VMware vRealize Operations for
Published Applications Installation and
Administration
VMware vRealize Operations for Published Applications 6.4
VMware vRealize Operations for Published Applications Installation and Administration
You can find the most up-to-date technical documentation on the VMware Web site at:
hps://docs.vmware.com/
The VMware Web site also provides the latest product updates.
If you have comments about this documentation, submit your feedback to:
docfeedback@vmware.com
Copyright © 2017 VMware, Inc. All rights reserved. Copyright and trademark information.
VMware, Inc.
3401 Hillview Ave.
Palo Alto, CA 94304
www.vmware.com
2 VMware, Inc.
Contents
VMware vRealize Operations for Published Applications Installation and
1
Administration 5
Introducing vRealize Operations for Published Applications 7
2
vRealize Operations for Published Applications Architecture 8
vRealize Operations for Published Applications Desktop Agent 9
vRealize Operations for Published Applications Broker Agent 9
vRealize Operations for Published Applications Adapter 9
System Requirements for vRealize Operations for Published Applications 11
3
Product Compatibility for vRealize Operations for Published Applications 11
Software Requirements for vRealize Operations for Published Applications 11
Installing and Conguring vRealize Operations for Published Applications 13
4
Install and Congure vRealize Operations for Published Applications 13
Enable PowerShell Remoting on the Server 27
5
Enabling HTTP or HTTPS Protocols for PowerShell Remoting 29
6
Enable HTTP Protocol for PowerShell Remoting 29
Enable HTTPS Protocol for PowerShell Remoting 30
Congure a Firewall 33
Update the etc/host le for DNS Resolution 33
Install the Certicate on the Client 33
Test the Connection from the Client Machine 34
Use makecert for SSL Certication 34
VMware, Inc.
Monitoring Your Citrix XenDesktop and Citrix XenApp Environments 35
7
Using the XD-XA Dashboards 35
Using the XD-XA Reports 43
Using the vRealize Operations for Published Applications Alerts 45
Managing RMI Communication in
8
vRealize Operations for Published Applications 47
RMI Services 47
Default Ports for RMI Services 48
Changing the Default RMI Service Ports 48
3
VMware vRealize Operations for Published Applications Installation and Administration
Changing the Default TLS Conguration in
9
vRealize Operations for Published Applications 51
Default TLS Protocols and Ciphers for vRealize Operations for Published Applications 51
TLS Conguration Properties 52
Change the Default TLS Conguration for Servers 52
Change the Default TLS for Agents 52
Managing Authentication in vRealize Operations for Published Applications 55
10
Understanding Authentication for Each Component 55
Certicate and Trust Store Files 57
11
vRealize Operations for Published Applications Adapter Certicate and Trust Store Files 57
Broker Agent Certicate and Trust Store Files 58
Replacing the Default Certicates 59
12
Replace the Default Certicate for the vRealize Operations for Published Applications Adapter 59
Replace the Default Certicate for the Broker Agent 61
Certicate Pairing 63
13
SSL/TLS and Authentication-Related Log Messages 65
14
Upgrade vRealize Operations for Published Applications 67
15
Upgrade Broker Agent 68
Upgrade Desktop Agent 69
Create a vRealize Operations Manager Support Bundle 71
16
Download vRealize Operations for Published Applications Broker Agent Log
17
Files 73
Download vRealize Operations for Published Applications Desktop Agent Log
18
Files 75
View Collector and vRealize Operations for Published Applications Adapter
19
Log Files 77
Modify the Logging Level for vRealize Operations for Published Applications
20
Adapter Log Files 79
Index 81
4 VMware, Inc.
VMware vRealize Operations for
Published Applications Installation
and Administration 1
VMware vRealize Operations for Published Applications Installation and Administration provides information about how to monitor the performance of your Citrix XenDesktop/Citrix XenApp 7.6, 7.7, 7.8, 7.9, and 7.11 environments in VMware vRealize™ Operations Manager™.
Intended Audience
This information is intended for users who monitor the performance of a Citrix XenDesktop/Citrix XenApp
7.6, 7.7, 7.8, 7.9, and 7.11 environments in VMware vRealize Operations Manager and administrators who
are responsible for maintaining and troubleshooting a Citrix XenDesktop/Citrix XenApp 7.6, 7.7, 7.8, 7.9,
and 7.11 environments.
VMware, Inc.
5
VMware vRealize Operations for Published Applications Installation and Administration
6 VMware, Inc.
Introducing
vRealize Operations for Published
Applications 2
vRealize Operations for Published Applications collects performance data from monitored software and
hardware objects in your XenDesktop/XenApp 7.8/7.9/7.11, and vCenter environments and provides
predictive analysis and real-time information about problems in your XD-XA infrastructure.
vRealize Operations for Published Applications presents data through alerts, on congurable dashboards,
and on predened pages in vRealize Operations Manager.
IT administrators can use vRealize Operations for Published Applications to quickly obtain an overview of
how the XenDesktop and XenApp environments are behaving and view important metrics associated with
that environment. Help desk specialists can view objects related to end user sessions, perform basic
troubleshooting, and resolve user problems.
This chapter includes the following topics:
“vRealize Operations for Published Applications Architecture,” on page 8
n
“vRealize Operations for Published Applications Desktop Agent,” on page 9
n
“vRealize Operations for Published Applications Broker Agent,” on page 9
n
“vRealize Operations for Published Applications Adapter,” on page 9
n
VMware, Inc.
7
vRealize Operations Manager
vApp deployment
VMware
adapter
Published Apps
adapter
vRealize Operations Manager
User Interface
Published Apps
dashboards
Resources, metrics, relationships,
KPIs, alerts, views and reports
Desktop metrics:
CPU, memory,disk,
ICA, Session information,
App Stack information
App Volumes
vCenter Server
vSphere metrics:
ESXi, VM,
datastore,
datacenter
XD-XA Licensing Server
Desktop agent
XD-XA Storefront Server
Desktop agent
XD-XA Desktop OS Machine
Desktop agent
XD-XA Session-host Server
Desktop agent
Powershell script
Monitor Service API
App Volumes API
WMI
XD-XA Controller Server
Broker agent Desktop agent
Broker Data:
Environment Topology
Health Monitoring
VMware vRealize Operations for Published Applications Installation and Administration
vRealize Operations for Published Applications Architecture
The vRealize Operations for Published Applications components include the XD-XA adapter, broker agent,
and desktop agents.
VMware vRealize Operations for Published Applications Architecture
8 VMware, Inc.
Chapter 2 Introducing vRealize Operations for Published Applications
vRealize Operations for Published Applications Desktop Agent
The vRealize Operations for Published Applications desktop agent runs as a service on the XenDesktop
Delivery Controller on each License server, RDS host, Store Front server, and on all VDI machines.
The desktop agent monitors Citrix ICA sessions and HDX sessions and applications launched in the Citrix
ICA and HDX sessions by using standard functions and APIs of Windows OS. The desktop agent
periodically collects the Citrix ICA sessions' data on properties and performance, and sends the data to the
adapter using a secure connection.
vRealize Operations for Published Applications Broker Agent
The vRealize Operations for Published Applications broker agent runs on an active delivery controller, and
collects and sends information to the XD-XA adapter.
When you congure a broker agent, you pair the broker agent with a XD-XA adapter instance.
vRealize Operations for Published Applications Adapter
The vRealize Operations for Published Applications adapter collects Citrix XenDesktop inventory
information from the broker agent and collects metrics and performance data from desktop agents. The
vRealize Operations for Published Applications adapter sends that information to
vRealize Operations Manager. The information is displayed in pre-congured XenDesktop dashboards in
the vRealize Operations Manager user interface.
The vRealize Operations for Published Applications adapter runs on a cluster node or remote collector node
in vRealize Operations Manager. You can create a single vRealize Operations for Published Applications
adapter instance to monitor multiple XenDesktop 7.6/7.7/7.8/7.9/7.11 sites. During broker agent
conguration, you pair the broker agent with a vRealize Operations for Published Applications adapter
instance.
If you are monitoring multiple XenDesktop sites, you can pair the broker agent installed in each site with the
same vRealize Operations for Published Applications adapter instance as long as the total number of objects
that the vRealize Operations for Published Applications adapter instance handles does not exceed 10,000.
You can create more vRealize Operations for Published Applications adapter instances on dierent remote
nodes to support large scale environments.
I Creating more than one vRealize Operations for Published Applications adapter instance for
each cluster node or remote collector is not supported. Also, creating more than one
vRealize Operations for Published Applications adapter instance for each site is not supported. vRealize
Operations for Published Applications 7.6/7.7/7.8/7.9/7.11 adapter cannot monitor the XenApp 6.5
environments.
VMware, Inc. 9
VMware vRealize Operations for Published Applications Installation and Administration
If your vRealize Operations for Published Applications environment resembles one of the following
congurations, VMware recommends that you create the vRealize Operations for Published Applications
adapter instance on a remote collector node.
XenDesktop
deployments with
multiple sites
Remote datacenters
To improve scalability, create the
vRealize Operations for Published Applications adapter instance on a remote
collector node to ooad processing from the vRealize Operations Manager
cluster data nodes.
To minimize network trac across WAN or other slow connections, install a
remote collector node with a separate
vRealize Operations for Published Applications adapter instance in remote
datacenters. Pair each vRealize Operations for Published Applications
adapter instance with the broker agent that is located in the same remote
datacenter.
10 VMware, Inc.
System Requirements for
vRealize Operations for Published
Applications 3
vRealize Operations for Published Applications has specic system requirements. Verify that your
environment meets these system requirements before you install
vRealize Operations for Published Applications.
This chapter includes the following topics:
“Product Compatibility for vRealize Operations for Published Applications,” on page 11
n
“Software Requirements for vRealize Operations for Published Applications,” on page 11
n
Product Compatibility for vRealize Operations for Published Applications
vRealize Operations for Published Applications is compatible with the following products.
vCenter Server 5.5 and 6.0
n
App Volumes 2.11 and 2.12 (App Volumes 3.x not supported for
n
vRealize Operations for Published Applications 6.4)
vRealize Operations Manager 6.2, 6.2.1, 6.3, and 6.4
n
Citrix XenDesktop/XenApp 7.6/7.7/7.8/7.9/7.11 running on Windows Server 2008R2 (SP1) and Windows
n
Server 2012.
N Refer to vRealize Operations for Published Application 6.1 for support of Citrix XenApp 6.5.
Software Requirements for vRealize Operations for Published Applications
Each component of vRealize Operations for Published Applications has requirements for the software on the
system where it is installed.
vRealize Operations for Published Applications Desktop Agent Software
Requirements
You install the vRealize Operations for Published Applications desktop agent on Citrix Delivery Controllers,
Session RDS servers, Store Front server, License server, and the VDI machines.
vRealize Operations for Published Applications Broker Agent Software
Requirements
You install the vRealize Operations for Published Applications broker agent on an active delivery controller.
VMware, Inc.
11
VMware vRealize Operations for Published Applications Installation and Administration
The vRealize Operations for Published Applications broker agent has the following software requirements.
Verify that you enable PS remoting on the deliver controller by using Microsoft PowerShell before you
install the broker agent.
Windows Server 2008R2 SP1 or Windows Server 2012
n
Microsoft .Net Framework 4.5.1
n
vRealize Operations for Published Applications Adapter Software
Requirements
You install the vRealize Operations for Published Applications adapter on a vRealize Operations Manager
server that is running.
The vRealize Operations for Published Applications adapter has the following software requirements.
VMware vRealize Operations Manager 6.2, 6.2.1, 6.3, and 6.4
n
Setting Remote Signed Execution Policy
To set the remote signed execution policy, perform the following steps:
Set-ExecutionPolicy RemoteSigned
Enable-PSRemoting
Restart WinRM service
net stop winrm
net start winrm
Restart Broker-Agent service
12 VMware, Inc.
Installing and Configuring
vRealize Operations for Published
Applications 4
Installing vRealize Operations for Published Applications involves downloading the installation les from
the VMware product download page and installing and conguring software components on machines in
your vRealize Operations for Published Applications environment.
Install and Configure vRealize Operations for Published Applications
You install and congure vRealize Operations for Published Applications software components on machines
in your Citrix XenDesktop/XenApp 7.6/7.7/7.8/7.9/7.11 and vRealize Operations Manager environments.
Prerequisites
Verify that your environment meets product compatibility, hardware, and software requirements. See
n
Chapter 3, “System Requirements for vRealize Operations for Published Applications,” on page 11.
Verify that vRealize Operations Manager is deployed and running. If you need to upgrade
n
vRealize Operations Manager, perform the upgrade before you install
vRealize Operations for Published Applications.
Download the vRealize Operations for Published Applications installation les from the product
n
download page. See “Downloading the vRealize Operations for Published Applications Installation
Files,” on page 15.
Verify that you have a license key for the vRealize Operations for Published Applications solution.
n
Verify that you have a license key for vRealize Operations Manager.
n
The time on all the servers must be synced to a NTP server.
n
N Upgrading from vRealize Operations for Published Applications 6.1 to vRealize Operations for
Published Applications 6.4 is not supported.
N For vRealize Operations for Published Applications 6.1 and
vRealize Operations for Published Applications 6.4 to co-exist, they must be installed on dierent collector
nodes.
Procedure
1 Downloading the vRealize Operations for Published Applications Installation Files on page 15
Registered VMware users can download the vRealize Operations for Published Applications
installation les from the product download page.
2 Install the vRealize Operations for Published Applications Solution on page 15
You install the vRealize Operations for Published Applications solution from a PAK le in
vRealize Operations Manager.
VMware, Inc.
13
VMware vRealize Operations for Published Applications Installation and Administration
3 Open the Ports Used by vRealize Operations for Published Applications on page 16
After you install the vRealize Operations for Published Applications adapter, you disable the rewall
service, open the default ports, and restart the rewall.
4 Adding a vRealize Operations for Published Applications License Key on page 16
After you install the vRealize Operations for Published Applications solution, you must add a
vRealize Operations for Published Applications license key in the vRealize Operations Manager user
interface. vRealize Operations for Published Applications is not functional until it is licensed.
5 Associate XD-XA Objects with Your vRealize Operations for Published Applications License Key on
page 17
You must associate XD-XA objects with your vRealize Operations for Published Applications license
key by editing license groups in vRealize Operations Manager.
6 Create an Instance of the vRealize Operations for Published Applications 6.4 Adapter on page 18
After you install the vRealize Operations for Published Applications solution, you must create an
instance of the vRealize Operations for Published Applications adapter in
vRealize Operations Manager.
7 Enabling Firewall Rules for XenDesktop Delivery Controllers and PVS Server on page 19
Before you install the broker agent and desktop agent, you must enable specic rewall rules for the
XenDesktop Delivery Controller and PVS server.
8 Install the vRealize Operations for Published Applications Broker Agent on page 20
You install the vRealize Operations for Published Applications broker agent on an Active XenDesktop
Delivery Controller.
9 Congure the vRealize Operations for Published Applications Broker Agent on page 21
After you install the broker agent, you use the Broker Agent Conguration wizard to congure the
broker agent on the Citrix XenDesktop Delivery Controller where you installed the broker agent. You
can also use the Broker Agent Conguration wizard to make changes to your broker agent
conguration.
10 Congure Broker Agent to use Non-Admin User for Citrix Desktop Delivery Controller on page 23
You can congure broker agent to use non-admin user for Citrix Desktop Delivery Controller.
11 Install a vRealize Operations for Published Applications Desktop Agent on page 24
You install desktop agents on all Delivery Controllers, Store Front server, RDS host, License server,
and VDI machines.
12 Push the vRealize Operations for Published Applications Desktop Agent Pair Token Using a Group
Policy on page 24
To use vRealize Operations for Published Applications to monitor a XenDesktop Site, you must create
a Group Policy (GPO) to contain the vRealize Operations for Published Applications group policies.
You then apply the GPO to the remote desktops that you want to monitor.
14 VMware, Inc.
Chapter 4 Installing and Configuring vRealize Operations for Published Applications
Downloading the vRealize Operations for Published Applications Installation Files
Registered VMware users can download the vRealize Operations for Published Applications installation
les from the product download page.
Table 4‑1. vRealize Operations for Published Applications Installation Files
File Name Component Where to Install
VMware-vrops-v4paadapter-6.4buildnumber.pak
VMware-v4pabrokeragentx86_64-6.4-buildnumber.exe
VMware-v4padesktopagentx86_64-6.4-buildnumber.exe
VMware-v4padesktopagent-6.4buildnumber.exe
Adapter vRealize Operations Manager server
Broker agent installer for 64-bit
Windows OS
Desktop agent installer for 64-bit
Windows OS
Desktop agent installer for 32-bit
Windows OS
On XenDesktop Controller
On XenDesktop Controllers, RDS
servers, Store Front servers, Licence
servers, and VDI machines
On Session Host servers and VDI
machines
Install the vRealize Operations for Published Applications Solution
You install the vRealize Operations for Published Applications solution from a PAK le in
vRealize Operations Manager.
Procedure
1 Copy the VMware-vrops-v4paadapter-6.4-buildnumber.pak le to a temporary folder.
2 Log in to the vRealize Operations Manager user interface with administrator privileges.
3 In the left pane of vRealize Operations Manager, click the Administration icon and click Solutions.
4 Install the vRealize Operations for Published Applications solution.
a On the Solutions tab, click the plus sign.
b Browse to locate the temporary folder and select the PAK le.
c Click Upload.
The upload might take several minutes.
d Read and accept the EULA and click Next.
Installation details appear in the window during the upload process.
e When the installation is complete, click Finish.
After the installation is nished, vRealize Operations for Published Applications is listed as a solution.
What to do next
Provide licensing information for the vRealize Operations for Published Applications solution. See “Adding
a vRealize Operations for Published Applications License Key,” on page 16.
VMware, Inc. 15
VMware vRealize Operations for Published Applications Installation and Administration
Open the Ports Used by vRealize Operations for Published Applications
After you install the vRealize Operations for Published Applications adapter, you disable the rewall
service, open the default ports, and restart the rewall.
Prerequisites
N If you are using vRealize Operations Manager 6.4, opening the ports is not necessary.
Install the vRealize Operations for Published Applications adapter.
n
Verify that you have root privileges.
n
Procedure
1 Log in to vRealize Operations Manager collector server.
2 Access the command prompt and run the service vmware-vcops-firewall stop to disable the
vRealize Operations Manager rewall service.
3 Open the default ports by editing the conguration le.
Option Action
a
Linux
Windows
4 Run the vmware-vcops-firewall start command to start the service.
Access the vmware-vcops-firewall.conf le in
the/opt/vmware/etc/vmware-vcops-firewall.conf directory.
b In a text editor, modify the properties for the RMI service ports that
you want to change, for example TCPPORTS="$TCPPORTS
3095:3098" .
a Access Windows Firewall and select Windows Firewall > Advanced
> Inbound Rules > New Rule > Port and click Next.
b Select local ports and type the ports that you are using, for
example3095-3098.
The default ports are 3095-3098. If you changed the default ports,
specify the ports that you are using.
If the service vmware-vcops-firewall start command does not enable the ports, start the collector
server.
What to do next
Add a vRealize Operations for Published Applications license key. See “Adding a vRealize Operations for
Published Applications License Key,” on page 16
Adding a vRealize Operations for Published Applications License Key
After you install the vRealize Operations for Published Applications solution, you must add a
vRealize Operations for Published Applications license key in the vRealize Operations Manager user
interface. vRealize Operations for Published Applications is not functional until it is licensed.
N You must also add a license key for vRealize Operations Manager.
You can have an evaluation license key or a product license key for
vRealize Operations for Published Applications. The evaluation license key (eval/EVAL) provides 60 days of
unlimited product use. A product license key is encoded with an expiration date and a license count.
16 VMware, Inc.
Chapter 4 Installing and Configuring vRealize Operations for Published Applications
To add your vRealize Operations for Published Applications license key, select Administration > Licensing
in the vRealize Operations Manager user interface and add your license key to VMware Published Apps
Solution on the License Keys tab.
For detailed information about adding license keys, see the vRealize Operations Manager Customization and
Administration Guide.
If your vRealize Operations for Published Applications license key expires, the
vRealize Operations for Published Applications adapter stops populating vRealize Operations Manager
with data. If you have a valid license key but you exceed the license count, vRealize Operations Manager
generates alerts on certain dashboards. The vRealize Operations for Published Applications adapter does
not restrict data when the license count is exceeded.
Associate XD-XA Objects with Your vRealize Operations for Published Applications License Key
You must associate XD-XA objects with your vRealize Operations for Published Applications license key by
editing license groups in vRealize Operations Manager.
A license group is a way to gather certain objects, called license group members, under a particular license
key. By default, the vRealize Operations Manager and vRealize Operations for Published Applications
license groups both include all host, virtual machine, and datastore objects. Because these objects are
members of both license groups, they are covered by both your vRealize Operations Manager license and
your vRealize Operations for Published Applications license.
Each license group includes membership criteria that you can use to lter the objects that are members of
the license group. By editing the membership criteria for the vRealize Operations Manager and
vRealize Operations for Published Applications license groups, you can specify that certain objects are
covered only under your vRealize Operations for Published Applications license key.
Prerequisites
Add your vRealize Operations for Published Applications license key. See “Adding a vRealize Operations
for Published Applications License Key,” on page 16.
Procedure
1 Log in to the vRealize Operations Manager user interface.
2 In the left pane, select Administration > Licensing.
3 Click the License Groups tab.
License groups appear in the top pane. The license group for
vRealize Operations for Published Applications is called VMware VRealize Operations for Published
Apps 6.4 Licensing. The license group for vRealize Operations Manager is called Product Licensing.
4 Edit the membership criteria for the VMware Published Application Licensing group.
a Select VMware vRealize Operations for Published Apps 6.4 Licensing and click Edit on the
toolbar.
b Select the vRealize Operations for Published Applications license key under VMware vRealize
Operations for Published Applications and click Next.
c In the rst Select the Object Type that matches all of the following criteria drop-down menu,
select XSite, dene the criteria Relationship, Descendant of, is, and type XEnvironment in the
Object name text box.
d In the second Select the Object Type that matches all of the following criteria drop-down menu,
select Host System, dene the criteria Relationship, Descendant of, is, and type XEnvironment in
the Object name text box.
VMware, Inc. 17
VMware vRealize Operations for Published Applications Installation and Administration
e In the third Select the Object Type that matches all of the following criteria drop-down menu,
select Virtual Machine, dene the criteria Relationship, Descendant of, is, and type XEnvironment
in the Object name text box.
f In the fourth Select the Object Type that matches all of the following criteria drop-down menu,
select Datastore, dene the criteria Relationship, Descendant of, is, and type XEnvironment in the
Object name text box.
g Click Next and then click Finish to save your conguration.
5 Edit the membership criteria for the Product Licensing group.
You must edit the membership criteria for the Product Licensing group to exclude the objects that you
included in the VMware Published Application Licensing group.
a Select Product Licensing and click Edit on the toolbar.
b Select the vRealize Operations Manager license key under vRealize Operations Manager and click
Next.
c In the rst Select the Object Type that matches all of the following criteria drop-down menu, select
Host System, dene the criteria Relationship, Descendant of, is not, and type Xenvironment in the
Object name text box.
d In the second Select the Object Type that matches all of the following criteria drop-down menu,
select Virtual Machine, dene the criteria Relationship, Descendant of, is not, and type
Xenvironment in the Object name text box.
e In the third Select the Object Type that matches all of the following criteria drop-down menu,
select Datastore, dene the criteria Relationship, Descendant of, is not, and type Xenvironment in
the Object name text box.
f In the fourth Select the Object Type that matches all of the following criteria drop-down menu,
select Datastore, dene the criteria Relationship, Descendant of, is not, and type Xenvironment in
the Object name text box.
g Click Next and then click Finish to save your conguration.
Create an Instance of the vRealize Operations for Published Applications 6.4 Adapter
After you install the vRealize Operations for Published Applications solution, you must create an instance of
the vRealize Operations for Published Applications adapter in vRealize Operations Manager.
You can create a single vRealize Operations for Published Applications adapter instance to monitor multiple
XenDesktop sites. If you need to create multiple vRealize Operations for Published Applications adapter
instances, you must create each adapter instance on a unique cluster node or remote collector.
When you restart a vRealize Operations for Published Applications adapter instance, it takes several
minutes before the vRealize Operations for Published Applications desktop agent and broker agent send
information to the vRealize Operations for Published Applications adapter.
Prerequisites
Install the vRealize Operations for Published Applications solution and add your license key.
Procedure
1 Log in to the vRealize Operations Manager user interface with administrator privileges.
2 Click the Administration icon and click Solutions.
3 Select VMware vRealize Operations for Published Apps XD-XA and click the (gear) icon
on the toolbar.
18 VMware, Inc.
Chapter 4 Installing and Configuring vRealize Operations for Published Applications
4 Select vRealize Operations for Published Apps XD-XA in the adapter table.
5 Click the Add (plus sign) icon on the lower pane toolbar to add an adapter instance.
6 In Adapter , type a name and description for the adapter instance.
7 In Basic , congure an adapter ID and credential for the adapter instance.
a Type an identier for the adapter instance in the Adapter ID text box.
The identier must be unique across all vRealize Operations for Published Applications adapter
instances in the cluster.
b Congure the credential to use when the broker agent pairs with the
vRealize Operations for Published Applications adapter instance.
Option Action
Use an existing credential
Add a new credential
Select the credential from the Credential drop-down menu. When you
create a vRealize Operations for Published Applications adapter
instance for the rst time, the Credential drop-down menu is empty.
1 Click the Add New (plus sign) icon .
2 Type a name for the credential in the Credential name text box.
3 Type a server key for the adapter instance in the Server Key text
box. The server key is required to enable pairing between the
broker agent and the adapter. A server key is user-dened and
functions like a password; remember your server key, as you must
provide it when you congure the broker agent.
4 Click OK to save the new credential.
5 Select the new credential from the Credential drop-down menu.
c Click Test Connection to test the connection with the credential that you selected.
8 In Advanced , select a collector to manage the adapter processes from the Collector/Groups
drop-down menu.
To run the adapter instance on a remote collector, select the remote collector. If you do not have a
remote collector, select Default collector group.
9 Click Save to save the adapter instance.
The adapter instance is added to the list.
What to do next
Install the vRealize Operations for Published Applications broker agent. See “Install the vRealize Operations
for Published Applications Broker Agent,” on page 20.
Enabling Firewall Rules for XenDesktop Delivery Controllers and PVS Server
Before you install the broker agent and desktop agent, you must enable specic rewall rules for the
XenDesktop Delivery Controller and PVS server.
The broker agent cannot communicate with the XenDesktop Delivery Controller and PVS server if the
rewall is enabled on these servers.
Enable the following rules in XenDesktop Delivery Controller servers and PVS server.
Enable Ping in the rewall for all servers using the File and Printer Sharing (Echo Request - ICMPv4-In)
n
rule.
Enable Remote WMI in the rewall for all servers using the Windows Management Instrumentation
n
(WMI-In) rule.
VMware, Inc. 19
VMware vRealize Operations for Published Applications Installation and Administration
Enable the following rule in XenDesktop Delivery Controller Server.
Enable Remote Powershell by running the Enable-PSRemoting command in PowerShell command
n
prompt.
If the PVS Server in Citrix XenDesktop environment is not in same domain as Delivery Controller, you can
add a new eld manually in broker agent conguration le: <pvs_server_credentials>
</pvs_server_credentials>
Broker Agent conguration le can be found at following location: C:\ProgramData\VMware\vRealize
Operations for Published Apps\Broker Agent\conf\v4pa-brokeragent.config.
Install the vRealize Operations for Published Applications Broker Agent
You install the vRealize Operations for Published Applications broker agent on an Active XenDesktop
Delivery Controller.
You only install one broker agent for each XenDesktop Site.
A check box in the Broker Agent Setup wizard controls whether the Broker Agent Conguration wizard
opens immediately after you install the broker agent. This check box is selected by default.
Prerequisites
Install the vRealize Operations for Published Applications solution, add your license key, and create an
n
instance of the vRealize Operations for Published Applications adapter.
Verify that you downloaded the broker agent installation le.
n
Verify that you congured the XenDesktop Controller, Store Front, and PVS server for remote WMI by
n
granting DCOM remote access/activation permissions to the servers. The user name must include the
user name that you indicated for the servers.
XenDesktop Delivery controller's SSL certicate should be added as a trusted certicate if HTTPS (SSL)
n
is enabled for OData (Monitoring Service).
If OData (Citrix Monitoring Service) is congured on listen on SSL, the Broker Agent will create
n
connections to XenDesktop Delivery Controller using HTTPS.
So a valid certicate should be installed on Delivery Controller and this certicate should be added as a
trusted certicate in Delivery Controller.
OR
If the certicate is issued by a Certicate Authority, this CA should be a trusted publisher in Delivery
Controller.
Procedure
1 Log in to the machine where you plan to install the broker agent using a domain account that is part of
the local administrators group.
20 VMware, Inc.
Chapter 4 Installing and Configuring vRealize Operations for Published Applications
2 Install the broker agent.
Option Action
Command line
EXE file
a Access the command prompt.
b
Install the broker agent for your environment using the /s, v, or /qn
options.
n
Run the VMware-v4pabrokeragent-x86_64-6.4buildnumber.exe command.
a Copy the le for your environment to a temporary folder, and double-
click the EXE le to start the installation procedure.
n
Double-click the VMware-v4pabrokeragent-x86_64-6.4-
buildnumber.exe le.
b Follow the steps in the installer.
The broker agent is installed and saved to the Program Files folder.
What to do next
Congure the broker agent. See “Congure the vRealize Operations for Published Applications Broker
Agent,” on page 21.
Configure the vRealize Operations for Published Applications Broker Agent
After you install the broker agent, you use the Broker Agent Conguration wizard to congure the broker
agent on the Citrix XenDesktop Delivery Controller where you installed the broker agent. You can also use
the Broker Agent Conguration wizard to make changes to your broker agent conguration.
A check box in the Broker Agent Setup wizard controls whether the Broker Agent Conguration wizard
opens immediately after you install the broker agent. This check box is selected by default.
During broker agent conguration, you pair the broker agent with a
vRealize Operations for Published Applications adapter instance. Pairing the broker agent with a
vRealize Operations for Published Applications adapter instance is a necessary authentication step that
enables the broker agent and desktop agents to communicate with the
vRealize Operations for Published Applications adapter. The broker agent and desktop agents cannot
communicate with the vRealize Operations for Published Applications adapter until the pairing process is
complete.
If you are monitoring multiple XenDesktop Sites, you can pair the broker agent installed in each Site with
the same vRealize Operations for Published Applications adapter instance as long as the total number of
desktops that the vRealize Operations for Published Applications adapter instance handles does not exceed
10,000.
Each time you restart the broker agent service, a new log le is created.
If a log le was created for the day and the broker agent is restarted on that day, a new log le is created.
The name of the new log le is v4pa_brokeragent_svc_<date>_00.log, and the log rotation follows this
series.
Prerequisites
Install the vRealize Operations for Published Applications broker agent. See “Install the vRealize
n
Operations for Published Applications Broker Agent,” on page 20.
Verify that you have the server key for the vRealize Operations for Published Applications adapter. You
n
specied the server key when you created a credential for the adapter instance.
Verify that you have the IP address or FQDN of the machine where you installed the
n
vRealize Operations for Published Applications adapter.
VMware, Inc. 21
VMware vRealize Operations for Published Applications Installation and Administration
Procedure
1 If the Broker Agent Conguration wizard is not already open, start it by selecting Start > VMware >
vRealize Operations for Published Apps Broker Agent .
2 In the Adapter IP/FQDN Address text box, type the IP address of the vRealize Operations Manager
node or remote collector where the vRealize Operations for Published Applications adapter instance is
running.
3 In the Port text box, type the port used to connect to the vRealize Operations for Published Applications
adapter.
By default, the broker agent uses port 3095 to communicate with the
vRealize Operations for Published Applications adapter. You can modify the default port number,
depending on your network conguration.
4 Type and conrm the pairing key for the vRealize Operations for Published Applications adapter.
5 Click Pair to pair the broker agent with the vRealize Operations for Published Applications adapter,
and click Test to test the connection.
The status of the pairing process appears in the Text area.
6 After the pairing process succeeds, click Next.
7 On the Copy Information page, click Copy to copy the certicate string to the clipboard and click Next.
Save this text to copy to the GPO Template.
8 Provide the requested information on the Citrix Delivery Controller Information window.
a Type the XenDesktop environment domain name, domain administrator, and credentials.
b Click Test to validate the connection to the XenDesktop Controller server.
c Click Next.
9 (Optional) Select the App Volumes check box.
a Enter the FQDN and/or IP address of the App Volumes Manager to monitor.
b Enter the port for App Volumes.
c Enter the administrator username for the App Volumes Manager.
d Enter the password for the App Volumes Manager.
e Click Test to test the connection.
f Repeat for any other App Volumes Managers you want to monitor.
10 (Optional) Edit the interval values on the Intervals and Timeouts page, and click Next.
11 (Optional) Congure the logging level and log rotation on the Congure the logging parameters page,
and click Next.
12 When the Service Conguration window appears, select Start/Restart, and then click Next.
13 Review the congurations and click Finish to apply the congurations.
The vRealize Operations for Published Applications broker agent is congured and available.
N To congure the Broker-Agent to use a Read-Only/Custom Administrator account for XenDesktop
Delivery Controller, go to “Congure Broker Agent to use Non-Admin User for Citrix Desktop Delivery
Controller,” on page 23.
22 VMware, Inc.
Chapter 4 Installing and Configuring vRealize Operations for Published Applications
What to do next
Verify the status of the vRealize Operations for Published Applications broker agent in the Windows
Services Management Console.
Review the logs by browsing to the C:\ProgramData\VMware\VMware vRealize Operations for Published
Apps\Broker Agent\logs directory.
Configure Broker Agent to use Non-Admin User for Citrix Desktop Delivery Controller
You can congure broker agent to use non-admin user for Citrix Desktop Delivery Controller.
Prerequisites
If you want to congure broker agent to use Read-Only/Custom administrator for connecting to Citrix
delivery controller, follow these steps:
Ensure that the Read-Only/Custom Administrator has read access to Site and Monitoring Databases.
n
Ensure that Read-Only/Custom Administrator has read/execute/remote access over WinRM,
n
RemotePowershell and WMI (Root\CIMV2).
Procedure
1 You can achieve this by adding the user to local "Administrators" group of the delivery controller
machine.
or
2 Follow these steps if you don't want the user to have Administrator access on delivery controller.
a Login to delivery controller as full administrator.
b Run command winrm configSDDL default from command prompt. Add Read/Execute permissions
for Read-Only/Custom Administrator.
c Run Set-PSSessionConfiguration -name Microsoft.PowerShell -ShowSecurityDescriptorUI from
powershell prompt. Add Read/Execute permissions for Read-Only/Custom Administrator.
d Go to Computer Management > Services and Applications > WMI Control.
e Right click and select Properties.
f Go to Security tab.
g Click CIMV2 > Security.
Add Execute Methods and Remote Enable permissions for Read-Only/Custom Administrator.
h Restart the WinRM Service.
i Download and install the "subinacl" tool from
hp://www.microsoft.com/en-us/download/details.aspx?id=23510.
j Add Execute Methods and Remote Enable permissions for Read-Only/Custom Administrator.
k From Command Prompt, navigate to subinacl installation directory. By default, it gets installed in
"C:\Program Files (x86)\Windows Resource Kits\Tools".
l Run subinacl.exe /service CitrixBrokerService /grant=DOMAIN\USER_NAME=S.
VMware, Inc. 23
VMware vRealize Operations for Published Applications Installation and Administration
Install a vRealize Operations for Published Applications Desktop Agent
You install desktop agents on all Delivery Controllers, Store Front server, RDS host, License server, and VDI
machines.
Prerequisites
Verify that you downloaded the desktop agent installation le.
Procedure
1 Log in to the machine where you plan to install the desktop agent, using a domain account that is part
of the local administrators group.
2 Install the desktop agent.
Option Action
Command line
EXE file
a Access the command prompt.
b Run the Desktop agent:
n
For 64-bit: Run the VMware-v4padesktopagent-x86_64-6.4buildnumber.exe command using the /s /v/qn options.
n
For 32-bit: Run the VMware-v4padesktopagent-6.4buildnumber.exe command using the /s /v/qn options.
a
Copy the VMware-v4padesktopagent-x86_64-6.4-
buildnumber.exe (64-bit) or VMware-v4padesktopagent-6.4-
buildnumber.exe (32-bit) le to a temporary folder.
b
Double-click the VMware-v4padesktopagent-x86_64-6.4-
buildnumber.exe or the VMware-v4padesktopagent-x86_64-6.4-
buildnumber.exe (64-bit) or VMware-v4padesktopagent-6.4-
buildnumber.exe (32-bit)file.
c Follow the steps to complete the installer.
The desktop agent is installed in Program Files folder.
Push the vRealize Operations for Published Applications Desktop Agent Pair Token Using a Group Policy
To use vRealize Operations for Published Applications to monitor a XenDesktop Site, you must create a
Group Policy (GPO) to contain the vRealize Operations for Published Applications group policies. You then
apply the GPO to the remote desktops that you want to monitor.
You use the Microsoft Group Policy Editor to create the GPO. After you create the GPO, you must apply it to
a base image or to an Organizational Unit (OU) on your Active Directory server, depending on your
conguration.
vRealize Operations for Published Applications group-policy seings are provided in the
v4pa_desktopagent.admx le that is installed in the %programfiles%\VMware\vRealize Operations for
Published Apps\Broker Agent\extras\GroupPolicyFiles directory.
The language-specic resources, for example .adml les, are installed in the %programfiles
%\VMware\vRealize Operations for Published Apps\Broker Agent\extras\GroupPolicyFilese\language
directory.
If there is an Authentication Failure for a desktop agent you must update the GPO policy for desktop agent
authentication. When you update the GPO policy for desktop agent authentication, and there are other
policies that require updating, all pending policies are updated, not just the GPO policy for desktop agent
authentication.
24 VMware, Inc.
Chapter 4 Installing and Configuring vRealize Operations for Published Applications
Procedure
1 Create an organizational unit (OU) in the domain controller machine.
2 If the XD-XA server was already added to the computer account, move the XD-XA server to the OU.
a Access Active Directory Users Computers, and select Computer, right-click your XD-XA server,
and in the context menu select Move....
b In the Move object into container window, select the OU you created.
The XD-XA server is now moved to the OU.
3 Create a Group Policy object using the Group Policy Management Console (GPMC).
4 Copy the certicate string and the RMI URL from the broker agent conguration utility.
5 Copy the v4pa_desktopagent.admx le to PolicyDefinitions folder, which is in the
c:\Windows\PolicyDefinitions directory.
The v4pa_desktopagent.admx le is in the "%ProgramFiles%\VMware\vRealize Operations for
Published Apps\Broker Agent\extras\GroupPolicyFiles directory.
6 Copy the v4pa_desktopagent.adml le to en-us folder, which is in the
c:\Windows\PolicyDefinitions\en-us directory.
The v4pa_desktopagent.adml le is in the "%ProgramFiles%\VMware\vRealize Operations for
Published Apps\Broker Agent\extras\GroupPolicyFiles\en_us directory.
7 Set the Group Policy.
a On the controller machine, click Start and type the gpmc.msc command in the search box.
b Right-click the GPO that you created and select Edit.
c Select Computer > Policies > Administrative Templates > VMware Published
Apps Agent > vRealize Operations, and double-click the item in the right pane.
d Select Enable and copy the RMI URL and certicate string in the policy template.
You might receive a warning that you exceeded the maximum number of characters per line.
e (Optional) Break the line by pressing Enter, and click Apply, and then click OK.
8 Verify on the XD-XA server machine that the RMI URL and certicate string in the
HKLM\Software\Policies\VMware, Inc.\vRealize operations for published Apps\Desktop Agent
directory. RMI URL is of the format rmi://<vrops_ip>:3095.
What to do next
Install desktop agent on the VDI and RDSH hosts you want to monitor. If you already installed a desktop
agent and planned to push through GPO at later stage, there might be exceptions in the desktop agent log
les. After the pair token is pushed using the GPO, you should restart the desktop agent service.
VMware, Inc. 25
VMware vRealize Operations for Published Applications Installation and Administration
26 VMware, Inc.
Enable PowerShell Remoting on the
Server 5
You must enable the PowerShell remoting on the machine where the broker agent is installed. This is a onetime activity to enable the broker agent to collect the data from the Citrix Controller and send to the
vRealize Operations for Published Applications adapter.
Procedure
1 Open PowerShell prompt and run the following command:
Enable-PSRemoting -Force
2 To change scripts execution policy to allow remote scripts, run the following command:
Set-ExecutionPolicy RemoteSigned
VMware, Inc.
27
VMware vRealize Operations for Published Applications Installation and Administration
28 VMware, Inc.
Enabling HTTP or HTTPS Protocols
for PowerShell Remoting 6
This chapter describes how to enable either HTTP or HTTPS protocols for PowerShell remoting.
N Many users have PowerShell remoting already congured in the Citrix environment, with HTTP or
HTTPS protocols already enabled. If this is the case for you, you can skip this chapter.
This chapter includes the following topics:
“Enable HTTP Protocol for PowerShell Remoting,” on page 29
n
“Enable HTTPS Protocol for PowerShell Remoting,” on page 30
n
“Congure a Firewall,” on page 33
n
“Update the etc/host le for DNS Resolution,” on page 33
n
“Install the Certicate on the Client,” on page 33
n
“Test the Connection from the Client Machine,” on page 34
n
“Use makecert for SSL Certication,” on page 34
n
Enable HTTP Protocol for PowerShell Remoting
If you have not already enabled PowerShell Remoting and want to use the HTTP protocol, follow these
steps.
If you plan to use the HTTPS protocol instead, skip this section and see “Enable HTTPS Protocol for
PowerShell Remoting,” on page 30.
Procedure
To use HTTP for PowerShell remoting, run the following command on the host:
u
winrm quickconfig
Port 5985 is opened to listen to incoming connection. Sometimes, the connection from the remote PowerShell
does not work because of the following error:
Connecting to remote server failed with the following error message : The WinRM client cannot
process the request.
If the authentication scheme is dierent from Kerberos or if the client computer is not connected to a
domain, you must use HTTPS transport. Or, add the destination machine to the TrustedHosts conguration
seing.
VMware, Inc.
29
VMware vRealize Operations for Published Applications Installation and Administration
Use the following command to congure TrustedHosts:
winrm.cmd
N Computers in the TrustedHosts list might not be authenticated. For more information, run the
following command:
winrm help config
You can also run the following command to set the remote host as a trusted host on the client:
winrm set winrm/config/client'@{TrustedHosts="10.0.5.35"}'
What to do next
Once you have enabled the protocol, skip to “Congure a Firewall,” on page 33.
Enable HTTPS Protocol for PowerShell Remoting
If you have not already enabled PowerShell Remoting and want to use the HTTPS protocol, follow these
steps.
If you want to enable the HTTP protocol instead of the HTTP protocol, see “Enable HTTP Protocol for
PowerShell Remoting,” on page 29. However, it is recommended to implement HTTPS for encrypting the
trac between the client and remote server.
These are the steps for enabling the HTTPS protocol:
Procedure
1 “Acquire an SSL Certicate,” on page 30
2 “Create a Self-Signed SSL Certicate Using the IIS Manager,” on page 31
3 “Create a Self-Signed SSL Certicate Using Makecert.exe,” on page 31
4 “Create a Self-Signed SSL Certicate Using OpenSSL,” on page 31
5 “Import the SSL Certicate on the Remote Machine,” on page 32
6 “Congure a WinRM HTTPS Listener,” on page 33
Acquire an SSL Certificate
To set up PowerShell remoting to use the HTTPS protocol, deploy an SSL certicate to the remote server.
To acquire an SSL certicate, rst generate a self-signed certicate. There are two purposes for using SSL
certicates with PowerShell remoting:
Encrypting trac between client and server
n
Verifying server identity (CN check)
n
The following are the methods to generate a self-signed SSL certicate:
“Create a Self-Signed SSL Certicate Using the IIS Manager,” on page 31
“Create a Self-Signed SSL Certicate Using Makecert.exe,” on page 31
“Create a Self-Signed SSL Certicate Using OpenSSL,” on page 31
In all these methods, replace HOSTNAME with either the remote server host name or the IP address to be used
to connect to that server; for example, srv1.mycompany.com or 32.53.2.87.
30 VMware, Inc.
Chapter 6 Enabling HTTP or HTTPS Protocols for PowerShell Remoting
Ensure that your setup meets the following requirements when generating an SSL certicate to use with
PowerShell remoting:
Set the Certicate Enhanced Key Usage (EKU) "Server Authentication" (OID=1.3.6.1.5.5.7.3.1).
n
Set the Certicate Subject to "CN=HOSTNAME".
n
In all these methods, an SSL certicate in PKCS12 format (PFX le) without a password is generated.
Create a Self-Signed SSL Certificate Using the IIS Manager
If IIS 7 or IIS 8 is installed on the remote server, you can use the IIS Manager to generate self-signed SSL
certicates.
Procedure
1 Open the IIS Manager.
2 In the Connections pane, select the top-most machine node.
3 Click Server in the Details pane.
4 Click Create Self-Signed in the Actions pane.
5 Enter HOSTNAME as certicate friendly name.
6 Select Personal as the certicate store.
Create a Self-Signed SSL Certificate Using Makecert.exe
makecert.exe is a part of Microsoft Windows SDK. If you have Microsoft Visual Studio .NET installed, you
can use both the makecert.exe and pvk2pfx.exe tools.
Procedure
1 Open the Visual Studio command prompt as an Administrator.
2 Navigate to the folder where you want to create the certicate les.
3 To create a certicate and a private key le, run the following command:
makecert -r -pe -n "CN=HOSTNAME" -eku 1.3.6.1.5.5.7.3.1 -sky exchange -sv HOSTNAME.pvk
HOSTNAME.cer
4 To convert the les into a .pfx le, run the following command:
pvk2pfx -pvk HOSTNAME.pvk -spc HOSTNAME.cer -pfx HOSTNAME.pfx
5 Deploy the generated SSL certicate to the remote server and import it there.
Create a Self-Signed SSL Certificate Using OpenSSL
You can create a self-signed certicate using OpenSSL.
Prerequisites
Download the Win32 OpenSSL Light package for generating SSL certicates from
hp://slproweb.com/products/Win32OpenSSL.html to a folder of your choice; for example,
C:\Utils\OpenSSL.
Procedure
1 To add Server Authentication to EKU, open openssl.cfg and add extendedKeyUsage seing under the
v3_ca section.
[ v3_ca ] extendedKeyUsage = serverAuth
VMware, Inc. 31
VMware vRealize Operations for Published Applications Installation and Administration
2 Open command prompt and go to C:\Utils\OpenSSL\bin, and set the default OpenSSL conguration
variable.
set OPENSSL_CONF=C:\Utils\OpenSSL-Win32\bin\openssl.cfg
3 Generate a self-signed certicate with a new private key.
openssl req -x509 -nodes -days 9999 -newkey rsa:2048 -keyout HOSTNAME.key -out HOSTNAME.cer -
subj "/CN=HOSTNAME"
4 Convert the certicate and the private key to a .pfx le.
openssl pkcs12 -export -out HOSTNAME.pfx -inkey HOSTNAME.key -in HOSTNAME.cer -name
"HOSTNAME" -passout pass:
5 Deploy the generated SSL certicate (HOSTNAME.PFX le in the bin folder) to the remote server and
import it there .
Import the SSL Certificate on the Remote Machine
Import the PFX certicate le on the remote server. You can do so by aaching your local disk drive to the
Remote Desktop session and copying the le in Windows Explorer.
Procedure
1 Import the certicate into the Local Machine certicate store by pasting the following script in the
PowerShell console:
Replace path-to-pfx-le with the path to the PFX le; for example, C:\OpenSSL-Win64\bin\.
function Install-Certificate ($certPath, [string]$storeLocation = "LocalMachine", [string]
$storeName = "My")
{
$cert = New-Object
System.Security.Cryptography.X509Certificates.X509Certificate2($certPath,"",
"MachineKeySet,PersistKeySet")
$store = New-Object
System.Security.Cryptography.X509Certificates.X509Store($storeName, $storeLocation)
$store.Open("ReadWrite")
$store.Add($cert)
$store.Close()
"Thumbprint: $($cert.Thumbprint)"
}
Install-Certificate path-to-pfx-file\xenapp-dc.vcops.local.pfx
The output of this script is a certicate thumbprint, which is required when seing up an HTTPS
listener for the WinRM service. If you generated a SSL certicate in the IIS Manager, you can get its
thumbprint using the following PowerShell command:
Get-ChildItem cert:\LocalMachine\My | Where-Object { $_.Subject -eq "CN=HOSTNAME" }
2 Copy the certicate to the remote machine (delivery controller) using Windows Explorer.
32 VMware, Inc.
Configure a WinRM HTTPS Listener
All queries go through WinRM, so you need to congure a WinRM HTTPS listener on the machine where
the broker agent is installed.
Procedure
To congure a WinRM HTTPS listener on the remote server, run the following command on the
u
PowerShell prompt:
winrm create winrm/config/Listener?Address=*+Transport=HTTPS @{Hostname="xenapp-
dc.vcops.local";CertificateThumbprint= " 4D9157F66867A73A55A0B9F6DAC045EB52D4BF9A"}
Configure a Firewall
By default, WinRM uses port 5986 for a HTTPS listener. Add a new rewall rule to allow inbound
connections on the 5986 port.
Procedure
To add a new rewall rule to allow inbound connections on the 5986 port, run the following command:
u
netsh advfirewall firewall add rule name="Windows Remote Management (HTTPS-In)" dir=in
action=allow protocol=TCP localport=5986
Chapter 6 Enabling HTTP or HTTPS Protocols for PowerShell Remoting
If you work with an Azure VM, add a new endpoint for 5986 port on the VM seings page. If you work
with an AWS EC2 instance, add a new rule to its security group.
Update the etc/host file for DNS Resolution
Update the etc/host le to x the DNS resolution if you are using HOSTNAME as the fully qualied domain
name instead of the IP address.
Install the Certificate on the Client
Procedure
1 Open Windows Management Console.
2 Go to File > Remove Snap In.
3 Click > Add.
4 Select Computer Account, click Next, and then click Finish. Click OK on the wizard to continue.
The wizard closes and Console1 snap in is visible.
5 Select and expand the .
6 Select Trusted Root Authorities > , go the tree panel on the right, and right-
click All Tasks > Import.
The Welcome to Certicate Import wizard appears.
7 Click Next and browse to the certicate copied from the host.
8 Click Next.
A message conrms the success of the import operation.
The imported certicates are displayed in the tree panel on the right.
VMware, Inc. 33
VMware vRealize Operations for Published Applications Installation and Administration
Test the Connection from the Client Machine
Procedure
1 If you want to use HTTP protocol for PowerShell remoting, run the following command on the client
machine to allow connections to all hosts:
winrm set winrm/config/client @{TrustedHosts="*"}
2 Test it on the PowerShell console by running the following commands:
Invoke-Command -ComputerName XENAPP-DC -Port 5986 -Credential (Get-Credential) `
-UseSSL -SessionOption (New-PSSessionOption -SkipCACheck -SkipCNCheck) `
-ScriptBlock { Write-Host "Hello from $($env:ComputerName)" }
Testing of the connection is successful if you see the greeting from remote machine.
Use makecert for SSL Certification
Procedure
1 Run the following command:
makecert -r -pe -n "CN=[HOSTNAME]" -eku 1.3.6.1.5.5.7.3.1 -sky exchange -sv
xenapp6.stengdomain.fvt.pvk xenapp6.stengdomain.fvt.cer
2 Enter 1234 as password.
pvk2pfx -pvk [HOSTNAME] -spc xenapp6.stengdomain.fvt.cer -pfx xenapp6.stengdomain.fvt.pfx
3 Enter 1234 as password again.
Invoke-Command -ComputerName [HOSTNAME] -Port 5986 -Credential (Get-Credential) `
-UseSSL -SessionOption (New-PSSessionOption -SkipCACheck -SkipCNCheck) `
-ScriptBlock { Write-Host "Hello from $($env:ComputerName)" }
Invoke-Command -ComputerName [HOSTNAME] -Port 5986 -Credential (Get-Credential) `
-UseSSL -SessionOption(New-PSSessionOption -SkipCACheck -SkipCNCheck) `
-ScriptBlock { Write-Host "Hello from $($env:ComputerName)" }
Invoke-Command -ComputerName [HOSTNAME] -Port 5986 -Credential (Get-Credential) `
-UseSSL -SessionOption New-PSSessionOption -SkipCACheck -SkipCNCheck) `
-ScriptBlock {Write-Host "Hello from $($env:ComputerName)"}
Update etc/host to put remote computer IP and DNS name for using it in .net
34 VMware, Inc.
Monitoring Your Citrix XenDesktop
and Citrix XenApp Environments 7
When you install the vRealize Operations for Published Applications solution, precongured dashboards
and predened report templates appear in the vRealize Operations Manager user interface. You can use the
Citrix XenDesktop and Citrix XenApp dashboards and reports along with the standard
vRealize Operations Manager object monitoring features to monitor your Citrix XenDesktop and Citrix
XenApp environments.
This chapter includes the following topics:
“Using the XD-XA Dashboards,” on page 35
n
“Using the XD-XA Reports,” on page 43
n
“Using the vRealize Operations for Published Applications Alerts,” on page 45
n
Using the XD-XA Dashboards
The XD-XA dashboards are in the Published Applications group in the Dashboard List menu in the
vRealize Operations Manager user interface.
Widget Interaction in XD-XA Dashboards
vRealize Operations Manager supports interaction between widgets in a single dashboard. Widgets are
combined so that the content of the destination widget is updated according to the value selected in the
source widget.
For information about creating and modifying dashboards and customizing widgets see
vRealize Operations Manager Customization and Administration Guide.
Table 7‑1. Widget Interaction in XD-XA Dashboards
Dashboard Source Widget Destination Widget
XD-XA Overview Sites Site Indicator Metrics
XD-XA Overview Sites SQL Connectivity
XD-XA Overview Sites VCenter Server
XD-XA Overview VCenter Server Reclaimable Capacity
XD-XA Overview VCenter Server Capacity Remaining
XD-XA Help Desk Session Details Session Logon Breakdown
XD-XA Help Desk Session Details Session Processes
XD-XA Help Desk Session Details Selected Session Related Objects
XD-XA Help Desk Session Details Selected User Session Alerts
VMware, Inc. 35
VMware vRealize Operations for Published Applications Installation and Administration
Table 7‑1. Widget Interaction in XD-XA Dashboards (Continued)
Dashboard Source Widget Destination Widget
XD-XA Help Desk Session Details Machine Object
XD-XA Help Desk Session Details Client
XD-XA Help Desk Virtual Machine VM Metrics
XD-XA Help Desk Selected Session Related Objects Session Related Metrics
XD-XA Help Desk Machine Object Virtual Machine
XD-XA Server Desktops Session-host Servers Session Host Server Resource
XD-XA Servers Desktops Session-host Servers Session Host Server Indicator Metrics
XD-XA Servers Desktops Session-host Servers Top Alerts
XD-XA Servers Applications Applications Application Users
XD-XA Servers Applications Applications Application Instance Trend
XD-XA Servers Applications Applications Application Instances
XD-XA Servers Applications Applications Application Launch Duration Trend
XD-XA Servers Applications Applications Session-Host Servers
XD-XA Servers Applications Applications Instances Application Instance Resource Trend
XD-XA Servers Applications Session Host Servers Session Indicator Metrics
XD-XA VDI Desktops VDI Desktops VDI Session Details
XD-XA VDI Desktops VDI Desktops VDI Desktop Resource Utilization
XD-XA VDI Desktops VDI Desktops Running Application List
XD-XA VDI Desktops VDI Desktops Top Alerts
XD-XA Session Details Session Details Session logon Breakdown
XD-XA Session Details Session Details Session Metrics
XD-XA Session Details Session Details Session Processes
XD-XA Session Details Users User Logon Duration Trend
XD-XA Session Details Users Application Launched by User
XD-XA User Experience vCPU Experience vCPU Relationship
XD-XA User Experience vDisk Experience vDisk Relationship
XD-XA User Experience vDisk Experience vDisk Latency Chart
XD-XA User Experience vRAM Experience vRAM Relationship
XD-XA User Experience vRAM Experience vRAM Chart
Utilization
36 VMware, Inc.
Chapter 7 Monitoring Your Citrix XenDesktop and Citrix XenApp Environments
Introducing the XD-XA Dashboards
You can use the precongured XD-XA dashboards to monitor the performance of your XenDesktop
environment.
Table 7‑2. XD-XA Dashboard Summary
Dashboard What It Shows When To Use It
“XD-XA Overview,” on
page 39
“XD-XA Help Desk,” on
page 39
“XD-XA Server Desktops,” on
page 40
“XD-XA Session Details,” on
page 40
“XD-XA Server Applications,”
on page 41
“XD-XA VDI Desktops,” on
page 41
Status of your end-to-end XD-XA
environment, including the XD-XA-related
alerts, key Site metrics, Site related vCenter
capacity.
Information about all sessions running in your
environment. The Sessions Details widget lists
all of connected VDI desktop sessions, RDS
desktop sessions, and application sessions in
your environment and is the master widget for
the dashboard.
Session-host server metrics and related
vSphere VMs, server resource utilization and
server indicator metrics.
Detailed information of all the sessions,
session logon breakdown, session performance
metrics, running processes of the session, users
summary, User logon duration trend, and the
report of what application are launched by a
user and when.
Application summary data, application
instance number trend, application instance
summary data, application instance resource
utilizaiton, application launch duration trend,
application users, Application related servers,
and server indicator metrics.
VDI Desktops related alerts, VDI Desktop
summary information and VDI session
detailed information, VDI desktop session
resource utilization, and running application
list of a VDI desktop session.
Assess overall XD-XA
n
performance, and the overall
user experience.
View the top XD-XA-related
n
alerts.
View Site related vCenter
n
remaining capacity and
reclaimable capacity.
View existing alerts of the
n
system and the selected session.
Metrics of selected session,
n
Health, Workload, Logon Time,
ICA Round Trip Latency, ICA
Input Bandwidth, and ICA
Output Bandwidth.
View important logon metrics,
n
Brokering Duration, HDX
Connection Duration,
n
Authentication Duration, GPO
duration, Prole Load Duration,
and Interactive Duration.
Check servers alerts, server
n
indicator metrics, and resource
utilization metrics.
Check detailed session
n
information, check session logon
details, retrieve session running
processes for trouble shooting,
check users summary, check user
logon duration trend, and look
at the report of what application
are launched by a user and
when.
Check application summary
n
data, performance data, launch
duration historical trend, the
report of which users launched
applications and when,
application related server
indicator metrics.
Check VDI Desktop overall
n
status, top alerts, resource
utilization, and retrieving
session running application list
for troubleshooting.
VMware, Inc. 37
VMware vRealize Operations for Published Applications Installation and Administration
Table 7‑2. XD-XA Dashboard Summary (Continued)
Dashboard What It Shows When To Use It
“XD-XA User Experience,” on
page 42
“XD-XA Root Cause Analysis
Dashboard,” on page 42
vCPU Experience heatmap, vDisk Experience
heatmap, vRAM Experience heatmap, vCPU
relationship, vDisk relationship, vRAM
relationship, vCPU chart, vDisk chart, vRAM
chart, and Delivery Group critical alerts.
Detailed information on specic metrics,
including performance over time.
Understanding the Health Badge
The health badge indicates immediate issues that might require your aention. It helps you identify the
current health of your system.
vRealize Operations Manager combines workload, anomalies, and faults to assess the overall health of your
system and to determine the expected workload level in that environment. A low health score might
indicate a potential issue.
The health badge is enabled on vRealize Operations for Published Applications objects.
Table 7‑3. Understanding the Health Badge
Object Description
XD-XA Application
Instance
XD-XA Application
Session
XD-XA Broker Agent
Collector
XD-XA Desktop OS
Machine
XD-XA Desktop Session The Desktop Session Network alert is triggered when the session latency is too high.
XD-XA Delivery
Controller
XD-XA Licensing Server Published Apps Adapter is not Receiving Data from the Desktop Agent alert is triggered
The Application Performance Problem alert is triggered when application instance
performance problem is detected, when CPU processor time is too high, or memory
consumed is more.
The Application Session Network alert is triggered when the session latency is too high.
The Application Session performance Problem alert is triggered when CPU processor time is
too high or memory consumed is more.
Not receiving data from the Broker Agent alert is triggered when Broker agent is not
reachable.
Desktop OS Machine is not available for use alert is triggered when VDA machine is not
available
Published Apps Adapter is not receiving Data from the Desktop Agent alert is triggered when
Desktop agent is not working/not working on server on Store front.
Desktop OS Machine Performance Problem alert is triggered when CPU processor time is too
high.
The Desktop Session performance Problem alert is triggered when CPU processor time is too
high or memory consumed is more.
Delivery Controller Database Conguration Fault alert is triggered when Citrix Broker
Service is down or there is no connectivity.
The StoreFront Service has Failed alert is triggered when store front service is not accessible
from Delivery Controller
The Host service has failed alert is triggered when Citrix host service is down.
The Monitor service has failed alert is triggered when Citrix monitor service is down.
The Machine Creation Service has failed alert is triggered when machine service is down
service is down.
Published Apps adapter is not receiving data from the Desktop Agent alert is triggered when
Desktop agent is not working on Delivery controller.
Delivery Controller Performance Problem alert is triggered when CPU processor time is too
high.
when Desktop agent is not working on licensing server.
License Server Performance Problem alert is triggered when CPU processor time is too high.
Check overall and detailed
n
vCPU/vDisk/vRAM experience,
check delivery controller critial
alerts.
Troubleshoot problems related
n
to specic object-related metrics.
38 VMware, Inc.
Chapter 7 Monitoring Your Citrix XenDesktop and Citrix XenApp Environments
Table 7‑3. Understanding the Health Badge (Continued)
Object Description
XD-XA PVS The PVS Server is not reachable from XD Controller alert is triggered when PVS server is not
reachable.
XD-XA Store Front StoreFront Server cannot be accessed alert is triggered when store front service is down.
Published Apps Adapter is not Receiving Data from the desktop agent alert is triggered when
Desktop agent is not working on the Store Front.
StoreFront Performance Problem alert is triggered when CPU processor time is too high.
XD-XA Site The Site Database service has Failed alert is triggered when site database is down.
This alert is triggered in the following scenarios:
A site performance problem has been detected. One or more store front servers of this site
have performance problem. Check the CPU usage or memory for possible cause.
A site performance problem has been detected. One or more license servers of this site have
performance problem. Check the CPU usage or memory for possible cause.
A site performance problem has been detected. One or more delivery controllers of this site
have performance problem. Check the CPU usage or memory for possible cause.
A site performance problem has been detected. One or more desktop os machines of this site
have performance problem. Check the CPU usage or memory for possible cause.
A site performance problem has been detected. One or more server os machines of this site
have performance problem. Check the CPU usage or memory for possible cause.
XD-XA Server OS
machine
Published Apps Adapter is not receiving data from the desktop agent alert is triggered when
Desktop agent is not working on session host machine.
Server OS Machine Performance Problem alert is triggered when CPU processor time is too
high.
XD-XA Overview
The XD-XA Overview dashboard shows the overall status of your environment. Use the XD-XA Overview
dashboard to visualize the end-to-end XenDesktop and XenApp environments, XD-XA-related alerts, key
Site metrics, and Site-related vCenter capacity.
Tips for using the XD-XA Overview Dashboard
To view the overall status of a Site, view the values of the Site Session Metrics and Site Capacity Metrics
n
widgets.
Use the Virtual Machine of Controller Server widget to view badge health and badge workload for the
n
VM of the controller server.
To view the overall status of a Site, view the Top Alerts, values of the Site Session Metrics widgets.
n
To view the overall capacity of the site related vCenter, view Remaining Capacity and reclaimable
n
capacity widgets.
XD-XA Help Desk
Thee Help Desk dashboard helps you view detailed information about all sessions running in your
environment. The Sessions Details widget lists all the connected VDI desktop sessions, RDS desktop
sessions, and application sessions in your environment and is the master widget for the dashboard.
Tips for using the Help Desk Dashboard
Use the All Environment Alerts widget to view all existing alerts of the system. Click each alert to view
detailed information.
Use the Selected User Session Alerts widget to view alerts of the selected session. Click each alert to view
detailed information.
VMware, Inc. 39
VMware vRealize Operations for Published Applications Installation and Administration
Use the Selected Session Related Objects widget to look at the related object of the selected session .
Use the Session Related Metrics widget to metrics of selected session, Health, Workload, Logon Time, ICA
Round Trip Latency, ICA Input Bandwidth, and ICA Output Bandwidth. Additionally, if a session has any
associated App Volumes App Stacks, they will show up in the Atached App Stacks column.
Use the Session Logon Breakdown widget to view important logon metrics, Brokering Duration, HDX
Connection Duration, Authentication Duration, GPO duration, App Volumes App Stack Aach Time,
Prole Load Duration, and Interactive Duration.
Run actions in the Session Processes widget to obtain information about in-guest desktop processes and
their resource usage, including CPU, memory, and I/O use. The Get Desktop Processes and Get Desktop
Services actions can help you determine which desktop processes and applications are using the most
resources. The Get Desktop/Client Traceroute action provides information about network distance and
quality between the desktop and client .
Use the Machine Object widget to show the machine object (created by
vRealize Operations for Published Applications) of selected session.
Use the Virtual Machine widget to show the related virtual machine of selected session.
Use the VM Metrics widget to show metrics of related virtual machine, VM Health, VM Workload, CPU,
CPU Ready, CPU Contention, Co-stop, vCPU Count, vCPU recommended, Memory, Disk Latency, Disk
IOPs, and Memory Swap.
Use the Client widget to show the client info of selected session.
Use the VM Host widget to show the ESXi host of the related VM that is hosting the selected session.
Use the Host Metrics widget to show metrics of the related host.
XD-XA Server Desktops
Use the XD-XA Servers dashboard to assess server metrics and related vSphere VMs, server resource
utilization, and server indicator metrics.
Tips for using the XD-XA Server Desktops Dashboard
Use the Virtual Machine of Session-host Server widget to view the badge health and badge workload
n
for the VM of the session-host server.
Use the Session-host Server Resource Utilization widget to view the CPU Processor Time, Disk Read
n
and Write, and Memory Available.
Use the Top Alert and Session-host Servers widget to view the server alerts and server summary data.
n
Use the Session-host server resource utilization widget to view server resource utilization data.
n
Use the Session-host Server Indicator Metrics widget to view server users and sessions summary data.
n
XD-XA Session Details
Use the XD-XA Session Details dashboard to view detailed information about sessions, application sessions,
and server sessions.
Tips for using the XD-XA Session Details Dashboard
To view session processes, select a session from the Sessions widget and view the information in the
n
Session Processes widget.
Use the Session Indicator Metrics widget to view session health, reconnect duration, logon duration,
n
prole load duration, session duration and session state.
40 VMware, Inc.
Chapter 7 Monitoring Your Citrix XenDesktop and Citrix XenApp Environments
To view session processes, select a session from the Sessions widget and view the information in the
n
Session Processes widget.
Use the Session Logon Breakdown widget to view important logon metrics, prole load time, shell load
n
time, App Volumes App Stack aach times, and Interactive session time.
Use the Users widget to view all Users in XD-XA environment.
n
Use the User logon duration trend to view user logon historical trend.
n
Use the Applications Launched By User widget to get a report of which application are launched by a
n
user, and when they're launched. Use the Desktop Applications Launched by User widget to do the
same with desktop applications.
XD-XA Server Applications
Use the XD-XA Server Applications dashboard to check application summary data, performance data,
launch duration historical trend, the report of which users launched applications and when, and
application-related server indicator metrics.
Tips for using the XD-XA Server Applications Dashboard
Use the Application Launch Duration widget to view application launch historical trend.
n
Use the Application User widget to view the report of which users launched applications and when and
n
application-related server indicator metrics.
XD-XA VDI Desktops
Use the XD-XA VDI Desktops dashboard to view VDI Desktops-related alerts, VDI Desktop summary
information and VDI session detailed information, VDI desktop session resource utilization. and running
application list of a VDI desktop session.
N Get Process to retrieve applications running in a VDI session is not supported.
Configuring Applications for Viewing in Reports
In order to use the following reports from the VDI Pools Dashboard, you must rst congure applications
that you want to monitor:
XD-XA Desktop Application Usage
n
XD-XA Desktop Application Instance Usage
n
Use the following steps to congure applications for these reports:
1 Edit /usr/lib/vmware-vcops/user/plugins/inbound/V4PA_adapterx/conf/v4pa-desktop-app-
config.properties in the master node. Add application information to it. For example, to add
information for calculator and notepad applications, modify the le like so:
#app name, app full path, pod name(optional)
#for pod Cluster-SERVER621
calculator,C:\ProgramData\Microsoft\Windows\Start
Menu\Programs\Accessories\Calculator.lnk,Cluster-SERVER621
#for all pods
notepad,C:\Windows\notepad.exe
2 By default, the app instance feature is disabled, and you can only see Desktop Applications Tier and
Desktop Application objects. To enable the app instance feature, go to /usr/lib/vmware-
vcops/user/plugins/inbound/V4PA_adapterx/conf/v4pa.properties and change the value of
enableDesktopApplicationInstance to true.
VMware, Inc. 41
VMware vRealize Operations for Published Applications Installation and Administration
3 Restart the entire cluster after making these changes, or just restart the remote collector. Use service
vmware-vcops -full-restart on the remote collector. The property has to be changed on the master
node; the remote cluster is updated after the restart.
Tips for using the XD-XA VDI Desktops Dashboard
Use the Top Alerts widet to view all desktop OS machine-related alerts.
n
Use the Running Application List widget to view the current running applications on a VDI desktop.
n
Use the Desktop Applications widget to view a list of all the congured applications hosted by a VDI
n
desktop.
Use the Desktop Application Users widget to see a history of user logon information for a selected
n
application, indicating who uses the application, and when the application is used.
XD-XA User Experience
Use the XD-XA User Experience dashboard to view detailed information of vCPU Experience heatmap,
vDisk Experience heatmap, vRAM Experience heatmap, vCPU relationship, vDisk relationship, vRAM
relationship, vCPU chart, vDisk chart, vRAM chart, and Delivery Group critical alerts.
Tips for using the XD-XA User Experience Dashboard
Use the vCPU/vDisk/vRAM experience heat map widgets to view overall user experience.
n
Use the Delivery Group Critical Alerts widget to view overall critical alert number of all Delivery
n
Groups.
XD-XA Root Cause Analysis Dashboard
The XD-XA Root Cause Analysis Dashboard enables you to see chart displays of selected object metrics,
giving you more detailed view of a metric that indicates a (potential) problem for further analysis.
To use the XD-XA Root Cause Analysis Dashboard, select an object of interest (that is, one that you want to
troubleshoot) from either the XD-XA User Experience dashboard or the XD-XA Help Desk dashboard.
From the XD-XA User Experience dashboard:
n
a Select an object from one of the heat maps or object relationship views.
b Click the Navigate icon at the top left corner of the widget.
c Select XD-XA Root Cause Analysis to go to the XD-XA Root Cause Analysis Dashboard.
From the XD-XA Help Desk Dashboard:
n
a Select either:
an active user session in the XD-XA Connected Sessions widget
n
an object in the Selected Session Related Object widget
n
b Click the Navigate icon at the top left corner of the widget.
c Select XD-XA Root Cause Analysis to go to the XD-XA Root Cause Analysis Dashboard.
On the XD-XA Root Cause Analysis Dashboard, select an object in the Selected Object Relationship widget.
This will display key metrics for the object in the Selected Object Analysis Snapshot widget. The color of a
given metric may change to indicate a metric of interest (e.g., yellow or red). In some cases the metric will
indicate a performance or over-subscription issue; in others it will indicate a higher-than-normal metric that
may be contributing to an actual problem.
42 VMware, Inc.
Clicking on a metric automatically adds it to the Selected Metric Chart widget, allowing for further analysis.
You can add additional metrics from the same object, or you can select other related objects and their metrics
to see if there is a correlation of key indicated metrics.
Double-clicking on related objects in the Selected Object Relationships widget enables you to see additional
environment relationships. For example, double-clicking a VM will show the host, datastore, and VDI pool
related to the VM; selecting the host, datastore, or pool will show additional key metrics for those items that
can also be added to the available chart for further analysis.
Using the XD-XA Reports
VMware vRealize Operations Manager has several report templates that you can generate for detailed
information about sites, license usage, and servers. You can also create new report templates, edit existing
report templates, and clone report templates.
To access the vRealize Operations for Published Applications report templates, select Content > Report in
vRealize Operations Manager.
Introducing the XD-XA Reports
The predened report templates provide detailed information about your XenDesktop and XenApp
environments. You can generate the report as a PDF or CSV le.
Chapter 7 Monitoring Your Citrix XenDesktop and Citrix XenApp Environments
Table 7‑4. Summary of XD-XA Report Templates
XD-XA Report Templates Report Content
XD-XA Application Report Includes information about your applications.
XD-XA Application Instance Usage Report Includes information about CPU and memory usage of an
application instance.
XD-XA Desktop Application Instance Usage Report Includes information about CPU and memory usage of a
desktop application instance.
XD-XA Desktop Application Usage Report Includes information about desktop application usage.
XD-XA License Trend Report Includes information about the trend of XenDesktop and
XenApp license usage.
XD-XA License Usage Report Includes information about the total duration of three
kinds of session (VDI desktop session, RDS desktop
session, and application session) of the users.
XD-XA Server Report Includes overall information about your servers.
XD-XA Site Overview Report Includes summary information about your Sites. You can
see application statistics, application instance trend, and
session trend.
XD-XA User Usage Summary Report Includes summary information about the user usage.
Subjects for Reports
When you congure reports, vRealize Operations Manager generates the report subjects according to your
congurations.
To ensure the best possible reports, use the following report subjects.
Table 7‑5. Subjects for Reports
Report Subject
XD-XA Application Report Application and Site
XD-XA Application Instance Usage Report Application Instance
VMware, Inc. 43
VMware vRealize Operations for Published Applications Installation and Administration
Table 7‑5. Subjects for Reports (Continued)
Report Subject
XD-XA Desktop Application Instance Usage Report Desktop Application Instance
XD-XA Desktop Application Usage Report Desktop Application
XD-XA License Trend Report License
XD-XA License Usage Report Licensing Server
XD-XA Server Report Server OS Machine
XD-XA Site Overview Report Site
XD-XA User Usage Summary Report User
Subjects for Report Views
When you congure the views for a report, vRealize Operations Manager generates the views according to
your congurations.
To ensure the best possible report views, use the following view subjects.
Table 7‑6. Subjects for Report Views
Report View Subject
XD-XA Application Daily User Count Trend Application
XD-XA Application Instance Count Trend Application
XD-XA Application Instance Summary Application Instance
XD-XA Application Instance Usage Application Instance
XD-XA Application Launch Duration Trend Application
XD-XA Desktop Application Instance Usage Desktop Application Instance
XD-XA Desktop Application Usage Desktop Application
XD-XA Farm Application Summary Application
XD-XA License Usage Summary Licensing Server
XD-XA License Usage Trend License
XD-XA License Usage Trend License
XD-XA Server CPU Trend Server OS Machine, Delivery Controller
XD-XA Server Disk Trend Server OS Machine, Delivery Controller
XD-XA Server ICA Bandwidth Trend Server OS Machine
XD-XA Server Memory Trend Server OS Machine, Delivery Controller
XD-XA Server Network Trend Server OS Machine, Delivery Controller
XD-XA Server Summary Server OS Machine, Delivery Controller
XD-XA Site App Instance Trend Site
XD-XA Site Session Trend Site
XD-XA Site Summary Site
XD-XA User Session Logon Duration Trend User
XD-XA User Usage View User
44 VMware, Inc.
Chapter 7 Monitoring Your Citrix XenDesktop and Citrix XenApp Environments
Using the vRealize Operations for Published Applications Alerts
vRealize Operations for Published Applications alerts help you troubleshoot system problems.
The Alerts tab, located on the left side of the vRealize Operations for Published Applications screen,
displays information about current system alerts, such as status, criticality, and creation and cancellation
dates. Use the lter to nd specic alerts (e.g., ltering on "failed" will display the "Failed to communicate
with target pod" alert). Clicking on an alert shows specic information, such as symptoms, cause, and
recommendations, if any.
Application Crash Alerts
Use application alerts when an application crashes.
With vRealize Operations for Published Applications alerts, you can monitor events when an application
launched inside a session crashes. The crash summary alert is shown on the Alerts page. Click the link for
the alert to see details of the crash, including cause and recommended action.
VMware, Inc. 45
VMware vRealize Operations for Published Applications Installation and Administration
46 VMware, Inc.
Managing RMI Communication in
vRealize Operations for Published
Applications 8
The vRealize Operations for Published Applications components communicate by using Remote Method
Invocation (RMI). The vRealize Operations for Published Applications adapter exposes RMI services that
can be called by an external client. The vRealize Operations for Published Applications adapter acts as a
server and the broker agents and desktop agents act as clients. You can change the default ports for these
RMI services.
For detailed descriptions of the vRealize Operations for Published Applications components, see “vRealize
Operations for Published Applications Architecture,” on page 8.
This chapter includes the following topics:
“RMI Services,” on page 47
n
“Default Ports for RMI Services,” on page 48
n
“Changing the Default RMI Service Ports,” on page 48
n
RMI Services
The vRealize Operations for Published Applications adapter exposes various RMI service.
RMI registry service
Desktop message
server
Broker message server
Certificate management
server
The broker and desktop agents initially connect to the RMI registry service
and request the address of a specic RMI server. Because the RMI registry
service is used only for lookup and no sensitive data is transmied to it, it
does not use an encrypted channel.
The desktop agents connect to the desktop message server and use it to send
XD-XA performance data collected by the desktop agent. The desktop
message server uses an SSL/TLS channel to encrypt the data that is sent from
the desktop agents.
The broker agent connects to the broker message server and uses it for
sending XD-XA inventory information to the
vRealize Operations for Published Applications adapter. The broker message
server uses an SSL/TLS channel to encrypt the data that is sent from the
broker agent.
The broker agent connects to the certicate management server during the
certicate pairing process. The certicate management server does not use an
encrypted channel. Certicates are encrypted by using the server key during
the certicate pairing process. For information, see Chapter 13, “Certicate
Pairing,” on page 63.
VMware, Inc. 47
VMware vRealize Operations for Published Applications Installation and Administration
Default Ports for RMI Services
The RMI services use certain default ports. The default ports are left open on the rewall on cluster nodes
and remote collector nodes.
Table 8‑1. Default Ports for RMI Services
RMI Service Default Port
RMI registry 3095
Desktop message server 3096
Broker message server 3097
Certicate management server 3098
Changing the Default RMI Service Ports
You can change the default ports for the RMI registry service, desktop message server, broker message
server, and certicate management server.
RMI Service Port Properties
The RMI service ports are dened in properties in the msgserver.properties le on the server where the
vRealize Operations for Published Applications adapter is running.
Table 8‑2. RMI Service Port Properties
RMI Service Property
RMI registry registry-port
Desktop message server desktop-port
Broker message server broker-port
Certicate management server certicate-port
Change the Default RMI Service Ports
You can change the default RMI service ports by modifying the msgserver.properties le on the server
where the vRealize Operations for Published Applications adapter is running.
Prerequisites
Verify that you can connect to the node where the vRealize Operations for Published Applications
n
adapter is running.
Become familiar with the RMI service port properties. See “RMI Service Port Properties,” on page 48.
n
Procedure
1 Log in to the node where the vRealize Operations for Published Applications adapter is running.
48 VMware, Inc.
Chapter 8 Managing RMI Communication in vRealize Operations for Published Applications
2 In a text editor, open the msgserver.properties le.
Platform File Location
Linux
Windows
/usr/lib/vmwarevcops/user/plugins/inbound/V4PA_adapter3/work/msgserver.pro
perties
C:\vmware\vcenteroperations\user\plugins\inbound\V4PA_adapter3\work\msgserve
r.properties
3 Modify the properties for the RMI service ports that you want to change.
4 Save your changes and close the msgserver.properties le.
What to do next
Open the new RMI service port or ports on the vRealize Operations Manager rewall. See “Open the Ports
Used by vRealize Operations for Published Applications,” on page 16.
Update the vRealize Operations Manager Firewall
If you change the default port for an RMI service, you must open the new port on the
vRealize Operations Manager rewall.
N If the vRealize Operations for Published Applications adapter is running on a remote collector, see
the documentation for the rewall on the remote collector node for information about updating the rewall.
Procedure
1 On the cluster node where the vRealize Operations for Published Applications adapter is running, use a
text editor to open the vmware-vcops-firewall.conf le.
The vmware-vcops-firewall.conf le is in the /opt/vmware/etc/ directory.
2 Update the appropriate ports in the vmware-vcops-firewall.conf le and save the le.
3 Restart the rewall service to make your changes take eect.
a Execute service vmware-vcops-firewall restart.
4 On windows, Access Windows Firewall and select Windows Firewall > Advanced > Inbound
Rules > New Rule > Port and click Next. Select local ports and type the ports that you are
using, for example, 3095-3098. The default ports are 3095-3098.
VMware, Inc. 49
VMware vRealize Operations for Published Applications Installation and Administration
50 VMware, Inc.
Changing the Default TLS
Configuration in
vRealize Operations for Published
Applications 9
The vRealize Operations for Published Applications broker message server uses an TLS channel to
communicate with the broker agents. The vRealize Operations for Published Applications desktop message
server uses an TLS channel to communicate with the desktop agents. You can change the default TLS
conguration for servers and agents by modifying TLS conguration properties.
This chapter includes the following topics:
“Default TLS Protocols and Ciphers for vRealize Operations for Published Applications,” on page 51
n
“TLS Conguration Properties,” on page 52
n
“Change the Default TLS Conguration for Servers,” on page 52
n
“Change the Default TLS for Agents,” on page 52
n
Default TLS Protocols and Ciphers for vRealize Operations for Published Applications
When an RMI connection is established between an agent and a server, the agent and server negotiate the
protocol and cipher to use
Each agent and server has a list of protocols and ciphers that it supports. The strongest protocol and cipher
that is common to both the agent list and server list is selected for the TLS channel.
By default, RMI agents and servers are congured to accept only TLSv1.2 connections with the following
ciphers.
TLS_DHE_DSS_WITH_AES_128_GCM_SHA256
n
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
n
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
n
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
n
VMware, Inc.
51
VMware vRealize Operations for Published Applications Installation and Administration
TLS Configuration Properties
The TLS protocols and ciphers for the desktop and broker message servers are specied in properties in the
msgserver.properties le. The TLS protocols and ciphers for the desktop and broker agents are specied in
properties in the msgclient.properties le.
Table 9‑1. SSL/TLS Configuration Properties
Property Default Value
sslProtocols List of accepted TLS protocols,
separated by commas.
sslCiphers List of accepted TLS ciphers, separated
by commas.
TLSv1.2
TLS_DHE_DSS_WITH_AES_128_GCM_SHA256
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
Change the Default TLS Configuration for Servers
You can change the default TLS conguration that the desktop message server and broker message server
use by modifying the msgserver.properties le on the server where the
vRealize Operations for Published Applications adapter is running.
Prerequisites
Verify that you can connect to the node where the vRealize Operations for Published Applications
n
adapter is running.
Become familiar with the TLS conguration properties. See “TLS Conguration Properties,” on page 52.
n
Procedure
1 Log in to the node where the vRealize Operations for Published Applications adapter is running.
2 In a text editor, open the msgserver.properties le.
Platform File Location
Linux
Windows
/usr/lib/vmwarevcops/user/plugins/inbound/V4PA_adapter3/work/msgserver.pro
perties
C:\vmware\vcenteroperations\user\plugins\inbound\V4PA_adapter3\work\msgserve
r.properties
3 Modify the SSL/TLS conguration properties.
4 Save your changes and close the msgserver.properties le.
Change the Default TLS for Agents
You can change the TLS conguration that the desktop agents and broker agents use to connect to the
desktop and broker message servers by modifying the msgclient.properties le.
Prerequisites
For the desktop agents, verify that you can connect to the remote XD-XA server.
n
For a broker agent, verify that you can connect to the host where the XD-XA broker agent is installed.
n
Become familiar with the TLS conguration properties. See “TLS Conguration Properties,” on page 52.
n
52 VMware, Inc.
Chapter 9 Changing the Default TLS Configuration in vRealize Operations for Published Applications
Procedure
1 Modify the TLS conguration properties for a desktop agent.
a Log in to the XD-XA server where the XD-XA agent is running.
b In a text editor, open the msgclient.properties le.
The msgclient.properties le is in the C:\ProgramData\VMware\vRealize Operations for
Published Apps\Desktop Agent\conf directory.
c Modify the TLS conguration properties.
d Save your changes and close the msgclient.properties le.
2 Modify the TLS conguration properties for a broker agent.
a Log in to the remote collector host where the broker agent is installed.
b In a text editor, open the msgclient.properties le.
The msgclient.properties le is in the C:\ProgramData\VMware\vRealize Operations for
Published Apps\Broker Agent\conf directory.
c Modify the TLS conguration properties.
d Save your changes and close the msgclient.properties le.
VMware, Inc. 53
VMware vRealize Operations for Published Applications Installation and Administration
54 VMware, Inc.
Managing Authentication in
vRealize Operations for Published
Applications 10
RMI servers provide a certicate that the agents use to authenticate the
vRealize Operations for Published Applications adapter. Broker agents use SSL/TLS client authentication
with a certicate that the vRealize Operations for Published Applications adapter uses to authenticate the
broker agents. Desktop agents provide tokens that the vRealize Operations for Published Applications
adapter uses to authenticate the desktop agents.
To increase security, you can replace the default self-signed certicates that the
vRealize Operations for Published Applications adapter and broker agents use.
Understanding Authentication for Each Component
Each vRealize Operations for Published Applications component handles authentication dierently.
vRealize Operations for Published Applications Adapter Authentication
When an RMI connection is established between the desktop message server and a desktop agent, or
between the broker message server and a broker agent, the agent requests a certicate from the server to
perform authentication. This certicate is validated against the agent's trust store before proceeding with the
connection. If the server does not provide a certicate, or the server certicate cannot be validated, the
connection is rejected.
When the vRealize Operations for Published Applications adapter is rst installed, a self-signed certicate is
generated. The desktop message server and broker message server use this self-signed certicate by default
to authenticate to their agents. Because this certicate is generated dynamically, you must manually pair the
vRealize Operations for Published Applications adapter and broker agent before the agents can
communicate with the vRealize Operations for Published Applications adapter. See Chapter 13, “Certicate
Pairing,” on page 63.
Desktop Agent Authentication
Connections to the desktop message server require an authentication token to verify that the connection is
coming from a valid desktop agent. The desktop agent generates a unique authentication token for each
remote desktop.
In addition, the desktop agent generates a serverID for the XD-XA server and write the serverID into
vRealize Operations Manager. When a desktop agent aempts to send data to the
vRealize Operations for Published Applications adapter, the adapter will verify whether the authentication
token has been cached in memory. If there is no server with same name, the adapter caches the server name
and authentication token in memory. If the server has been cached, compare the cached authentication token
and the one sent. If the tokens are same, accept the message, else reject the desktop agent message.
VMware, Inc.
55
VMware vRealize Operations for Published Applications Installation and Administration
The vRealize Operations for Published Applications adapter also checks whether a VM with same serverID
exists in vRealize Operations Manager, and adds the VM into the topology when a VM with the same name
exists.
Broker Agent Authentication
When an RMI connection is established to the broker message server, the broker message server requests a
certicate from the client to perform client authentication. The certicate is validated against the trust store
for the vRealize Operations for Published Applications adapter before proceeding with the connection.
If the client does not provide a certicate, or the agent's certicate cannot be validated, the connection is
rejected. When you rst install the broker agent, a self-signed certicate is generated. The broker agent uses
this self-signed certicate by default to authenticate to the vRealize Operations for Published Applications
adapter. Because this certicate is generated dynamically, you must manually pair the
vRealize Operations for Published Applications adapter and broker agent before the broker agent can
communicate with the vRealize Operations for Published Applications adapter. For more information, see
Chapter 13, “Certicate Pairing,” on page 63.
56 VMware, Inc.
Certificate and Trust Store Files 11
The vRealize Operations for Published Applications components use a certicate trust store to store trusted
certicates and root certicates for certicate authorities. Certicates and trust stores are stored in Java key
store format.
This chapter includes the following topics:
“vRealize Operations for Published Applications Adapter Certicate and Trust Store Files,” on
n
page 57
“Broker Agent Certicate and Trust Store Files,” on page 58
n
vRealize Operations for Published Applications Adapter Certificate and Trust Store Files
The certicate and trust store les for the vRealize Operations for Published Applications adapter are in the
adapter's work directory. These les are in Java key store format.
The work directory is on the node where the vRealize Operations for Published Applications adapter is
installed. On Linux, the path to the work directory
is /usr/lib/vmwarevcops/user/plugins/inbound/V4PA_adapter3/. On Windows, the path to the work
directory is C:\vmware\vcenteroperations\user\plugins\inbound\V4PA_adapter3\.
You can use the Java keytool utility to view and control the certicate store and trust store les.
Table 11‑1. Java Key Stores in the work Directory
Java Key Store Description
v4pa-adapter.jks
v4pa-truststore.jks
The names of the key store les and their credentials are dened in the msgserver.properties le, which is
also in the work directory.
Table 11‑2. Adapter Key Store Configuration Properties in the msgserver.properties File
Property Default Value Description
keyle
keypass Password to the key store le
VMware, Inc. 57
v4pa-adapter.jks
Contains the certicate that the adapter uses to
authenticate itself to agents.
Contains the trust store that the adapter uses to
authenticate the broker agent certicate.
Name of the key store le that
contains the adapter certicate.
that contains the adapter
certicate. The password is
dynamically generated.
VMware vRealize Operations for Published Applications Installation and Administration
Table 11‑2. Adapter Key Store Configuration Properties in the msgserver.properties File (Continued)
Property Default Value Description
trustle
trustpass Password to the key store le
v4pa-truststore.jks
Broker Agent Certificate and Trust Store Files
The broker agent certicate and trust store les are in the C:\ProgramData\VMware\vRealize Operations for
Published Apps\Broker Agent\conf directory on the vRealize Operations for Published Applications broker
server host. These les are Java key store les.
You can use the Java keytool utility to view and control the certicate store and trust store les.
Table 11‑3. Java Key Stores in the conf Directory
Java Key Store Description
v4pa-brokeragent.jks
v4pa-truststore.jks
Contains the certicate that the broker agent uses to
authenticate itself to the
vRealize Operations for Published Applications adapter.
Contains the trust store that the broker agent uses to
authenticate the
vRealize Operations for Published Applications adapter
certicate.
Name of the key store le that
contains the adapter trust store.
that contains the adapter trust
store. The password is
dynamically generated.
The names of the key store les and their credentials are dened in the msgclient.properties le, which is
also in the conf directory.
Table 11‑4. Broker Agent Key Store Configuration Properties in the msgclient.properties File
Property Default Value Description
keyle
keypass The password to the key store le that
trustle
trustpass The password to the key store le that
v4pa-brokeragent.jks
v4pa-truststore.jks
The name of the key store le that
contains the broker agent's certicate.
contains the broker agent's certicate.
The password is dynamically
generated.
The name of the key store le that
contains the broker agent's trust store.
contains the broker agent's trust store.
The password is dynamically
generated.
58 VMware, Inc.
Replacing the Default Certificates 12
By default, the vRealize Operations for Published Applications adapter and the broker agent use self-signed
certicates for authentication and data encryption. For increased security, you can replace the default selfsigned certicates with certicates that are signed by a certicate authority.
This chapter includes the following topics:
“Replace the Default Certicate for the vRealize Operations for Published Applications Adapter,” on
n
page 59
“Replace the Default Certicate for the Broker Agent,” on page 61
n
Replace the Default Certificate for the vRealize Operations for Published Applications Adapter
A self-signed certicate is generated when you rst install the
vRealize Operations for Published Applications adapter. The desktop message server and the broker
message server use this certicate by default to authenticate to the agents. You can replace the self-signed
certicate with a certicate that is signed by a valid certicate authority.
Prerequisites
VMware, Inc.
Verify that you can connect to the node where the vRealize Operations for Published Applications
n
adapter is running.
Verify that you have the password for certicate store. You can obtain the password from the
n
msgserver.properties le. See “vRealize Operations for Published Applications Adapter Certicate
and Trust Store Files,” on page 57.
Become familiar with the Java keytool utility. Documentation is available at hp://docs.oracle.com.
n
Procedure
1 Log in to the node where the vRealize Operations for Published Applications adapter is running.
2 Navigate to the vRealize Operations for Published Applications adapter's work directory.
Platform Directory Location
Linux
Windows
/usr/lib/vmwarevcops/user/plugins/inbound/V4PA_adapter3/work
C:\vmware\vcenteroperations\user\plugins\inbound\V4PA_adapt
er3\work
59
VMware vRealize Operations for Published Applications Installation and Administration
3
Use the keytool utility with the -selfcert option to generate a new self-signed certicate for the
vRealize Operations for Published Applications adapter.
Because the default self-signed certicate is issued to VMware, you must generate a new self-signed
certicate before you can request a signed certicate. The signed certicate must be issued to your
organization.
For example:
keytool –selfcert –alias v4pa-adapter –dname dn-of-org –keystore v4pa-adapter.jks
dn-of-org is the distinguished name of the organization to which the certicate is issued, for example,
"OU=Management Platform, O=VMware, Inc., C=US".
By default, the certicate signature uses the SHA1withRSA algorithm. You can override this default by
specifying the name of the algorithm with the -sigalg option.
4
Use the keytool utility with the -certreq option from the adapter work directory to generate a
certicate signing request.
A certicate signing request is required to request a certicate from a certicate signing authority.
For example:
keytool –certreq –alias v4pa-adapter –file certificate-request-file -keystore v4pa-
adapter.jks
certicate-request-le is the name of the le that will contain the certicate signing request.
5 Upload the certicate signing request to a certicate authority and request a signed certicate.
If the certicate authority requests a password for the certicate private key, use the password
congured for the certicate store.
The certicate authority returns a signed certicate.
6 To import the certicate, copy the certicate le to the vRealize Operations for Published Applications
adapter work directory and run the keytool utility with the –import option.
For example:
keytool –import –alias v4pa-adapter –file certificate-filename -keystore v4pa-adapter.jks
certicate-lename is the name of the certicate le from the certicate authority.
When the keytool utility is nished, the signed certicate is imported to the adapter certicate store.
7 To start using the new certicate, restart the vRealize Operations for Published Applications adapter on
the node where the adapter is running.
Platform Action
Linux
Windows
Run the service vmware-vcops restart command.
Use the Windows Services tool (services.msc) to restart the
vRealize Operations for Published Applications Adapter service.
What to do next
After you restart the vRealize Operations for Published Applications adapter, you must pair any broker
agents that are aached to the vRealize Operations for Published Applications adapter. See Chapter 13,
“Certicate Pairing,” on page 63.
60 VMware, Inc.
Chapter 12 Replacing the Default Certificates
Replace the Default Certificate for the Broker Agent
A self-signed certicate is generated when you rst install the broker agent. The broker agent uses this
certicate by default to authenticate to the vRealize Operations for Published Applications adapter. You can
replace the self-signed certicate with a certicate that is signed by a valid certicate authority.
Prerequisites
Verify that you can connect to the XD-XA Session host where the broker agent is installed.
n
Verify that the keytool utility is added to the system path on the data collector host where the broker
n
agent is installed.
Verify that you have the password for the certicate store. You can obtain this password from the
n
msgserver.properties le. See “Broker Agent Certicate and Trust Store Files,” on page 58.
Become familiar with the Java keytool utility. Documentation is available at hp://docs.oracle.com
n
Procedure
1 Log in to the vRealize Operations for Published Applications Server host where the broker agent is
installed.
2
Use the keytool utility with the -selfcert to generate a new self-signed certicate.
Because the default self-signed certicate is issued to VMware, you must generate a new self-signed
certicate before you request a signed certicate. The signed certicate must be issued to your
organization.
For example:
keytool –selfcert –alias v4pa-brokeragent –dname dn-of-org –keystore v4pa-brokeragent.jks
dn-of-org is the distinguished name of the organization to which the certicate is issued, for example,
"OU=Management Platform, O=VMware, Inc. , C=US".
By default, the certicate signature uses the SHA1withRSA algorithm. You can override this default by
specifying the name of the algorithm in the keytool utility.
3
Use the keytool utility with the -certreq option to generate the certicate signing request.
A certicate signing request is required to request a certicate from a certicate signing authority.
For example:
keytool –certreq –alias v4pa-brokeragent –file certificate-request-file -keystore v4pa-
brokeragent.jks
certicate-request-le is the name of the le that will contain the certicate signing request.
4 Upload the certicate signing request to a certicate authority and request a signed certicate.
If the certicate authority requests a password for the certicate private key, use the password
congured for the certicate store.
The certicate authority returns a signed certicate.
VMware, Inc. 61
VMware vRealize Operations for Published Applications Installation and Administration
5
Copy the certicate le to the conf directory and run the keytool utility with the -import option to
import the signed certicate into the certicate store for the broker agent.
You must import the certicate le to the certicate store for the broker agent so that the broker agent
can start using the signed certicate.
For example:
keytool –import –alias v4pa-brokeragent –file certificate-filename -keystore v4pa-
brokeragent.jks
certicate-lename is the name of the certicate le from the certicate authority.
6
Run the keytool utility with the -import option to import the certicate authority root certicate into
the trust store le for the broker agent.
For example:
keytool -import -alias aliasname -file root_certificate -keystore v4pa-truststore.jks -
trustcacerts
root_certicate is the name of the certicate authority root certicate.
7 Restart the broker agent to start using the new certicate.
You can restart the broker agent by using the vRealize Operations for Published Applications Broker
Agent Seings wizard, or by restarting the vRealize Operations for Published Applications Broker
Agent Service.
What to do next
After you restart the broker agent, you must pair it with the vRealize Operations for Published Applications
adapter. See Chapter 13, “Certicate Pairing,” on page 63.
62 VMware, Inc.
Certificate Pairing 13
Before broker agents can communicate with the vRealize Operations for Published Applications adapter, the
adapter certicate must be shared with the agents, and the broker agent certicate must be shared with the
adapter. The process of sharing these certicates if referred to as certicate pairing.
The following actions occur during the certicate pairing process:
1 The broker agent's certicate is encrypted with the adapter's server key.
2 A connection is opened to the certicate management server and the encrypted certicate is passed to
the adapter instance. The adapter decrypts the broker agent's certicate by using the server key. If
decryption fails, an error is returned to the broker agent.
3 The broker agent's certicate is placed in the adapter's trust store.
4 The adapter's certicate is encrypted with the adapter's server key.
5 The encrypted certicate is returned to the broker agent. The broker agent decrypts the adapter's
certicate by using the server key. If decryption fails, an error is returned to the user.
6 The adapter's certicate is placed in the broker agent's trust store.
7 The adapter's certicate is sent to all XD-XA hosts via Group Policy.
After the certicates are successfully paired, they are cached in the trust stores for each individual
component. The broker certicate and the trust store are sent to all session hosts. The adapter certicate is
stored in the trust store and the broker certicate is stored in the v4pa-brokeragent.jks. If you provision a
new XD-XA server, the adapter's certicate is sent to the server by using the Group Policy, and you do not
need to pair the certicates again. However, if either the adapter or broker agent certicate changes, you
must pair the certicates again.
VMware, Inc.
You use the vRealize Operations for Published Applications Broker Agent Seings wizard to pair
certicates.
63
VMware vRealize Operations for Published Applications Installation and Administration
64 VMware, Inc.
SSL/TLS and Authentication-Related
Log Messages 14
The vRealize Operations for Published Applications adapter logs SSL/TLS conguration and authenticationrelated messages.
Table 14‑1. vRealize Operations for Published Applications Adapter Log Message Types
Log Message Type Description
CONFIGURATION The SSL/TLS conguration that is being used.
AUTHENTICATION SUCCESS A remote desktop has been successfully authenticated.
AUTHENTICATION FAILED A remote desktop has failed authentication.
Only CONFIGURATION and AUTHENTICATION FAILED events are wrien to the log by default. To
troubleshoot problems, you can raise the logging level to log other types of events.
You can view log messages and modify logging levels in the vRealize Operations Manager user interface.
VMware, Inc.
65
VMware vRealize Operations for Published Applications Installation and Administration
66 VMware, Inc.
Upgrade
vRealize Operations for Published
Applications 15
You can directly upgrade from vRealize Operations for Published Applications 6.2, 6.2.1, or 6.3 to 6.4.
N Upgrading from vRealize Operations for Published Applications 6.1 to
vRealize Operations for Published Applications 6.4 is not supported.
Prerequisites
Verify that your environment meets product compatibility, hardware, and software requirements.
n
Verify that XD Controller is installed and running.
n
Verify that vRealize Operations Manager is deployed and running.
n
If you have not yet upgraded to vRealize Operations Manager 6.2, 6.2.1, 6.3, or 6.4, upgrade
n
vRealize Operations Manager before you upgrade vRealize Operations for Published Applications.
Verify that a vCenter adapter is congured for each vCenter Server instance in your Published
n
Applications infrastructure. The vCenter adapter is provided with vRealize Operations Manager.
Download the vRealize Operations for Published Applications installation les from the product
n
download page.
Verify that you have a license key for the vRealize Operations for Published Applications solution.
n
Procedure
1 On the XD Controller host where the previous broker agent is installed, select VMware > vRealize
Operation for Published Applications Broker Agent and stop the Broker Agent service.
Stopping the broker agent service prevents errors or unhandled messages from occurring while the
vRealize Operations for Published Applications solution is being upgraded.
2 Copy the VMware-vrops-v4paadapter-6.4-buildnumber.pak le to a temporary folder.
3 Log in to the vRealize Operations Manager user interface with admin privileges.
4 In the left pane of vRealize Operations Manager, click the Administration tab and click Solutions.
5 On the Solutions tab, select vRealize Operation for Published Apps XD-XA and click the Add (plus
sign) icon.
6 Browse to locate the temporary folder and select the PAK le.
7 Select Force installation and Reset out-of-the-box content and click Upload to overwrite the previous
solution.
8 Read and accept the EULA and click Next.
Installation details appear in the window during the upload process.
VMware, Inc.
67
VMware vRealize Operations for Published Applications Installation and Administration
9 When the upgrade is complete, click Finish.
N You must restart vRealize Operations Manager cluster after the upgrade for the process to
complete. To do so, run service vmware-vcops --full-restart on the master node of the
vRealize Operations Manager.
10 If the port numbers are already not present in the /opt/vmware/etc/vmware-vcops-firewall.conf le on
the vRealize Operations Manager, add the following command after TCPPORTS="$TCPPORTS
3091:3094":
TCPPORTS="$TCPPORTS 3095:3098"
11 Restart the rewall by running the following command.
/etc/init.d/vmware-vcops-firewall restart
12 Check the status of the rewall by running the following command.
/etc/init.d/vmware-vcops-firewall status
What to do next
After the upgrade is nished, you must delete the existing solution for
vRealize Operations for Published Applications 6.2/6.2.1 and add new license for XD-XA solution.
After the vRealize Operations for Published Applications solution is licensed, you can install/upgrade and
congure the new version of the vRealize Operations for Published Applications solution.
This chapter includes the following topics:
“Upgrade Broker Agent,” on page 68
n
“Upgrade Desktop Agent,” on page 69
n
Upgrade Broker Agent
vRealize Operations for Published Applications Broker Agent 6.2, 6.2.1, and 6.3 can be upgraded to 6.4.
Prerequisites
Install the vRealize Operations for Published Applications solution, add your license key, and create an
instance of the vRealize Operations for Published Applications adapter.
Verify that you downloaded the Broker Agent installation le.
Procedure
1 Using a domain account that is part of the local administrators group, log in to the XD Controller where
you plan to install the Broker Agent.
2 Copy the VMware-v4pabrokeragent-x86_64-6.4-buildnumber.exe le to a temporary folder on the XD
Controller.
3 In the temporary folder, double-click the EXE le to start the Broker Agent setup wizard.
4 Accept the EULA and click Next.
5 Select the Launch the vRealize Operations for Published Applications Broker Agent
utility check box for the Broker Agent Conguration wizard to open immediately after the Broker
Agent is installed .
6 Click Install to begin the upgrade.
68 VMware, Inc.
7 When the installation nishes, click Finish to exit the Broker Agent setup wizard.
During this process, the earlier version of Broker Agent service is stopped, its conguration is
preserved, Broker Agent is uninstalled, and the new version of Broker Agent is installed.
8 When the conguration utility opens, enter the vRealize Operations Manager IP address and the
pairing credentials, and pair them on the rst screen of the wizard. Subsequent screen have the data
such as Controller Credentials populated from the previous installation .
9 On the Congure The Broker Agent Service page of the wizard, restart the Broker Agent service and
click Next.
N In case of upgrade, the Broker Agent service is not started automatically.
10 Click Finish.
Upgrade Desktop Agent
vRealize Operations for Published Applications Desktop Agent 6.2/6.2.1/6.3 can be upgraded to 6.4 on all
required machines.
To upgrade the Desktop Agent, perform the following task:
Procedure
Chapter 15 Upgrade vRealize Operations for Published Applications
1 Using a domain account that is part of the local administrators group, log in to the desktop machine
where you plan to upgrade the Desktop Agent.
2 Copy the VMware-v4padesktopagent-x86_64-6.4-buildnumber.exe or VMware-v4padesktopagent-6.4-
buildnumber.exe le to a temporary folder on the required machines.
3 In the temporary folder, run the EXE le to start the Desktop Agent setup wizard.
4 Accept the EULA and click Next.
5 Click Install to begin the upgrade.
6 When the installation nishes, click Finish to exit the Desktop Agent setup wizard.
N You can only upgrade Desktop Agent 6.2/6.2.1/6.3 to 6.4. If you have Desktop Agent 6.1 or 6.0
installed, you must uninstall the Desktop Agents and install Desktop Agent 6.4.
VMware, Inc. 69
VMware vRealize Operations for Published Applications Installation and Administration
70 VMware, Inc.
Create a
vRealize Operations Manager
Support Bundle 16
If the vRealize Operations for Published Applications adapter does not operate as expected, you can collect
log and conguration les in a support bundle and send the support bundle to VMware for analysis.
Procedure
1 Log in to the vRealize Operations Manager user interface with admin privileges.
2 Click the Administration tab and select Support > Support Bundles.
3 Click the Create Support Bundle (plus sign) icon.
4 Select the type of support bundle to generate and the nodes to include in the support bundle.
5 Click OK to create the support bundle.
The progress of the support bundle appears in the Status column on the Support Bundles pane. Support
bundle creation might take several minutes, depending on the size of the logs and the number nodes.
You can click the Reload Support Bundle icon to refresh the status.
6 Select the support bundle and click the Download Support Bundle icon to download the support
bundle to the server.
You cannot download a support bundle until its status is Succeed. For security,
vRealize Operations Manager prompts you for credentials when you download a support bundle.
7 (Optional) Send the support bundle to VMware for support.
VMware, Inc.
71
VMware vRealize Operations for Published Applications Installation and Administration
72 VMware, Inc.
Download
vRealize Operations for Published
Applications Broker Agent Log Files 17
If the vRealize Operations for Published Applications broker agent does not operate as expected, you can
download the broker agent log les.
Prerequisites
Verify that you have administrator privileges.
Procedure
1 Log in to the machine where the broker agent is installed.
2 Navigate to C:\programdata\VMware\vRealize Operations for Published Apps\Broker Agent\logs on
broker agent machine.
The logs directory contains the broker agent log les.
3 Use an archive program to create a ZIP le that contains the log les in the logs directory.
4 Send the ZIP le to VMware for support.
VMware, Inc.
73
VMware vRealize Operations for Published Applications Installation and Administration
74 VMware, Inc.
Download
vRealize Operations for Published
Applications Desktop Agent Log
Files 18
If the vRealize Operations for Published Applications desktop agent is not operating as expected, you can
download the desktop agent log les from the remote desktop and send the log les to VMware for support.
vRealize Operations for Published Applications retains desktop agent log les of the previous seven days by
default. You can specify the number of days that vRealize Operations for Published Applications retains
desktop agent log les by updating the registry entry LogPruneThreshold under
HKEY_LOCAL_MACHINE\SOFTWARE\VMware, Inc.\vRealize Operations for Published Apps\Desktop Agent.
Procedure
1 Log in to the controller server or session host server where the desktop agent is installed.
2 Navigate to C:\ProgramData\VMware\vRealize Operations for Published Apps\Desktop Agent\logs
and locate the desktop agent log les.
Desktop agent log le names begin with v4pa-.
3 Use an archive program to create a ZIP le that contains the desktop agent log les.
4 Send the ZIP le to VMware for support.
VMware, Inc.
75
VMware vRealize Operations for Published Applications Installation and Administration
76 VMware, Inc.
View Collector and
vRealize Operations for Published
Applications Adapter Log Files 19
You can view collector and vRealize Operations for Published Applications adapter log les in the
vRealize Operations Manager user interface. Log les are organized in log type folders.
Prerequisites
Verify that you have administrator privileges.
Procedure
1 Log in to the vRealize Operations Manager user interface with admin privileges.
2 Click the Administration tab, click Support, and click Logs.
3 Select Log Type from the Group by drop-down menu.
4 Double-click the Collector folder and double-click the folder for the node on which the adapter instance
is running.
5 View the log les.
a Double-click a log le to view the contents of the log le.
b Type line numbers in the Starting line and # of lines text boxes and click the Load log content icon
(>) to view a specic part of the log le.
6 Click the Reload Tree icon to reload the log tree information and collapse all open folders.
VMware, Inc.
77
VMware vRealize Operations for Published Applications Installation and Administration
78 VMware, Inc.
Modify the Logging Level for
vRealize Operations for Published
Applications Adapter Log Files 20
You can modify the logging level for the collector node that contains the log les for a
vRealize Operations for Published Applications adapter instance.
Prerequisites
Verify that you have administrator privileges.
Procedure
1 Log in to the vRealize Operations Manager user interface.
2 Click the Administration tab, click Support, and click Logs.
3 Select Log Type from the Group by drop-down menu.
4 Expand the Collector folder.
5 Select the node on which the vRealize Operations for Published Applications adapter instance is
running and click the Edit Properties icon.
6 Add V4PA_adapterx as a new log name.
7 Select a logging level from the drop-down menu in the Logging Level column.
To troubleshoot problems, set the logging level to Info. To view detailed messages, including micro
steps, queries, and returned results, set the logging level to Debug.
N If you set the logging level to Debug, log les can become large very quickly. Set the logging
level to Debug only for short periods of time.
VMware, Inc.
79
VMware vRealize Operations for Published Applications Installation and Administration
80 VMware, Inc.
Index
A
about 5
accessing dashboards 35
adapter
certificates 57
configuring 18
installation 15
instance 18
trust store files 57
adapter authentication 55
alerts, application crash 45
architecture 8
authentication, broker agent 56
B
broker agent
authentication 56
certificates 58, 61
configuring 21
installing 20
Broker Agent 68
C
certificate pairing 63
Certificate on Client 33
certificates
adapter 59
broker agent 61
changing default 59
managing 55
pairing 63
self-signed 59
changing default ports, RMI services 48
ciphers 51
Client Machine 34
components
adapter 9
broker agent 9
desktop agent 9
configuration
broker agent 21
desktop agents 24
configuring 13
D
dashboards
health badge 38
Published Applications servers 40
XD-XA Overview 39
XD-XA Root Cause Analysis 42
XD-XA Session Details Dashboard 40
desktop agent, authentication 55
desktop agents
configuring 24
installing 24
Desktop Agent 69
E
Enabling HTTP or HTTPS protocol for
PowerShell remoting 29
etc/host file for DNS Resolution 33
F
firewall, rules 19
Firewall 33
firewalls, updating 49
G
generating reports 43
GPO 24
group policies 24
H
health badge 38
Help Desk 39
HTTP Protocol for PowerShell Remoting 29
HTTPS Protocol for PowerShell 29, 30
I
installation
broker agent 20
desktop agents 24
installation files 15
installation overview 13
installing
adapter 15
components 13
installation files 15
overview 13
introduction 7
VMware, Inc.
81
VMware vRealize Operations for Published Applications Installation and Administration
L
License server, firewall rules 19
license groups 17
licensing, vRealize Operations for Published
Applications 16
log messages, authentication 65
M
managing certificates 55
monitoring a Citrix XenDesktop environment 35
msgclient.properties file 52
msgserver.properties file 48, 52
O
overview 7
P
ports
default 16
RMI services 48
PowerShell remoting 29
PowerShell Remoting on the Server 27
product compatibility 11
R
replacing the default certificate, broker agent 61
reports, subjects 43, 44
RMI communication 47
RMI services
changing default ports 48
ports 48
broker agent 73
configuration files 71
desktop agent 75
log files 71, 73, 75, 77, 79
support bundle 71
trust store files, broker agent 58
TSL configuration 51
U
upgrading 67
Using makecert 34
using reports 43
V
VDI Desktops Dashboard 41
W
WinRM HTTPS Listener 33
X
XD-XA Overview dashboard 39
XD-XA Servers dashboard 40
XD-XA Session Details Dashboard 40
XD-XA dashboard overview 37
XD-XA Root Cause Analysis Dashboard 42
XenDesktop server, firewall rules 19
S
security, RMI communication 47
Self-Signed Certificate using OpenSSL 31
Self-signed SSL Certificate using
Makercert.exe 31
Self-Signed SSL Certificate using IIS
Manager 31
server key 18
software requirements 11
SSL Certificate 30
SSL Certificate on Remote Machine 32
SSL/TLS
ciphers 51
configuration 51
Store Front server, firewall rules 19
system requirements 11
system components 8
T
TLS configuration properties 52
troubleshooting
adapter 77, 79
82 VMware, Inc.
Loading...