You can configure the Orchestrator server to deny access to Web service requests, to prevent malicious attempts from Web service clients to access sensitive servers.
About this task
By default, Orchestrator permits access to workflows from Web service clients. You disable access to workflows from Web service clients by setting a system property in the Orchestrator configuration file, vmo.properties.
If the vmo.properties configuration file does not contain this property, or if the property is set to false, Orchestrator permits access to workflows from Web services.
- On the Orchestrator server system, navigate to the folder that contains configuration files.
If you installed Orchestrator with the vCenter Server installer
Go to install_directory\VMware\Infrastructure\Orchestrator\app-server\conf.
If you installed the standalone version of Orchestrator
Go to install_directory\VMware\Orchestrator\app-server\conf.
If you downloaded and deployed the virtual appliance
Go to /etc/vco/app-server/.
- Open the vmo.properties configuration file in a text editor.
- Add the following line to the vmo.properties configuration file.
#Disable Web service access com.vmware.o11n.web-service-disabled = true
- Save the vmo.properties file.
- Restart the Orchestrator server.
You disabled access to workflows Web service clients. The Orchestrator server only answers Web service client calls from the echo() or echoWorkflow() methods, for testing purposes.