Installing and configuring vCO virtual appliance

vCenter orchestrator is one of the tools which is most underestimated however very, very powerful. vCO brings automation to the next level and helps admins, engineers to orchestrate and integrate your cloud with the rest of management systems.

In general vCO is available in few versions:

  • on Windows platform as standalone server – download vCO installer and run it on Windows box
  • as a virtual appliance – configuration
  • installed along with vCenter server on Windows box
  • deployed along with vCloud Automation Centre Appliance – big advantage of enabling vCO on vCAC appliance are:
    • quicker configuration
    • always up to date plugins for vCenter server and vCloud Automation Center
    • higher level of integration with vCAC
Quick how to configure vCenter Orchestrator Appliance  standalone server.
  • Download and deploy vCO virtual appliance

[box type=”warning”] Note: Remember initial password, you will needed during configuration process[/box]

  • Log in to vCO:
    • Administration Interface https://vco01.lab.local:5480 with root user name and initial password
    • vCO configuration interface https://vco01.lab.local:8283 with vmware user name and initial password

vCO configuration panel

Import a vCenter Server SSL Certificate and License

vCO appliance is deployed with default 90 days license, The Orchestrator configuration interface uses a secure connection to communicate with vCenter Server. You can import the required SSL certificate from a URL or a file

Import Certificate
  • Log in to the Orchestrator configuration interface as vmware.
  • Click Network.
  • In the right pane, click the SSL Certificate tab.
  • Load the vCenter Server SSL certificate in Orchestrator from a URL or a file.
    • Import from URL <vcenter-server-ip:443>
    • Import from a file
      • Obtain the vCenter Server certificate file. The file is usually available at the following locations:
      • Widows vCenter server  default path is – C:\Documents and Settings\AllUsers\ApplicationData\VMware\VMware VirtualCenter\SSL\rui.crt
      • vCenter server appliance – /etc/vmware/ssl/rui.crt
Import License
  • Log in to the Orchestrator configuration interface as vmware.
  • On the vCenter Server License tab, click Use vCenter Server license.
  • Set the details about the vCenter Server machine on which Orchestrator must verify the license key.
  • Click Apply to import license from vCenter server
Import vCO license

Import vCO license

Configure authentication

vCO supports several authentication methods such as:

  • LDAP
    • eDirectory
    • Active Directory
    • openLDAP
    • build in openLDAP
  • SSO

By default vCO is configured to use build in openLDAP

[box type=”warning”] NOTE: Before you start, make sure SSO certificate is already imported to vCO, if not – follow import procedure from a top of the post.[/box]

  • Log in to the Orchestrator configuration interface as vmware.
  • On the vCenter Server Authentication tab,
  • From authentication method choose SSO Authentication
  • Click on advance button and replace localhost with vCenter server SSO IP or vCloud Identity appliance IP like on the screen below

[box type=”info”] Choose the same SSO which is used by vCenter server, otherwise you will not be able to conect vCO to vCenter server :-/[/box]

Configure SSO authentication method

Configure SSO authentication method
  • Click on register orchestrator to apply configuration
SSO authentication configured
SSO authentication configured
Assign rights to vCO

There are several authentication sources you can choose from when configuring admin access rights to vCO. You can use, SSO groups, AD groups or vCenter local host groups.

  • On the same page as above scroll down and from drop-down menu choose group which members will have administrator rights to vCO
  • Click update orchestrator configuration, in below example vco-admins in domain lab.local will have an admin access to vCenter Orchestrator.
vCO admin group

vCO admin group

Register  Orchestrator in vCenter server to Work with the vSphere Web Client
  • Log in to vCenter server via web client as a vCenter Orchestrator administrator
  • From home page  go to vCenter orchestrator plugin –> Orchestrator servers –> Manage
  • Click on the vCenter server and  edit configuration and provide FQDN or IP of vCO server.
add vCO to vCenter

add vCO to vCenter

  • That’s it, after this operation you can manage workflows from vSphere Web Client.
vCO workflows in vSphere Web Client

vCO workflows in vSphere Web Client

Configure vCenter Orchestrator on vCloud Automation Center appliance.

During vCO configuration on vCAC, most of the steps are exactly the same like if you would configure

  •  Log in to vCloud Automation Center appliance and type service vco-configurator start

  •  verify if service status, type service vco-configurator status

  •  verify vCO server runs and its run level is 3:on

  •  Log in to vCO configuration Web GUI, https://<vCAC Appliance IP>:8283/ in my example it will be https://vca01.lab.local:8283 , default user name is vmware and password vmware
  • import vCenter server certificate
  • import SSO certificate
  • Optional – register vCO to SSO, if your vCAC appliance use vCenter server SSO  there is no need to register vCO into SSO.
  • import vCenter server license
  • add vCenter server to vCO
vCenter server

vCenter server

  • Assign administrator right to vCO

[box type=”warning”] By default vCO service in vCloud Automation Center Appliance is stopped, before connection vCO to vCenter server make sure service is started 🙂[/box]

  • Register vCO server into vCenter server

Artur Krzywdzinski

Artur is Consulting Architect at Nutanix. He has been using, designing and deploying VMware based solutions since 2005 and Microsoft since 2012. He specialize in designing and implementing private and hybrid cloud solution based on VMware and Microsoft software stacks, datacenter migrations and transformation, disaster avoidance. Artur holds VMware Certified Design Expert certification (VCDX #077).