VMware Cloud Community
Matt_B1
Enthusiast
Enthusiast
‎07-08-2013 01:59 PM
Jump to solution

Clone Windows VM - avoid saving clear text for domain password

When using "Clone, Windows with single NIC" in my schema, it needs a string password to join the domain.  How can I change this to a SecureString or avoid saving the password of a domain user in clear text in the workflow?  Since the goal is to automate the VM deployment, setting the variable to an input parameter is not an option.

0 Kudos
1 Solution

Accepted Solutions
Burke-
VMware Employee
VMware Employee
‎07-08-2013 06:37 PM
Jump to solution

Simply call that workflow from another workflow that uses SecureString. You can bind SecureString to String - you'll get validation warning, but not error so the workflow will run just fine. This is the approach I have taken. You can then store the password as a SecureString as a Configuration Element Attribute and map that to your custom workflow.

If my answer resolved or helped you, please mark it as Correct or Helpful to award points. Thank you!

Visit http://www.vcoteam.info & http://blogs.vmware.com/orchestrator
for vRealize Orchestrator tips and tutorials - @TechnicalValues on Twitter

View solution in original post

0 Kudos
3 Replies
Burke-
VMware Employee
VMware Employee
‎07-08-2013 06:37 PM
Jump to solution

Simply call that workflow from another workflow that uses SecureString. You can bind SecureString to String - you'll get validation warning, but not error so the workflow will run just fine. This is the approach I have taken. You can then store the password as a SecureString as a Configuration Element Attribute and map that to your custom workflow.

If my answer resolved or helped you, please mark it as Correct or Helpful to award points. Thank you!

Visit http://www.vcoteam.info & http://blogs.vmware.com/orchestrator
for vRealize Orchestrator tips and tutorials - @TechnicalValues on Twitter
0 Kudos
Matt_B1
Enthusiast
Enthusiast
‎07-11-2013 06:05 PM
Jump to solution

I am able to get this to work sometimes during test runs but it is not consistent.  If I hit an error, I always get this...

[2013-07-11 16:33:37.000] [I] Task 'CloneVM_Task' error: A specified parameter was not correct.

spec.identity.password.value (Dynamic Script Module name : vim3WaitTaskEnd#20)

I am not sure if I am doing this correctly.  In a test schema, I drag over "Clone, Windows with single NIC".  In the parameters, I set domainAdminPassword to NULL.  Then, in visual binding, I edit that parameter to be SecureString instead of String.  I then go back to the In tab for the parameters and click on the domainAdminPassword and create a new parameter for the SecureString.  I get the warning, similar to what you mentioned, of...

Binding 'domainAdminPassword' is not of the same type of its linked workflow : domainAdminPassword domainAdminPassword type : SecureString

0 Kudos
Matt_B1
Enthusiast
Enthusiast
‎07-19-2013 09:31 AM
Jump to solution

I finally got it working.  I had to create a completely separate workflow that contained the clone workflow item.  In that workflow, I did the parameter changes as noted above and get the warning as expected.  I then drag that entire workflow into the main workflow.  In the main workflow, I can link the SecureString parameter without any warnings and it works as expected.  This should be easier but I am glad it works.  Thanks Burke.

0 Kudos