In this blog post we will take a look at how we can secure your end to end PowerShell Execution from vRO. Including how not to show passwords when using CredSSP in a double-hop authentication scenario. Lab Environment Introduction UseCase 1 (least secure) UseCase 2 UseCase 3 (most secure) Securing the PowerShell Passowrd References Final […]
How to Add a Linux Machine as PowerShell Host in vRO (Linux PS over SSH) (SKKB1030)
In this article we will look into the alpha version of PowerShell v6 for both Linux and Windows. We will show how to execute PowerShell commands between Linux and Windows machines and Vmware vRealize Orchestrator (vRO) Introduction Lab Environment Installing and Configuring PowerShell 6 Setup on Windows Setup on Linux Installing and Configuring OpenSSH Setup […]
Troubleshooting Tips: Orchestrator PowerShell Plug-in (SKKB1028)
In this post we will take a look at some at some common issues that one might experience when using the VMware vRealize Orchestrator (vRO) PowerShell Plug-In and especially when using HTTPS protocol or Kerberos authentication for the PowerShell host (PSHost). Introduction Lab Environment Background and General Conciderations Troubleshooting issues when adding a PSHost Troubleshooting […]
vRO and Microsoft Azure integration using PowerShell (SKKB1020)
In this article we will take a look on how to integrate VMware vRealize Orchestrator (vRO) and Microsoft Azure using Microsoft Windows PowerShell. Lab Environment Prerequisites Subscription Authentication Azure PowerShell Module Azure Configuration Initial Microsoft Azure configuration Cloud Services Storage Networks Directory Powershell Host Setup Installing the Azure PowerShell Module Configure the Certificate Authentication Method […]
Wrong encoding or formatting of Linux configuration files can cause problems in VMware Appliances (SKKB1017)
Introduction Lab Environment Use Case: Malformed Krb5.conf file Introduction Correctly encoded and formated file Malformed file Fixing a malformed file vRO (Add A PowerShell Host) Workflow fails with “cannot locate default realm” error Introduction In this blog post we will look into some use cases that can lead to malformed or wrongly encoded files, which […]
How to build vRO PowerShell Host (PSHost) for high availability (HA) (SKKB1016)
Introduction Lab Environment Initial Windows Cluster setup Clustering the WinRM service Adding the cluster to vRO Test vRO PowerShell execution and cluster failover Introduction In this post we will take a look how to build and configure a highly available PowerShell host for vRO. The vRO PSHost has always been a single point of failure […]
Introducing the Add CredSSP to a PowerShell script (vROCmdlet) workflow (SKKB1015)
Introduction Lab Environment Getting the vROC workflow Examining the tabs Examining the Settings Presentation Tab Examining the Connection Presentation Tab Use Case 1: Execute PowerShell command locally on the PShost against the PSHost itself Use Case 2: Invoke PowerShell command locally on the PSHost against remote computer Use Case 3: Invoke PowerShell command on remote […]
Let’s vROC with vRO! (SKKB1014)
“… And on the eight day God created vRO. And vRO was without integration, and alone on the Earth. And God said, Let there be integration with the Ecosystem: and there was the vRO Plug-in. And God saw the Plug-in, and it was good.” … or at least so the story goes. Although this might […]
How to add PowerShell hosts from multiple domains with Kerberos authentication to the same vRO (SKKB1009)
Introduction Lab Environment Editing the Krb5.confi file Adding the PowerShell hosts Final Step Update Log: 12/02/2016 – Updated “Editing the Krb5.conf file” chapter. Introduction In this post we are going to take a look at the configuration needed in order to add PowerShell hosts from multiple domains using Kerberos to the same vCenter Orchestrator […]
How to Change the SSL Certificate of a vRO Appliance (6.x) (SKKB1008)
Introduction Lab Environment Scenario 1: Use vCO Dunes Private Key for your new certificate Import the CA certificates into the vCO SSL Trust Store Import the CA certificates into the Windows certificate store Generate Certificate Request and Issue Certificate Import the new certificate into vCO SSL Trust Store. Scenario 2: Use Custom Private Key with […]
How to change the SSL certificate of WIndows installed vCO (SKKB1007)
Introduction Lab Environment Scenario 1: Use vCO Dunes Private Key for your new certificate Import the CA certificates into the vCO SSL Trust Store Import the CA certificates into the Windows certificate store Generate Certificate Request and Issue Certificate Import the new certificate into vCO SSL Trust Store. Scenario 2: Use Custom Private Key with […]
Adding vCO Powershell Host with account other than the default domain administrator account (SKKB1005)
In this post we will take a look how we can we add a vCO powershell host with account other than the default domain administrator account. Also we will take a look how to generally configure which accounts and user groups can remotely execute powershell commands in Windows. This post assumes that you have already […]
vCO Workflow to automate the certificate generation process (SKKB1003)
Introduction Lab Environment Getting to know the main workflow Use Case 1: Create certificate request file Use Case 2: Convert existing certificate to PEM Use Case 3: Using the “Generate Certificate” WF to automate the end-to-end process Introduction In this post we will take a look into a workflow that can help the automation of […]
Using CredSSP with the vCO PowerShell Plugin (SKKB1002)
Lab Environment Introduction Security Considerations Configure WinRM and user token delegation (CredSSP). Configure Windows Credential Delegation using the Credential Security Service Provider (CredSSP) module. Configure Windows service principal names (SPN’s) for WinRM Grant WinRM service access to the private key of valid certificate Edit the Kerberos Domain realm on the vCO Appliance (Optional/Scenario specific) Add […]