You can configure the Orchestrator server to deny access to Web service requests, to prevent malicious attempts from Web service clients to access sensitive servers.

About this task

By default, Orchestrator permits access to workflows from Web service clients. You disable access to workflows from Web service clients by setting a system property in the Orchestrator configuration file,


If the configuration file does not contain this property, or if the property is set to false, Orchestrator permits access to workflows from Web services.


  1. On the Orchestrator server system, navigate to the folder that contains configuration files.



    If you installed Orchestrator with the vCenter Server installer

    Go to install_directory\VMware\Infrastructure\Orchestrator\app-server\conf.

    If you installed the standalone version of Orchestrator

    Go to install_directory\VMware\Orchestrator\app-server\conf.

    If you downloaded and deployed the virtual appliance

    Go to /etc/vco/app-server/.

  2. Open the configuration file in a text editor.
  3. Add the following line to the configuration file.
    #Disable Web service access
    com.vmware.o11n.web-service-disabled = true
  4. Save the file.
  5. Restart the Orchestrator server.


You disabled access to workflows Web service clients. The Orchestrator server only answers Web service client calls from the echo() or echoWorkflow() methods, for testing purposes.