Navigating Orchestrator Blues | VMware Troubleshooter!

When it comes to enterprise networks, one common setup is to use an orchestrator (VCO) within the internal data center (DC) network, with a private internal Eth0 address configured. This can lead to challenges when it comes to remote diagnostics, as the internet-facing firewall in the main DC will have a static 1:1 translation between the public IP address used by SD-WAN edges and the private IP address used by the VCO.

In such cases, a specific additional system property must be set to make remote diagnostics work correctly. This involves configuring the RO-230-IOL-Entry router to translate the public IP address used by the SD-WAN edges to the private IP address used by the VCO on Eth0.

To illustrate this setup, let’s use an example lab environment with SD-WAN edges reaching the orchestrator via 110.1.1.254, and the RO-230-IOL-Entry router translating it to 10.8.1.254, the VCO address on Eth0.

In this scenario, remote diagnostic access from a browser using the internal private address and edges using the public address should work seamlessly. To enable this, the following system property must be set:

“remoteDiagnostics.enabled=true”

This property tells the system to allow remote diagnostics access to the VCO from the internet. Without this property set, remote diagnostics will not work correctly, even if the public IP address is translated to the private IP address on Eth0.

To set this property, follow these steps:

1. Open the Management Console and navigate to the “System” menu.

2. Click on “Configuration” and select “System Properties”.

3. Scroll down to the “Advanced” section and click on “Edit”.

4. In the “Advanced Properties” window, scroll down to the “remoteDiagnostics” section and set “enabled=true”.

5. Click “Save” to apply the changes.

Once this property is set, remote diagnostics access should work correctly, allowing you to access the VCO from your browser using the internal private address, and edges using the public address.

It’s important to note that the specific IP addresses used in this example are for illustration purposes only, and may vary depending on your specific network setup. The key is to ensure that the RO-230-IOL-Entry router is configured to translate the public IP address used by the SD-WAN edges to the private IP address used by the VCO on Eth0, and that the “remoteDiagnostics.enabled=true” property is set to allow remote diagnostics access from the internet.

In conclusion, when using an orchestrator (VCO) within the internal data center network, with a private internal Eth0 address configured, it’s essential to set the “remoteDiagnostics.enabled=true” property to make remote diagnostics work correctly. This will allow you to access the VCO from your browser using the internal private address, and edges using the public address, ensuring seamless remote diagnostic access for your enterprise network.

A VMware Troubleshooting Internet Resource on everything VMware related