You can configure the Orchestrator server to deny access to Web service requests, to prevent malicious attempts from Web service clients to access sensitive servers.

By default, Orchestrator permits access to workflows from Web service clients. You disable access to workflows from Web service clients by setting a system property in the Orchestrator configuration file,


If the configuration file does not contain this property, or if the property is set to false, Orchestrator permits access to workflows from Web services.


Navigate to the following folder on the Orchestrator server system.



If you installed Orchestrator with the vCenter Server installer

Go to install_directory\VMware\Infrastructure\Orchestrator\app-server\server\vmo\conf.

If you installed the standalone version of Orchestrator

Go to install_directory\VMware\Orchestrator\app-server\server\vmo\conf.


Open the configuration file in a text editor.


Add the following line to the configuration file.

#Disable Web service access
com.vmware.o11n.web-service-disabled = true

Save the file.


Restart the Orchestrator server.

You disabled access to workflows Web service clients. The Orchestrator server only answers Web service client calls from the echo() or echoWorkflow() methods, for testing purposes.