a new one from your Certificate Authority or create a Self-Signed one. I chose to create a Self-Signed one since I didn’t have a configured CA in my test environment.
- One of the last steps is to configure the Licenses for the Orchestrator. You can do it on the Licenses tab. Please note that if you want to use the vCenter as a license server (Use vCenter license radio button), you need to provide the certificate for the ssl connection.
Otherwise it’s enough to provide your serial number manually.
- We’re almost ready, so go to the Startup Options. Well, it seems to be that we still need to configure the Plugins before start. Click on the Plugins shortcut.
In the Plugins section, specify the credentials of an account which is in the vCO Admin group (an Active Directory user in our case). This account will be used for setting up the plugins when the Orchestrator server starts.
- The last part is to start the Orchestrator service. Go back to the Startup Options panel and click on the Install vCO server as a service link. Now click on the Start Service button. It takes a while, but after that you have a fully configured Orchestrator Server. If not, try to restart the service, it usually helps.
- Test the connection to your Server. Start the Orchestrator Client (C:\Program Files\VMware\Infrastructure\Orchestrator\apps\vCenter Orchestrator Client). Login with a user from the vCO Admin group.
- Here you are. Now you can start to discover the existing Workflows and Actions.
As a conclusion I would say that while it’s a little bit tricky to configure the VMware Orchestrator, still easier than using it believe me:).