Configure vRealize Orchestrator 8.1

How to Configure vRealize Orchestrator 8.1

In a previous article I documented steps required to install the latest VMware vRealize Orchestrator 8.1. After vRO deployment, you have to go through the initial configuration of the application. In this article I will show you how to configure a standalone vRealize Orchestrator 8.1 with vSphere authentication.

By default the password expiry of the root account of the vRealize Orchestrator Appliance is set to 365 days. If you choose to extend the expiration period, you can do that opening a SSH connection to the vRO appliance and running this command:

passwd -x number_of_days_to_expire root

Configure vRealize Orchestrator - Change Password Expiration Policy

While you are connected to the SSH, you can also run a check for proper DNS resolution, forward and reverse:

nslookup vro_FQDN

nslookup vro_IP_address

Configure vRealize Orchestrator - Check DNS Resolution

Configure vRealize Orchestrator 8.1

Open a browser and access the Control Center URL: https://vro_FQDN/vco-controlcenter. If you only see a “Bad Gateway” message, most likely vRO did not started yet, it may take a fair amount of time to be up. Try again later till you see the login form, then use the root credentials configured at deployment time to login.

Configure vRealize Orchestrator - Login to Control Center

After a successful login, you will see the Control Center dashboard. Click on “Configure Authentication Provider”.

Configure vRealize Orchestrator - Control Center

From the “Authentication mode” drop down choose vSphere. Enter your vCenter FQDN in the “Host address” text box. Click “Connect”.

Configure vRealize Orchestrator - Configure Authentication Provider

You will receive a warning about the self-signed certificate for vCenter Server. Check the certificate details and click “Accept Certificate”.

Configure vRealize Orchestrator - Accept vSphere Certificare

You need to enter authentication details for vCenter Server. Enter user name, password and the default tenant, then click “Register”.

Configure vRealize Orchestrator - Identity Service Credentials

The next step is to grant vRO administrator permissions to a vCenter group. Enter part of the group name into the “Admin group” text box and click “Search”.

Configure vRealize Orchestrator - Configure Admin Group

The form will load the corresponding groups from vCenter Server. Choose the one you want to grant administrative permissions on vRO.

Configure vRealize Orchestrator - Select Admin Group

Check if everything looks correct and then click on “Save Changes” button.

Configure vRealize Orchestrator - Save Changes

Go back to the vRO Control Center homepage and click on “Validate Configuration”. Most likely you will see 2 errors: “A server restart is required because of a configuration change that is not yet applied” and “The Orchestrator cluster is in an inconsistent state”. Both errors are expected. After you changed the vRO authentication configuration, a restart of the service is required. This is done automatically in about 2-3 minutes. Take a cup of coffee or tea and after few minutes click “Refresh”.

Configure vRealize Orchestrator - Validate Configuration

If you had enough patience for the service restart to be completed, you should see everything in green.

Configure vRealize Orchestrator - Validate Configuration OK

Configure vRealize Orchestrator – Add a vCenter Server Instance

The last configuration for the day is to add a vCenter Server instance to the managed inventory of vRO. Go to the Orchestrator Client URL (https://vro_fqdn/orchestration-ui) and login with the administrator user. Click on “Workflows” under “Library” category in the left menu.

Configure vRealize Orchestrator - Orchestrator Client

Here you can filter the workflows searching for “Add a vCenter Server Instance” workflow. Alternatively you can use the returned tree view of hierarchical folders (click on the “tree” icon in the top right of the workflows page and then navigate to Library -> vCenter -> Configuration -> Add a vCenter Server Instance).

For other new features of vRO 8.1 you can check this article: VMware vRealize Orchestrator 8.1.

Click “RUN” link next to the workflow name.

Configure vRealize Orchestrator - Add vCenter Server Instance

You need to enter the vCenter FQDN and change the HTTPS port (if needed). Check both “Will you orchestrate this instance?” and “Do you want to ignore certificare warnings” checkboxes. Click on “Set the connection properties”.

Configure vRealize Orchestrator - Set vCenter Server Instance Properties

Keep “Do you want to use a session per user…” checkbox checked, then enter the details of the vCenter username that will be used to connect vRO. All future vRO workflows that connect to vCenter will run on vCenter authenticated as this user. Click “Run”.

Configure vRealize Orchestrator - Set vCenter Server Connection Properties

After a brief wait period, you will hopefully see the green completed workflow. If you get an error, run again the workflow and check every details that you provided.

Configure vRealize Orchestrator - Run Add vCenter Server Instance Workflow

You can check the result of the run by going to the the “Inventory” link from “Administration” category in the left page menu. Expand “vSphere vCenter Plug-in” and you will see the tree of all the objects from the vCenter inventory. If you are a beginner in vRealize Orchestrator it is a good exercise to drill-down into the vCenter objects, click on them and see the properties available to use in workflows. If you are familiar with “Managed Object Browser” or MOB from vCenter, this is a very similar view of your vCenter instance.

Configure vRealize Orchestrator - vCenter Server Inventory

With this you can consider the initial configuration of vRealize Orchestrator 8.1 finished. Enjoy the vRO scripting 🙂

Constantin Ghioc

I usually play with vSphere API, Ansible, vRealize Automation, vRealize Orchestrator, and different AWS tools. In my other life I’m a husband and a father, an amateur photographer and a Go enthusiast.

Leave a Reply