vCenter Orchestrator is a powerful workflow tool to automate processes in your VMware vSphere infrastructure as well as with other third-party technologies (eg. SQL, Active Directory,…).

Although vCenter Orchestrator license is packaged with your vCenter Server and can be used with no additional costs, a lot of people are probably not using it. Even they do not know that it exists.

It took me a long time, too, till I installed the vCO Appliance for the first time – but it is really a great tool, worth taking a closer look at.

For example you can build very basic workflows to automate some every-day-tasks as eg. server provisioning, or even create extreme complex ones, with integration of Active Directory or SQL,… .

You can install vCO on a windows server, or you go the easy way and use the virtual appliance.

I decided to use the virtual appliance – you can download it here: download vCenter Orchestrator appliance

This how-to includes the following chapters:

  1. vCenter Orchestrator default users/logins and passwords
  2. How to install/configure the vCenter Orchestrator appliance
  3. Orchestrator configuration
  4. How to import SSO service/vCenter Server certificates
  5. How to configure SSO authentication
  6. Activate/Manage Plug-ins
  7. Define a vCenter Server
  8. Check webclient integration
  9. Start your first workflow
  10. Create your first workflow


1. vCenter Orchestrator default users/logins and passwords:

When you work with the vCenter Orchestrator appliance you will have to deal with four different credentials… this is a little bit tricky at the first glance. Here you can find a list with all default user/passwords:

  • login to the vCO appliance configuration: root | vmware
  • Orchestrator Configuration: vmware | vmware (you have to change it during first logon)
  • Orchestrator Client: vcoadmin | vcoadmin
  • Web Operator: vcoadmin | vcoadmin


2. How to install the vCenter Orchestrator appliance:


  • accept the EULA
  • specify a name and location
  • specify a host/cluster
  • specify a destination storage
  • specify disk format
  • select the network mapping
  • specify the properties of the appliance


  • review your settings and click finish to deploy the appliance

After deploying the appliance successfully, open a webbrowser to the IP address of the appliance


Select „Appliance Configuration“ to change the root password and (if you want it) to enable SSH. Login with the default user: root | password: vmware

Open the Admin Tab – here you can define a new password:


If you want to enable SSH select „Toggle SSH setting“ from the Action Tab at the right:



3. Orchestrator configuration:

Before we can start with the first workflow you have to make some additional configurations to the Orchestrator Server. Use the link to the “Orchestrator Configuration”.

For the first login use the default user/password: vmware, vmware – you will be prompted to change the password.

The Orchestrator Configuration GUI is self explaining – problems may occure, when you try to configure the Authentication mode (LDAP or SSO authentication) or when you import the necessary certificates.


4. How to – import SSO service/vCenter Server certificates:

Before we can configure the SSO authentication we have to import the certificates from the SSO service and the vCenter Server. You can find all installed certs in the SSL Trust Manager (Network – SSL Trust Manager Tab):


To import the certificates, perform the following steps:

  • select “Startup Options” – “Stop Service”


  • select “Network” – open the “SSL Trust Manager” Tab
  • to import the vCenter Server Certificate enter the following URL and click “Import”: https://IP_of_vCenter_Server:443
  • the properties of the certificate will be displayed – click “Import” again
  • when you get the message: The SSL certificate is successfully imported repeat the import-steps with the URL for the SSO Service: https://IP_of_SSO_Server:7444


5. How to – configure SSO authentication:

After you have successfully imported the certificates change to the “Authentication” menue. Per default LDAP authentication is used, change it to SSO authentication:


You can choose between two options: Basic Mode or Advanced Mode.

I strongly recommend to use the Advanced Mode – as I noticed some problems when using the Basic Mode. In both options most settings are pre-set (eg. Token service and Admin service URL, Host…).

You will only have to insert the SSO Server IP address and  provide the SSO Admin‘s user name and the SSO Admin‘s password.

The default SSO user is admin@system-domain (vSphere 5.1) or administrator@vsphere.local (vSphere 5.5). You have set the password for this user during SSO installation.

Click “Register Orchestrator” and wait for the following message:



In the same window you can now configure who will be a vCO-administrator. Select an AD group and click “Accept Orchestrator Configuration” when you have made your choice.

6. Activate/Manage Plug-ins:

There are a lot of pre-installed Plug-ins available – but you will have to activate some of them dedicated. Change to the Plug-In menue and select eg. the vCenter Server Plug-in. To make the activation effective restart the appliance!



7. Define a vCenter Server:

Change to the vCenter Server Tab to define your vCenter Server. Use the “New vCenter Server Host” tab to enter the necessary information. I would recommend you to use the following parameters:

  • Available: Enabled
  • Host: IP of your vCenter
  • port: 443
  • check secure chanel
  • Path: /sdk
  • use session per user
  • Domain: System
  • Username
  • Password


8. Check Webclient integration

Open your vSphere Web Client and change to the vCenter Orchestrator Tab:


Check if your vCO applianced is used to manage your vCenter Server


  • If no -> check if you used an authorized user for vCO to login to your webclient (or maybe it is time to restart your appliance)
  • If yes -> congrats – you have successfully installed vCO and it is time to take a look at the workflows coming along with vCenter Orchestrator.


9. Start your first workflow:

Now it’s time to test if the predefined workflows are working – open your vSphere Webclient and right click on any object (eg. virtual machine,…).

You will see, that the context menue is extended with vCenter Orchestrator Actions (=workflows). If you want, select one of the predefined workflows and give them a try.



10. Create your first workflow:

There already exist great sources about how to start your first workflow. I recommend you to take a look at the following three youtube videos, uploaded by VMware:

To start the orchestrator client, open a webbrowser to your appliance and select “Start Orchestrator Client”:


Sometimes (but hopefully not very often…) you have to create a local user on your ESXi host. This how-to will show you the necessary steps using the vSphere Client as well as PowerCLI.

Part 1: Using your vSphere Client:

Step 1 – create a local user on your ESXi host:

You cannot perform these tasks with your vCenter, as there is no possibility to create local users on your ESXi hosts. Use the vSphere Client to connect directly to the ESXi host and open the “Local Users & Groups” tab:


  • right-click into the “Local Users & Groups” window and select “Add…”
  • enter a login name and a password (user Name and UID will be generated automatically, if you leave the fields blank):


Step 2 – create a role and assign permissions:

  • change to “Home” and open “Roles” to create a new role with dedicated permissions:


  • right-click to select “Add…”
  • define a name for the new role and select the necessary permissions:


Step 3 – assign the new role to the user:

  • In this last step you have to assign the new role to the created user.
  • change back to the “Inventory” and open the “Permissions” tab.
  • right-click and select “Add Permission…”
  • at the left part of the wizzard choose “Add…” to add the created user. At the right part select the new created role:



Part 2: Create a new user/role using PowerCLI:

This is not a complete “ready to use” script – it should only give you a basic idea/overview, which commands you can use to perform the necessary steps

Connect-VIServer -Protocol https -Server <FQDN_or_IP_of_VMhost> -User root -Password “your_password”

New-VMHostAccount -Id <account_name> -Password “your_new_password” -Description <description_of_the_user>

New-VIRole -Name <your_role_name> -Privilege “eg: Settings”

New-VIPermission -Entity <FQDN_or_IP_of_VMhost> -Principal <account_name> -Role “<your_role_name>” -Propagate:$true

  1. command: will connect you to your ESXi host
  2. command: will add a new local user
  3. command: will add a new role with dedicated permissions. In the example above the permission “Global” – “Settings”
  4. command: will assign the new role to the new user

For more information about VMware PowerCLI and its components take a look at the “VMware PowerCLI Overview” or visit the VMware vSphere PowerCLI Community.

One of my favourite tools is RVTools. This tool displays pretty much every information about your ESXi hosts, virtual machines and datastores. RVTools can be used without any fee – but if you like the tool, there is a possibility to donate at the download site

RVTools is a project of Rob de Veij (you can follow him at twitter: @rvtools), and since yesterday his new version 3.6 is available – you can download it here:

Whats new with RVTools 3.6:

(copied out of the release note)

  • New tabpage with cluster information
  • New tabpage with multipath information
  • On vInfo tabpage new fields HA Isolation response and HA restart priority
  • On vInfo tabpage new fields Cluster affinity rule information
  • On vInfo tabpage new fields connection state and suspend time
  • On vInfo tabpage new field The vSphere HA protection state for a virtual machine (DAS Protection)
  • On vInfo tabpage new field quest state.
  • On vCPU tabpage new fields Hot Add and Hot Remove information
  • On vCPU tabpage cpu/socket/cores information adapted
  • On vHost tabpage new fields VMotion support and storage VMotion support
  • On vMemory tabpage new field Hot Add
  • On vNetwork tabpage new field VM folder.
  • On vSC_VMK tabpage new field MTU
  • RVToolsSendMail: you can now also set the mail subject
  • Fixed a datastore bug for ESX version 3.5
  • Fixed a vmFolder bug when started from the commandline
  • Improved documentation for the commandline options

This how-to will help you to perform the necessary steps to install the HDLM (Hitachi Dynamic Link Manager) on your vCenter Server and your ESXi Hosts.  It only descripes the most important steps – for deeper information please read the HDLM User Guide for VMware.

Prerequisites: Install VMware vSphere CLI (vSphere Command Line Interface) on your vCenter Server

Step 1: Install HDLM on your vCenter Server

  • download the latest version of HDLM for VMware
  • login to your vCenter Server as an administrator
  • run setup.exe – a wizzard will guide you through the installation process
  • the installation is very simple – so I have only put together some of the most important screenshots/steps:







When you have finished the wizzard, please execute the following HDLM command to confirm that HDLM has been installed successfully:

  • open a vSphere Command Line Interface (CLI) prompt
  • execute the following command: dlnkmgr -l view -sys


You should see something like in the screenshot above (KAPL01001-I The HDLM command completed normally)


Step 2: Add the drivers to the VMware Update Manager Patch Repository

  • identify the .zip file with the drivers (C:\program files (x86)\HITACHI\DynamicLinkManagerForVMware\plugin\
  • connect to your vCenter and open “Home” – “Update Manager”
  • change to the “Patch Repository” tab
  • click “Import Patches”
  • select the .zip files identified before and click “Next”
  • the drivers will be added to the repository – click “Finish” to confirm

You can find the drivers in the Update Manager Repository displayed as: “Support Hitachi arrays.”



Step 3: Create a Host Extension Baseline to install the HDLM drivers on your ESXi 5.x hosts

Now you have to create a Host Extension Baseline to install the patch package on the ESXi hosts:

  • change to the “Baselines and Groups” tab
  • click “Create”
  • enter a name for the new baseline and select “Host Extension” as baseline type


After clicking “next”, select the defined “Support Hitachi arrays.” patch and add the extension. Confirm with “next”:


Review your selection and “Finish”


Now change to “Host and Clusters” and select a dedicated host or a whole cluster to attach the Extension Baseline. Select the “Update Manager” Tab and click “Attach”.  Select the Baseline you have defined before:


You can now place the ESXi host in maintenance mode to update the driver (Remediate)