With vSphere 5.5 Orchestrator now ships as an appliance. I had quite a few problems implementing it and wanted to document my process, mostly in case I need to do this again.
When you deploy the OVA/OVF for Orchestrator 5.5 you will be prompted to accept the EULA and enter a bunch of parameters including passwords for the default “root” and “vmware” users. In my experience skipping any of the fields will blow up the installation and specifying a non-complex password will cause problems later. Neither of those issues is called out during the deployment.
After the appliance deploys and powers up you can connect to it using http://<ipaddress> (NOT https://<ipaddress>) which will then redirect you to https://<ipaddress>:8281/vco which server as the “home page” providing links to log into the application (the three links under “Getting Started with..”) or configure the application (“Orchestrator Configuration”).
Note that none of those links will let you configure the appliance itself, which is https://<ip>:5480
| Purpose | Link | User |
| Appliance Mgt | https://<ip>:5480 | root |
| App Service | https://<ip>:8283 | vmware |
| App Admin | https://<ip>:8281/vco/client/client.jnlp | tbd* |
| App User | https://<ip>:8281/vco/vmo/weboperator | tbd* |
tbd* – you are required to configure the application to authenticate to an outside identity source before these links can be used.
To configure the service to authenticate users as well as connect to vCenter servers you will need to connect to https://<ip>:8283/ with a user name of “vmware” and the password you set for that user during the install.
Select Authentication and configure it to authenticate your users.
Note that “Root Element” refers to the domain the LDAP server provides names for, “User name” accepts many formats – I use the “username@domain” format. The OUs listed for User and Group Lookup Base must exist. And my favorite, the vco admin group must exist and must contain users.
Once Authentication is configured you can test it from the Test Login tab. In my experience you should then restart the service from the Startup Options on the left hand column before trying to authenticate users with the application.
At this point you can authenticate users who connect with any of the options under the “Getting Started with Orchestrator” section of the home page. However you will not be able to access vCenter servers.
You add a vCenter server from the vCenter Server option on the left hand menu. Note that your first step is to add the SSL certificate, which can be started using the “SSL Certificates” option on the vCenter Server menu – or just go to Network / SSL Trust Manager (which is where the “SSL Certificates” link will direct you to)
Add the IP address or FQDN of your vCenter server and select “Import”
Click “Import” to save the certificate.
Return to the vCenter Server menu option and select the “New vCenter Server Host” tab
Enter your vCenter server information and select “Apply Changes”
If you receive a message similar to:
com.vmware.vim.vmomi.client.exception.SslException: com.vmware.vim.vmomi.core.exception.CertificateValidationException: Server certificate chain not verified
You skipped the previous step to add the vCenter SSL Cert to Orchestrator.
You can now ensure Java is installed and connect to Orchestrator as a user with either of the App Admin or App User links above. Note that if you have added Active Directory as your identity source you do not need to specify the domain when you login (ie “Joe” not “domain\Joe”).
Happy Orchestrating!
Pingback: Welcome to vSphere-land! » vSphere 5.5 Link-O-Rama
Pingback: Virtualization Links | longforest