Monday, 30 July 2012

VMware Automation Tools: vCenter Orchestrator 4.2.1 - Part1

vCenter Orchestrator (vCO) is a workflow based automation tool that is used to automate each action in vCenter. The workflow defines the sequence of events which will be implemented. Its similar to defining a flow chart which will run as automated script.

vCO is installed as part of vCenter installation, however, you need to configure it in order to start using it. Therefore, vCenter and vCO are both running on the same server Windows 2008 x64 R2. In addition vCO requires separate LDAP server as well as backend Database (this should be separate from vCenter DB). You can use VMware HCL to check the supported LDAPs and DBs.

vCO Initial Configuration Steps

Step 1 In vCO server, start VMware vCenter Orchestrator Configuration service by navigating to windows services console (Start > Run > services.msc). By default, this service is set to Manual and Stopped.

Step 2 Open vCO configuration wizard by navigating to Start > All Programs > VMware > vCenter Orchestrator Web Configuration. Login using the default credentials which as username: vmware and password: vmware.

Step 3 Once login is successful, you will find that all options in the left pane are red, i.e. non of them is configured. Start with configuring Network. You need to select the IP address where vCO will be listening (leave all default port numbers).
Step 4 Under LDAP, configure vCO to connect to AD server by supplying the AD type (Microsoft AD), root DN (e.g. dc=vmware,dc=com), IP address, username, and password.

Note: username should be in UPN format.

You need to define User Lookup Base which will define the locations to search for users when authenticating against AD. Similarly Group Lookup Base should be configured.

You need to configure vCO Admin Group (e.g. cn=Administrators,cn=Users,dc=vmware,dc=com). This is important to define the admins which are having read/write access to workflows. When a user is trying to login to vCO Client, he needs to authenticate against AD. In case the group where the user resides is matching vCO Admin Group, he will be considered as vCO admin, else read-only access to workflow is granted.

Step 5 After you setup your DB server, you need to configure vCO Database section. I have used the same MSSQL 2008 Express which is installed during vCenter Server installation. Using SQL Management Studio, I have created new DB called vCO_DB. Here are the properties of the DB

Based on my DB I have configured vCO DB as follow:
After submitting the changes, you need to click the Install Database link to install the database tables that vCenter Orchestrator needs in your DB server.

Step 6 In Server Certificate section, you can either create self-signed certificate or Import a valid certificate. This will be used by vCO client to connect to vCO server.

Step 7 You need to import vCenter SSL certificate into vCO in order to establish a secure connection. From vCenter Server tab select SSL Certificate link and import vCenter certificate from the following location C:\ProgramData\VMware\VMware VirtualCenter\SSL\rui.crt.

Step 8 Although vCO and vCenter are installed on same server, they don't share the license automatically.  Here you need to apply vCenter Lic by supplying the details of vCenter Server to connect (IP, username, password, lic path, etc) or you can import vCenter Lic manually.

Note: Based on vCenter Lic, vCO will operate in two modes:

  • For a vCenter Server Standard license, vCenter Orchestrator operates in Server mode. This provides full access to all Orchestrator elements and the ability to run and edit workflows.
  • For a vCenter Server Foundation or vCenter Server Essentials license, vCenter Orchestrator runs in Player mode. You are granted read-only permission on Orchestrator elements, and you can run workflows, but you cannot edit them.

Step 9 You need to configure Plugins Tab in order to get vCO working. You need to select which plugins to enable and supply a username/password from LDAP which resides in vCO Admin Group.

Plugins are used to add extra functionalities to workflow engine in vCO (similar to snap-in in PowerCLI)

Step 10 In this step will be adding vCenter Server to vCO in order to control and automate. This is done from vCenter Server tab. You need to supply vCenter Server details including IP, username, and password.

Step 11 As a last step, navigate to Startup Options tab and click Install vCO Server As a Service link. Once completed click Start Service link.