After the deployment of the vRealize Orchestrator (vRO) appliance covered in my previous post, now I will go through the initial configuration, so it can be turned into a working orchestrator engine, where we can do our future development.
The configuration is done through the HTML5 based vRO Control Center which can be accessed from the following link:
https://(vRO FQDN or IP):8283/vco-controlcenter/config/login.html
You login with the root credentials which you have specified during the appliance deployment. In case you do not remember them, you can reset the root password by following the steps from the KB2150647 .
Once you login, the first thing you can do is to the change hostname. If you have a load balancer, you can specify the FQDN here. This setting can be changed later, too.
vRO can not work if there is no external authentication provider configured. The two options we have are either using vSphere or vRealize Automation
I will use vRealize Automation for my use case. After you enter the vRA host address (load balancer VIP DNS or an individual vRA FQDN), you will be prompted to accept the certificate. After that you will have to provide User name, password and a default tenant for the connection. Tenant should be configured and pointing to an LDAP server, so you can select an active directory security group which will have administrator rights on the appliance.
I’m going to use the default Domain Users group for this purpose.
After you Save the changes, you will get into the vRO Control Center.
Configuring the Certificates
Working with certificates is relatively simplified for vRO 7.x. You can import any certificates you trust either from an URL or from a PEM encoded file. If you want to replace the vRO Appliance self-signed certificate with your own, you can do it from ‘Orchestrator Server SSL Certificate’ tab. The other two setting you can do here is to import another certificate which will be used for signed vRO packages and also specify the trusted certificates from publishers of packages and any other vRO objects you plan to import.
I found these settings as pretty important, that is why I would like to highlight them and I think usually they need to be configured in order to match your expectations for performance, auditability and compliance.
If you use a multi-node active-active vRO cluster, then the numbers might be good, but if you have a single or active-passive cluster, then you may want to decrease the values.
Once you set the settings above you should be ready to start using your vRO. Usually in an enterprise environments, you may need to configure vRO into a cluster for high availability and performance purposes. This will be covered in my next article.
To verify the configurations we have just made, you should be able to login to the vRO either through the new HTML5 client or the legacy Java based. HTML5 client you can access from here: https://(vRO FQDN or IP):8283/vco-controlcenter/client. You should username which is member of the group which we have defined during the authentication provider configuration. HTML5 client should looks like this:
I hope this was useful. Cheers!