You can configure the Orchestrator server to deny access to Web service requests, to prevent malicious attempts from Web service clients to access sensitive servers.

About this task

By default, Orchestrator permits access to workflows from Web service clients. You disable access to workflows from Web service clients by setting a system property in the Orchestrator configuration file, vmo.properties.

Important:

If the vmo.properties configuration file does not contain this property, or if the property is set to false, Orchestrator permits access to workflows from Web services.

Procedure

  1. On the Orchestrator server system, navigate to the folder that contains configuration files.

    Option

    Action

    If you installed Orchestrator with the vCenter Server installer

    Go to install_directory\VMware\Infrastructure\Orchestrator\app-server\conf.

    If you installed the standalone version of Orchestrator

    Go to install_directory\VMware\Orchestrator\app-server\conf.

    If you downloaded and deployed the virtual appliance

    Go to /etc/vco/app-server/.

  2. Open the vmo.properties configuration file in a text editor.
  3. Add the following line to the vmo.properties configuration file.
    #Disable Web service access
    com.vmware.o11n.web-service-disabled = true
    
  4. Save the vmo.properties file.
  5. Restart the Orchestrator server.

Results

You disabled access to workflows Web service clients. The Orchestrator server only answers Web service client calls from the echo() or echoWorkflow() methods, for testing purposes.