configuration and usage guide - vmware · overview 7 lifecycle manager components 7 key features 8...

Configuration and Usage GuideVMware® Lifecycle Manager - Customization Option

VMware, Inc.3401 Hillview Ave.Palo Alto, CA 94304www.vmware.com

2 VMware, Inc.

Configuration and Usage Guide

You can find the most up-to-date technical documentation on our Web site at:

http://www.vmware.com/support/

The VMware Web site also provides the latest product updates.

If you have comments about this documentation, submit your feedback to:

[email protected]

© 2008 VMware, Inc. All rights reserved. Protected by one or more U.S. Patent Nos. 6,397,242, 6,496,847, 6,704,925, 6,711,672, 6,725,289, 6,735,601, 6,785,886, 6,789,156, 6,795,966, 6,880,022, 6,944,699, 6,961,806, 6,961,941, 7,069,413, 7,082,598, 7,089,377, 7,111,086, 7,111,145, 7,117,481, 7,149,843, 7,155,558, 7,222,221, 7,260,815, 7,260,820, 7,269,683, 7,275,136, 7,277,998, 7,277,999, 7,278,030, 7,281,102, and 7,290,253; patents pending.

VMware, the VMware “boxes” logo and design, Virtual SMP and VMotion are registered trademarks or trademarks of VMware, Inc. in the United States and/or other jurisdictions. All other marks and names mentioned herein may be trademarks of their respective companies.

Configuration and Usage Guide Revision: 20080331Item: EN-000002-00

http://www.vmware.com/support/

http://www.vmware.com/support

mailto:[email protected]

VMware, Inc. 1

Contents

About This Book 5

Overview 7Lifecycle Manager Components 7Key Features 8

Authorization Elements 11Authorization Elements 11

Inventory 12Scripting 12Logging 12

Logging Persistence 12Non‐Persistent Logs 13Persistent Logs 13

Attribute Editor 13

Workflows 15Workflows Overview 15Attributes 16

Locking 16Input parameters 16Output Parameters 16Schema 16

Schema Elements 17Schema Elements Properties 18

Element Name 18Element Color 18External Interaction 18Business Status 19

Understanding Links and Bindings 19Exception Handling 20

Element Links 20Element Binding 21

VMware, Inc. 2

Contents

Editing Workflow Schema 21Adding Elements 21Connecting Elements 22

Credentials 23Workflow validation 24Workflow Presentation 25

Presentation Layout 25Presentation Parameter Qualifiers 26Description Field 30

Execution 30Workflow Token Attributes 30Execution Flow 31Workflow Token Check Pointing 31End of Workflow 31

Simple Loop Example 31Presentation 33Optional Enhancements 36Actions 36

Using Actions in Workflow Elements 37Using Actions in Workflow Presentations 37Using Actions in Webviews 38

Resource Elements 38Policy Templates 38

Policies 39Policy Template 40Policy Elements 40

Events 40

Configuring the Server 41Configuration Elements 41Installing VMO Applications 42

Configuration Elements 43Network Connections 44

IP Addresses and DNS Names 44SSL Certificates 46LDAP 46

Building the LDAP Look Up URL 46Using Encrypted Certification 47Browsing Credentials 47

VMware, Inc. 3

Contents

Active Directories Discovery 48VMO Specific Rights 48

Common LDAP Errors 48Database Selection 49

MySQL Drivers 49Database Settings 49

Install Database 50Database Parameters 51

Licenses 51Server Certificate 51

Max Number of Events 52Max Number of Executions 52Web Auto Login 52Webview Development Enable 52Server 52Plugin General 53

Operational Elements 53Log 53

Troubleshooting 54Plugin Configuration Elements 55

Mail 55JDBC 55Microsoft 56

Building the LDAP look up URL 56Using Encrypted Certification 56Browsing Credentials 56

SNMP 57Creating a New Connection with a SNMP Agent 57Creating a New OID 57SSH 58VMware VirtualCenter 1.4.x 58VMware Virtual Infrastructure 3 60XML 61

My VMO View 63Configuration Elements 64Using Packages 65

Package Content 65Plugin Packages 65Exporting Packages 66

VMware, Inc. 4

Contents

Importing Packages 66Getting or Synchronizing Remote Packages 67

Locking 68Webviews 69

Webview Terminology 69Editing Webview Elements 70Importing and Exporting 70

Tasks 70Creating a New Task 71

Recurrence Pattern 72

Migration 73Overview 73Migration Options 74

The Extra Safe Way 74Standard Upgrade 75

VMware, Inc. 5

This guide, the Configuration and Usage Guide: VMware Lifecycle Manager ‐ Customization Option, provides information about configuring, migrating, and using VMware® Orchestrator Platform.

Intended AudienceThis book is intended for anyone who needs to install, upgrade, or use the Orchestrator Platform. Users typically include people who perform software development and testing or work with multiple operating systems or computing environments, including software developers, QA engineers, trainers, salespeople who run demos, and anyone who wants to manage virtual machines.

Document FeedbackVMware welcomes your suggestions for improving our documentation. If you have comments, send your feedback to:

[email protected]

Technical Support and Education ResourcesThe following sections describe the technical support resources available to you. To access the current versions of this book and other books, go to:

http://www.vmware.com/support/pubs.

About This Book

http://www.vmware.com/support/pubs

mailto:[email protected]

Configuration and Usage

6 VMware, Inc.

Online and Telephone SupportUse online support to submit technical support requests, view your product and contract information, and register your products. Go to:


Customers with appropriate support contracts should use telephone support for the fastest response on priority 1 issues. Go to:

http://www.vmware.com/support/phone_support.html

Support OfferingsFind out how VMware support offerings can help meet your business needs. Go to:

http://www.vmware.com/support/services

VMware Education ServicesVMware courses offer extensive hands‐on labs, case study examples, and course materials designed to be used as on‐the‐job reference tools. For more information about VMware Education Services, go to:

http://mylearn1.vmware.com/mgrreg/index.cfm


http://www.vmware.com/support/phone_support.html

http://www.vmware.com/support/services

http://mylearn1.vmware.com/mgrreg/index.cfm

VMware, Inc. 7

1

The Lifecycle Manager is server‐based software that allows you to create and execute automated, configurable processes to manage virtualized computing environments.

This chapter contains the following information:

“Lifecycle Manager Components” on page 7

“Key Features” on page 8

Lifecycle Manager ComponentsLifecycle Manager provides the following:

Persistence

Centralization

Check‐pointing, version control

Workflow

Policy and scripting engines

Advanced security functions, such as the following:

Access control

Rights management (DRM)

Public Key Infrastructure (PKI)

Secure Sockets Layer (SSL) encrypted communications

Overview 1


8 VMware, Inc.

Orchestrator Platform is not a virtualization management tool but, rather it is an orchestration layer that abstracts multiple virtualization technologies from the business processes that rely on them. It is an open platform that provides a comprehensive set of tools to efficiently manage your virtual IT environment. There is a library of more than 400 processes that capture best practices and allow you to work with the available 800 API objects.

With Orchestrator Platform, you can do the following:

Run VMware® Orchestrator, the pre‐packaged application solution

Create new, or customize existing, application solutions

Manage the process lifecycle

Key FeaturesThe features of Lifecycle Manager include the following:

Persistence

Production grade external databases are used to store relevant information, such as processes, process executions and states, and configuration information.

Central management

Orchestrator Platform provides a central way to manage your processes. The application server‐based platform, with full version history, allows you to have scripts and process‐related primitives in one place. This way, you can avoid scripts without versioning and proper change control spread on your servers.

Check‐pointing

Every step of a process is saved in the database, which allows you to restart the server without losing state and context. This is especially useful for long running processes.

Versioning

All Orchestrator Platform objects have an associated version history. This allows proper change management when distributing processes to different project stages or locations.

Scripting engine.

The Mozilla Rhino JavaScript engine provides an easy and powerful way to create new building blocks for Orchestrator Platform. The scripting engine is enhanced with version control, variable type checking, name space management and exception handling. It can be used in the following building blocks:

VMware, Inc. 9

Chapter 1 Overview

Actions

Workflows

Policies

Workflow engine

The workflow engine allows you to capture business processes. It uses one of the following to create a step‐by‐step automation:

Building blocks of the library

Building blocks provided by the customer

Plug‐ins

Users, a schedule, or a policy can start workflows.

Policy engine

The policy engine allows monitoring and event generation to react to changing conditions. Policies can aggregate events from the platform or any of the plug‐ins, which allows you to handle changing conditions on any of the integrated technologies.


10 VMware, Inc.

VMware, Inc. 11

2


“Authorization Elements” on page 11

“Attribute Editor” on page 13

Authorization ElementsAn authorization element is used to allow access to an inventory element in Webviews. By default, when a user is asked to select an inventory element in a webview, the system browses all the authorization elements to check if this element is authorized to be used by the current user. This check is made for every single object in the Webview.

Figure 2-1.

An authorization check is made for every object in isolation. There is no hierarchical check. If a user has access to an element, he does not automatically have access to the parent and children.

Authorization Elements 2


12 VMware, Inc.

If you want to grant access to the object and a given portion of these children, you may add this object and its relation in the authorization.

For example, if you want to grant access to a VMware HostSystem and the Virtual Machines on this host, to a given user, you must add the HostSystem and the ʺHostSystem ‐> getVM() relationʺ to the authorization element.

Any element or element plus relation that is set in an Authorization element is called an Authorization Reference.

Using an authorization element directly in the GUI is not good practice, this element is designed to be used in scripting. The following is an example method:

var authorizationElement = ... ; // assume this exists, it may come from a workflow attribute.

authorizationElement.addReference(vm) ; authorizationElement.addReference(vm,"getVimSnapshots()") ; // grant

access to the snapshots

For example, when a Virtual Machine is created, a workflow should be used to grant access to the virtual machine and its snapshots.

InventoryThe inventory is where all elements from plug‐ins are displayed.

ScriptingTo browse our scripting example database use our VMO Snippets Knowledge Base. Do you want this knowledge base imported into the documentation?

Logging

Logging Persistence

In any VMO script (workflow, policy, action) you can log information. This information may be of 2 types and 4 levels. The type may be: persistent and non‐persistent. The level can be debug, info, warning, and error.

Table 2-1. Here is the table showing how to log information

Persistent Non-persistent

Debug Server.debug("short text", "long

text");N/A

VMware, Inc. 13

Chapter 2 Authorization Elements

Non-Persistent Logs

When you use a non‐persistent log in your scripting, the VMO server notifies all running VMO Applications about this log, but this information is not stored. It means that if the application is restarted, this information is lost. Non‐persistent logs are used for debugging purpose or for live information.

You can see these logs in the VMO Application on the Execution Logs tab when a workflow execution is selected.

Persistent Logs

Persistent logs are stored in the VMO database. To avoid infinite growing of the database, the number of logs stored per element (workflows and policies) may be specified in the VMO Server Configuration application (default 100). You may increase this value but it will take more space and time to query the information. Persistent logs are used to keep track of past execution logs.

You can see these logs in the VMO Application on the Events tab when a workflow, workflow execution or policy is selected.

Attribute EditorThe attribute editor is used in several modules: Workflow, policy, webview, and Configuration Element.

Info Server.log("short text", "long text"); Sys-

tem.log("text

");

Warn-ing

Server.warn("short text", "long text"); Sys-

tem.warn("tex

t");

Error Server.error("short text", "long

text");

Sys-

tem.error("te

xt");


14 VMware, Inc.

Figure 2-2.

Legend:

1 This column is used to link and unlink an attribute to Configuration Elements.

2 If an attribute value is linked, a small icon is displayed and the text value is in italic

3 If the value is a complex object, a clickable information icon is displayed. You can click on it to display the content information.

4 When the content of an attribute is set but its real value is missing, Not Found text surrounded in red is displayed. This can occur when an inventory object has been set to an attribute and this element has been externally removed.

5 Read‐only box is set to disallow changes of this attribute during workflow execution, policy lifecycle, and so on.

VMware, Inc. 15

3

3

This chapter presents workflows, including the following topics:

“Workflows Overview” on page 15

“Attributes” on page 16

“Schema Elements” on page 17

“Understanding Links and Bindings” on page 19

“Exception Handling” on page 20

“Execution” on page 30

“Presentation” on page 33

“Optional Enhancements” on page 36

“Actions” on page 36

“Resource Elements” on page 38

“Policy Templates” on page 38

“Events” on page 40

Workflows OverviewA workflow is a succession of tasks and decisions that produce a result. Decision elements are boolean result functions, and tasks are void result functions. Workflows are executed serially.

Workflows 3


16 VMware, Inc.

The workflow editor in VMO sometimes hides the script for easy understanding. You can use the preferences to tell the editor to always display these scripts.

You can create workflows within workflows. For example, you can reuse a workflow to start a virtual machine within a variety of different workflows.

Attributes A workflow owns a list of attributes. An attribute has four properties: a name, type, value, and read‐only‐flag. An attributeʹs name shares its uniqueness with input and output parameters. You cannot create an attribute with the same name as input parameters. Read‐only attributes can be seen as constants for the workflow. Non‐read only attributes are variables for the workflow.

You can link an attribute to a configuration element. This is used to create an attribute in the workflow with a value that is only known when this workflow is imported.

Locking Both actions and workflows can be locked. While a workflow is executing, its schema can be changed. The changes are reflected by the execution token in the next workflow execution box. This can be useful in testing or debugging but not in production. To avoid the workflow being edited during a critical execution, you can lock it using Locking > lock or unlock. Workflows can also be locked using the package view.

Input parameters A workflow owns a list of input parameters. An input parameter is an argument for the workflow behavior. An input parameter has two properties: a name and a type. Restriction and qualification of those attributes are set using a Workflow Presentation.

Output Parameters A workflow owns a list of output parameters. An output parameter is a result of an executed workflow.

Schema A workflowʹs schema is the behavior of a workflow. It is composed of a list of workflow elements that are linked together. A workflowʹs schema begins with a start element and ends with an end element. A schema can have more than one end.

VMware, Inc. 17

Chapter 3 Workflows

Schema Elements There are six basic schema element types:

Start element (1)—Mandatory element. It cannot be removed from a workflow schema. Has one output without input.

End element (11)—End the workflow execution. Multiple occurrences of this element can be present in the schema. Has one input without output.

Throw element (12)—Throw an exception in the workflow execution. Multiple occurrences of this element can be present in the schema. Has one input without output.

Workflow Link (4)—Start another workflow in a synchronous way.

Input element (10)—This element allows user interaction with the workflow.

Task element—This element can be split into several subtypes.

Action call task (6)—Call a module action.

Parallel workflow starting (3)—Start several workflows in parallel.

Asynchronous workflow call (2)—Start several workflows in parallel.

Remote workflow call (3)—Start a workflow in another VMO server.

Pre‐defined task (5)—Non‐editable scripting task coming from a workflow palette.

Custom scripted task (9)—General purpose task. A developer can write his own script.

Decision element—This element makes a yes or no decision. It is split into two subtypes.

Basic decision (7)—Predefined decision with only one argument.

Custom decision (8)—Custom decision with several parameters and custom scripts. A boolean result determines the decision output.


18 VMware, Inc.

Figure 3-1. A Basic Workflow

Schema Elements Properties The following are schema elements properties.

Element Name

Common information for all the elements include the name, which you can change using the Info tab for the selected element in the schema.

Element Color

You can change the element display color in the schema for better visibility.

External Interaction

For your scripting tasks, you can add external interaction information. This information is not used at all in the VMO system. It is, like the box custom color, additional information for the creator of the workflow.

VMware, Inc. 19

Chapter 3 Workflows

Business Status

Business status information is used when the workflow is executed. You can set a business status for any element of your workflow. As soon as this element is executed, the business status of the workflow execution token is changed to the value you entered. This is useful to sort workflow executions and to be able to quickly find what state a workflow execution is in.

If you want to use a variable in a business state, such as a virtual machine name, you can use this type of syntax:

The virtual machine name is ${#vm.name}

Assuming that the variable vm is an IN binding of the workflow box.

Understanding Links and Bindings Links between elements determine the execution flow. Those links carry data information from one element to the other. Bindings are used to populate schema elements with data.

Figure 3-2. Links Between Elements


20 VMware, Inc.

In this example, an attribute of type number is used in a scripting schema element. This schema element increments the number value and outputs the change. This simple schema demonstrates the binding behavior: myCounter becomes scriptCounter in the box, using IN Binding. After the task execution (JavaScript code scriptCounter = scriptCounter +1;), the scriptCounter is now 1, but the original attribute value is still 0. Set myCounter with the new value of scriptCounter using OUT binding.

Each attribute or parameter to be used in a schema element must be bound to it, using IN binding. If you want to change values of attributes and output parameters, they must be bound to the schema element using OUT binding. A common mistake is to forgot to bind the output value to reflect changes in the workflow attributes.

Some schema elements can hide the bindings to avoid complex usage, such as Decision elements.

In exception handling, the error value is output like an OUT binding.

Exception Handling Exception handling is used to catch any error occurring in an element. If an exception is not caught, the workflow exits with an error. To catch an exception, a special output is available for every element in the workflow except for decisions. In a decision element, no exception should be thrown. If this occurs (Custom decision), the false output is used.

If for some reason the workflow needs to explicitly throw an exception, a special end element is provided.

Element Links Each schema element can have multiple inputs but only one normal output and one exception output except the Start, End, and Decision elements.

Start element has no input or exception output.

End element has no output or exception output.

Decision element has two outputs but no exception output.

The workflow execution follows those links. The only way to branch the execution is by using Decision elements.

Exception output should not be used for branching.

VMware, Inc. 21

Chapter 3 Workflows

Element Binding Each task and decision has bindings. Bindings are used to set data to a schema element (IN bindings) and change workflow attributes and output parameters when a task has finished its execution (OUT bindings). Special bindings named Exception are used to output the value of any exception thrown in the element execution.

To set a binding to a schema element, select the schema and use the three tabs IN, OUT, or Exception to set bindings. Exception binding is a special OUT binding.

Figure 3-3. Schema Element Bindings

Editing Workflow Schema The workflow schema editor is divided into two parts. The left part is the workflow palette and the right part the schema.

Adding Elements

To create a new workflow element, drag and drop an element from the palette (left) to the schema (right).


22 VMware, Inc.

Figure 3-4. Adding Elements

Connecting Elements

To connect elements together, select the connection tool and drag the tool from the start element to the target or hold Ctrl key down while dragging your mouse from the source element to the target element (3). There are two possible decision outputs. When connecting a decision element, the start dragging position compared to the center of the figure tells if you are connecting the YES output or the NO output. Left of center is the YES output (1), and right is the NO (2). To know what output you are connecting, a little colored arrow in the decision figure is displayed (Green ‐ Left ‐ YES) or (Red ‐ Right ‐ NO). To connect the exception handling connector, proceed as in a normal connection but start the dragging at the right part of the source element (4). A little red square appears when the dragging is correct.

VMware, Inc. 23

Chapter 3 Workflows

Figure 3-5. Connecting Elements

Credentials Each workflow has a running credential. This credential is given by the workflow starter. For example:

A user starting the workflow using the Java GUI or Web GUI.

The credential is the userʹs credential

A policy.

The credential is the policyʹs credential.

Another workflow.

The credential can be set by the parent workflow.

A webview using its own credential.


24 VMware, Inc.

The credential is set by the webview.

Workflow validation A workflow can be validated using the contextual menu on the browser view (right‐click on workflow). However, validating a workflow this way does not allow quick fixes. To be able to use the quick fix feature, the workflow must be in edit mode and the toolbar action Validate must be used.

When a workflow is validated, a list of errors and warnings is displayed. Clicking on an element in the list selects the workflow element where the error has been detected. In edit mode, clicking the right column of the list applies a quick fix resolution. Some quick fixes need additional input; others automatically resolve the error for you.

The error status is displayed in every workflow element. This information is refreshed every time the workflow is validated and is reset every time a workflow is reloaded.

A workflow is automatically validated when it is started. This behavior can be changed in the application preferences.

Figure 3-6. Workflow Validation

Legend:

1 Validation button, which shows the validation panel.

2 Element with error. An element with an error displays a little icon in its upper left corner. This icon is refreshed when the workflow is validated.

3 Validation list. All errors and warnings for a given workflow. Selecting an element on the list selects the problemʹs owner in the schema.

VMware, Inc. 25

Chapter 3 Workflows

4 Quick fix actions. Simple resolutions for this problem. If the button is gray, it means you have started the validation in a non‐edit mode.

Workflow Presentation A workflow presentation is used for two things: to setup the layout used to enter workflowʹs startup input parameters and to qualify those parameters. Every time a workflow is started, each input parameter is validated using the qualifier defined in the presentation. This is different from the workflow schema validation made before a workflow is started.

Presentation Layout

The presentation layout is represented with a single presentation node (1) in the presentation view of a workflow. This node can have several children called input steps (2). Each step may have several children called display groups (3). Every input step and display group can contain parameters (4).

Figure 3-7. Presentation Layout

To create a step

1 Select the Presentation node.

2 Click create new step .

To create a display group

1 Select a step.

2 Click create new display group .


26 VMware, Inc.

When an input parameter is created for a workflow, this parameter is automatically placed as a child of the Presentation node in the presentation view, not in a step or a display group. To put this parameter in a display group or step, drag and drop the presentation element into it.

Figure 3-8. Moving a Parameter

Presentation Parameter Qualifiers

Every parameter in a presentation can have several qualifiers. Qualifiers are used to validate the input, modify the way the fields are added, and can also change the way the presentation is displayed.

Some qualifiers can create dependencies between parameters. A qualifier value can be static or dynamic. The difference between static and dynamic values is that a dynamic value can depend on another parameter or attribute. Dynamic values use OGNL as the editing language. Every time a presentation parameter is changed and another one depends on it, this value is automatically calculated and changed.

Every workflow parameter is automatically added to the presentation, and you can change its location in the Presentation tab at any time.

The qualifiers applicable to a parameter depend on the parameterʹs type:

Simple types, such as number, string, boolean, SecureString, Path

Base types, such as Workflows, File, MimeAttachment, ResourceElement

Plugin types, such as VMware:VirtualMachine, SSH:Folder, Microsoft:Host

Simple and base types have different specific qualifiers. The plugin complex type has generic qualifiers. Some presentation qualifiers are only used in the web front‐end.

VMware, Inc. 27

Chapter 3 Workflows

In the following example, we exchange a static value for the loginName parameter (Minimum string length) set to 3 to a dynamic value provided by an attribute named minStr. To do that, set the qualifier as dynamic value and set the OGNL invocation as #minStr.

Figure 3-9. Changing Parameter Values

Legend:

1 Selected presentation parameter.

2 List of parameterʹs properties (qualifiers). Property value is set using the value column.

In this example, change the minimum string length to an OGNL invocation as follows:


28 VMware, Inc.

Figure 3-10. Minimum String Length Value

Possible Parameter Properties

Maximum string length—Only usable with string types. Sets a maximum length for the parameter.

Minimum string length—Only usable with string types. Sets a minimum length for the parameter.

Matching regular expression—Only usable with string types. Validates the input using a regular expression.

Maximum number value—Only usable with number types. Sets a maximum value for the parameter.

Minimum number value—Only usable with number types. Sets a minimum value for the parameter.

Number format—Only usable with number types. Formats the input for the parameter.

Enumeration—Usable with any type. Specifies an ordered list of possible answers.

Mandatory—Usable with any type. Sets the parameter as mandatory.

Choice from another parameter or attribute—Usable with any type. Possible user answers are derived from another parameter. For example, if this parameter is an SSH:File and a parameter in a previous step is an SSH:Folder, you can tell this input to restrict the possible answers to files contained in the SSH:Folder. This depends on type. Every object in VMO can have several derived lists usable in presentations.

Predefined answers—Usable with any type. This is the same as the derived choice, but the user can add a different value.

Show parameter input—Usable with any type. This qualifier shows or hides a parameter input, depending on the value of a previous boolean parameter.

Hide parameter input—Usable with any type. The same as Show parameter but with the negative value of a previous boolean parameter.

Matching expression—Usable with any type from a plugin.

VMware, Inc. 29

Chapter 3 Workflows

Show in inventory—Usable with any type from a plugin. If this property is set, any object in the inventory view with this parameterʹs type is able to quick launch the workflow.

Specify root object in chooser—If the chooser used to input this parameter in a tree, you can specify the root object using this property.

Select as—Use a list or tree chooser to select this parameter.

Default value—Default for this parameter.

Custom Validation—This is OGNL scriptable validation. If the invocation returns a string, this string is displayed as the error result text of the validation. The current value is referenced by #__current in the ognl invocation.

In every dynamic qualifier, we can use some predefined constants:

ʺ#__currentʺ: Custom validation current value or Matching expression qualifier

ʺ#__usernameʺ: Username of the workflow starter

ʺ#__userDisplayNameʺ: User display name of the workflow starter

ʺ#__serverUrlʺ: Server URL where the workflow is started

ʺ#__datetimeʺ: Current time and date

ʺ#__dateʺ: Current date, time set to 00:00:00

ʺ#__timezoneʺ: Current timezone

Figure 3-11. Workflow Startup Input Dialog


30 VMware, Inc.

Legend:

1 Input step

2 Display group

3 Parameter inputs

4 Warning icon

Error in this field, the presentation cannot be validated. Click the icon to display the errors.

5 Field with browsable value

Click the underlined text to change its value. Click the right button to reset its value.

6 Description of the display group #Description field

7 Error count and information

Description Field

Any description field can have its display enhanced with several HTML‐like tags and OGNL invocations.

To display OGNL invocation result use: ${ognl_expression}.

Execution When a workflow is started and the inputs are entered, a token is created for the workflow. This token is called the Workflow Token, and it is a single execution of a given workflow. When a workflow is created, the system merges the attributes and input and output parameters into a list of Workflow Token Attributes.

Workflow Token Attributes Workflow token attributes for non‐read‐only attributes and output parameters can be changed by schema elements but not if they are for read‐only attributes and input parameters.

VMware, Inc. 31

Chapter 3 Workflows

Execution Flow At the start, the unique Start schema element is activated. For each schema element the following sequence is executed:

1 Binding is made between Workflow Token Attributes and schema element inputs (binding elements).

2 The schema element is executed. This action is task dependent.

3 Schema element outputs are copied to the Workflow Token Attributes.

4 Workflow Token Attributes are stored in the database.

5 The next schema element is activated.

This sequence continues until the end of the workflow (End Schema Element).

Workflow Token Check Pointing In a workflow execution, each schema element is a check point. At the end of each schema element, Workflow Token Attributes are stored in the database, and the following schema element is activated. If, for any reason, the workflow is unexpectedly stopped (power failure or server crash), at the next VMO server restart, the current active schema element is re‐executed, and the workflow continues its execution.

End of Workflow The workflow ends if the current active schema element is an End element or if the current schema element has no output links. It is strongly recommended that you use an End element. After this, output parameters can be used as a result of this workflow execution.

Simple Loop Example

Here is a demonstration of how to create a workflow that increments a counter until a given user input threshold.

Basic Requirements

We need a workflow read/write attribute that holds the counter of type number. We need a workflow input of type number for the threshold counter value.


32 VMware, Inc.

Schema

Figure 3-12. Simple schema

Legend:

1 Workflow start element.

2 Logging of the counter.

3 Increment the counter.

4 Check if threshold is reached.

A red link means that the threshold has not been reached. A green link means that the threshold has been reached.

5 End the workflow.

Figure 3-13. Attributes

Read/write attribute of type number with a start value of 0. This attribute is created on the General tab of the workflow.

VMware, Inc. 33

Chapter 3 Workflows

Figure 3-14. Parameters

Input parameter of type number to hold the threshold value. This input parameter is created on the Inputs tab of the workflow.

Presentation Every workflow parameter is automatically added to the presentation. You can change its location in the Presentation tab at any time.

Every parameter in a presentation can have properties. Those properties are used to define how the parameter is displayed to the user and the constraints associated with it.

The parameters belong to three general types:

Simple types (number, string, boolean, SecureString, Path)

Base complex types (Workflows, File, MimeAttachment, ResourceElement)

Plugin complex type (VMware:VirtualMachine, SSH:Folder, Microsoft:Host)

Simple and base complex types have different specific properties. Plugin complex types have generic properties.

A presentation parameter property can have a value set in a static or dynamic manner. When a value is set as dynamic, VMO uses an OGNL invocation to process its value. Every time a presentation parameter is changed and another one depends on it, this value is automatically calculated and changed.

Some presentation properties are only used in the web front‐end.

A simple example demonstrates presentation capability in VMO. We create a simple workflow presentation to create a user in an LDAP system. We want the user to input a first name, last name, a login name, and password. Password complexity is used to set the password minimum character length to 6 if in complex mode or 3 if not.


34 VMware, Inc.

Figure 3-15. Password Complexity

Workflow parameter

firstName (String): User first name

lastName (String): User last name

loginName (String): User login name

password (SecureString): User password

pwdComplexity (String): Password complexity

In the Presentation tab, edit the description of each parameter for improved display. If you have already entered the parameter description in the General tab, this information is copied to the presentation description field.

Figure 3-16. Parameter Descriptions

Now create a simple presentation with two presentation groups in a single step: one called User information and the other Login information. To edit the group name, double‐click on the element in the tree view. Drag and drop the firstName and lastName parameter elements into User information and the other three into Login information.

To meet our requirements, we must add property to the password parameter. To do this, add a property called Minimum string length to the password parameter in the presentation and set its value to 3 for the moment.

VMware, Inc. 35

Chapter 3 Workflows

On the pwdComplexity, add a Predefined answer property to its presentation with a static value containing two elements: Simple and Complex. To edit this static value, an Array editor is used.

Figure 3-17. Login Information

Now that we have the complexity chooser available, we can create a dynamic property using ognl. Set the Minimum string length property of password to dynamic mode. In the edit box, type:

(#pwdComplexity == "Simple")?3:6

This invocation uses the form <expression>?<true_result>:<false_result> and means that, if the field pwdComplexity is equal to Simple, then use 3 as value otherwise use 6.

Figure 3-18. Name-Value Pairs

We can generate the loginName parameter from firstName and lastName. To concatenate firstName with lastName in lower case and regenerate this parameter value every time the user changes the last name or first name, add a Data Binding property to the presentation parameter. This property only uses a dynamic mode. As the value of the property type:

(#firstName.charAt(0)+#lastName).toLowerCase()

To polish the presentation, add some descriptions in the presentation group Login Information and User Information. Add dynamic information as text Login Information for FIRST_NAME LAST_NAME. To do this, type the following string in the description field of the Login Information presentation box:

Login Information for ${#firstName+" "+#lastName}.

or

Login Information for ${#firstName} ${#lastName}.


36 VMware, Inc.

Figure 3-19. Login Information

This demonstrates that we can invoke OGNL in presentation descriptions. All text surrounded by ${...} in a box description text is an OGNL invocation.

To finish this presentation, add a mandatory property to the firstName and lastName parameters and a Maximum String Length to the loginName and password parameter.

Optional Enhancements The following are optional enhancements:

Add a gender parameter with two possible values: male and female. Change the Login Information box to display Mr. or Ms in front of the last name and first name in the description field.

Create an attribute in the workflow to hold the password complexity values and use it in the presentation pwdComplexity parameter.

Actions Actions are functions that may be called by a script in a workflow, policy, or webview. As a function, an action has multiple arguments and only one return value. The advantages of using functions instead of rewriting the script in workflow elements are reusability and optimization. During the execution of a workflow, each action used is compiled the first time the workflow executes it, and this compilation unit is reused subsequently. This behavior is extremely useful for recursive calls in a workflow or fast loops.

VMware, Inc. 37

Chapter 3 Workflows

Figure 3-20. Actions

Legend:

1 Action return type

Type can be changed by clicking it in edit mode.

2 Action parameters

Ordered list of action parameters (name, type, and description).

3 Action signature

Signature of the action.

4 Script

Action script. Parameters used in the script are highlighted.

Using Actions in Workflow Elements An action can be used in a workflow using the action call element. Action referencing for this kind of element is based on action module name and action name. If you change the actionʹs location, the workflow using it might not work anymore.

Using Actions in Workflow Presentations An action can be used in a workflow presentation. In a presentation type property using OGNL invocation, you can use the following syntax to call an action


38 VMware, Inc.

GetAction( ModuleName , ActionName ).call( arguments ... )exampleGetACtion("ch.vmware.library.example","isCorrect").call(#__username)

The return type of the action is relevant in the presentation invocation builder tool.

Using Actions in Webviews To use actions in webviews you need to create an attribute in the webview and set the action as the value.

Resource Elements Resource elements are used to embed external resources in a VMO package. This is the place to put images, custom scripts, XML templates, HTML templates, and so on.

A resource element may be used as attribute of a workflow, policy or webview. The maximum size for a resource element is 16MB.

Figure 3-21. Resource Elements

Policy TemplatesEach policy can be transformed into a template. This template has the same structure as a policy except that the elements in it are not assigned. You cannot start a policy template. You must apply it and assign the elements.

VMware, Inc. 39

Chapter 3 Workflows

Figure 3-22. Policy Templates

PoliciesAll policies in the VMO engine are event driven. This means that every script, workflow, or action executed in a policy is triggered by an event.

Figure 3-23. Policies

Legend:

1 Periodic element

Generate an OnExecute event scheduled by a given recurrence pattern.

2 Policy element

In this example, a virtual machine element. We are interested in the changes in its state OnStateChange.


40 VMware, Inc.

3 Policy Event

Event generated when a policy stops.

4 Attributes

List of attributes available in the policy. These attribute are used the same way as the workflow attributes.

Policy Template Each policy can be a template. The template has the same structure as a policy except that the elements in it are not assigned. You cannot start a policy template. You must apply it and assign the elements.

Policy Elements There are two basic elements in a policy, each generating one or more event. These events can execute a script or launch a workflow.

Object elements

Can generate any event. The events these elements can generate are plugin dependent.

Periodic elements

Periodic tasks that produce time‐based events, such as execute this script every day at noon.

Each policy and Object element can produce two generic events: OnInit and OnExit.

Events There are two kinds of events available in the VMO engine:

Trigger event

These events are one time events generated by the system.

Gauge event

These events have maximum and minimum criteria and execute operations only if those values are reached or exceeded.

NOTE If a workflow is selected for an event, the script part is ignored.

VMware, Inc. 41

4

The chapter contains information about configuring the server. The following is included in this chapter:

“Configuration Elements” on page 41

“Installing VMO Applications” on page 42

Configuration ElementsOnce you have finished installing your server, open the VMO Server Configuration Application. All changes applied in the configuration take effect at the next server restart. The Configuration application contains several configuration elements.

Each element is represented by an icon, a title, and a validation status if a validation is available for this element. Validation can have different states:

Element Not Tested

Element Testing

Element Warning

Element Error

Element Valid

The elements that do not have a status icon do not need configuration to work properly.

Configuring the Server 4


42 VMware, Inc.

Installing VMO Applications A basic VMO installation contains only a few plugins, so you need to install applications to extend VMO functionality. An application is a set of plugins and packages.

To install an application

1 Obtain the file with the application.

2 Click Install application.

3 Open the file.

4 Every time you install a new application, a validation is made on the server configuration. In most case, you will need to perform additional configuration steps.

VMware, Inc. 43

5

Lifecycle Manager comes with no plug‐ins and only basic workflows. Depending on your needs, you receive one or more application that contains the required plugins and workflows.


“Network Connections” on page 44

“SSL Certificates” on page 46

“LDAP” on page 46

“Database Settings” on page 49

“Licenses” on page 51

“Server Certificate” on page 51

“Operational Elements” on page 53

“Troubleshooting” on page 54

“Plugin Configuration Elements” on page 55

Configuration Elements 5


44 VMware, Inc.

Network ConnectionsFigure 5-1. Network Configuration

IP Addresses and DNS Names When you install the server for the first time, the IP address for your server is set as not set. To change this value, click Change and choose the network interface you want to bind your VMO Server. VMO discovers the IP address of the machine on which you are currently installing the server.

When an interface is chosen, the system displays its DNS name if any (3). If no network name is found, the IP address is displayed in DNS Name.

You can still change the IP address manually by clicking Change (2).

Setting up Communication Ports

Here you set up the different I/O ports of VMO server to allow communications with the other systems (4). VMO is embedded in a JBoss application server, so it benefits from built‐in redundancy, high‐availability, high‐performance distributed application services and support for complex database access.

The different ports you need to set are basically a subset of the standard ones used by JBoss. The ports are set with a default value, but you can change these values at any time. When you make the changes, ensure that all ports are free on your physical machine and, if necessary, open these ports on required firewalls.

NOTE You can check port status at the bottom of the configuration panel.

The following is a list of the ports you need to set up:

Look up port

VMware, Inc. 45

Chapter 5 Configuration Elements

This is the main port to communicate with VMO server (JNDI port). All other ports are communicated to the VMO smart client through this one.

Command port

This is the application communication port (RMI container port), it is used for remote invocations.

Messaging port

This is the java messaging port used to dispatch events.

Data port

This is the port used to access all VMO data models, such as workflows and policies.

HTTP server port

This is the port for the HTTP connector used to connect to the web front‐end.

HTTPS server port

This is the port for the SSL HTTP connector used to connect to the web front‐end.

If you change the Look up port’s default value, you also need to change it on all the VMO smart client installations. If you decide to change the Look up port of the server after your clients are installed, you need to modify the apps/vmware.properties files on each client or connect to the server using <ip address or DNS name>:port, where port is the new Lookup port.

To apply your changes, click Apply Changes at the bottom of the page.


46 VMware, Inc.

SSL Certificates

In in the SSL Certificate tab, the SSL certificates that are used by the built‐in and plug‐in elements are displayed (1). When a certificate is selected, information is displayed at the bottom of the table (2).

You can add new certificates by clicking Import SSL certificate or remove them from VMO SSL list by clicking Remove selected certificate. Each time you want to specify the use of an SSL connection, you need to return to this tab and import the corresponding SSL certificate. To use this imported certificate, you need to restart Configuration.

LDAP Having a working LDAP on your infrastructure is a prerequisite for VMO. Ask your domain administrator to help you with this step of the configuration.

Building the LDAP Look Up URL The following host, port, and root information are used to compose the LDAP connection URL:

LDAP client

The client you are using as LDAP server (Active Directory, OpenLDAP, eDirectory)

Primary LDAP host

This is the IP address or the DNS name of the host on which your primary LDAP service runs.

VMware, Inc. 47


Secondary LDAP host

This is the IP address or the DNS name of the host on which your secondary (optional) LDAP service runs. You can leave this field blank.

Port

This is the look up port of your LDAP service.

Root

This is the root element of your LDAP service. In general, if your domain is company.org, your root LDAP should be dc=company,dc=org.

Example 5-1.

LDAP host: DomainController

Port: 389

Root: dc=company,dc=org.

Connection URL: ldap://DomainController:389/dc=conpany,dc=org

Using Encrypted Certification

To activate the option of using encrypted certification for the connections between VMO and your LDAP

1 Select the Use SSL checkbox.

2 To create a public key on your LDAP server on the Network/SSL Certificate tab, click Import SSL Certificate.

3 Import it into VMO.

NOTE SSL capabilities are not generally installed as part of Microsoft Active Directory, and may require additional configuration in the domain.

Browsing Credentials The user name you select must be a valid user on your LDAP with browsing rights. VMO needs to read your LDAP structure to inherit its properties.

Username

This is the username VMO uses to connect to the LDAP.

Password

This is the password VMO that is used with the username.


48 VMware, Inc.

Active Directories Discovery This defines where the users and groups that VMO handle are located.

User lookup base

This is the LDAP container you want VMO to look up for your users.

Group lookup base

This is the LDAP container you want VMO to look up for your groups.

VMO Specific Rights The following roles identified in VMO:

Developers

This role has editing rights on all VMO elements.

Administrators

This role has all rights, including the management of permissions, which means they can add permissions to new groups or users for a selected set of elements. Administrators can also discharge administration duties on a selected set of elements to any other group or user.

VMO Admin group

This is the LDAP group to whom you grant VMO administration rights.

Those two groups must be contained in the Group lookup base specified before.

After you complete these entries, make sure users in the developer and administration groups can log in to the VMO smart client by clicking Test Login and entering their credentials. If the login is successful, the system tells you if the user name you entered is a member of the VMO Administrator and Developer group. You can use this testing facility at any time to make sure everything is still working properly.

Common LDAP Errors

Here is a list of possible LDAP errors 49:

525 ‐ user not found

52e ‐ invalid credentials

530 ‐ not permitted to logon at this time

532 ‐ password expired

VMware, Inc. 49


533 ‐ account disabled

701 ‐ account expired

773 ‐ user must reset password

If you use a Microsoft Windows 2000 Active Directory, and you experience problems connecting to Windows, visit the Microsoft Web site for more information.

Database Selection

To make a database selection

1 Click Select/Change database type.

2 Select from the scrolling menu the type of database VMO server will use.

VMO 3.0 currently supports the following:

Oracle 8i and above

SQL Server 2000 and above

PostgreSQL

MySQL

One$DB and McKoi DB are no longer supported.

MySQL Drivers

Drivers for MySQL are not automatically installed by the installer.

To enable support for MySQL

1 Download the MySQL driver (version 3.1) from MySQL Web site.

2 Unzip or untar the downloaded file.

3 Locate and copy the file named mysql‐connector‐java‐3.1.x‐bin.jar where x is the current sub‐minor version to:

<INSTALL_DIR>/app‐server/server/vmo/lib/ and

<INSTALL_DIR>/apps/lib/

The current sub‐minor version is 14.

Database SettingsThese are the settings VMO needs to connect to the selected database:


50 VMware, Inc.

Host

This is the database server IP address or DNS name.

Port

This is the database server port that allows communication to your database.

Instance name

This is the instance name of your database that can be identified by the INSTANCE_NAME parameter in the database initialization parameter file.

Username

This is the username VMO uses to connect and operate the selected database. This name you select must be a valid user on the target database with table creation and ‐deletion rights.

Password

This is the password VMO accepts with the username mentioned above.

Database name

This is the full name of the database that uniquely identifies it from any other database. It usually has the form database_name.database_domain. The database name is specified by the SERVICE_NAMES parameter in the initialization parameter file.

Depending on the database type you select, you need to enter its instance name, its database name, or both (only for SQL Server databases).

Install Database Once you enter the details of your database and you make a successful connection test, you need to build the table structure for VMO. Click Install to automatically create the VMO tables and default values on the target database. If you do not install the database, VMO will not run.

This option is only used when a newer version of VMO has to be applied and its database structure has been modified. Install the new VMO server, run through the new configuration, and rather than installing the database, update it. Updating an existing VMO database executes scripts to change the table structure as required. Although the data stored before the update is not altered or lost, you should create a backup before you upgrade in case you want to revert to a previous version.

VMware, Inc. 51


Database Parameters When you use a MySQL database, the database server must be configured with the parameter max_allowed_packet set to 16M:

1 Edit the following file:

C:\Program Files\MySQL\MySQL Server X.X\my.ini (On Windows)

2 Add the following line, max_allowed_packet = 16M, in the section [mysqld].

Licenses All plug‐ins delivered with VMO do not require a specific license. If you add a plug‐in that requires a license, you need to import it. You can always delete a license from your list by clicking Remove selected.

CAUTION Be careful when you delete a license. If you accidentally delete a license, contact your sales representative immediately.

Server Certificate The server certificates allows you to sign packages when they are exported. When you create a packages for VMO customers, these packages are exported with your signature (server certificate). When your clients import the package, they see your signature and can decide whether to trust you. If a customer decides to trust a signature, its certificate is added to Imported server certificates, which is the list of trusted certificates:

When installing VMO, to generate a pair of public (server certificate) and private (database certificate) keys, click Create a new certificate database and server certificate. The description of your public key appears in the Server Certificate window.

The certificates are stored in your database. For disaster recovery purposes, you should save the certificates to a file so that you can import the packages after installing VMO.

To save the certificates to a file

1 Click Export VMO certificate database.

2 Reload the certificates after re‐installing by clicking Import VMO certificate Database.

You do not need to click Create a new certificate database and server certificate.


52 VMware, Inc.

Installing VMO a public key embedded in the code guarantees you will always be able to import packages signed by private key.

Remember to renew your Export VMO certificate database each time you get a significant import.

Max Number of Events Each event corresponds to a change of state of a workflow or policy and are stored in the database. After you reach the maximum number of events for a workflow or a policy, the rollover process starts. If you do not want roll over, enter 0 (zero) in this field, your database will continue to grow.

Max Number of Executions Each time you execute a workflow, the state of its execution is stored in the database. Once you reach the maximum number of executions, the rollover process starts. If you do not want the rollover process to start, enter 0 (zero) in this field. If you do this, your database will continue to grow.

Web Auto Login This is an optional field where you can set a default login. This feature allows you generate URLs to execute, answer, schedule, or monitor a workflow without having to enter your credentials. You should set this to your default operator credentials.

Webview Development Enable This puts your server in webview development mode. In this mode, all elements in the webview are loaded from the specified directory and no longer from the webview content itself.

When activated all the webviews will load from this directory. If the directory plus the URL folder of a running webview is missing, the web front‐end will display an error message.

Server VMO server is set by default to run as a manual batch file. However you can turn it into a service here. To do so, click Install VMO server as service. Once this is done you can pilot your service (start, stop, and restart) from the Configuration application. This is reversible as you can always Uninstall VMO server from service and turn it back into a manual batch file.

VMware, Inc. 53


Plugin General This tab configures the credentials (1) used to perform plugin installations and enable or disable plugin usage (2). When the VMO server starts, the system checks enabled plugins and perform any internal installations (package import, policy execution, script launch) it needs (3). To see what process the plugin installation triggers, click the button. To avoid security problems, set the user to a member of VMO Administration group.

Operational Elements

LogThe log element writes the boot messages and the server messages into two different files. You can set up the level of server log you require by clicking the log level Change.

Off: no entry is written into the log file.

Fatal: only fatal entries are written into the log file.

Error: errors and above entries are written into the log file.

Warn: warnings and above entries are written into the log file.

Info: information and above entries are written into the log file.

Debug: debug information and above entries are written into the log file.

All: all entries are written into the log file.

The logs are not refreshed in the Configuration Application. If you want to monitor the log files live, select both boxes: Auto‐refresh and Follow End. If you want to load the latest log files, click on Reload file.


54 VMware, Inc.

To export your log files, click Generate log report, which will export a zip file containing both the server and boot log files. To copy all the entries of one log file click on Copy All and then paste it in any text editor. To copy a selection, first select the log entries you desire then click on Copy Selected Text, finally paste it in any text editor.

1 To change the log level, click Change.

2 Useful to generate log for support.

3 Log itself (Colors are used to identify the error level for each line).

4 Reload file button (force reloading if Auto‐refresh is not checked).

5 Number of Error and Fatal elements in the log. click on it multiple times to browse those errors.

Troubleshooting This is a management tool to be used only by the administrator. From here you can globally reset the server and therefore lose all track of previous executions. Prior to using any of these options, please contact support to check if there is no other possibility to recover your system.

Before clicking on any of the troubleshooting options make sure your VMO server is stopped.

Cancel workflows: this option cancels all running workflows, preventing the server from restarting them on next reboot.

VMware, Inc. 55


Remove workflows: this option deletes all the workflow executions, losing records of any previous executions.

Remove tasks: this option deletes all the scheduled tasks, but doesnʹt stop/remove its associated workflow executions.

Clean directories: this option deletes all temporary files used by JBoss server that ensures the server persistency.

Plugin Configuration Elements

Mail The only option available on this plug‐in is Use default values for new mail messages. If you select, this box you set a default email account for all the VMO workflows, which means that each time you create a workflow you can use the functions getDefaultSmtpServer and getdefaultEmailFromAddress.

Typically, this is used for all email sent by a workflow requiring a user interaction. The fields to fill in are:

SMTP Host: The IP address or domain name of your SMTP host.

SMTP Port: The default port is set up to 25, but you can change that to match your SMTP configuration.

Username: This is the email account VMO uses to send email.

The username you select must be a valid email account.

Password: This is the password VMO will use related to the above username.

From name: The name associated to the email account.

From address: The address of the email account.

JDBC Java Database Connectivity (JDBC) API is the industry standard for database‐independent connectivity between the Java programming language and a wide range of databases – SQL databases and other tabular data sources, such as spreadsheets or flat files. The JDBC API provides a call‐level API for SQL‐based database access. This plug‐in works out‐of‐the‐box without requiring any particular configuration.


56 VMware, Inc.

Microsoft Microsoft WMI plug‐in only requires the right LDAP settings in order to be operated by VMO. By default, the box Copy from LDAP configuration is selected, which means that you will import the settings you already entered in the LDAP tab. Leaving the box selected also ensures that your WMI plug‐in is always updated by the latest LDAP settings VMO uses. If you want to use different LDAP settings for WMI, deselect this box. The fields become editable, and you can manually enter the settings you require.

Building the LDAP look up URL

The host, port, and root information is used to compose the LDAP connection URL.

LDAP Host: This is the IP address or the DNS name of the host on which your LDAP service runs.

Port: This is the look up port of your LDAP service.

Root: This is the base domain name of your LDAP service.

Example: LDAP host: DomainController; Port: 389; Root: dc=company,dc=org. Connection URL: ldap://DomainController:389/dc=conpany,dc=org

Using Encrypted Certification

If you want to activate the option of using encrypted certification for the connections between VMO and your LDAP, select the Use SSL box. You will then have to create a public key on your LDAP server and then import it into VMO by going to your Network/SSL Certificate tab and clicking on Import SSL Certificate.

Browsing Credentials

Default domain: This is typically built from your LDAP root information (e.g. @company.org) and will be concatenated to VMO login username to be able to drive a Windows OS machine.

Example: username test has logged into VMO and wants to make operations through VMO onto Windows machines. In order to execute the Windows commands VMO will need to login with [email protected].

Username: This is the username VMO will use to test the connection to the LDAP. The only purpose of this username is a one time connection to make sure the settings of your LDAP are correct.


VMware, Inc. 57


SNMP VMO is set as a SNMP manager as such it can poll a SNMP agent (get‐request), receive messages from a SNMP agent (traps) and send commands to a SNMP agent (set‐request). You can also set VMO SNMP manager to send traps to the SNMP manager of your choice, but VMO wonʹt accept requests from another manager. Sending traps with VMO has to be set manually in a VMO script. To know more about how to send SNMP traps with VMO refer to the product guide.

Creating a New Connection with a SNMP Agent

Click on the New connection button and set the values of the agent you want to subscribe to. When restarting VMO server it will register on the agent to automatically receive all traps.

Display name: The name you want the SNMP agent to be listed within VMO.

Agent IP address: The IP address or the DNS name of the SNMP agent.

Trap source IP: By default this should be the same address as the agent IP address, except if your agent sends its traps from a different IP address than the main one (several ethernet cards).

Community: The community is a string which is used by the agent to authenticate incoming SNMP requests. Make sure to set the right community according to which information you want to gather from the SNMP agent.

Description: The description is plain text at your entire discretion.

Creating a New OID

Once you have established a connection with a SNMP agent you need to tell which Object IDentifier you want to poll on a regular basis. To do so you will have to click on the button New OID, which will open the Management Information Base (MIB) interface and let you select the object you desire, such as sysUpTime, which returns the time the system has been up and running.

Display name: This is automatically filled when you selected the OID from its MIB

OID: This is the unique identifier of the OID, which is also automatically filled when selecting it from its MIB

Monitored (ms): To poll on a regular basis the OID tick the box Monitored (ms) and enter a value in milliseconds. If you leave the Monitored box deselected, you will not poll the agent for the OID.

Example: If you set the Monitored value to 5000 ms for the sysUpTime it will check each five seconds if the system is still up and running and return the time since it booted.


58 VMware, Inc.

Description: The description is plain text at your entire discretion.

From the MIB interface window, you can update the current MIB by clicking on the button Load MIB and select another MIB to add it temporarily to the existing ones. If you want to upload permanently a MIB to VMO, you will have to copy it by hand. MIB files add up to form a browsing table so just copy and paste the new MIB into that directory. You can Edit or Delete Agents or OIDs with the corresponding buttons.

All the traps and polled values will be available for use in the policies of your VMO workflows.

SSH

Enter the Hosts and the paths you want to access with SSH through VMO. You will notice there is no Username or Password. This is because VMO will use the credentials of the user currently logged in to execute the SSH commands. Therefore you will need to reproduce from the LDAP the accounts you want to work on SSH on your target Hosts.

VMware VirtualCenter 1.4.x

This plugin is still available for compatibility reasons although it is no longer supported. You should use VirtualCenter 2.0 with VMware VIM3 plugin. Here you will set all the parameters that enable VMO to connect to your VMware VirtualCenter 1.4.x (VirtualCenter 1.3.x is also supported). VMO uses the VMware API to control VirtualCenter.

Host: This is the IP address or the DNS name of VirtualCenterʹs host.

Port: This is the look up port of VirtualCenter on its host. By default it is set to 8444.

URL: This is the connection URL to VirtualCenter, built with the information collected above.

Username: This is the username VMO will use to connect to VirtualCenter.

The username you select must be a valid user on your VirtualCenter, with administration rights, preferably at the top of VirtualCenterʹs tree structure. VMO will use these credentials to listen to the VirtualCenter web service (typically to operate VMO policies), all other requests will inherit the credentials of the particular user who triggered an action.


VMware, Inc. 59


NT Domain: This is the Domain on which your VirtualCenter runs. VMware uses the NT4 system for login (Domain\name) and doesnʹt recognizes usual logins (name@domain). Therefore, VMO needs this information to reconstruct your login information.

For different reasons, both on VMware and VMO side, the SSL connection to the VirtualCenter web service is not working properly. VMO needs another, non SSL, port to communicate with VirtualCenter. This is normally done by the installer when installing the VMO server on the same machine as VirtualCenter. If you need to do this modification manually, here is the procedure: Once you have filled in all these entries, you should click on Test Connection to make sure the data you entered is working properly. Check this short troubleshooting guide if Configuration cannot connect to VirtualCenter.


60 VMware, Inc.

VMware Virtual Infrastructure 3

This is an example of a valid plugin configuration with a default VMware Virtual Infrastructure installation.

You must import the SSL certificates corresponding to the different Virtual Infrastructure hosts in Configuration. See SSL certificates for details. Youʹll find theses certificates here:

On a Virtual Center host: C:\Documents and Settings\All Users\ApplicationData\VMware\VMware VirtualCenter\SSL\rui.crt

On ESX Server 3 host: /etc/vmware/ssl/rui.crt

Once you have copied the certificate over to the VMO server, you can rename the .crt file to something that refers to the originating server.

VMware, Inc. 61


Once youʹve imported one or more SSL Certificates through the Configuration application, you must exit and relaunch the Configuration application for it to recognize the newly imported certificate(s).

XML

Extensible Markup Language (XML) is a simple, very flexible text format derived from SGML (ISO 8879). Originally designed to meet the challenges of large‐scale electronic publishing, XML is also playing an increasingly important role in the exchange of a wide variety of data on the Web and elsewhere. This plug‐in works out‐of‐the‐box without requiring any particular configuration.


62 VMware, Inc.

VMware, Inc. 63

6

My VMO view is used to summarize information about the VMO server. This chapter contains the following information:

“Configuration Elements” on page 64

“Using Packages” on page 65

“Locking” on page 68

“Webviews” on page 69

“Tasks” on page 70

“Recurrence Pattern” on page 72

The main left view displays:

The number of tasks installed in the system.

The number of workflows waiting for user input.

The number of running workflows and policies.

The number of non‐configured configuration elements

In addition, the VMO Today tab shows you the last workflows you executed and last elements you edited. This view is also used to set root access rights on the system.

My VMO View 6


64 VMware, Inc.

Figure 6-1. My VMO View

In this view, you can also directly start a workflow and import a package.

Configuration ElementsA configuration element is a list of attributes (key ‐ value) used to configure deployment constants. When a configuration element is exported in a package, the values are no longer set. When this package is imported on another server, the administrator has to reset the values.

Figure 6-2. Configuration Elements

Configuration elements can be used as links in workflow policies and webviews.

When a configuration element has empty values (not yet configured), a small, red warning icon is displayed on it.

VMware, Inc. 65

Chapter 6 My VMO View

Using PackagesA package in VMO is the best way to transfer workflows, policies, webviews, and actions from one server to another. It keeps track of who has exported the elements contained and who has redistributed them, if applicable, using X509 Certificates.

Packages are also a way to put together elements that work in the same context, making it easier to find them.

Figure 6-3. VMO Packages

Package Content A package can hold several basic VMO elements (workflows, policies, webviews, configuration elements, resource elements and actions). When one of these elements is added to a package, the system automatically checks for dependencies and adds the dependent elements; for example, if a workflow added to a packages uses actions, those actions are also added to the package.

Plugin PackagesPlugins can have one or more packages associated with them. Those packages are automatically inserted into your VMO database when the server starts for the first time.


66 VMware, Inc.

Exporting Packages When a package is exported, the system adds the certificates for all elements contained in the package. When a package is imported into another server, those certificates are also imported. Furthermore, the user exporting the package can choose to restrict its use in the following ways:

Disallow element redistribution

By selecting this option in the package export, the package importer is not allowed to redistribute any of the elements contained in the package.

Disallow element edit

By selecting this option in the package export, the package importer is not allowed to edit any of the elements contained in the package.

Disallow element view

By selecting this option in the package export, the package importer is not allowed to view the JavaScripts of any of the elements contained in the package.

Disallowing element viewing also disallows editing but not redistribution.

Importing Packages When a package is imported, first an acceptance panel is displayed asking you to allow the package to be read. This panel also displays certificate information about the exporter. If you accept this package, a second merging view is displayed. This view checks and compares the version of the elements between your server and the imported package. If the imported package elementʹs version is higher than your server version, the element is checked for import automatically.

To import a package

1 Select Viewer > Import package.

2 Click Show in the Version History column to display the list of change made on the element.

3 Select the packages to import.

4 Click Import checked elements.

VMware, Inc. 67


Figure 6-4. Importing a Package

Legend:

1 The package name given by the imported package. The package name acts as an identifier. If a package with the same name is found, it will be replaced.

2 The package location in the file system.

3 Information about imported elements. Compare elements from the imported workflow and the elements in your database.

4 Import status. See the legend below the view to find the meaning of the icons in this column.

Getting or Synchronizing Remote Packages Every package in the system can be synchronized with another VMO server. If a package already exists on the local server, use the Synchronize function. If you want to retrieve a package from a remote server, use the Get Remote Package function.


68 VMware, Inc.

Figure 6-5. VMO Synchronization

Legend:

1 Remote and local elements have the same version number, no synchronization required.

2 Local version number is higher, you can commit (overwrite) the remote element.

3 If a remote element does not exist, you might be able to delete the local element.

4 Remote version is higher, you can update (overwrite) the local element.

If a local element does not exist, you might be able to delete the remote element.

5 Package element has a special option called merge.

As elements in the package are referenced, the merge option overwrites local and remote packages with a merged list of references. The referenced elements remain untouched.

Locking Locking can be applied on all elements in the package (actions and workflows). When a workflow is executed, its schema can be changed. The changes are reflected by the execution token in the next workflow execution box. This can be useful in testing or debugging but not in production. To avoid all workflow and action editing during a critical execution, you can lock all elements in the package using the contextual menu (lock all or unlock all). Workflows and actions can be locked individually.

NOTE If the remote server does not know your certificate, you wonʹt be able to commit elements.

VMware, Inc. 69


WebviewsWebviews in VMO are used to build the user front end. Those webviews can vary from a simple page, displaying basic information, to complex Web 2.0 applications. You can change the interface using stylesheets, custom web pages, or custom tapestry components. A webview is composed of three parts: general webview information, resource elements with individual viewers, and attributes.

Figure 6-6. Webviews

Legend:

1 The contextual menu

2 Created webviews are inserted in the list

3 Resource elements with individual viewer

4 Attributes

Webview TerminologyName—Arbitrary webview name.

URL folder—Where the webview is accessed. This value must be unique in the server.

Version—Version for change management.


70 VMware, Inc.

Compatibility mode—Allows the VMO webview engine to run old style webviews.

Legal owner—The credentials of the VMO server that last edited this webview. If a webview is imported, it is the name of the source server.

Allowed Operation—The rights associated with this webview. Rights are set up when the package containing the webview is exported.

Description—Purpose of the webview.

Resource elements—The resources associated with the webview, including any file needed by the webview. You can add any element here.

Attributes—The linked elements provided by the VMO server. You can add any basic elements (string, number, boolean), basic type references (Workflow, Action, LdapGroup), inventory type references (any plug‐in type).

Editing Webview Elements The webview is not directly editable in VMO. You can export and import webviews into a working directory to edit elements, using the list contextual menu. This is appropriate for small changes. In heavy development stages, you should put the VMO server in Webview Development mode.

Importing and Exporting Webview importing and exporting should be done using a package. This allows the system to export related workflows, actions, resources and configurations associated with this webview. If you want the webview to be used as a template, you can export the webview as a template (packaged zip file). With this template file, you can create a new webview.

TasksA task is used to schedule a workflow once or multiple times using a recurring pattern.

VMware, Inc. 71


Figure 6-7. Tasks

Legend:

1 List of all tasks in the system. The first column is the taskʹs status, the second is the start date and the third displays recurrence information.

2 Recurrent task editor.

3 The general tab displays information about executions.

4 It also displays input values for the workflow execution. These values are read only.

When a task is canceled, the task and its execution logs are removed from the system. If you want to keep as run log information, pause the task.

Creating a New Task From Task > Create task or Create task as, you can create a new task. The workflow start credential for a task is the same as scheduling the task. If you need to schedule a task using another credential, use the Create task as.

A task can also be created in the workflow view using the Schedule workflow and Schedule workflow as contextual menu.


72 VMware, Inc.

Recurrence Pattern A recurrence pattern is used to specify the way a given task is scheduled. Choose the recurrence mode and then add entries to the pattern.

Figure 6-8. Recurrence Pattern

Legend:

1 Recurrence Mode. Use the drop‐down menu to specify every minutes, every hours, every day, every week, or every month

2 Add an entry to the recurrence pattern You can add as many entries as you want.

3 Each entry may be edited. The display changes according to the recurrence mode.

4 Click the cross to delete the entry.

VMware, Inc. 73

7

This chapter discusses migration from Lifecycle Manager with the Orchestrator Platform 3.0 to 3.1. The following information is contained in this chapter:

“Overview” on page 73

“Migration Options” on page 74

OverviewA Lifecycle Manager installation comprises:

The applications, which includes the server, configuration application, and client.

The configuration data, which includes configuration files for connections to external systems, such as the database, LDAP, and so on.

Your data, which includes workflow packages, webviews, policies, actions, and check‐pointed data.

This data is stored in the database.

The update does the following:

Replaces the applications (code).

Keeps or updates the configuration data.

Retains your data.

The structure of the database might change from one version to another, and the configuration application performs the upgrade.

Migration 7


74 VMware, Inc.

If changes in the way features are implemented in your data structures are required, migration tools are provided in the client to migrate your content (workflows, actions, webviews, and so on).

Migration OptionsThere are two ways to update from one version to another:

The extra safe way: This duplicates all data so that you can go back to the previous version more easily. This requires more steps.

The standard update: Everything is done in place. If you want to go back to the previous version, you have to re‐install the previous version and restore backup data.

The Extra Safe WayTo complete a safe backup, do the following:

1 Create a backup of the database.

2 Export the Orchestrator Platform 3.1 configuration by choosing File > Export in the configuration application.

3 Export a package containing all the relevant workflows you have created.

4 Create a new database instance for version 3.2.

5 Uninstall the Orchestrator Platform.

6 Install Orchestrator Platform 3.2 on the same machine.

7 Install additional applications and plugins using the configuration application.

8 Configure Orchestrator Platform 3.2 or import the old configuration and fill gaps as necessary.

To import the configuration, in the Configuration application, choose File > Import.

9 Run the Orchestrator Platform 3.2 client and import the package with your workflows.

10 Check that everything is working well in Orchestrator Platform 3.2.

11 Delete the previous instance of Orchestrator Platform from your database.

VMware, Inc. 75

Chapter 7 Migration

Standard UpgradeTo complete a standard upgrade, do the following:

1 Make a backup of your database.

2 Export the Orchestrator Platform 3.1 configuration by choosing File > Export in the configuration application.

3 Uninstall the Orchestrator Platform.

4 Install Orchestrator Platform 3.2 on the same machine.

5 Install additional applications and plugins using the configuration application.

6 Configure Orchestrator Platform 3.2 or import the old configuration and fill gaps as necessary.

To import the configuration, in the Configuration application, choose File > Import.

7 In the Configuration application, update the database by clicking the Database tab.

This operation requires database administrator rights.


76 VMware, Inc.