This content is part of the Essential Guide: Enable VMware automation with these top tools and techniques

A users' manual to configuring vRealize Orchestrator

Expand the capabilities and functionality of vRealize Orchestrator by following this how-to guide to installing additional third party plug-ins.

If you've been following recent vRealize deployment guides, you're aware that vRealize Orchestrator adds extra...

functionality to an otherwise standard vRealize deployment. Orchestrator tools allow an administrator to provide additional layers of automation and reduce the amount of manual intervention required.

A simple example of automation is expanding the deployment process to interface with external infrastructure or applications. This effectively facilitates things such as automatically adding a newly built virtual machine (VM) to the configuration management database instead of following manual processes. Another example is the automatic allocation of static IP addresses to provisioned hosts.

VRealize Orchestrator (vCO) can be easily expanded by installing additional plug-ins provided by third parties. Orchestrator also offers a useful way to checkpoint servers and manage failures in a predictable way. VRealize Orchestrator has many configurations, including distributed setups where components are split out to provide resiliency and scalability. In a production environment you may want to investigate this; in this example, however, we are using an out-of-the-box configuration, which is sufficient for small scale deployments.

Enabling the inbuilt Orchestrator configuration tool

The Orchestrator configuration tool is built into the vRA appliance, but turned off by default. To enable it, use a secure shell client with the login to the appliance as your root. Once you've logged in, use the following command to enable the configuration tools/front end to configure Orchestrator:

service vco-configurator start

If this is the first time you have run this, it may take a while to complete the initial configuration. 

The initial configuration window for vCenter Orchestrator.
The initial configuration window for vCenter Orchestrator.

After the service start up is finished, the vRO system configuration can be managed via the web-based configuration system. You can check the current status of the vRealize Orchestrator configuration tool by using the following command:

service vco-configuration status

To access the configuration menu, log onto the vRA webpage using the following URL:


The default login is vmware/vmware. After initial login, the administrator is required to change the password. Since the configuration service was started manually, it will only continue until the reboot or the service is stopped.

Most of the configuration from this point can be left alone. For our next step we must complete infrastructure as a service (IaaS) and Active Directory configuration to make the vRealize Orchestrator work as intended.

Checking the status of the vCenter Orchestrator.
Checking the status of the vCenter Orchestrator.

Notice the green dots shown in Figure B. These dots give an instant indication as to the service status. There are four colors for the dots, each with a different significance. Green indicates that the configuration is valid. Red denotes that the configuration has failed or that some error has occurred during configuration. Grey mean that the setting is not configured, and blue dots mean the service is still loading.

The user must also import the certificate for the vCenter. Thankfully, this process is quite straightforward. From the network page click the tab entitled "SSL Trust Manager." Under "Import from URL," type in the vCenter URL (for example: https://vca.test.local/sdk if vca.test.local is your vCenter). Be sure to check the network portion to ensure that the configuration is correct.

To access the Orchestrator development environment, direct your web browser to the Orchestrator client URL. This should appear as https://VRA_Appliance_FQDN:8281/vco/;click on the Orchestrator client.  Since the client is built in Java, you must make sure that you have Java installed for the client application to work properly.

Log on to the client using your single sign-on login; if you are using vSphere 5.5 or above, the login should be [email protected]

Though this screen may look complicated, it is broken down into three simple sections to accommodate the user.

The first drop-down menu near the top of the application dictates what you see and which options are available. The user is then presented with three possible modes -- "Run" "Design" and "Administer" -- which should each serve an obvious purpose. You will notice as you switch between the modes that the tools, layout and options change. The first step is to add in the IaaS configuration as well as configure Active Directory integration.

Drop-down menu options in the vRO application.
Drop-down menu options in the vRO application.

With the drop-down menu set to "Run," select the blue decision tree-like icon (also known as the workflow menu) on the left-hand side and navigate to Library>vCloud Automation Center>Configuration>Add the IAAS host of a vCAC host. Once you have this selected, right-click and select "Start WorkflowAlternately." You could also use the green "play" button, which has the same effect.

The workflow will now run and you will need to enter several details. Where you see "Not set," you will need to click in the box and provide information to complete the workflow.  Any item with a red star requires mandatory input. If an item turns red, some component has failed and you will need to check your inputs. You can run the workflow several times without issue.

Adding an IaaS host.
Adding an IaaS host.

Once this has been configured, we must make sure the Orchestrator is Active Directory-enabled. In run mode, navigate to Microsoft>Configuration>Configure Active Directory Server. Enter the Active Directory host URL (for example, mine is ad.test.local). Enter your context, and then select "Shared Session." The workflow will then allow you to enter your Active Directory credentials. After this is completed, you can click "Submit" and Orchestrator will run the workflow and enable Active Directory integration

In the next segment of this tutorial we will break down the complexity of the workflow and learn how to use the logic and functionality that is built into the Orchestrator.

Next Steps

What are the key differences between vRealize Automation and Orchestrator?

The building blocks of VMware extensibility: vRealize Automation and Orchestrator

Why data center professionals are making the push for IT automation

Dig Deeper on VMware how-tos