vRO: Securing Your PowerShell Execution and Password in vRO (SKKB1035)

In this blog post we will take a look at how we can secure your end to end PowerShell Execution from vRO. Including how not to show passwords when using CredSSP in a double-hop authentication scenario. Lab Environment Introduction UseCase 1 (least secure) UseCase 2 UseCase 3 (most secure) Securing the PowerShell Passowrd References Final […]

Migrating the vRO SQL Database to New Server (SKKB1032)

In this article we will look into how to migrate the VMware vRealize Orchestrator (vRO) database to new server. In particular we will migrate from Microsoft SQL Server 2014 to a new SQL Server 2016 server.  Introduction Lab Environment LB Pre-Migration Tasks vRO Pre-Migration Tasks SQL Server Migration vRO Post-Migration Tasks LB Post-Migration Tasks Final […]

How to Configure vRO to use SSL Connection to a SQL Server Database (SKKB1031)

In this article we will show how to configure VMware vRealize Orchestrator (vRO) to use an SSL connection when communicating with a Microsoft SQL Server database. Introduction Lab Environment Enabling SSL on the SQL Server Trusting the SSL Certificate Chain on the vRO Enabling SSL for the vRO Databse Connection Final Step   Lab Environment […]

How to Add a Linux Machine as PowerShell Host in vRO (Linux PS over SSH) (SKKB1030)

In this article we will look into the alpha version of PowerShell v6 for both Linux and Windows. We will show how to execute PowerShell commands between Linux and Windows machines and Vmware vRealize Orchestrator (vRO) Introduction Lab Environment Installing and Configuring PowerShell 6 Setup on Windows Setup on Linux Installing and Configuring OpenSSH Setup […]

Troubleshooting Tips: Orchestrator PowerShell Plug-in (SKKB1028)

In this post we will take a look at some at some common issues that one might experience when using the VMware vRealize Orchestrator (vRO) PowerShell Plug-In and especially when using HTTPS protocol or Kerberos authentication for the PowerShell host (PSHost). Introduction Lab Environment Background and General Conciderations Troubleshooting issues when adding a PSHost Troubleshooting […]

Clustering the vRO Cluster Database using SQL Server (PoC) (SKKB1027)

In this post we will demonstrate in a PoC how to configure and a Microsoft SQL Server Cluster to provide a highly available database instance and use it in a VMware vRealize Orchestrator (vRO) cluster server. Lab Environment Introduction The Setup Setting up the Windows Cluster Setting up the SQL Cluster Setting up the vRO […]

vRO and Microsoft Azure integration using PowerShell (SKKB1020)

In this article we will take a look on how to integrate VMware vRealize Orchestrator (vRO) and Microsoft Azure using Microsoft Windows PowerShell. Lab Environment Prerequisites Subscription Authentication Azure PowerShell Module Azure Configuration Initial Microsoft Azure configuration Cloud Services Storage Networks Directory Powershell Host Setup Installing the Azure PowerShell Module Configure the Certificate Authentication Method […]

Wrong encoding or formatting of Linux configuration files can cause problems in VMware Appliances (SKKB1017)

Introduction Lab Environment Use Case: Malformed Krb5.conf file Introduction Correctly encoded and formated file Malformed file Fixing a malformed file vRO (Add A PowerShell Host) Workflow fails with “cannot locate default realm” error Introduction In this blog post we will look into some use cases that can lead to malformed or wrongly encoded files,  which […]

How to build vRO PowerShell Host (PSHost) for high availability (HA) (SKKB1016)

Introduction Lab Environment Initial Windows Cluster setup Clustering the WinRM service Adding the cluster to vRO Test vRO PowerShell execution and cluster failover Introduction In this post we will take a look how to build and configure a highly available PowerShell host for vRO. The vRO PSHost has always been a single point of failure […]

Introducing the Add CredSSP to a PowerShell script (vROCmdlet) workflow (SKKB1015)

Introduction Lab Environment Getting the vROC workflow Examining the tabs Examining the Settings Presentation Tab Examining the Connection Presentation Tab Use Case 1: Execute PowerShell command locally on the PShost against the PSHost itself Use Case 2: Invoke PowerShell command locally on the PSHost against remote computer Use Case 3: Invoke PowerShell command on remote […]

Let’s vROC with vRO! (SKKB1014)

“… And on the eight day God created vRO. And vRO was without integration, and alone on the Earth. And God said, Let there be integration with the Ecosystem: and there was the vRO Plug-in. And God saw the Plug-in, and it was good.” … or at least so the story goes. Although this might […]

How to add PowerShell hosts from multiple domains with Kerberos authentication to the same vRO (SKKB1009)

Introduction Lab Environment Editing the Krb5.confi file Adding the PowerShell hosts Final Step Update Log: 12/02/2016 – Updated “Editing the Krb5.conf file” chapter.   Introduction In this post we are going to take a look at the configuration needed in order to add PowerShell hosts from multiple domains using Kerberos to the same vCenter Orchestrator […]

How to Change the SSL Certificate of a vRO Appliance (6.x) (SKKB1008)

Introduction Lab Environment Scenario 1: Use vCO Dunes Private Key for your new certificate Import the CA certificates into the vCO SSL Trust Store Import the CA certificates into the Windows certificate store Generate Certificate Request and Issue Certificate Import the new certificate into vCO SSL Trust Store. Scenario 2: Use Custom Private Key with […]

How to change the SSL certificate of WIndows installed vCO (SKKB1007)

Introduction Lab Environment Scenario 1: Use vCO Dunes Private Key for your new certificate Import the CA certificates into the vCO SSL Trust Store Import the CA certificates into the Windows certificate store Generate Certificate Request and Issue Certificate Import the new certificate into vCO SSL Trust Store. Scenario 2: Use Custom Private Key with […]

Adding vCO Powershell Host with account other than the default domain administrator account (SKKB1005)

In this post we will take a look how we can we add a vCO powershell host with account other than the default domain administrator account. Also we will take a look how to generally configure which accounts and user groups can remotely execute powershell commands in Windows. This post assumes that you have already […]

vCO Workflow to automate the certificate generation process (SKKB1003)

Introduction Lab Environment Getting to know the main workflow Use Case 1: Create certificate request file Use Case 2: Convert existing certificate to PEM Use Case 3: Using the “Generate Certificate” WF to automate the end-to-end process Introduction In this post we will take a look into a workflow that can help the automation of […]

Using CredSSP with the vCO PowerShell Plugin (SKKB1002)

Lab Environment Introduction Security Considerations Configure WinRM and user token delegation (CredSSP). Configure Windows Credential Delegation using the Credential Security Service Provider (CredSSP) module. Configure Windows service principal names (SPN’s) for WinRM Grant WinRM service access to the private key of valid certificate Edit the Kerberos Domain realm on the vCO Appliance (Optional/Scenario specific) Add […]