When I travel for work, I strive to bring back as many good ideas as I can and implement them in our IT shop. VMworld 2011 offered the opportunity to meet a lot of people, one of those being Cody Bunch who is authoring Automating vSphere: With Vmware vCenter Orchestrator for VMware Press. In talking with Cody, he reminded me something I learned and had forgotten – that every vCenter license includes vCenter Orchestrator for free, bringing a great workflow and automation tool to the masses. For the lesser versions of vCenter (Essential and Foundation), vCenter Orchestrator runs in a ‘player’ mode, allowing you to run workflows but not edit them, but for all vCenter Standard edition, it runs in ‘server’ mode with full functionality. This week, I have been configuring, working in and learning vCenter Orchestrator.
vCenter Orchestrator is installed by default along side of vCenter Server Standard edition and can run on the same host, but in other environments, it may make more sense to deploy it as a vApp instead. If you’re interested in deploying a vApp (which I did not do), see this post from Cody. I’m going to detail my installation procedures as an example of the install, which is fairly simple. These are by NO means the official procedures, just my experience and anything I learned along the way. But first…
What does vCenter Orchestrator Do?
vCenter Orchestrator is, at heart, a workflow tool. It is used to string together a series of tasks that can be kicked off repeatedly and performed on different objects within vCenter and with additional system, using additional plug-ins. It is used to automate repeated tasks that are done in the environment, handle bulk operations and handle integration points. It can be used to receive actions from help desk and monitoring systems and kick off actions based on tickets or alerts.
As I have written about before, I have come to define a cloud as an pool of compute, storage and networking resources with a self-service portal and lifecycle management to automate provisioning, management and decommissioning systems. The key to this definition is in the automation and workflow of processes. Although it is not as advanced, I think vCenter Orchestrator can represent a solid first step towards automation and workflowing deployments and management of datacenter assets. Said another way, I think its a solid first step for many organizations towards the cloud.
My Installation Procedures (as an example)
In our environment (and I assume in most), vCenter Orchestrator is installed by default along with vCenter Server. The primary requirement to bring up vCenter Orchestrator is an additional database, either Oracle or Microsoft SQL Server. Before you begin, you will want to know the following things:
- Database server, user account and password and database name for vCenter Orchestrator
- Basics of your LDAP configuration and have an account with read access to LDAP
- Have a LDAP group which can be assigned as the vCenter Orchestrator administrators group.
- The name of vCenter Server and an active user account to access the license for vCO.
To begin the installation process, you navigate to the VMware folder on the Start menu and choose vCenter Orchestrator Configuration. A web page launches and you login with the generic vmware/vmware login to begin configuration.
- For security, the first step is to change the generic password to something specific for your environment. To do this, click the “Change Password” tab under the General section.
The next step is to configure the network configuration, which is fairly simple. Choose Network on the left sidebar. Once it loads, there is a drop-down list of IP addresses assigned to the server along with the DNS name to get to the vCenter Orchestrator configuration. Click Apply Changes and we’re moving along. In addition to the network, the SSL Certificate is also located here.
- I chose to use the same SSL certificate as my vCenter Server, so to do that use the “Import from URL” option, type in the URL of your vCenter server, and click Import. The URL would be similar to “https://vcenterserver.domain.int“.
After network, you should configure your LDAP integration, so choose the LDAP option on the left sidebar. You will need an account capable of reading your LDAP (likely Active Directory in many shops). You have a choice of Active Directory, eDirectory or Sun Java Directory as the LDAP client mode. Fill in the server names of your LDAP servers (domain controllers). You will fill in the LDAP root, for instance “DC=domain,DC=int“, depending on your configuration. At this point, fill in your username. For Active Directory, it can be DOMAIN\username, email@example.com, or full LDAP distinguished name format. In my configuration, firstname.lastname@example.org format worked. Fill in a password and then apply changes.
Go back down to the “User lookup base:” option and then click Search located to the right of the text field. If everything is configured correctly above, you should be able to query the LDAP server and locate the OU or CN where your users are located.
- One problem that I ran into with a generic AD configuration, with users stored in the default “Users” folder, is that Orchestrator expects an OU and not a “CN=Users,DC=domain,DC=int“. I had to configure the User and Group Roots to be the same as my Root. Your mileage my vary depending on your LDAP configuration.
Last, but not least, you must choose a group in LDAP that defines who is an administrator in vCenter Orchestrator. So at the “vCO Admin group:” option, choose Search and find the group. Apply changes, and then use the Test Login option to test everything.
Next up is the Database configuration. This is fairly straight forward. Choose the type of database from the drop-down menu. Enter the username and password to login to the database server. Enter the FQDN of the database server and the port that the database is listening on. Finally, enter the database name and instance (if needed). For Windows Authentication, you may need to enter a domain and tick the “Use Windows authentication mode (NTLMv2)” option. Apply Changes and if everything communicates, you will be presented the option at the top to install the database (initialize it with the vCO schema). If there are communication errors, those will be presented. Just continue to tweak the configuration until everything communicates.
Finally, license. vCenter Orchestrator shares a vCenter license, so it will communicate with vCenter’s licensing service and pick up its license. You will need to fill in the name of the vCenter server, the port that web services are running on (443 is default, unless you have modified the configuration). The path will be “/sdk” and then you should add a username and password who can login to vCenter.
- I do not know what permissions this account needs in vCenter to read the license, but from a security perspective, I would try to limit it to only the permissions required. I’ll take that as a to-do for myself.
Once the configuration is done, you’re ready to restart services and hopefully everything starts up with green lights all the way down the left-hand sidebar. I found the installation very intuitive and simple to complete. I was able to have vCenter Orchestrator up and running in just an hour or so.
I have scheduled a couple of the out-of-box workflows to handle some weekly tasks in my environment. It is fairly straight forward to do this, but I’m just getting my feet wet at this point. Building a workflow seems daunting at this point, even if its just drag and drop. So, I have pre-purchased and I would recommend Cody’s forthcoming book to help you and I get a better handle on how to leverage vCenter Orchestrator.
I have, also, lamented in the past that the value of vSphere seems to be eroding, but I believe that a powerful workflow tool like Orchestrator could be a big boost to the value in many organizations. It is up to customers, like myself, to leverage the weapons that VMware provides and bundles for free to increase the value that vSphere provides.
Getting a few minutes to talk with Cody was one of the more useful conversations during my trip to VMworld. I have found a great foundation of information through his blog that you will find helpful, too. Check out all of his (free) resources on his blog at ProfessionalVMware.com.