Disable Access to Workflows from Web Service Clients

You can configure the Orchestrator server to deny access to Web service requests, to prevent malicious attempts from Web service clients to access sensitive servers.

By default, Orchestrator permits access to workflows from Web service clients. You disable access to workflows from Web service clients by setting a system property in the Orchestrator configuration file, vmo.properties.

Important

If the vmo.properties configuration file does not contain this property, or if the property is set to false, Orchestrator permits access to workflows from Web services.

Procedure

Navigate to the following folder on the Orchestrator server system.

Option	Action
If you installed Orchestrator with the vCenter Server installer	Go to `install_directory`\VMware\Infrastructure\Orchestrator\app-server\server\vmo\conf.
If you installed the standalone version of Orchestrator	Go to `install_directory`\VMware\Orchestrator\app-server\server\vmo\conf.

Open the vmo.properties configuration file in a text editor.

Add the following line to the vmo.properties configuration file.

#Disable Web service access
com.vmware.o11n.web-service-disabled = true

Save the vmo.properties file.

Restart the Orchestrator server.

You disabled access to workflows Web service clients. The Orchestrator server only answers Web service client calls from the echo() or echoWorkflow() methods, for testing purposes.