In this chapter, we will explore how to optimize the Orchestrator installation and look at the following recipes:
Please also note that in the workflow package that comes with this book, there are several workflows that will configure Orchestrator.
As in all production environments, you should consider using dedicated service accounts for connections between different services. For Orchestrator, there are several connections that we should have a look at.
The connection between Orchestrator and PSC/SSO will only be set up once with an SSO administrative user, after that Orchestrator will use the solution user.
The connection between Orchestrator and vCenter depends on how you would like to handle the role and rights management between them. You can either use one administrative connection between Orchestrator and vCenter, or choose to limit access by the role and rights of the logged-in Orchestrator user. We have already discussed this a bit in the recipe Connecting to vCenter in Chapter 1, Installing and Configuring Orchestrator and we will discuss it a bit more in the recipe User management in Chapter 7, Interacting with Orchestrator.
The connection between clients (desktops and application servers) and Orchestrator is regulated by the membership of the Orchestrator Administration group and by non-administrative users in Orchestrator. We will discuss how to add non-administrative users to Orchestrator in the User management recipe in Chapter 7, Interacting with Orchestrator.
In general, one should follow the IT base rule: Dedicated Services, Dedicated Users.
Please note that the vRA integrated Orchestrator is described in more detail in the recipe Working with the integrated vRA Orchestrator in Chapter 13, Working with vRealize Automation.