Setting up VLA to wok with VMware vRealize Orchestrator running in Cluster Mode

VMware vRealize Orchestrator can be configured to work in two server modes: Standalone and Cluster. To increase the availability of the VMware vRealize Orchestrator services both in standalone and cluster mode, you can put the Orchestrator behind a reverse proxy, such as Apache and Nginx.

Although VMware™ does not take any responsibility, nor provide any support for configuration of such load balancer, we hereby provide the following as an example on how to connect VLA against VMware vRealize Orchestrator running in cluster mode, using Nginx.

Download and set up Nginx to connect to vRealize Orchestrator cluster

Assuming your cluster has 3 nodes: vroclstr1.saplab.vmw.com, vroclstr2.saplab.vmw.com, vroclstr3.saplab.vmw.com reachable through vro.saplab.vmw.com

Download and install Nginx on your operating system by using the preferred package manager (dpkg, rpm, exe-installer).

Create a new file /etc/nginx/sites-available/vco with content as shown in example below.

upstream vro {
    server vroclstr1.saplab.vmw.com:8281    max_fails=1  fail_timeout=600s;
    server vroclstr2.saplab.vmw.com:8281    max_fails=1  fail_timeout=600s;
    server vroclstr3.saplab.vmw.com:8281    max_fails=1  fail_timeout=600s;
}

server {
    listen 8281 ssl;
    server_name vro.saplab.vmw.com;
    root /var/www;
    index index.html index.htm;
    try_files $uri/index.html @proxy;
    underscores_in_headers on;

    keepalive_timeout 100;
    ssl_certificate  /etc/nginx/ssl/server.crt;
    ssl_certificate_key  /etc/nginx/ssl/server.key;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

    location @proxy {
        proxy_next_upstream    error timeout http_503;

        proxy_set_header       Host                   $host:$server_port;
        proxy_set_header       Server-Port            $server_port;
        proxy_set_header       Real-IP                $remote_addr;
        proxy_set_header       Forwarded-For          $proxy_add_x_forwarded_for;
        proxy_set_header       Forwarded-Proto        $scheme;
        proxy_set_header       Forwarded-Server       $host;
        proxy_set_header       Frowarded-Port         $server_port;
        proxy_set_header       Connection             'Keep-Alive';
        add_header             vco-server             $upstream_addr;

        proxy_pass             https://vro;

        proxy_send_timeout 600;
        proxy_read_timeout 600;
    }
}

Create soft-link to activate your configuration:

 ln -s /etc/nginx/sites-available/vco /etc/nginx/sites-enabled/default

Add within http section of file /etc/nginx/nginx.conf

##
 # SSL
 ##
 ssl_session_cache   shared:SSL:10m;
 ssl_session_timeout 5m;
 ssl_prefer_server_ciphers on;

Restart Nginx

Note:

The above example contains SSL settings, assuming that the server.cer and server.key files are at their proper location. For more information about Nginx and SSL, see the Nginnx wiki.