IT administrators perform many tasks and procedures to keep the health of their computing environment up-to-date and their business running. Tasks might include the following diverse activities, for example, new employees require that accounts and resources are configured, a business acquisition requires integrating a system from another vendor, and new hardware requires provisioning. Individual tasks and subtasks are automated, but typically, not the whole process. In addition, the administrators must maintain quality standards and system efficiency.
System Center 2012 – Orchestrator can tie disparate tasks and procedures together by using the graphical user-interface Runbook Designer to create reliable, flexible, and efficient end-to-end solutions in the IT environment.
By using Orchestrator, you can carry out the following tasks:
¨ Automate processes in your data center, regardless of hardware or platform.
¨ Automate your IT operations and standardize best practices to improve operational efficiency.
¨ Connect different systems from different vendors without having to know how to use scripting and programming languages.
Orchestrator provides tools to build, test, debug, deploy, and manage automation in your environment. These automated procedures, called runbooks, can function independently or start other runbooks. The standard activities defined in every installation of Orchestrator provide a variety of monitors, tasks, and runbook controls with which you can integrate a wide range of system processes. Each activity in a runbook publishes data that is available to any subsequent activity in that runbook. You use this Published Data to provide dynamic, decision-making capabilities, which can include creating emails, alerts, log files, accounts, and more.
Orchestrator features & Architecture
|management server||The management server is the communication layer between the Runbook Designer and the orchestration database.|
|runbook server||A runbook server is where an instance of a runbook runs. Runbook servers communicate directly with the orchestration database. You can deploy multiple runbook servers per Orchestrator installation to increase capacity and redundancy.|
|orchestration database||The database is a Microsoft SQL Server database that contains all of the deployed runbooks, the status of running runbooks, log files, and configuration data for Orchestrator.|
|Runbook Designer||The Runbook Designer is the tool used to build, edit, and manage Orchestrator runbooks.|
|Runbook Tester||Runbook Tester is a run-time tool used to test runbooks developed in the Runbook Designer. For more information about Runbook Tester,|
|Orchestration console||The Orchestration console lets you start or stop runbooks and view real-time status on a web browser.|
|Orchestrator web service||The Orchestrator web service is a Representational State Transfer (REST)-based service that enables custom applications to connect to Orchestrator to start and stop runbooks, and retrieve information about operations by using custom applications or scripts. The Orchestration console uses this web service to interact with Orchestrator.|
|Deployment Manager||Deployment Manager is a tool used to deploy integration packs (IPs), runbook servers, and Runbook Designers.|
The following diagram illustrates each of the Orchestrator features and the communication between each.
The orchestration database is the center of the Orchestrator installation containing all runbooks, configuration settings, and logs. The management server is required as a communication layer between the Runbook Designer and the orchestration database. One or more runbook servers communicate directly with the database to retrieve runbooks to run and store information about the jobs created from the runbooks. The web service also communicates directly with the orchestration database and provides a web browser connection for the Orchestration console.
The following table shows multiple strategies available for extending the functionality provided by a standard installation of Orchestrator.
|integration pack (IP)||An integration pack is a collection of custom activities specific to a product or technology. Microsoft and other companies provide integration packs with activities to interact with their product from an Orchestrator runbook.|
|Orchestrator Integration Toolkit||The Orchestrator Integration Toolkit lets you extend your library of activities beyond the collection of standard activities and integration packs. The Integration Toolkit has wizard-based tools to create new activities and integration packs for Orchestrator. Developers can also use the Integration Toolkit to create integration packs from custom activities that they build by using the Orchestrator SDK.|
Automation by using runbooks
To automate a task or process in Orchestrator, you use the Runbook Designer to create a runbook. You add activities to the runbook by dragging them from the Activities pane, and then link activities in the required order to create a workflow.
This runbook monitors an event log. When it detects the specified event, the runbook checks the status of a particular process in Windows on a specific computer. If the process is found to be running, it is stopped. The runbook then starts the process and sends an email as a notification of the change of process state.
Each runbook activity finishes before proceeding to the next, and activities are available that provide complex logic such as requiring that multiple activities are completed before the runbook proceeds. By using a combination of logic on activities and smart links, you can implement whatever logic your particular automation scenario requires.
How Orchestrator processes a Runbook
After you have created a runbook, you commit it to the orchestration database by checking it in. You can then use either the Runbook Designer or the Orchestration console to start and stop the runbook.
A request to run a runbook creates a job that is stored in the orchestration database. Each runbook can define a primary runbook server and one or more standbys that process the runbook if the primary is unavailable. A service on each runbook server continuously monitors the orchestration database for jobs that it can process. When a runbook server detects a job, it logs that it is working on the job, copies the runbook locally, logs that it is running an instance of the runbook, and then begins processing the runbook. For any runbook not containing a monitor, you can create multiple runbook requests meaning that a single runbook can have multiple jobs.
When a runbook server processes a job, it creates an instance of the runbook by making a copy of it locally, and then performing the actions defined within the runbook according to the included workflow logic. Status information, activity results, and data are recorded in the orchestration database so that you can monitor the real-time and historical status of the runbook.
Orchestrator Service Accounts
|Management server||Orchestrator Management Service|
Orchestrator Runbook Server Monitor serviceRunbook serverOrchestrator Runbook Service
Orchestrator Management Service account
The Orchestrator Management Service is installed on the management server. Its service account is specified during the installation of Orchestrator. If you installed the management server and the runbook server on the same computer at the same time, this is the same account used by the Management Server Service and Runbook Server Service on each computer to access system resources. If you installed the runbook server after you already installed the management server, or if you installed the runbook server on a different computer, you can use different accounts.
The Orchestrator Management Service is responsible for maintaining the orchestration database, communicating with the Runbook Designers, and communicating with the Deployment Manager.
The account used for the Orchestrator Management Service can be a local account on the management server if the database is installed locally or if you are using SQL Server authentication to communicate with the database (although this is not recommended). However, this configuration might not allow access to other network resources. If the database is located on another server, either the account must be joined to the Active Directory domain so it can access the database server, or you must use SQL Server authentication. Use the latter option if your database server is in a different domain than the management server.
This service account does not have to be an Administrator or a domain Administrator account. Note, however, that the Deployment Manager requires administrator privileges.
The service account for the Management Server Service must have the following permissions:
¨ Permission to log on to the management server as a service. This permission is automatically granted during the installation process.
¨ Member of the Microsoft.SystemCenter.Orchestrator.Admins role in the orchestration database. The account is automatically added to this role during the installation process.
Orchestrator Runbook Server Monitor service account
The Runbook Server Monitor is installed on the management server and is responsible for monitoring the health of runbook servers. It uses the same account as the Orchestrator Management Service and requires the same permissions.
Orchestrator Runbook Service account
The Runbook Server Service is installed on each runbook server. If you installed the management server and the runbook server on the same computer at the same time, this is the same account used by the Management Server Service and Runbook Server Service on each computer to access system resources. If you installed the runbook server after you already installed the management server, or if you installed the runbook server on a different computer, you can use different accounts. The service is responsible for running runbooks and for communicating with the orchestration database.
By default, all activities in a runbook run under the service account of the runbook server on which they are running. Some activities can specify different credentials to be used for individual actions as required. Because runbook activities often access resources on other computers, it is recommended that the account used for the Orchestrator Runbook Service be an Active Directory domain account so that it can be granted access to these external resources.
The account for the Orchestrator Runbook Service must have these permissions:
¨ Permission to log on to the runbook server as a service.
¨ Depending on the resources that the activities in your runbooks access, the service account might require additional credentials on remote computers. Specific activities can also be configured with alternate credentials if the service account does not have access to particular resources.
The following minimum hardware configuration is required for a full installation of Orchestrator:
¨ Minimum 1 gigabyte (GB) of RAM, 2 GB or more recommended
¨ 200 megabyte (MB) of available hard disk space
¨ Dual-core Intel microprocessor, 2.1 gigahertz (GHz) or better
The following table lists the supported operating systems for a full installation of Orchestrator on a single computer.
Orchestrator web service
runbook serverWindows Server 2008 R2, Windows Server 2012
The following software is required for a full installation of Orchestrator on a single computer:
¨ Microsoft SQL Server 2008 R2 or Microsoft SQL Server 2012– Orchestrator requires only the basic SQL Server features found in the Database Engine Service. No additional features are required. Orchestrator supports SQL_Latin1_General_CP1_CI_AS for collation. The installation wizard uses SQL_Latin1_General_CP1_CI_AS as the default collation to create the orchestration database.
Management servers and runbook servers installed on the same computer must use the same database. The management server must run as a 32-bit application.
¨ Microsoft Internet Information Services (IIS) – Orchestrator Setup enables IIS if it is not enabled.
¨ Microsoft .NET Framework 3.5 Service Pack 1 – Orchestrator Setup installs and enables .NET Framework 3.5 SP1 if it is not installed and enabled.
¨ Microsoft .NET Framework 4
Provide the name and company for the product registration, and then click Next
On the Select features to install page, select all features are and then click Next.
For some requirements, such as Microsoft .NET Framework 4, you can use the link provided in the Setup Wizard to install the missing requirement. The Setup Wizard can install or configure other prerequisites, such as the Internet Information Services (IIS) role.
On the Configure the service account page, enter the user name and password for the Orchestrator Management Service account.
On the Configure the database server page, enter the name of the server Click Test Database Connection to verify the account credentials. If the credentials are accepted, click Next.
On the Configure the database page, click Next.
On the Configure Orchestrator management group page, accept the default configuration or enter the name of the user group to manage Orchestrator permissions, and then click Next.
On the Configure the port for the web service page and then click Next.
Review the Installation summary page, and then click Install.
Setup completed successfully
Enable network discovery for the Runbook Designer
Network and Sharing Center, click Choose Home group and Sharing Options, and then click Change advanced sharing settings.
Make sure these services are running first
– DNS Client
– Function Discovery Resource Publication
– SSDP Discovery
– UPnP Device Host
For the Domain profile Turn on network discovery, and then click Save changes.
Install an Integration Pack
System Center 2012 – Orchestrator includes a set of standard activities that are automatically installed with Orchestrator. You can expand functionality and ability of Orchestrator to integrate platforms and products by Microsoft and other companies by installing integration packs. Each integration pack contains activities that provide unique functions. Microsoft provides integration packs for all of the System Center products, a number of other Microsoft products, and technologies and products from other companies.
Integration packs are available from the Microsoft Download Center.
System Center 2012 – Orchestrator supports integration packs designed for System Center 2012 -Orchestrator. Integrations packs for Opalis or pre-release versions of System Center 2012 – Orchestrator are not supported.
After we download the integration pack, we now are going to register the integration pack file with the Orchestrator management server, and then deploy it to runbook servers and computers that have the Runbook Designer installed.
Register an integration pack
On the management server, copy the .OIP file for the integration pack to a local hard drive or network share.
Start the Deployment Manager.
In the navigation pane of the Deployment Manager, expand Orchestrator Management Server, right-click Integration Packs to select Register IP with the Management Server. The Integration Pack Registration Wizard opens.
On the Select Integration Packs or Hotfixes dialog box, click Add.
Locate the .OIP, click Open
In the Completing the Integration Pack Wizard dialog box, click Finish.
Deploy an integration pack
In the navigation pane of Deployment Manager, right-click Integration Packs, click Deploy IP to Action Server or Client.
Select the integration pack that you want to deploy, and then click Next.
Enter the name of the runbook server or computers with the Runbook Designer installed, on which you want to deploy the integration pack, click Add, and then click Next.
To upgrade an integration pack
First on all computers that have a runbook server or Runbook Designer installed, uninstall any earlier version of the integration pack.