VMware vRealize Operations for Published Applications Installation and Administration VMware vRealize Operations for Published Applications 6.
VMware vRealize Operations for Published Applications Installation and Administration You can find the most up-to-date technical documentation on the VMware Web site at: https://docs.vmware.com/ The VMware Web site also provides the latest product updates. If you have comments about this documentation, submit your feedback to: docfeedback@vmware.com Copyright © 2017 VMware, Inc. All rights reserved. Copyright and trademark information. VMware, Inc. 3401 Hillview Ave. Palo Alto, CA 94304 www.vmware.
Contents 1 VMware vRealize Operations for Published Applications Installation and Administration 5 2 Introducing vRealize Operations for Published Applications 7 vRealize Operations for Published Applications Architecture 8 vRealize Operations for Published Applications Desktop Agent 9 vRealize Operations for Published Applications Broker Agent 9 vRealize Operations for Published Applications Adapter 9 3 System Requirements for vRealize Operations for Published Applications 11 Product Compatibility for v
VMware vRealize Operations for Published Applications Installation and Administration 9 Changing the Default TLS Configuration in vRealize Operations for Published Applications 51 Default TLS Protocols and Ciphers for vRealize Operations for Published Applications TLS Configuration Properties 52 Change the Default TLS Configuration for Servers 52 Change the Default TLS for Agents 52 51 10 Managing Authentication in vRealize Operations for Published Applications 55 Understanding Authentication for Each
VMware vRealize Operations for Published Applications Installation and Administration 1 VMware vRealize Operations for Published Applications Installation and Administration provides information about how to monitor the performance of your Citrix XenDesktop/Citrix XenApp 7.6, 7.7, 7.8, 7.9, and 7.11 environments in VMware vRealize™ Operations Manager™. Intended Audience This information is intended for users who monitor the performance of a Citrix XenDesktop/Citrix XenApp 7.6, 7.7, 7.8, 7.9, and 7.
VMware vRealize Operations for Published Applications Installation and Administration 6 VMware, Inc.
Introducing vRealize Operations for Published Applications 2 vRealize Operations for Published Applications collects performance data from monitored software and hardware objects in your XenDesktop/XenApp 7.8/7.9/7.11, and vCenter environments and provides predictive analysis and real-time information about problems in your XD-XA infrastructure. vRealize Operations for Published Applications presents data through alerts, on configurable dashboards, and on predefined pages in vRealize Operations Manager.
VMware vRealize Operations for Published Applications Installation and Administration vRealize Operations for Published Applications Architecture The vRealize Operations for Published Applications components include the XD-XA adapter, broker agent, and desktop agents.
Chapter 2 Introducing vRealize Operations for Published Applications vRealize Operations for Published Applications Desktop Agent The vRealize Operations for Published Applications desktop agent runs as a service on the XenDesktop Delivery Controller on each License server, RDS host, Store Front server, and on all VDI machines. The desktop agent monitors Citrix ICA sessions and HDX sessions and applications launched in the Citrix ICA and HDX sessions by using standard functions and APIs of Windows OS.
VMware vRealize Operations for Published Applications Installation and Administration If your vRealize Operations for Published Applications environment resembles one of the following configurations, VMware recommends that you create the vRealize Operations for Published Applications adapter instance on a remote collector node.
System Requirements for vRealize Operations for Published Applications 3 vRealize Operations for Published Applications has specific system requirements. Verify that your environment meets these system requirements before you install vRealize Operations for Published Applications.
VMware vRealize Operations for Published Applications Installation and Administration The vRealize Operations for Published Applications broker agent has the following software requirements. Verify that you enable PS remoting on the deliver controller by using Microsoft PowerShell before you install the broker agent. n Windows Server 2008R2 SP1 or Windows Server 2012 n Microsoft .Net Framework 4.5.
Installing and Configuring vRealize Operations for Published Applications 4 Installing vRealize Operations for Published Applications involves downloading the installation files from the VMware product download page and installing and configuring software components on machines in your vRealize Operations for Published Applications environment.
VMware vRealize Operations for Published Applications Installation and Administration 3 Open the Ports Used by vRealize Operations for Published Applications on page 16 After you install the vRealize Operations for Published Applications adapter, you disable the firewall service, open the default ports, and restart the firewall.
Chapter 4 Installing and Configuring vRealize Operations for Published Applications Downloading the vRealize Operations for Published Applications Installation Files Registered VMware users can download the vRealize Operations for Published Applications installation files from the product download page. Table 4‑1. vRealize Operations for Published Applications Installation Files File Name Component Where to Install VMware-vrops-v4paadapter-6.4buildnumber.
VMware vRealize Operations for Published Applications Installation and Administration Open the Ports Used by vRealize Operations for Published Applications After you install the vRealize Operations for Published Applications adapter, you disable the firewall service, open the default ports, and restart the firewall. Prerequisites Note If you are using vRealize Operations Manager 6.4, opening the ports is not necessary. n Install the vRealize Operations for Published Applications adapter.
Chapter 4 Installing and Configuring vRealize Operations for Published Applications To add your vRealize Operations for Published Applications license key, select Administration > Licensing in the vRealize Operations Manager user interface and add your license key to VMware Published Apps Solution on the License Keys tab. For detailed information about adding license keys, see the vRealize Operations Manager Customization and Administration Guide.
VMware vRealize Operations for Published Applications Installation and Administration 5 e In the third Select the Object Type that matches all of the following criteria drop-down menu, select Virtual Machine, define the criteria Relationship, Descendant of, is, and type XEnvironment in the Object name text box.
Chapter 4 Installing and Configuring vRealize Operations for Published Applications 4 Select vRealize Operations for Published Apps XD-XA in the adapter table. 5 Click the Add (plus sign) icon on the lower pane toolbar to add an adapter instance. 6 In Adapter Settings, type a name and description for the adapter instance. 7 In Basic Settings, configure an adapter ID and credential for the adapter instance. a Type an identifier for the adapter instance in the Adapter ID text box.
VMware vRealize Operations for Published Applications Installation and Administration Enable the following rule in XenDesktop Delivery Controller Server. n Enable Remote Powershell by running the Enable-PSRemoting command in PowerShell command prompt.
Chapter 4 Installing and Configuring vRealize Operations for Published Applications 2 Install the broker agent. Option Action Command line a b Access the command prompt. Install the broker agent for your environment using the /s, v, or /qn options. n EXE file a Run the VMware-v4pabrokeragent-x86_64-6.4buildnumber.exe command. Copy the file for your environment to a temporary folder, and doubleclick the EXE file to start the installation procedure. Double-click the VMware-v4pabrokeragent-x86_64-6.
VMware vRealize Operations for Published Applications Installation and Administration Procedure 1 If the Broker Agent Configuration wizard is not already open, start it by selecting Start > VMware > vRealize Operations for Published Apps Broker Agent Settings. 2 In the Adapter IP/FQDN Address text box, type the IP address of the vRealize Operations Manager node or remote collector where the vRealize Operations for Published Applications adapter instance is running.
Chapter 4 Installing and Configuring vRealize Operations for Published Applications What to do next Verify the status of the vRealize Operations for Published Applications broker agent in the Windows Services Management Console. Review the logs by browsing to the C:\ProgramData\VMware\VMware vRealize Operations for Published Apps\Broker Agent\logs directory.
VMware vRealize Operations for Published Applications Installation and Administration Install a vRealize Operations for Published Applications Desktop Agent You install desktop agents on all Delivery Controllers, Store Front server, RDS host, License server, and VDI machines. Prerequisites Verify that you downloaded the desktop agent installation file. Procedure 1 Log in to the machine where you plan to install the desktop agent, using a domain account that is part of the local administrators group.
Chapter 4 Installing and Configuring vRealize Operations for Published Applications Procedure 1 Create an organizational unit (OU) in the domain controller machine. 2 If the XD-XA server was already added to the computer account, move the XD-XA server to the OU. a Access Active Directory Users Computers, and select Computer, right-click your XD-XA server, and in the context menu select Move.... b In the Move object into container window, select the OU you created.
VMware vRealize Operations for Published Applications Installation and Administration 26 VMware, Inc.
Enable PowerShell Remoting on the Server 5 You must enable the PowerShell remoting on the machine where the broker agent is installed. This is a onetime activity to enable the broker agent to collect the data from the Citrix Controller and send to the vRealize Operations for Published Applications adapter.
VMware vRealize Operations for Published Applications Installation and Administration 28 VMware, Inc.
Enabling HTTP or HTTPS Protocols for PowerShell Remoting 6 This chapter describes how to enable either HTTP or HTTPS protocols for PowerShell remoting. Note Many users have PowerShell remoting already configured in the Citrix environment, with HTTP or HTTPS protocols already enabled. If this is the case for you, you can skip this chapter.
VMware vRealize Operations for Published Applications Installation and Administration Use the following command to configure TrustedHosts: winrm.cmd Note Computers in the TrustedHosts list might not be authenticated. For more information, run the following command: winrm help config You can also run the following command to set the remote host as a trusted host on the client: winrm set winrm/config/client'@{TrustedHosts="10.0.5.
Chapter 6 Enabling HTTP or HTTPS Protocols for PowerShell Remoting Ensure that your setup meets the following requirements when generating an SSL certificate to use with PowerShell remoting: n Set the Certificate Enhanced Key Usage (EKU) "Server Authentication" (OID=1.3.6.1.5.5.7.3.1). n Set the Certificate Subject to "CN=HOSTNAME". In all these methods, an SSL certificate in PKCS12 format (PFX file) without a password is generated.
VMware vRealize Operations for Published Applications Installation and Administration 2 Open command prompt and go to C:\Utils\OpenSSL\bin, and set the default OpenSSL configuration variable. set OPENSSL_CONF=C:\Utils\OpenSSL-Win32\bin\openssl.cfg 3 Generate a self-signed certificate with a new private key. openssl req -x509 -nodes -days 9999 -newkey rsa:2048 -keyout HOSTNAME.key -out HOSTNAME.cer subj "/CN=HOSTNAME" 4 Convert the certificate and the private key to a .pfx file.
Chapter 6 Enabling HTTP or HTTPS Protocols for PowerShell Remoting Configure a WinRM HTTPS Listener All queries go through WinRM, so you need to configure a WinRM HTTPS listener on the machine where the broker agent is installed. Procedure u To configure a WinRM HTTPS listener on the remote server, run the following command on the PowerShell prompt: winrm create winrm/config/Listener?Address=*+Transport=HTTPS @{Hostname="xenappdc.vcops.
VMware vRealize Operations for Published Applications Installation and Administration Test the Connection from the Client Machine Procedure 1 If you want to use HTTP protocol for PowerShell remoting, run the following command on the client machine to allow connections to all hosts: winrm set winrm/config/client @{TrustedHosts="*"} 2 Test it on the PowerShell console by running the following commands: Invoke-Command -ComputerName XENAPP-DC -Port 5986 -Credential (Get-Credential) ` -UseSSL -SessionOptio
Monitoring Your Citrix XenDesktop and Citrix XenApp Environments 7 When you install the vRealize Operations for Published Applications solution, preconfigured dashboards and predefined report templates appear in the vRealize Operations Manager user interface. You can use the Citrix XenDesktop and Citrix XenApp dashboards and reports along with the standard vRealize Operations Manager object monitoring features to monitor your Citrix XenDesktop and Citrix XenApp environments.
VMware vRealize Operations for Published Applications Installation and Administration Table 7‑1.
Chapter 7 Monitoring Your Citrix XenDesktop and Citrix XenApp Environments Introducing the XD-XA Dashboards You can use the preconfigured XD-XA dashboards to monitor the performance of your XenDesktop environment. Table 7‑2. XD-XA Dashboard Summary Dashboard What It Shows When To Use It “XD-XA Overview,” on page 39 Status of your end-to-end XD-XA environment, including the XD-XA-related alerts, key Site metrics, Site related vCenter capacity.
VMware vRealize Operations for Published Applications Installation and Administration Table 7‑2. XD-XA Dashboard Summary (Continued) Dashboard What It Shows When To Use It “XD-XA User Experience,” on page 42 vCPU Experience heatmap, vDisk Experience heatmap, vRAM Experience heatmap, vCPU relationship, vDisk relationship, vRAM relationship, vCPU chart, vDisk chart, vRAM chart, and Delivery Group critical alerts.
Chapter 7 Monitoring Your Citrix XenDesktop and Citrix XenApp Environments Table 7‑3. Understanding the Health Badge (Continued) Object Description XD-XA PVS The PVS Server is not reachable from XD Controller alert is triggered when PVS server is not reachable. XD-XA Store Front StoreFront Server cannot be accessed alert is triggered when store front service is down.
VMware vRealize Operations for Published Applications Installation and Administration Use the Selected Session Related Objects widget to look at the related object of the selected session . Use the Session Related Metrics widget to metrics of selected session, Health, Workload, Logon Time, ICA Round Trip Latency, ICA Input Bandwidth, and ICA Output Bandwidth. Additionally, if a session has any associated App Volumes App Stacks, they will show up in the Atttached App Stacks column.
Chapter 7 Monitoring Your Citrix XenDesktop and Citrix XenApp Environments n To view session processes, select a session from the Sessions widget and view the information in the Session Processes widget. n Use the Session Logon Breakdown widget to view important logon metrics, profile load time, shell load time, App Volumes App Stack attach times, and Interactive session time. n Use the Users widget to view all Users in XD-XA environment.
VMware vRealize Operations for Published Applications Installation and Administration 3 Restart the entire cluster after making these changes, or just restart the remote collector. Use service vmware-vcops -full-restart on the remote collector. The property has to be changed on the master node; the remote cluster is updated after the restart. Tips for using the XD-XA VDI Desktops Dashboard n Use the Top Alerts widet to view all desktop OS machine-related alerts.
Chapter 7 Monitoring Your Citrix XenDesktop and Citrix XenApp Environments Clicking on a metric automatically adds it to the Selected Metric Chart widget, allowing for further analysis. You can add additional metrics from the same object, or you can select other related objects and their metrics to see if there is a correlation of key indicated metrics. Double-clicking on related objects in the Selected Object Relationships widget enables you to see additional environment relationships.
VMware vRealize Operations for Published Applications Installation and Administration Table 7‑5.
Chapter 7 Monitoring Your Citrix XenDesktop and Citrix XenApp Environments Using the vRealize Operations for Published Applications Alerts vRealize Operations for Published Applications alerts help you troubleshoot system problems. The Alerts tab, located on the left side of the vRealize Operations for Published Applications screen, displays information about current system alerts, such as status, criticality, and creation and cancellation dates. Use the filter to find specific alerts (e.g.
VMware vRealize Operations for Published Applications Installation and Administration 46 VMware, Inc.
Managing RMI Communication in vRealize Operations for Published Applications 8 The vRealize Operations for Published Applications components communicate by using Remote Method Invocation (RMI). The vRealize Operations for Published Applications adapter exposes RMI services that can be called by an external client. The vRealize Operations for Published Applications adapter acts as a server and the broker agents and desktop agents act as clients. You can change the default ports for these RMI services.
VMware vRealize Operations for Published Applications Installation and Administration Default Ports for RMI Services The RMI services use certain default ports. The default ports are left open on the firewall on cluster nodes and remote collector nodes. Table 8‑1.
Chapter 8 Managing RMI Communication in vRealize Operations for Published Applications 2 In a text editor, open the msgserver.properties file. Platform File Location Linux /usr/lib/vmwarevcops/user/plugins/inbound/V4PA_adapter3/work/msgserver.pro perties Windows C:\vmware\vcenteroperations\user\plugins\inbound\V4PA_adapter3\work\msgserve r.properties 3 Modify the properties for the RMI service ports that you want to change. 4 Save your changes and close the msgserver.properties file.
VMware vRealize Operations for Published Applications Installation and Administration 50 VMware, Inc.
Changing the Default TLS Configuration in vRealize Operations for Published Applications 9 The vRealize Operations for Published Applications broker message server uses an TLS channel to communicate with the broker agents. The vRealize Operations for Published Applications desktop message server uses an TLS channel to communicate with the desktop agents. You can change the default TLS configuration for servers and agents by modifying TLS configuration properties.
VMware vRealize Operations for Published Applications Installation and Administration TLS Configuration Properties The TLS protocols and ciphers for the desktop and broker message servers are specified in properties in the msgserver.properties file. The TLS protocols and ciphers for the desktop and broker agents are specified in properties in the msgclient.properties file. Table 9‑1. SSL/TLS Configuration Properties Property Default Value sslProtocols List of accepted TLS protocols, separated by commas.
Chapter 9 Changing the Default TLS Configuration in vRealize Operations for Published Applications Procedure 1 Modify the TLS configuration properties for a desktop agent. a Log in to the XD-XA server where the XD-XA agent is running. b In a text editor, open the msgclient.properties file. The msgclient.properties file is in the C:\ProgramData\VMware\vRealize Operations for Published Apps\Desktop Agent\conf directory. 2 c Modify the TLS configuration properties.
VMware vRealize Operations for Published Applications Installation and Administration 54 VMware, Inc.
Managing Authentication in vRealize Operations for Published Applications 10 RMI servers provide a certificate that the agents use to authenticate the vRealize Operations for Published Applications adapter. Broker agents use SSL/TLS client authentication with a certificate that the vRealize Operations for Published Applications adapter uses to authenticate the broker agents.
VMware vRealize Operations for Published Applications Installation and Administration The vRealize Operations for Published Applications adapter also checks whether a VM with same serverID exists in vRealize Operations Manager, and adds the VM into the topology when a VM with the same name exists. Broker Agent Authentication When an RMI connection is established to the broker message server, the broker message server requests a certificate from the client to perform client authentication.
11 Certificate and Trust Store Files The vRealize Operations for Published Applications components use a certificate trust store to store trusted certificates and root certificates for certificate authorities. Certificates and trust stores are stored in Java key store format.
VMware vRealize Operations for Published Applications Installation and Administration Table 11‑2. Adapter Key Store Configuration Properties in the msgserver.properties File (Continued) Property Default Value Description trustfile v4pa-truststore.jks Name of the key store file that contains the adapter trust store. trustpass Password to the key store file that contains the adapter trust store. The password is dynamically generated.
Replacing the Default Certificates 12 By default, the vRealize Operations for Published Applications adapter and the broker agent use self-signed certificates for authentication and data encryption. For increased security, you can replace the default selfsigned certificates with certificates that are signed by a certificate authority.
VMware vRealize Operations for Published Applications Installation and Administration 3 Use the keytool utility with the -selfcert option to generate a new self-signed certificate for the vRealize Operations for Published Applications adapter. Because the default self-signed certificate is issued to VMware, you must generate a new self-signed certificate before you can request a signed certificate. The signed certificate must be issued to your organization.
Chapter 12 Replacing the Default Certificates Replace the Default Certificate for the Broker Agent A self-signed certificate is generated when you first install the broker agent. The broker agent uses this certificate by default to authenticate to the vRealize Operations for Published Applications adapter. You can replace the self-signed certificate with a certificate that is signed by a valid certificate authority.
VMware vRealize Operations for Published Applications Installation and Administration 5 Copy the certificate file to the conf directory and run the keytool utility with the -import option to import the signed certificate into the certificate store for the broker agent. You must import the certificate file to the certificate store for the broker agent so that the broker agent can start using the signed certificate.
Certificate Pairing 13 Before broker agents can communicate with the vRealize Operations for Published Applications adapter, the adapter certificate must be shared with the agents, and the broker agent certificate must be shared with the adapter. The process of sharing these certificates if referred to as certificate pairing. The following actions occur during the certificate pairing process: 1 The broker agent's certificate is encrypted with the adapter's server key.
VMware vRealize Operations for Published Applications Installation and Administration 64 VMware, Inc.
SSL/TLS and Authentication-Related Log Messages 14 The vRealize Operations for Published Applications adapter logs SSL/TLS configuration and authenticationrelated messages. Table 14‑1. vRealize Operations for Published Applications Adapter Log Message Types Log Message Type Description CONFIGURATION The SSL/TLS configuration that is being used. AUTHENTICATION SUCCESS A remote desktop has been successfully authenticated. AUTHENTICATION FAILED A remote desktop has failed authentication.
VMware vRealize Operations for Published Applications Installation and Administration 66 VMware, Inc.
Upgrade vRealize Operations for Published Applications 15 You can directly upgrade from vRealize Operations for Published Applications 6.2, 6.2.1, or 6.3 to 6.4. Note Upgrading from vRealize Operations for Published Applications 6.1 to vRealize Operations for Published Applications 6.4 is not supported. Prerequisites n Verify that your environment meets product compatibility, hardware, and software requirements. n Verify that XD Controller is installed and running.
VMware vRealize Operations for Published Applications Installation and Administration 9 When the upgrade is complete, click Finish. Note You must restart vRealize Operations Manager cluster after the upgrade for the process to complete. To do so, run service vmware-vcops --full-restart on the master node of the vRealize Operations Manager. 10 If the port numbers are already not present in the /opt/vmware/etc/vmware-vcops-firewall.
Chapter 15 Upgrade vRealize Operations for Published Applications 7 When the installation finishes, click Finish to exit the Broker Agent setup wizard. During this process, the earlier version of Broker Agent service is stopped, its configuration is preserved, Broker Agent is uninstalled, and the new version of Broker Agent is installed. 8 When the configuration utility opens, enter the vRealize Operations Manager IP address and the pairing credentials, and pair them on the first screen of the wizard.
VMware vRealize Operations for Published Applications Installation and Administration 70 VMware, Inc.
Create a vRealize Operations Manager Support Bundle 16 If the vRealize Operations for Published Applications adapter does not operate as expected, you can collect log and configuration files in a support bundle and send the support bundle to VMware for analysis. Procedure 1 Log in to the vRealize Operations Manager user interface with admin privileges. 2 Click the Administration tab and select Support > Support Bundles. 3 Click the Create Support Bundle (plus sign) icon.
VMware vRealize Operations for Published Applications Installation and Administration 72 VMware, Inc.
Download vRealize Operations for Published Applications Broker Agent Log Files 17 If the vRealize Operations for Published Applications broker agent does not operate as expected, you can download the broker agent log files. Prerequisites Verify that you have administrator privileges. Procedure 1 Log in to the machine where the broker agent is installed. 2 Navigate to C:\programdata\VMware\vRealize Operations for Published Apps\Broker Agent\logs on broker agent machine.
VMware vRealize Operations for Published Applications Installation and Administration 74 VMware, Inc.
Download vRealize Operations for Published Applications Desktop Agent Log Files 18 If the vRealize Operations for Published Applications desktop agent is not operating as expected, you can download the desktop agent log files from the remote desktop and send the log files to VMware for support. vRealize Operations for Published Applications retains desktop agent log files of the previous seven days by default.
VMware vRealize Operations for Published Applications Installation and Administration 76 VMware, Inc.
View Collector and vRealize Operations for Published Applications Adapter Log Files 19 You can view collector and vRealize Operations for Published Applications adapter log files in the vRealize Operations Manager user interface. Log files are organized in log type folders. Prerequisites Verify that you have administrator privileges. Procedure 1 Log in to the vRealize Operations Manager user interface with admin privileges. 2 Click the Administration tab, click Support, and click Logs.
VMware vRealize Operations for Published Applications Installation and Administration 78 VMware, Inc.
Modify the Logging Level for vRealize Operations for Published Applications Adapter Log Files 20 You can modify the logging level for the collector node that contains the log files for a vRealize Operations for Published Applications adapter instance. Prerequisites Verify that you have administrator privileges. Procedure 1 Log in to the vRealize Operations Manager user interface. 2 Click the Administration tab, click Support, and click Logs. 3 Select Log Type from the Group by drop-down menu.
VMware vRealize Operations for Published Applications Installation and Administration 80 VMware, Inc.
Index A D about 5 accessing dashboards 35 adapter certificates 57 configuring 18 installation 15 instance 18 trust store files 57 adapter authentication 55 alerts, application crash 45 architecture 8 authentication, broker agent 56 dashboards health badge 38 Published Applications servers 40 XD-XA Overview 39 XD-XA Root Cause Analysis 42 XD-XA Session Details Dashboard 40 desktop agent, authentication 55 desktop agents configuring 24 installing 24 Desktop Agent 69 B E Enabling HTTP or HTTPS protocol f
VMware vRealize Operations for Published Applications Installation and Administration L License server, firewall rules 19 license groups 17 licensing, vRealize Operations for Published Applications 16 log messages, authentication 65 M broker agent 73 configuration files 71 desktop agent 75 log files 71, 73, 75, 77, 79 support bundle 71 trust store files, broker agent 58 TSL configuration 51 U managing certificates 55 monitoring a Citrix XenDesktop environment 35 msgclient.properties file 52 msgserver.
