VMware Cloud Community
VirtualTristan
Contributor
Contributor
‎01-20-2017 02:52 PM
Jump to solution

Problems with VRO integrated with VRA v7.2

I've done a by-the-book deployment of VRA 7.2 and am using bundled VRO instance.

In the vSphere Web Client, the VRO server does not appear. I get the expected Orchestrator page but no VRO server listed. When I select "vRO Servers > Manage > Servers" I see the vCenter instance listed and when I select "Edit Configuration" I have the option to add the "Fixed IP/hostname" of the vRO server. I have tried IP and FQDN and always get the attached error when I click the "Test Connection" button.

Things to know:

Latest GA version of VRA 7.2

VCSA v6.0.0, build 3617395

I have vCenter registered properly in vRO. I can manage/run workflows in the Java client.

I am able to see a single VCO extension in the vCenter MOB

I am able to manually download the vsphere-client plugin zip file via the URL listed in the client section of the MOB entry

I am using the same credentials to auth in vCenter and in VCO.

I tried to leverage KB2144318, but it resulted in my not being able to start the /etc/init.d/vco-server service (and that KB doesn't seem to apply to VRO 7.2)

I have restarted all services and VMs multiple times.

I have made sure that accounts that I'm testing with have proper VCOAdmins privileges in SSO

Anyone have any other suggestions?

Thanks as always for your assistance!

Tristan
Tags (3)
Preview file
205 KB
0 Kudos
1 Solution

Accepted Solutions
Burke-
VMware Employee
VMware Employee
‎01-20-2017 03:26 PM
Jump to solution

I don't believe vSphere Web Client integration with vRO is  supported with the vRA embedded instance of vRO due to the authentication required for the embedded vRO. If you wish to have vRA 7.x using vRO and you want vSphere Web Client 6.0 integration with vRO then you'll need a standalone vRO for the vSphere Web Client integration.

If my answer resolved or helped you, please mark it as Correct or Helpful to award points. Thank you!

Visit http://www.vcoteam.info & http://blogs.vmware.com/orchestrator
for vRealize Orchestrator tips and tutorials - @TechnicalValues on Twitter

View solution in original post

0 Kudos
3 Replies
Burke-
VMware Employee
VMware Employee
‎01-20-2017 03:26 PM
Jump to solution

I don't believe vSphere Web Client integration with vRO is  supported with the vRA embedded instance of vRO due to the authentication required for the embedded vRO. If you wish to have vRA 7.x using vRO and you want vSphere Web Client 6.0 integration with vRO then you'll need a standalone vRO for the vSphere Web Client integration.

If my answer resolved or helped you, please mark it as Correct or Helpful to award points. Thank you!

Visit http://www.vcoteam.info & http://blogs.vmware.com/orchestrator
for vRealize Orchestrator tips and tutorials - @TechnicalValues on Twitter
0 Kudos
iiliev
VMware Employee
VMware Employee
‎01-21-2017 01:45 AM
Jump to solution

KB 2144318 applies for outgoing HTTPS connections, when vRO acts as a client consuming 3rd party API, eg. via vRO HTTP-REST plug-in.

When you deploy a vRA appliance, the embedded vRO instance is automatically configured to use vIDM/vRA authentication (vIDM is hosted in vRA appliance). This means the embedded vRO instance's REST API can be invoked by clients that authenticate either using Basic authentication with username/password (if this authentication type is enabled) or OAuth tokens, issued and verifiable by vIDM server.

In contrast, vSphere Web Client uses vSphere Single Sign-On authentication, and when the vRO integration plug-in in the Web Client calls vRO REST API, it authenticates with SAML token issued by vSphere SSO on behalf on the user logged in the Web Client. Alas, this SAML token cannot be validated by the vIDM server embedded vRO is configured with, and so the REST call fails.

So, currently vSphere Web Client integration integration is not supported for vRO server embedded in vRA because of the authentication provider incompatibility. As Burke said, you will need to deploy a standalone vRO appliance and configure it with vSphere Single Sign-On authentication (the same SSO instance that is used by vSphere Web Client).

VirtualTristan
Contributor
Contributor
‎01-21-2017 12:17 PM
Jump to solution

Thanks Ilian and Burke - I appreciate the clarification!

This morning I added a stand-alone VRO instance and things are working much better.

Thanks as always for your assistance. Thank you for making the VMTN community so awesome!

Tristan
0 Kudos