VMware vRealize Orchestrator 8.8 Release Notes

vRealize Orchestrator 8.8 | 28 APR 2022

Check for additions and updates to these release notes.

Release Versions

VMware vRealize Orchestrator 8.8 \| 28 April 2022 vRealize Orchestrator 8.8 Appliance build 19690303 VRealize Orchestrator 8.8 Update Repository build 19690303

Updates made to this document:

Date	Description of update	Type
04/28/2022	Initial publishing.

What's New in vRealize Orchestrator 8.8

vRealize Orchestrator 8.8 includes multiple new features and fixed issues. The new features include:

vRO 8.x: RESTOperation.createRequest should not automatically translate spaces to the "+" symbol.

The java.net.URLEncoder.encode() method is now replaced with org.springframework.web.util.UriUtils.encodeQuery(). This change concerns the encoding of URL addresses and more specifically, the encoding of query parameters when performing a REST operation. The space is now encoded to %20 as opposed to +. Replacing space with %20 is the more common way and is also recommended in the RFC specifications, which should be supported by the majority of REST hosts.
You can now update the authentication of a scheduled task in the vRealize Orchestrator Client.

When a editing a scheduled task, a new field called Starting user is available. You can use this field to change the user who is authenticated to run the scheduled task. This feature is only available while editing a existing scheduled task that you have created previously.

Learn more about changing the authentication of a scheduled task.
Updates and plug-in API compatibility changes for the Auto Deploy plug-in for vRealize Orchestrator.
vRealize Orchestrator 8.8 includes an updated and preinstalled Auto Deploy plug-in. The plug-in API compatibility is also updated to support:
- vRealize Orchestrator 7.6
- vRealize Orchestrator 8.7.2
- vCenter 6.7
- vCenter 7.0
NOTE: To use this plug-in in vRealize Orchestrator 7.6, you must first update the vSphere plug-in to version 7.x. Also regarding vRealize Orchestrator 7.6, the Auto Deploy plug-in includes full support for the Java-based Orchestrator Legacy Client while support for workflows created in the HTML5-based vRealize Orchestrator Client is limited.

Learn more about using the Auto Deploy plug-in in vRealize Orchestrator 8.8.
Changes to the input form for Active Directory configuration workflows. The Per user session option is no longer supported.

Because LDAP authentication is no longer supported and shared session is the only possible authentication, the useSharedSession checkbox is now removed from the input form of several Active Directory workflows and the username and password fields are now mandatory. This change impacts the Add an Active Directory server, Update an Active Directory server and Configure Active Directory server workflows.
The New “Create a computer with password in an organizational unit” workflow is now available

The new workflow creates a computer in an organizational unit with a default password value equal to computername$. The workflow also enables the configuration of a custom password by checking the choose password different from the default one option.
REST plug-in support for OpenAPI 3.0 and Swagger 2.0.
The Add a REST host by Swagger spec from a URL and Add a REST host by Swagger spec as a string workflows can now create REST hosts from both Swagger 2.0 and OpenAPI 3.0 schemas.

For both workflows this is achieved by adding a dropdown in the host properties tab which is called Swagger/OpenAPI version. Depending on which version you choose, you can access an additional tab called Swagger 2.x or OpenAPI 3.0. In this tab you can select the host, basePath and Preferred communication protocols for the former and the preferred URL address for the latter.

The following methods were added to the RestHostManager scripting object:
- createRESTHostFromOpenApiUrl("restHostName", "openApiSpecUrl", authHeaders, "preferredUrl", extraParams)
- createRESTHostFromOpenApiSpecString("restHostName", "openApiSpecString", "preferredUrl", extraParams)
- getOpenApiServiceUrl("openApiSpec", "preferredUrl")

Deploying the vRealize Orchestrator Appliance

The vRealize Orchestrator Appliance is a VMware Photon OS-based appliance distributed as an OVA file. It is prebuilt and preconfigured with an internal PostgreSQL database, and it can be deployed with vCenter Server 6.0 or later.

The vRealize Orchestrator Appliance is a fast, easy to use, and more affordable way to integrate the VMware cloud stack, including vRealize Automation and vCenter Server, with your IT processes and environment.

For instructions about deploying the vRealize Orchestrator Appliance, see Download and Deploy the vRealize Orchestrator Appliance.

For information about configuring the vRealize Orchestrator Appliance server, see Configuring a Standalone vRealize Orchestrator Server.

Upgrading and Migrating vRealize Orchestrator

You can upgrade a standalone or clustered vRealize Orchestrator 8.x deployment to the latest product version by using a mounted ISO image.

For more information about upgrading the vRealize Orchestrator Appliance, see Upgrading vRealize Orchestrator.

You can migrate a standalone vRealize Orchestrator instance authenticated with vSphere or vRealize Automation to vRealize Orchestrator 8.8. Product versions of vRealize Orchestrator 7.x supported for migration include versions 7.3 to 7.6. The migration of clustered vRealize Orchestrator 7.x deployments is not supported.

For more information about migrating the vRealize Orchestrator Appliance, see Migrating vRealize Orchestrator.

Plug-ins Installed with vRealize Orchestrator 8.8

The following plug-ins are installed by default with vRealize Orchestrator 8.8:

vRealize Orchestrator vCenter Server Plug-In 7.0.0
vRealize Orchestrator Mail Plug-In 8.0.1
vRealize Orchestrator SQL Plug-In 1.2.0
vRealize Orchestrator SSH Plug-In 7.3.0
vRealize Orchestrator SOAP Plug-In 2.0.6
vRealize Orchestrator HTTP-REST Plug-In 2.4.1
vRealize Orchestrator Plug-In for Microsoft Active Directory 3.0.13
vRealize Orchestrator AMQP Plug-In 1.0.6
vRealize Orchestrator SNMP Plug-In 1.0.4
vRealize Orchestrator PowerShell Plug-In 1.0.20
vRealize Orchestrator Multi-Node Plug-In 8.8.0
vRealize Orchestrator Dynamic Types 1.3.6
vRealize Orchestrator vCloud Suite API (vAPI) Plug-In 7.5.2
VMware vSphere Update Manager Plug-in 7.0.0
VRealize Orchestrator Auto Deploy Plug-in 7.0.0

Earlier Releases of vRealize Orchestrator

Features and issues from earlier releases of vRealize Orchestrator are described in the release notes for each release. To review release notes for earlier releases of vRealize Orchestrator, click one of the following links:

Resolved Issues

Imported resource elements revert their updates after some time.

Imported plug-in configurations can revert to an earlier version after performing a Pull or Push operation. This issue is caused in by the local version history of the configuration which does not include the latest changes.
Basic authentication is disabled by default when using vRealize Automation authentication for your vRealize Orchestrator deployment.

To use basic authentication in vRealize Orchesrator, the system property com.vmware.o11n.sso.basic-authentication.enabled must be set to true.
Cannot add a Git repository hosted by a Git provider which requires a 4096-bit encryption.

In previous releases, vRealize Orchestrator only provided a 2048-bit RSA key pair when authenticating with a Git repository over a SSH connection. Users with stricter security policies can now use a 4096-bit RSA key pair when integrating a Git repository in vRealize Orchestrator over a SSH connection.
The breakpoint marker in the workflow schema does not activate on mouse click.

Issues with the way the workflow schema manages the breakpoint toggle can cause the breakpoint market to become unresponsive.
Ensure correct client certificate selection in the REST plug-in.

Some REST host operations can encounter a client certification selection issue. This issue is caused by the chooseClientAlias() method in X509ExtendedKeyManager. A new KeyManagerCertWrapper wrapper is added to X509ExtendedKeyManager to resolve this client certification issue. The wrapper calls all methods aside from the X509ExtendedKeyManager method and returns the right key alias.
Fix for the CVE-2021-23337 and CVE-2020-8203 security vulnerabilities reported in the vRealize Orchestrator Control Center.

The swagger libraries for the vRealize Orchestrator Control Center are updated to resolve the CVE-2021-23337 and CVE-2020-8203 security vulnerabilities.
User interface elements enter in a extend-collapse animation loop.

On slower vRealize Orchestrator environments, clicking on elements in the side navigation while the animations are still in progress might trigger an extend-collapse animation loop.
The interaction form for resuming a failed workflow does not display fields for all defined variables when one of the variables is a Property type. Inputs for variables coming after the Property variable will be hidden. The input fields for the Property type will not be populated.

The variable type is not interpreted for the Property type which causes issues during form rendering. The Property type is now used while generating the input form.

Known Issues

You receive an "error: failed to push to protected branch" error. Pushing commits to a protected Git branch fails.

If the configured Git branch is protected, the push operation fails consistently but the message that appears indicates that the push is successful.

Workaround: The decision was taken not to fix this issue in the current or upcoming releases of vRealize Orchestrator. This known issue entry is going to be deleted from the release notes for the next release.
Imported resource elements are reverted to an earlier state.

After importing a resource element from a file and then updating the resource element without making a commit in Git, the element state is reverted to an earlier state after a certain period of time. For example, you might import a REST host resource element and then run the Update a REST host workflow (which does not update the resource element in Git). After a certain period of time, the changes made to the REST host are lost.

Workaround: Manually increase the resource element version from the vRealize Orchestrator Client after the update so the resource state in Git is synchronized.

Previously Known Issues

This section contains previously known issues (known issues remaining from earlier releases of vRealize Orchestrator that still exist in the product).

The RESTOperation ID does not initialize properly if the REST host instance is created by using a Swagger spec.

In the HTTP-REST plug-in, when the REST host instance is created by a Swagger spec, the RESTOperation ID does not initialize properly and the getOperation method of the RESTHost object does not work.

No workaround.
The Storage VSAN workflows of the vCenter Server plug-in do not support adding Solid-State Drive (SSD) disks to an ESXi host.

The Add disks to disk group and Remove disks from disk groups workflows do not support adding SSD disks as capacity disks to ESXi hosts.

No workaround.
Problems handling non-ASCII characters in certain contexts.
Using non-ASCII characters in input parameters results in incorrect behavior in the following situations:
- If you run the SCP put or SCP get workflows from the SSH folder on a file with a name that contains non-ASCII characters, the workflow runs but the name of the resulting file on the destination machine is unreadable.
- If you try to insert non-ASCII characters into variable names, the characters do not appear. This issue occurs for workflow variables and action variables.
No workaround.
The SSH plug-in encounters firewall connectivity issues.

The SSH plug-in cannot connect to a Cisco Adaptive Security Appliance (ASA) firewall.

Workaround: The SSH plug-in for vRealize Orchestrator 7.1 does not support connectivity to a Cisco Adaptive Security Appliance (ASA) firewall.
If you experience issues connecting to a SOAP or a REST host, or importing a certificate, you might have to explicitly enable certain versions of SSL or TLS.

For information about this issue, see the Java Secure Socket Extension (JSSE) Reference Guide.

Workaround: For information about explicitly enabling SSLv3 and TLSv1 for outgoing HTTPS connections, see How to enable TLSv1.1 and TLSv1.2 for outgoing HTTPS connections in vRO 6.0.x (KB 2144316).
The SOAP plug-in cannot connect through an authenticated proxy server.

When attempting to run the Add a SOAP host workflow, you encounter an issue with the proxy server authentication.

Workaround: When running the workflow, use a proxy server that does not require authentication.
The vRealize Orchestrator authentication configuration might become invalid if the authentication provider certificate changes or regenerates.

When the SSL certificate of the vRealize Automation or vSphere instance that is configured as the authentication provider in Control Center is changed or regenerated, the vRealize Orchestrator authentication configuration becomes invalid, and the vRealize Orchestrator server cannot start.
Workaround: Import the new authentication provider certificate:
1. Log in to Control Center as root.
2. Click Certificates.
3. Click the Import on the Trusted Certificates tab.
4. Load the SSL certificate from a URL or a file.
5. Click Import.
During the installation of a plug-in in the vRealize Orchestrator Control Center, an error message appears.

When you install a plug-in from the Manage Plug-Ins page in Control Center, the following error message appears: Plug-in 'name_of_the_plug-in' (plug-in_file_name) is not compatible with the current platform version. Supported platform versions are 'names_of_the_supported_versions'. Clicking on the 'Install' button will install it anyway.

Workaround: You can safely ignore this error and proceed with the installation of the plug-in.
Adding values to vCenter Server data object properties of the Array type is not possible.
When vRealize Orchestrator runs scripts, the vCenter Server plug-in converts JavaScript arrays to Java arrays of a fixed size. As a result, you cannot add new values to vCenter Server data objects that take arrays as property values. You can create an object that takes an array as a property if you instantiate that object by passing it a pre-filled array. However, after you instantiate the object, you cannot add values to the array.

For example, the following code does not work:
```
var spec = new VcVirtualMachineConfigSpec();
spec.deviceChange = [];
spec.deviceChange[0] = new VcVirtualDeviceConfigSpec();
System.log(spec.deviceChange[0]);
```
In the above code, vRealize Orchestrator converts the empty spec.deviceChange JavaScript array into the fixed-size Java array VirtualDeviceConfigSpec[] before it calls setDeviceChange(). When calling spec.deviceChange[0] = new VcVirtualDeviceConfigSpec(), vRealize Orchestrator calls getDeviceChange() and the array remains a fixed, empty Java array. Calling spec.deviceChange.add() results in the same behavior.
Workaround: Declare the array as a local variable:
```
var spec = new VcVirtualMachineConfigSpec();
var deviceSpec = [];
deviceSpec[0] = new VcVirtualDeviceConfigSpec();
spec.deviceChange = deviceSpec;
System.log(spec.deviceChange[0]);
```