With System Center Orchestrator you can create, configure and automatize many things. In Microsoft Azure there are available runbook activities that can be used once you have successfully created a connection between your Orchestrator and Microsoft Azure.
- Creating a self signed certificate in Orchestrator
- Exporting the self signed certificates
- Configuring Microsoft Azure to trust the Orchestrator certificate as a Management certificate
- Configuring a connection between Orchestrator and Microsoft Azure
- A certificate used by Orchestrator to access Microsoft Azure
- Configure Microsoft Azure to trust the Orchestrator certificate
Creating a self signed certificate in Orchestrator
To start off we will need to create a self-signed certificate used by Orchestrator to access Microsoft Azure.
- On our Orchestrator server, click on Start and type IIS, our search should now find the Internet Information Services (IIS) Manager, click to open it.
- We should now have your Internet Information Services (IIS) Manager open.
- Now select the Orchestrator server connection which can be found in the left pane.
- We should now see many different features on the middle of your IIS Manager, double click on Server Certificates.
- Now in the pane on the right side, click on Create Self-Signed Certificate to continue.
- We will now specify a name for our certificate and make sure it is stored in the Personal certificate store, click OK once done.
- Our self-signed certificate should now be shown in the IIS Manager.
Exporting the self signed certificates
Now that we have created the self-signed certificates we will need to export two copies of it.
- The first copy of the self-signed certificate will not include the private key, as it will be used in Microsoft Azure to make the certificate trusted.
- The second copy of the self-signed certificate will include the private key, it will be used by Orchestrator to communicate with Microsoft Azure.
Exporting the self signed certificate without private key
- Make sure that we are on the Orchestrator server, now right click on and choose Run in the list of options.
- A Run window will open up, type mmc in the Open field and click OK.
- We should now have the Microsoft Management Console (mmc) in front of you.
- Now go to File and choose Add/Remove Snap-in…
- An Add or Remove Snap-ins window will appear.
- Select Certificates under the Available snap-ins which is found in the left pane, then click Add >
- Now click OK to continue, we will be asked which account we want to the snap-in to manage.
- Select the Computer account and click Next.
- We will now be asked yet again which computer you want the snap-in to manage, go with the default option here, Local computer.
- We should now see the Certificates (Local Computer) snap-in in your MMC console.
- Expand Certificates (Local Computer) which can be found in the left pane.
- Next expand Personal and select Certificates, we should see the certificate we created previously.
- To export the certificate right click the certificate, go to All Tasks and click Export.
- A Certificate Export Wizard will open, click Next to continue with the certificate exporting.
- We will export the first certificate without a private key, make sure the
No, do not export the private key check box is checked, click Next to continue.
- We will go with the default file format, DER encoded binary X.509 (.CER), click Next to continue.
- In the next window, select a location where the certificate will be saved and a name for it. In this guide I will save it to C:\Certificates\
- We should now see the save path and file name in your Certificate Export Wizard, click Next to continue.
- We will now see a summary of your certificate export, click Finish to export your certificate.
- Once the exporting is completed we will see a window saying The export was successful, click OK to finish.
Note: Don’t close the MMC window as we will be needing it the next step.
Exporting the self signed certificate with private key
We just exported the Orchestrator self-signed certificate without a private key, now we will export the same certificate with a private key.
- We should still have the MMC window open from the previous step.
- Now right click the Orchestrator certificate, go to All Tasks and choose Export once again.
- In the Certificate Export Wizard, click Next to continue.
- We will now export the second certificate with a private key, make sure the
Yes, export the private key check box is checked, click Next to continue.
- For the second certificate we will only have one file format option, the Personal Information Exchange – PKCS #12 (.PFX). We will not need to include all certificates in the certification path if possible so we can uncheck that,
click Next to continue.
- In the next step we will need to protect this certificate by either giving a security principal or a password, we will go with a password.
- Now check the Password check box and give our certificate a password, click Next once you’ve entered a password and confirmed the password.
- Select once again a location where the certificate will be saved and give it a name. I will save it again in the C:\Certificates folder.
- We will now see the save path and file name in your Certificate Export Wizard, click Next to continue.
- We will once more see a summary of your certificate export, click Finish to export our certificate. Wait for the exporting to complete, we will see a window saying The export was successful, click OK to finish.
Configuring Microsoft Azure to trust the Orchestrator certificate as a Management certificate
We will now configure Microsoft Azure to trust the Orchestrator self-signed certificate as a so called Management certificate.
- Open a web browser and head to: https://azure.microsoft.com/en-us/features/azure-portal/
- Sign in to your Microsoft Azure by first entering either your Email, phone or Skype, afterwards enter your password and then click Sign in.
- We should now be seeing your Microsoft Azure dashboard.
- At the bottom of the left pane click on
- We will now see a window with billing information and your current subscriptions.
- Now select our subscription in the center of your screen.
- Now click on which is found in the left pane under Settings, we should now see the Management certificates window.
- Now we will want to upload our Orchestrator certificate (without private key), to upload click on .
- An Upload Certificates window will open up on our right side.
- Now click under .Cer Certificate File to upload your certificate.
- A browse window will now open, navigate to the folder where we exported your Orchestrator certificates.
- Select our self-signed Orchestrator certificate that was exported with no private key and click Open.
- We should now be ready to upload our self-signed Orchestrator certificate, click to continue.
- The certificate will now be uploaded to Microsoft Azure.
- Once the certificate has been uploaded successfully you should get the following notification:
- Our Orchestrator certificate will now be shown under your Management certificates in Microsoft Azure.
Configuring a connection between Orchestrator and Microsoft Azure
We will now head on with the last step which will be connecting Orchestrator to Microsoft Azure.
- Open the Runbook Designer console.
- Now head to Options in the upper left corner of our Runbook Designer console, then click on Windows Azure.
- A Windows Azure prerequisite configuration window will open up.
- Since we have no Azure configuration from before, we will want to add a new configuration by clicking Add…
- First we need to specify a name for our connection.
- Next we will select the connection type.
- Click on the radio button to choose the available connection types, a new Item Selection window will open.
- Choose Azure Management Configuration Settings and click OK.
- Now we will fill the properties of our Azure connection.
- The Azure Endpoint can be left as it is.
- Next insert the password of your Orchestrator certificate (PFX certificate) with a private key.
- Now in the PFX File Path field click on the radio button and locate our Orchestrator certificate (PFX certificate) with a private key.
- Lastly we will add our Microsoft Azure Subscription ID.
- To find our Microsoft Azure subscription ID, go to your Microsoft Azure Portal at https://portal.azure.com.
- On the left pane click on .
- We should now see your subscription ID(s) in the center of the Microsoft Azure Portal screen.
- Select your subscription and copy the Subscription ID, then paste the Subscription ID into the Subscription ID field in the Add Configuration window found in the Runbook Designer.
- Now click OK to finish adding our Azure connection.
We have now successfully set up a connection to Microsoft Azure from your System Center Orchestrator 2016!