Setting Up Orchestrator Components
You can install Orchestrator on a computer running Microsoft Windows or you can download and deploy the Orchestrator Appliance. In both cases, the Orchestrator server is preconfigured, and after successful installation or deployment, the service starts automatically.
To enhance the availability and scalability of your Orchestrator setup, you can follow several guidelines :
Install Orchestrator on a computer different from the computer on which vCenter Server runs.
Install and configure a database and configure Orchestrator to connect to it.
Install and configure an LDAP server or a VMware vCenter Single Sign-On server and configure Orchestrator to work with it.
Orchestrator Configuration Maximums:
Connected vCenter Server systems 20
Connected ESX/ESXi servers 1280
Connected virtual machines spread over vCenter Server systems 35000
Connected virtual machines spread over vCenter Server systems per an Orchestrator cluster node 15000
Concurrent running workflows 300
Increasing the number of vCenter Server instances in your Orchestrator setup causes Orchestrator to manage more sessions. Each active session results in activity on the corresponding vCenter Server, and too many active sessions can cause Orchestrator to experience timeouts when more than 10 vCenter Server connections occur.
PS: You can run multiple vCenter Server instances on different virtual machines in your Orchestrator setup if your network has sufficient bandwidth and latency. If you are using LAN to improve the communication between Orchestrator and vCenter Server, a 100Mb line is mandatory.
To authenticate and manage user permissions, Orchestrator requires a connection to an LDAP server or a connection to a vCenter Single Sign-On server.
Orchestrator supports the Active Directory, OpenLDAP, eDirectory, and Sun Java System Directory Server directory service types.
When you install Orchestrator together with vCenter Server, the Orchestrator server is preconfigured to use vCenter Single Sign-On as an authentication method.
When you install Orchestrator standalone, it is preconfigured to use an embedded LDAP server. The embedded LDAP server is suitable for testing purposes only. If you want to use Orchestrator with an LDAP server in a production environment, you must set up a separate LDAP server and configure Orchestrator to connect to it.
If you download and deploy the Orchestrator Appliance, the Orchestrator server is preconfigured to work with the OpenLDAP server distributed together with the appliance. The default OpenLDAP configuration is suitable for small- or medium-scale environment. To use Orchestrator in a production environment, you must set up either an LDAP server or a vCenter Single Sign-On server and configure Orchestrator to work with it.
To use LDAP server, you must connect your system to the LDAP server that is physically closest to your Orchestrator server, and avoid connections to remote LDAP servers. Long response times for LDAP queries can lead to slower performance of the whole system.
To improve the performance of the LDAP queries, keep the user and group lookup base as narrow as possible. Limit the users to targeted groups that need access, rather than to whole organizations with many users who do not need access. The resources that you need depend on the combination of database and directory service you choose. For recommendations, see the documentation for your LDAP server.
To use the vCenter Single Sign-On authentication method, you must first install vCenter Single Sign-On. If you install Orchestrator separately from vCenter Server and want to use vCenter Single Sign-On, you must configure the Orchestrator server to use the vCenter Single Sign-On server that you installed and configured.
Orchestrator Database Setup:
Orchestrator requires a database to store workflows and actions.
If you install Orchestrator together with vCenter Server, the Orchestrator server is preconfigured to use the vCenter Server datasource (vDB) and no additional configuration of the database is required. However, if
you need to use a separate database, you can configure Orchestrator to use a dedicated database by using the Orchestrator configuration interface.
If you install Orchestrator separately from vCenter Server, the Orchestrator server is preconfigured to use an embedded database, which is suitable for testing purposes only. When the database is embedded, you cannot set up Orchestrator to work in cluster mode, or change the license and the server certificate from the Orchestrator configuration interface. To change the server certificates without changing the database settings, you must run the configuration workflows by using either the Orchestrator client or the REST API.
To use Orchestrator in a production environment, you must set up a dedicated Orchestrator database. You can configure the Orchestrator server to use either the vCenter Server datasource, or another database that you have created for the Orchestrator server.
If you download and deploy the Orchestrator Appliance, the Orchestrator server is preconfigured to work with the PostgreSQL database distributed with the appliance. The default Orchestrator Appliance database configuration is suitable for small- or medium-scale environment. To use Orchestrator in a production environment, you must set up a database and configure Orchestrator to work with it.
Orchestrator server supports Oracle, Microsoft SQL Server, and PostgreSQL databases. Orchestrator can work with Microsoft SQL Server Express in small-scale environments consisting of up to 5 hosts and 50 virtual machines.
Configure SQL Server Express to Use with Orchestrator:
You can use Microsoft SQL Server Express in small-scale environments.
Orchestrator can work with SQL Server Express when the deployment does not exceed 5 hosts and 50 virtual machines.
To use SQL Server Express with Orchestrator, you must configure the database to enable TCP/IP.
1 Log in as an administrator to the machine on which SQL Server Express is installed.
2 Click Start > All Programs > Microsoft SQL Server 2008 R2 > Configuration Tools > SQL Server Configuration Manager.
3 Expand in the list on the left.
4 Click Protocols for SQLEXPRESS.
5 Right-click TCP/IP and select Enable.
6 Right-click TCP/IP and select Properties.
7 Click the IP Addresses tab.
8 Under IP1, IP2, and IPAll, set the TCP Port value to 1433.
9 Click OK.
10 Click on the left.
11 Restart the SQL Server.
Import the Database SSL Certificate:
If your database uses SSL, you must import the SSL certificate to the Orchestrator configuration interface and activate secure connection between Orchestrator and the database.
You can import the database SSL certificate from the SSL Trust Manager tab in the Orchestrator configuration interface.
- Configure your database for SSL access. See your database documentation for instructions.
- Obtain a self-signed server certificate or a certificate that is signed by a Certificate Authority.
- Explicitly specify the trusted certificate to perform the SSL authorization correctly.
1 Log in to the Orchestrator configuration interface as vmware.
2 Click Network.
3 In the right pane, click the SSL Trust Manager tab.
4 Load the database SSL certificate from a URL or a file.
Import from URL Type the URL of the database server:
Import from file Obtain the database SSL certificate file and browse to import it.
5 Click Import.
A message confirming that the import is successful appears.
6 Click Startup Options.
7 Click Restart the vCO configuration server to restart the Orchestrator Configuration service after adding a new SSL certificate.
The imported certificate appears in the Imported Certificates list. The secure connection between Orchestrator and your database is activated.