Archive | April, 2018

vRealize Operations Manager – Monitor Management Packs for Availability and Notification

25 Apr

If you are using multiple vRealize Operations Manager (vROPS) – Management Packs like Horizon, VSAN, NSX and vCenter and want to monitor their availability of the adapter/POD in terms of whether they are “Collecting Data” and get notified via email when the collection of data stops due to unknown reasons. Then go ahead and read further.

If you don’t setup the monitoring one doesn’t get notified until someone logins to the vROPS Manager and see the adapter status physically.

Adapter Status:
vROPS VMware Horizon Management Pack

Collection State/Status:
vROPS - Hoirzon Adapter

To achieve the above its a 3 steps process. You will have to create the following:

  • Custom Symptom Definition
  • Custom Alert Definition
  • Custom Notification

Symptom Definitions

We will create four custom Symptom Definition (SD) for Horizon Adapter, Horizon POD as it collects data, vCenter instances and VSAN Adapter. Following are the SD combined:

Custom Symptom Definitions
  • Horizon Adapter Instance
    • Open the vROPS Manager and navigate to Alerts – Symptom Definitions
    • Click on the +
    • Under the Base Object Type Select – View Adapter Instance
    • Under Metrics Select vRealize Operations Generated – Availability
    • Enter a Symptom Definition Name – SD_Horizon_Adapter_Avail
    • is – Critical
    • metric – is less than
    • Numeric Value – 1
    • Under Advance
      • Wait Cycle – 3
      • Cancel Cycle – 3
      • Recommended – The wait/cancel cycle of 3 means that in case of any failure user will be notified after 15 minutes (3 cycles x default 5 minutes data collection interval)
Symptom - View Adapter Instance
  • vCenter Adapter – vCenter

    • Open the vROPS Manager and navigate to Alerts – Symptom Definitions
    • Click on the +
    • Under the Base Object Type Select – vCenter Server
    • Under Metrics Select vRealize Operations Generated – Availability
    • Enter a Symptom Definition Name – SD_vCenter_Adapter_Avail
    • is – Critical
    • metric – is less than
    • Numeric Value – 1
    • Under Advance
      • Wait Cycle – 3
        • Cancel Cycle – 3
          • Recommended – The wait/cancel cycle of 3 means that in case of any failure user will be notified after 15 minutes (3 cycles x default 5 minutes data collection interval)

      Symptom - vCenter Adapter Instance
      • View POD

        • Open the vROPS Manager and navigate to Alerts – Symptom Definitions
        • Click on the +
        • Under the Base Object Type Select – View POD
        • Under Metrics Select vRealize Operations Generated – Availability
        • Enter a Symptom Definition Name – SD_View_POD_Avail
        • is – Critical
        • metric – is less than
        • Numeric Value – 1
        • Under Advance
          • Wait Cycle – 3
            • Cancel Cycle – 3
              • Recommended – The wait/cancel cycle of 3 means that in case of any failure user will be notified after 15 minutes (3 cycles x default 5 minutes data collection interval)

          Symptom - View POD

          • VSAN Adapter Instance
            • Open the vROPS Manager and navigate to Alerts – Symptom Definitions
            • Click on the +
            • Under the Base Object Type Select – VSAN Adapter Instance
            • Under Metrics Select vRealize Operations Generated – Availability
            • Enter a Symptom Definition Name – SD_VSAN_Adapter_Avail
            • is – Critical
            • metric – is less than
            • Numeric Value – 1
            • Under Advance
              • Wait Cycle – 3
                • Cancel Cycle – 3
                  • Recommended – The wait/cancel cycle of 3 means that in case of any failure user will be notified after 15 minutes (3 cycles x default 5 minutes data collection interval)

              Symptom - VSAN Adapter Instance

              Alert Definitions

              We will create four custom Alert Definition (AD) for Horizon Adapter, Horizon POD as it collects data, vCenter instances and VSAN Adapter. Following are the AD combined:

              Custom Alert Definitions
              • Horizon Adapter Instance
                • Open the vROPS Manager and navigate to Alerts – Alert Definitions
                • Click on the +
                • Enter a Name – AD_Horizon_Adapter
                • Under the Base Object Type Select – View Adapter Instance
                • Under the Alert Impact
                  • Impact – Health
                  • Criticality – Symptom Based
                  • Alert Type and Subtype – Virtualization/Hypervisor: Availability
                  • Wait Cycle – 1
                  • Cancel Cycle – 1
                • Under Add Symptom Definitions
                  • Defined on – Self
                  • Symptom Definition Type – Metric /Property
                  • In the search box enter the previously created Symptom Definition – SD_Horizon_Adapter_Avail
                • Under Add Recommendations – Search and Select “Check if the resources are available. If it isn’t restart it. If it is available check the network connectivity between the remote checks and the resource
              Alert - Horizon Adapter


              • vCenter Adapter Instance
                • Open the vROPS Manager and navigate to Alerts – Alert Definitions
                • Click on the +
                • Enter a Name – AD_vCenter_Adapter
                • Under the Base Object Type Select –  vCenter Server
                • Under the Alert Impact
                  • Impact – Health
                  • Criticality – Symptom Based
                  • Alert Type and Subtype – Virtualization/Hypervisor: Availability
                  • Wait Cycle – 1
                  • Cancel Cycle – 1
                • Under Add Symptom Definitions
                  • Defined on – Self
                  • Symptom Definition Type – Metric /Property
                  • In the search box enter the previously created Symptom Definition – SD_vCenter_Adapter_Avail
                • Under Add Recommendations – Search and Select “Check if the resources are available. If it isn’t restart it. If it is available check the network connectivity between the remote checks and the resource
              Alert - vCenter Adapter
              • View POD
                • Open the vROPS Manager and navigate to Alerts – Alert Definitions
                • Click on the +
                • Enter a Name – AD_View_PODS
                • Under the Base Object Type Select –  View Pod
                • Under the Alert Impact
                  • Impact – Health
                  • Criticality – Symptom Based
                  • Alert Type and Subtype – Virtualization/Hypervisor: Availability
                  • Wait Cycle – 1
                  • Cancel Cycle – 1
                • Under Add Symptom Definitions
                  • Defined on – Self
                  • Symptom Definition Type – Metric /Property
                  • In the search box enter the previously created Symptom Definition – SD_View_PODS_Avail
                • Under Add Recommendations – Search and Select “Check if the resources are available. If it isn’t restart it. If it is available check the network connectivity between the remote checks and the resource
              Alert - View POD
              • VSAN Adapter Instance
                • Open the vROPS Manager and navigate to Alerts – Alert Definitions
                • Click on the +
                • Enter a Name – AD_VSAN_Adapter
                • Under the Base Object Type Select –  vSAN Adapter Instance
                • Under the Alert Impact
                  • Impact – Health
                  • Criticality – Symptom Based
                  • Alert Type and Subtype – Virtualization/Hypervisor: Availability
                  • Wait Cycle – 1
                  • Cancel Cycle – 1
                • Under Add Symptom Definitions
                  • Defined on – Self
                  • Symptom Definition Type – Metric /Property
                  • In the search box enter the previously created Symptom Definition – SD_VSAN_Adapter_Avail
                • Under Add Recommendations – Search and Select “Check if the resources are available. If it isn’t restart it. If it is available check the network connectivity between the remote checks and the resource
              Alert - VSAN Adpater

              Notifications

              We will create four Notification Rules for Horizon Adapter, Horizon POD as it collects data, vCenter instances and VSAN Adapter. Following are the Rules for Email Alerts combined:

              Custom Notification Rules
              • Rule – Horizon Adapter Instance is down
                • Open the vROPS Manager and navigate to Alerts – Notification Settings
                • Click on the +
                • Enter a Name – _Horizon_Adapter is down
                • Under Method Select – Standard Email Plugin
                • Instance – SMTP (previous configured)
                • Enter Recipients – Email Address
                • Notification Trigger – Alert Definition
                • Add the previously created _AD_Horizon_Adapter
              Notification - Horizon Adapter

              • Rule – vCenter Adapter Instance is down
                • Open the vROPS Manager and navigate to Alerts – Notification Settings
                • Click on the +
                • Enter a Name – _vCenter_Adapter is down
                • Under Method Select – Standard Email Plugin
                • Instance – SMTP (previous configured)
                • Enter Recipients – Email Address
                • Notification Trigger – Alert Definition
                • Add the previously created _AD_vCenter_Adapter

              Notification - vCenter Adapter

              • Rule – View POD is down
                • Open the vROPS Manager and navigate to Alerts – Notification Settings
                • Click on the +
                • Enter a Name – _View_POD is down
                • Under Method Select – Standard Email Plugin
                • Instance – SMTP (previous configured)
                • Enter Recipients – Email Address
                • Notification Trigger – Alert Definition
                • Add the previously created _AD_View_POD

              Notification - View POD

              • Rule – VSAN Adapter is down
                • Open the vROPS Manager and navigate to Alerts – Notification Settings
                • Click on the +
                • Enter a Name – _VSAN_Adapter is down
                • Under Method Select – Standard Email Plugin
                • Instance – SMTP (previous configured)
                • Enter Recipients – Email Address
                • Notification Trigger – Alert Definition
                • Add the previously created _AD_VSAN_Adapter

              Notification - VSAN Adapter

              I hope you will find this post useful and will help you improvise on monitoring/alerting of your vROPS Management Packs. A big thanks to Gagik Manukyan in demonstrating the ability to configure this in our internal setup.

              Thanks,
              Aresh Sarkari

              VMware Horizon TrueSSO – Configuration for High Availability and Redundancy

              13 Apr

              In this post I will demonstrate the configuration that are required to deploy the VMware Enrollment Servers for High availability and redundancy. This includes two Certificate Authority CA’s and Enrollment Servers

              TrueSSO Availability and Redundancy


              My colleague Tarique Chowdhury has an excellent post on the TrueSSO Lab Setup. However in that deployment it talks about a single Enrollment Server and Certificate Authority Server.

              This post is not a replacement of the Setting Up TrueSSO guide on VMware Pubs. However the below mentioned two sections complement during the configurations for everything else follow the setup guide/blogs:

              Certificate deployment – Enrollment Agent (Computer).

              Deploying the Enrollment Agent (Computer) certificate onto this server, we are authorizing this ES to act as an Enrollment Agent and generate Certificates on behalf of users.

              Both the Certificate Authority Server Enrollment Agent (Computer) certificate needs to be added. They are added one-by-one. The Personal –> Certificate store should look like below on the ES:

              Enrollment Agent (Computer)

              Configure TrueSSO on the Horizon Connection Servers:

              Step1: Adding both the Enrollment Server (ES) – Adding the ES to the environment, we are able to query the ES about the domain and relevant True SSO info.

              vdmutil --authAs username --authDomain askaresh --authPassword password --truesso --environment --add –enrollmentServer tsso1.askaresh.com,tsso2.askaresh.com

              Adding ES

              Step2 – List both the newly deployed Enrollment Server – We will get info about various components of the environment which will be useful for configuring True SSO.

              vdmutil --authAs username –authDomain askaresh --authPassword password --truesso --environment --list --enrollmentServer tsso1.askaresh.com  --domain askaresh.com

              vdmutil --authAs username –authDomain askaresh --authPassword password --truesso --environment --list --enrollmentServer tsso2.askaresh.com  --domain askaresh.com

              Listing ES

              Step3 – Adding the Connector for TrueSSO – A True SSO Connector is a configuration set where we specify details like ES(s), CA(s) and a Certificate Template to use for a certain Domain. When a Horizon CS gets a request to launch a desktop for an AD user, it will look up True SSO Connector for the domain the user belongs to and will use the components as specified to obtain a Certificate on behalf of the user.

              vdmutil --authAs username --authDomain askaresh --authPassword password --truesso --create --connector --domain askaresh.com --template TrueSSO --primaryEnrollmentServer tsso1.askaresh.com –secondaryEnrollmentServer tsso2.askaresh.com --certificateServer MSSUBCA01-CA,MSSUBCA02-CA --mode enabled
              TrueSSO Connector

              Step4 – List the SAML Authenticator available in Horizon environment – A SAML Authenticator contains the trust and metadata exchange between Horizon View and vIDM. To use True SSO, we need to identify the correct SAML Authenticator and enable True SSO.

              vdmutil --authAs username --authDomain askaresh --authPassword password --truesso --list --authenticator
              Listing SAML

              Step5 – Enable TrueSSO for the SAML Authenticator

              vdmutil --authAs username --authDomain askaresh --authPassword password --truesso --authenticator --edit --name VIDM-PROD --truessoMode ENABLED
              Enable TrueSSO

              Step6 – Check the status on the Horizon Administrator Dashboard
              TrueSSO Dashboard

              I hope you find these steps useful during the TrueSSO Availability and Redundancy configurations.

              Thanks,
              Aresh