VMware Cloud Community
Kagome
Enthusiast
Enthusiast

Things I like and dislike on the new Orchestrator 7.1

In the VRO Release Notes is everytime written, that feedback is appreciated in the forum so ...

Well this should be a "first impression" after now two weeks of usage.
I "updated" a 5.5.3 Windows vCenter Orchestrator to vRealize Orchestrator 7.1 Appliance.

A few information that I asked before the "update": https://communities.vmware.com/thread/542417

Here we go:

1) (Dislike) upgrade documentation & migration tool
There is no real upgrade path document which describes how to upgrade or migrate to the new plattform in detail.
Somewhere i read about a configuration-migration "tool" which is included in the OVA.
So if you want to reuse the old Hostname and IP you have to deploy the OVA with an other IP one time to "download" this migration-tool.
Why is there no direct download of the .zip on the vmware website?

2) (Bug?) First fails:
I read somewhere that vRO 7.1 is out - but on our Download Page under "My Products" was only 7.0.1.
After a SR I got a tip from an VMware employe and found the 7.1 OVA files.
If you deploy a fresh 7.1 OVA - the Update Page (Port 5480) displays an error (HTTP 404) when checking for updates.
Proxy and Networksettings should be correct ...
If you deploy a fresh 7.0.1 and update via update page to 7.1 - the updatecheck it is still working after the update.

3) (Dislike) Import of migration-tool-export
After running the migration-Tool, exporting all Workflows, ressources and so on - the import for the certificate (Company CA signed) and passwordencryptor.key on the new Orchestrator OVA fucked it totally up.
Pages were not loading correctly, everywhere are red errors on the page and so on.
Even after reconfiguration of the database and so on - there were zillion of errors in the log of the Orchestrator. That was not a good starting ...
So I skipped that step, rolled back the snapshot, deleted the database and started again - this time with a new CA-signed certificate.

4) (Dislike) documentation for implementing CA signed certificates
There is no documentation for "how to implement Company CA signed certificates for vRO 7.x"
If you don't work 24/7 with certificates and so on .. some instructions for "dummies" would be fantastic. How to create the certificate files, sign them agains a Windows CA, implement them to the OVA ...
I merged something from vCenter 5.5 Certificate replacement and  other sources ...
Also why is there no collaboration with the Plattform Service Controller? Our Plattform Service Controller is included as sub-CA.

5) (Big Like) Control Center
After implementing the new certificate and the basic seems to be working (before importing my workflows and so on) ...
WOW! The new control center is simple and clean. Easy to understand - i like it very much.
The "Runtime Metrics" are very nice, "Validate Configuration" is a good point to see if everything is working
And hell "Live Log Stream" - fantastic thing... 'view fullscreen' is even better - realy good job.
Also the logging integration is very good - you can now define for every plugin the log level - very nice, too.

5.2) (Missing) "Startup Options" Configuration - Roll Back
You can see on the Startup Options" that i have an "Active configuration Fingerprint" and a "Pending Configuration Fingerprint" - where is the option to rollback to any older configuration?

5.1) (Dislike) New Database:
The Orchestrator detects on the database setting that it is "empty" and ask for creation of the tables or so ...
WHY do i have to run "install all plugins again" to get all workflows?
Why can't do the OVA this automatically if the database was empty?

6) (Missing) Find Elements that use this Attribute-Type: SecureString
So after importing all my Workflows, ressources and so on it starts the never ending story:
Passwords and their encryption.
I have a few workflows that have as Attribute a password as Secure String.
So I have to edit all workflows with a SecureString, enter the password again and save it.
Could you please include a finder for workflows that have a attribute with type SecurePassword?
Also searching for AD:Object / SQL:Database and other types would be fine.

6.1) (Bug?) SQL Plugin 1.1.4 imported ressource
To avoid editing a lot of workflows i do the following:
I generate a test-database connection with the workflow "SQl -> Configuration -> Add a database".
After that is a new ressource generated with the encrypted password.
I copy that password-hash and edit the ressource-file for the real-database connection.
After that i import the ressource. All Workflows with that database connection are working again - so basicly no problem.
That is only a "cosmetic bug": But If i try to run the workflow "SQl -> Configuration -> Update a database" it fails if i choose an imported Database-resource.
[2016-09-22 21:33:20.400] [E] Workflow execution stack:
***
item: 'Update a database/item2', state: 'failed', business state: 'null', exception: 'java.lang.NullPointerException (Dynamic Script Module name : updateDatabase#17)'
workflow: 'Update a database' (18541090831854109083178946495518541090830303030303030303030303030)
|  'attribute': name=errorCode type=string value=java.lang.NullPointerException (Dynamic Script Module name : updateDatabase#17)
|  'input': name=database type=SQL:Database value=dunes://service.dunes.ch/CustomSDKObject?id='c643c1fc-f459-4396-b7d3-c450976c9790'&dunesName='SQL:Database'
|  'input': name=name type=string value=db_server
|  'input': name=type type=string value=MySQL
|  'input': name=connectionURL type=string value=jdbc:mysql://my.sexy.mysql.server:3306/databaseName
|  'input': name=username type=string value=mySexyMySQLUser
|  'input': name=password type=SecureString value=__NULL__
|  'input': name=sessionMode type=string value=Shared Session
|  'output': name=result type=SQL:Database value=null
*** End of execution stack.

7) (Bug) Orchestrator Client -> "Scheduler"
Well that is an old Bug.
If you have e.g. 10 scheduled Workflows in that list you can do at the bottom of the list in the free area a right-click and "delete all finished workflows".
If you have so many scheduled workflows that you get a scroll-bar at the side - there is no free area where you get in the context menu "delete all finished workflows".

Sometimes I have the feeling that I'm 1 of million people that uses the orchestrator so excessive for daily business jobs...

😎 (Dislike) Orchestrator Client - Presentation -> Select value as
In the new Orchestrator Client the "Select value as" has changed a litte bit.
On some of the first workflows i thought "nice - I like it"
If you search for VirtualMachine "VM123" it was a good designed solution - until I came to my VM-Deploy Workflow.
Based on some Values (which vCenter, Datacenter, Cluster...) i filtered e.g. the Datastores.
If I plan to deploy a VM to Cluster B - I don't need to see the datastores of cluster A.
Now, when i select the datastore i got a small list with datastores that can be accessed by this cluster.
In the past I was able to sort that Datastores by capacity, free Space, name or whatever - now I see only the Datastorenames and "somewhere" some information.

9) (Bug) vSpehere Webclient - Plugin Registration fails
In the vSpehere Webclient 5.5 was an extra Page to configure the Orchestrator for the Webclient (context menue, ...).
In the vSphere Webclient 6.0U2 that page says everytime how i can get started with the Orchestrator.
In the vCenter MOB - there is no com.vmware.vco registered.
So I started the Workflow: vCenter -> Configuration -> Register vCenter Orchestrator as vCenter Server extension.
That workflow is running without any problems and tells me that everything is good.
Somewhere I read that I have to restart the Webclient after plugin registration - but even that didn't helped.
And still there is no com.vmware.vco or similiar in the vCenter MOB.

Even if that posting sounds very negative - in generally i love the new Orchestrator. It is a rock-solide workflow engine - easy to start with it and use it.

Reply
0 Kudos
1 Reply
iiliev
VMware Employee
VMware Employee

Thanks for the feedback.

I don't see it as a negative; most of the points sound like something we could (and should) try to address in the future releases.

Reply
0 Kudos