Home > Blogs > VMware vCenter Orchestrator Blog > Tag Archives: Active Directory

Tag Archives: Active Directory

vCenter Orchestrator Holiday Gifts

 

The vCenter Orchestrator gifts season started a few months ago with the general availability of vCO 5.5. The compelling release was announced just in time to share the vCO momentum at VMworld.  Along with the amazing new features introduced, VMware continues with a lot more presents.

This year the holiday magic brings to vCenter Orchestrator users several updates, product integrations and learning gadgets that make automation with vCO more powerful than ever.

1. VMware has just announced the GA of VMware vCloud Automation Center 6.0(vCAC 6.0). The extension and creation of XaaS is done using the vCAC Advanced Service Designer which allows you to seamlessly leverage any vCO workflow and convert it to a catalog item or day 2 operation, available as a service in the vCAC Self-service portal.

 2. vCO CLI is the code name of the new debugging extension which will not only facilitate all experienced vCenter Orchestrator users and also helps the newcomers to programmatically explore the rich vCO ecosystem through interactive command shell. Access to the vCO plug-in’s inventory is integrated into the tool UI for easy navigation to the integrated solution objects.

3. Our super powerful and generic HTTT- REST and SOAP plug-ins are now able to support proxy configurations and assure security compliance of your automated solutions.

4. The long awaited vCO Powershell plug-in 1.0.3 is updated to support Powershell 3.0 inventory and is fully backward compatible with your existing scripts.

5. In vCenter Orchestrator plug-in for Microsoft Active Directory 1.0.4 the old configuration mode is removed and you are now able to configure the plug-in automatically through native vCO workflows.

For additional information on these materials, please visit the following sites:

The entire vCO team wishes you the very best for the holidays and 2014.

Cheers!

Important vCenter Orchestrator Plug-in Updates

With the recent vCenter Orchestrator 5.1 and vSphere 5.1 availability, it’s obviously important to ensure that not just individual products but all of your integrations are up-to-date.

Besides the already released plug-ins for vCenter Server 5.1 (built-in) and vCloud Director 5.1, we are are glad to announce the availability of several plug-in updates to make your entire vCloud suite up-to-date:

1. The vCenter Update Manager plug-in has been updated to support version 5.1 and vCenter Single Sign On. This plug-in is essential for scanning and remediating vSphere inventory objects against baselines.

2. The vCO Multi-Node plug-in has been updated to support vCO 5.1, vCenter Single Sign On, and the new vCO REST API capabilities to leverage the remote invocation of new systems types such as actions and packages.  What’s more, this new version also provides better performance and corrects some previous defects.

3. The vCO Plug-in for vSphere Auto Deploy 5.1 supports… vSphere Auto Deploy 5.1!  Need we say more?

4. The vCO Plug-in for Microsoft Active Directory 1.0.2 provides support for vCenter Single Sign On and contains an import fix for concurrent workflow execution.

5. The vCO AMQP Plug-in 1.0.2 offers significant performance improvements and fixes a known issue with the vCO server restart.

6. The vCO Plug-in for vCenter Server 5.0.2 contains important performance improvements for customers who are running vCO with vCenter Server 5.0.

  • vCO Plug-in for vCenter Update Manager 5.1: download
  • vCO Multi-Node Plug-in for 5.1: download
  • vCO Plug-in for vSphere Auto Deploy 5.1: download
  • vCO Plug-in for Microsoft Active Directory 1.0.2: download
  • vCO AMQP Plug-in 1.0.2: download
  • vCO Plug-in for vCenter Server 5.0.2: download

As always, be sure to check VMware Solution Exchange for a complete list of plug-ins available from VMware and our partners.  That’s your best place to find the latest integration solutions such as the ServiceNow plug-in recently published by InterraIT.

Cheers!

The vCO Team

Master of the integration – conquer VMware vCloud Director blocking tasks with the powerful vCenter Orchestrator plug-ins

One of the upcoming features of VMware vCloud Director is Blocking Tasks (call-outs). This enables a system administrator to configure many operations to block. They can be ublocked later by another application or can expire after a timeout. These blocking tasks generate AMQP messages that can be used to automate actions over them. This blog post shows vCO flexing muscles over blocking tasks. Doing this requires several plug-ins: AMQP, HTTP-REST, ActiveDirectory and Mail.

Whenever a vApp is created by an user in the vCloud Director the task is suspended and the user's manager receives a notification mail providing link for approval of the operation. When he approves, the vApp creation task continues in the vCloud Director. This is achieved by using a different plug-in on every step. AMQP plug-in is used to handle the blocking tasks notification messages. The HTTP-REST plug-in is used to communicate with the VMware vCloud Director over its RESTful interface. Active Directory is needed to find the user’s manager in the company's active directory database. Finally, the approval email is sent using the Mail plug-in. Webviews are used to build a simple web-based interface that the manager uses to approve or reject the vApp creation.

At the end of this article you can find links to a vCO package containing theexample and a video demonstrating the scenario. Jump right to the video at the end or read the details below describing  some technical aspects.

The message sent by the vCloud Director for the pending vApp creation is handled first by the AMQP plug-in. The next few lines of JavaScript show how to configure the subscription for the message. Note how the routing key is constructed. The detailed strucutre of the routing key is described in the vCloud Director documention.

Image1_setup_scripting

After its execution this script will create a new Subscription element in the AMQP plug-in inventory:

Image2_subscription_inventory

This subscription is ready to be used for a policy that will listen for vApp creation messages:

Image3_policy

The workflow is started by the policy on every message and does the rest of the work:

Image4_workflow

The user must define the vCloud Director as a REST host in the inventory:

Image5_rest_inventory

And then use it in the scripts to build the request URL:

Image6_rest_script

The VMware vCloud Director REST API responses are XML documents but handling them is easy with E4X (ECMAscript for XML):

Image7_xml

When the manager follows the web link in the notification mail he is brought to a web page showing again the request details enabling him to take an action on it:

Image8_webview1

Behind the scene the approve and reject buttons are handled by a script that answers the user interaction of the blocked workflow. When decision is taken the workflow continues and notifies the VMware vCloud Director to resume or cancel the pending task.

To get your hands dirty with this demo follow the link to the package that contains the example. It won’t work out of the box because the AMQP broker and the VMware vCloud Director configuration must be updated to match yours. Also the message handling policy must be manually created since policies cannot be distributed in a package.

Here is a video demonstrating the whole scenario:

 

Creation of User Accounts with Active Directory Plug-in for VCO

A few days ago we announced the GA of Active Directory Plug-in for VCO. Now we want to show you an example how this plugin can be used.

Suppose you are an Active Directory administrator and you have to create a lot of new accounts for a newly created department of your company with a lot of employees. If just using the UI that your Windows 2008 server has for working with AD objects, you have to do a lot of annoying and repeating steps, but you have the VCO and the AD plug-in on your side 🙂

Let’s see how to do this job with the help of Active Directory Plug-in 1.0.0 for VCO 4.1

As the configuration of the AD plugin is not a topic of this blog post I'll skip it.

So… What is the criteria that we will observe to see if our exemplary Workflow has finished successfully?

  1. We will expect that after a successful run of our custom Workflow there will be a new object for the department – object of type Organizational Unit
  2. We will expect to have a User Group object that all newly crated User Accounts belong to, thus making it easy for the admins to grant permissions to all the users in this group
  3. We will expect to have one or more exemplary User Account created

Now when we have the goal and the criteria lets see how we can achieve it with custom Workflow that uses the Basic Building Blocks of the Active Directory Plug-in 1.0.0 for VCO 4.1

Here is an example of steps that our Workflow should repeat in order to fulfill the above requirements:

Step 1– Creation of Organizational Unit entity

  • Check if there is an Organizational Unit entity already created for the new department of your organization
  • If not it will be crated

Step 2 – Creation of User Group and associating it with newly created OU

  • Check If the User Group already exist and use it
  • If there is no such User Group then we should create it

Step 3 – Creation of user and associating it with newly created OU

  • New user account is created
  • Newly created user account is associated with the Organizational Unit created on Step 1

Step 4 – Add the user to the User Group

The following screenshot shows a possible implementation of the above steps

TheWFExplained1

Lets now start this example and see what will be the result

First lets check how does the inventory tree look like before the run

ContainerOUBefore

Now it is time to start the Workflow and observe it during run-time

Filling the Input Parameters…

Filling_the_input_parameters 

Workflow during run time…

Finding_OU
 

…And the successful Finish 🙂 …

Successful_finish

Now it is the time to look at the results…

Result

This is it…

There is an Organizational Unit called "Workflow Development" with two objects inside. One of it is the User Account "johnsmith" and the other one is the User Group "Workflow Developers"

… so we can conclude that we meet our success criteria 🙂

You can check the official product site  and the user guide for more info.