VMware vRealize Operations Manager - 6.4 Administrator’s Guide
vRealize Operations Manager
Customization and Administration
Guide
vRealize Operations Manager 6.4
vRealize Operations Manager Customization and Administration Guide
You can find the most up-to-date technical documentation on the VMware Web site at:
hps://docs.vmware.com/
The VMware Web site also provides the latest product updates.
If you have comments about this documentation, submit your feedback to:
docfeedback@vmware.com
Copyright © 2017 VMware, Inc. All rights reserved. Copyright and trademark information.
VMware, Inc.
3401 Hillview Ave.
Palo Alto, CA 94304
www.vmware.com
2 VMware, Inc.
Contents
About Customization and Administration 7
Conguring Users and Groups in vRealize Operations Manager 9
1
Managing Users and Access Control in vRealize Operations Manager 10
Users of vRealize Operations Manager 10
Roles and Privileges in vRealize Operations Manager 13
User Scenario: Manage User Access Control 14
Congure a Single Sign-On Source in vRealize Operations Manager 17
Audit Users and the Environment in vRealize Operations Manager 20
Managing Custom Object Groups in VMware vRealize Operations Manager 21
User Scenario: Creating Custom Object Groups 22
Managing Application Groups 24
User Scenario: Adding an Application 24
Customizing How vRealize Operations Manager Displays Your Data 27
2
Using Dashboards 27
User Scenario: Create and Congure Dashboards and Widgets 28
Dashboards 32
Predened Dashboards 33
Using Widgets 38
Widget Denitions List 39
Widget Interactions 41
Add a Resource Interaction XML File 41
Using Views 43
User Scenario: Create, Run, Export, and Import a vRealize Operations Manager View for
Tracking Virtual Machines 43
Views and Reports Ownership 45
Editing, Cloning, and Deleting a View 46
Using Reports 46
User Scenario: Handling Reports to Monitor Virtual Machines 46
VMware, Inc.
Customizing How vRealize Operations Manager Monitors Your Environment 51
3
Dening Alerts in vRealize Operations Manager 52
Object Relationship Hierarchies for Alert Denitions 53
Alert Denition Best Practices 53
Understanding Negative Symptoms for vRealize Operations Manager Alerts 54
Create an Alert Denition for Department Objects 55
Dening Symptoms for Alerts 65
Viewing Actions Available in vRealize Operations Manager 67
Dening Recommendations for Alert Denitions 68
Creating and Managing vRealize Operations Manager Alert Notications 68
3
vRealize Operations Manager Customization and Administration Guide
Dening Compliance Standards 79
vRealize Operations Manager Compliance for vSphere 6.0 Objects 80
User Scenario: Ensure Compliance of Your vSphere 6.0 Objects 81
User Scenario: Dene a Compliance Standard for Custom Standards 85
Operational Policies 87
Managing and Administering Policies for vRealize Operations Manager 88
Policy Decisions and Objectives 89
Default Policy in vRealize Operations Manager 90
Custom Policies 90
Policies Provided with vRealize Operations Manager 91
User Scenario: Create a Custom Operational Policy for a vSphere Production Environment 93
User Scenario: Create an Operational Policy for Production vCenter Server Datastore Objects 100
Using the Monitoring Policy Workspace to Create and Modify Operational Policies 108
Policy Workspace in vRealize Operations Manager 109
Super Metrics in vRealize Operations Manager 110
Super Metric Functions and Operators 110
Enhancing Your Super Metrics 113
User Scenario: Formulate and Apply Your Super Metric 114
Building a Super Metric Formula 117
Exporting a Super Metric 118
Importing a Super Metric 118
vSphere Predictive Distributed Resource Scheduler 119
Congure vSphere Predictive DRS 119
Customizing Icons 120
Customize an Object Type Icon 120
Customize an Adapter Type Icon 120
Managing Objects in Your Environment 121
Adding an Object to Your Environment 121
Creating and Assigning Tags 122
Conguring Object Relationships 125
Adding an Object Relationship 125
Customizing How Endpoint Operations Management Monitors Operating Systems 126
Conguring Remote Monitoring 126
Working with Agent Plug-ins 132
Conguring Agent Logging 133
Modifying Global Seings 136
List of Global Seings 137
Maintaining and Expanding vRealize Operations Manager 139
4
vRealize Operations Manager Cluster and Node Maintenance 139
Create a vRealize Operations Manager Support Bundle 141
vRealize Operations Manager Passwords and Certicates 141
Change the vRealize Operations Manager Administrator Password 141
Reset the vRealize Operations Manager Administrator Password on vApp or Linux Clusters 142
Reset the vRealize Operations Manager Administrator Password on Windows Clusters 142
Generate a vRealize Operations Manager Passphrase 142
How To Preserve Customized Content 143
Backup and Restore 144
Backing Up and Restoring with vSphere Data Protection 144
4 VMware, Inc.
Checking the Restore of vRealize Operations Manager Systems 147
Change the IP Address of Nodes After Restoring a Cluster on a Remote Host 148
Manual Backup Procedure Appears to Stall 149
Contents
OPS-CLI Command-Line Tool 151
5
dashboard Command Operations 152
template Command Operations 152
supermetric Command Operations 153
aribute Command Operations 154
reskind Command Operations for Object Types 154
report Command Operations 154
view Command Operations 155
le Command Operations 155
Index 157
VMware, Inc. 5
vRealize Operations Manager Customization and Administration Guide
6 VMware, Inc.
About Customization and Administration
The VMware vRealize Operations Manager Customization and Administration Guide describes how to congure
and monitor your environment. It shows you how to connect vRealize Operations Manager to external data
sources and analyze the data collected from them, ensure that users and their supporting infrastructure are
in place, congure resources to determine the behavior of your objects, and format the content that appears
in vRealize Operations Manager.
To help you maintain and expand your vRealize Operations Manager installation, this information describes
how to manage nodes and clusters, congure NTP, view log les, create support bundles, and add a
maintenance schedule. It provides information about license keys and groups, and shows you how to
generate a passphrase, review the certicates used for authentication, run the describe process, and perform
advanced maintenance functions.
Intended Audience
This information is intended for vRealize Operations Manager administrators, virtual infrastructure
administrators, and operations engineers who install, congure, monitor, manage, and maintain the objects
in your environment.
VMware Technical Publications Glossary
VMware, Inc.
VMware Technical Publications provides a glossary of terms that might be unfamiliar to you. For denitions
of terms as they are used in VMware technical documentation, go to
hp://www.vmware.com/support/pubs.
7
vRealize Operations Manager Customization and Administration Guide
8 VMware, Inc.
Configuring Users and Groups in
vRealize Operations Manager 1
As a system administrator, you must ensure that users and their supporting infrastructure are in place. You
establish and maintain user access to your instance of vRealize Operations Manager, control user
preferences, and manage seings for the email server.
User Access Control
To ensure security of the objects in your vRealize Operations Manager instance, and the actions that a user
can perform to the objects and to the system, you manage all aspects of user access control .
vRealize Operations Manager assigns access permissions to users and user groups. Access privileges are
organized into roles. You control users and user groups access to objects in the system, by specifying the
privileges they can perform on selected objects. When you assign a role to a user, you are determining not
only what actions the user can perform in the system, but also the objects upon which he can perform those
actions. You can assign users a role that gives them complete access to all objects in the system.
Alternatively, you can assign users a role that gives them read-only privileges on virtual machines. Since
users and user groups can hold more than one role, the same user may have complete access to all the
virtual machines on one cluster, but read-only access to the virtual machines on another.
As a system administrator, you must prevent unauthorized users from accessing certain les in your
Windows-based environment. The %ALIVE_BASE%/user/conf directory contains password and other
sensitive information related to accessing your vRealize Operations Manager environment. Access this
directory, and assign access permissions accordingly to secure your environment.
User Preferences
To determine the display options for vRealize Operations Manager, such as colors for the display and health
chart, the number of metrics and groups to display, and whether to synchronize system time with the host
machine, you congure the user preferences on the top toolbar.
This chapter includes the following topics:
“Managing Users and Access Control in vRealize Operations Manager,” on page 10
n
“Managing Custom Object Groups in VMware vRealize Operations Manager,” on page 21
n
“Managing Application Groups,” on page 24
n
VMware, Inc.
9
vRealize Operations Manager Customization and Administration Guide
Managing Users and Access Control in vRealize Operations Manager
To ensure security of the objects in your vRealize Operations Manager instance, as a system administrator
you can manage all aspects of user access control. You create user accounts, assign each user to be a member
of one or more user groups, and assign roles to each user or user group to set their privileges.
Users must have privileges to access specic features in the vRealize Operations Manager user interface.
Access control is dened by assigning privileges to both users and objects. You can assign one or more roles
to users, and enable them to perform a range of dierent actions on the same types of objects. For example,
you can assign a user with the privileges to delete a virtual machine, and assign the same user with readonly privileges for another virtual machine.
User Access Control
You can authenticate users in vRealize Operations Manager in several ways.
Create local user accounts in vRealize Operations Manager.
n
Use VMware vCenter Server® users. After the vCenter Server is registered with
n
vRealize Operations Manager, congure the vCenter Server user options in the
vRealize Operations Manager global seings to enable a vCenter Server user to log in to
vRealize Operations Manager. When logged into vRealize Operations Manager, vCenter Server users
access objects according to their vCenter Server-assigned permissions.
Add an authentication source to authenticate imported users and user group information that resides
n
on another machine.
Use LDAP to import users or user groups from an LDAP server. LDAP users can use their LDAP
n
credentials to log in to vRealize Operations Manager. For example, use Active Directory on a
Windows machine to log into vRealize Operations Manager through LDAP, by adding the Active
Directory server as an LDAP server.
Create a single sign-on source and import users and user groups from a single sign-on server.
n
Single sign-on users can use their single sign-on credentials to log in to
vRealize Operations Manager and vCenter Server. You can also use Active Directory through
single sign-on by conguring the Active Directory through single sign-on and adding the single
sign-on source to vRealize Operations Manager.
Users of vRealize Operations Manager
Each user has an account to authenticate them when they log in to vRealize Operations Manager.
The accounts of local users and LDAP users are visible in the vRealize Operations Manager user interface
when they are set up. The accounts of vCenter Server and single sign-on users only appear in the user
interface after a user logs in for the rst time. Each user can be assigned one or more roles, and can be an
authenticated member of one or more user groups.
Local Users in vRealize Operations Manager
When you create user accounts in a local vRealize Operations Manager instance,
vRealize Operations Manager stores the credentials for those accounts in its global database, and
authenticates the account user locally.
Each user account must have a unique identity, and can include any associated user preferences.
If you are logging in to vRealize Operations Manager as a local user, and on occasion receive an invalid
password message, try the following workaround. In the Login page, change the Authentication Source to
All vCenter Servers, change it back to Local Users, and log in again.
10 VMware, Inc.
Chapter 1 Configuring Users and Groups in vRealize Operations Manager
vCenter Server Users in vRealize Operations Manager
vRealize Operations Manager supports vCenter Server users. To log in to vRealize Operations Manager,
vCenter Server users must be valid users in vCenter Server.
Roles and Associations
A vCenter Server user must have either the vCenter Server Admin role or one of the
vRealize Operations Manager privileges, such as PowerUser which assigned at the root level in
vCenter Server, to log in to vRealize Operations Manager. vRealize Operations Manager uses only the
vCenter privileges, meaning the vRealize Operations Manager roles, at the root level, and applies them to all
the objects to which the user has access. After logging in, vCenter Server users can view all the objects in
vRealize Operations Manager that they can already view in vCenter Server.
Logging in to vCenter Server Instances and Accessing Objects
vCenter Server users can access either a single vCenter Server instance or multiple vCenter Server instances,
depending on the authentication source they select when they log in to vRealize Operations Manager.
If users select a single vCenter Server instance as the authentication source, they have permission to
n
access the objects in that vCenter Server instance. After the user has logged in, an account is created in
vRealize Operations Manager with the specic vCenter Server instance serving as the authentication
source.
If users select All vCenter Servers as the authentication source, and they have identical credentials for
n
each vCenter Server in the environment, they see all the objects in all the vCenter Server instances. Only
users that have been authenticated by all the vCenter Servers in the environment can log in. After a user
has logged in, an account is created in vRealize Operations Manager with all vCenter Server instances
serving as the authentication source.
vRealize Operations Manager does not support linked vCenter Server instances. Instead, you must
congure the vCenter Server adapter for each vCenter Server instance, and register each vCenter Server
instance to vRealize Operations Manager.
Only objects from a specic vCenter Server instance appear in vRealize Operations Manager. If a
vCenter Server instance has other linked vCenter Server instances, the data does not appear.
vCenter Server Roles and Privileges
You cannot view or edit vCenter Server roles or privileges in vRealize Operations Manager.
vRealize Operations Manager sends roles as privileges to vCenter Server as part of the vCenter Server
Global privilege group. A vCenter Server administrator must assign vRealize Operations Manager roles to
users in vCenter Server.
vRealize Operations Manager privileges in vCenter Server have the role appended to the name. For
example, vRealize Operations Manager ContentAdmin Role, or vRealize Operations Manager PowerUser
Role.
Read-Only Principal
A vCenter Server user is a read-only principal in vRealize Operations Manager, which means that you
cannot change the role, group, or objects associated with the role in vRealize Operations Manager. Instead,
you must change them in the vCenter Server instance. The role applied to the root folder applies to all the
objects in vCenter Server to which a user has privileges. vRealize Operations Manager does not apply
individual roles on objects. For example, if a user has the PowerUser role to access the vCenter Server root
folder, but has read-only access to a virtual machine, vRealize Operations Manager applies the PowerUser
role to the user to access the virtual machine.
VMware, Inc. 11
vRealize Operations Manager Customization and Administration Guide
Refreshing Permissions
When you change permissions for a vCenter Server user in vCenter Server, the user must log out and log
back in to vRealize Operations Manager to refresh the permissions and view the updated results in
vRealize Operations Manager. Alternatively, the user can wait for vRealize Operations Manager to refresh.
The permissions refresh at xed intervals, as dened in the $ALIVE_BASE/user/conf/auth.properties le.
The default refreshing interval is half an hour. If necessary, you can change this interval for all nodes in the
cluster.
Single Sign-On and vCenter Users
When vCenter Server users log into vRealize Operations Manager by way of single sign-on, they are
registered on the vRealize Operations Manager User Accounts page. If you delete the account of a
vCenter Server user that has logged into vRealize Operations Manager by way of single sign-on, or remove
the user from a single sign-on group, the user account entry still appears on the User Account page and you
must delete it manually.
Generating Reports
vCenter Server users cannot create or schedule reports in vRealize Operations Manager.
Backward Compatibility for vCenter Server Users in vRealize Operations Manager
vRealize Operations Manager provides backward compatibility for users of the earlier version of
vRealize Operations Manager, so that users of vCenter Server who have privileges in the earlier version in
vCenter Server can log in to vRealize Operations Manager.
When you register vRealize Operations Manager in vCenter Server, certain roles become available in
vCenter Server.
The Administrator account in the previous version of vRealize Operations Manager maps to the
n
PowerUser role.
The Operator account in the previous version of vRealize Operations Manager maps to the ReadOnly
n
role.
During registration, all roles in vRealize Operations Manager, except for vRealize Operations Manager
Administrator, Maintenance, and Migration, become available dynamically in vCenter Server.
Administrators in vCenter Server have all of the roles in vRealize Operations Manager that map during
registration, but these administrator accounts only receive a specic role on the root folder in vCenter Server
if it is specially assigned.
Registration of vRealize Operations Manager with vCenter Server is optional. If users choose not to register
vRealize Operations Manager with vCenter Server, a vCenter Server administrator can still use their user
name and password to log in to vRealize Operations Manager, but these users cannot use the vCenter Server
session ID to log in. In this case, typical vCenter Server users must have one or more
vRealize Operations Manager roles to log in to vRealize Operations Manager.
When multiple instances of vCenter Server are added to vRealize Operations Manager, user credentials
become valid for all of the vCenter Server instances. When a user logs in to vRealize Operations Manager, if
the user selects all vCenter Server options during login, vRealize Operations Manager requires that the
user's credentials are valid for all of the vCenter Server instances. If a user account is only valid for a single
vCenter Server instance, that user can select the vCenter Server instance from the login drop-down menu to
log in to vRealize Operations Manager.
vCenter Server users who log in to vRealize Operations Manager must have one or more of the following
roles in vCenter Server:
vRealize Operations Content Admin Role
n
vRealize Operations General User Role 1
n
12 VMware, Inc.
Chapter 1 Configuring Users and Groups in vRealize Operations Manager
vRealize Operations General User Role 2
n
vRealize Operations General User Role 3
n
vRealize Operations General User Role 4
n
vRealize Operations Power User Role
n
vRealize Operations Power User without Remediation Actions Role
n
vRealize Operations Read Only Role
n
For more information about vCenter Server users, groups, and roles, see the vCenter Server documentation.
External User Sources in vRealize Operations Manager
You can obtain user accounts from external sources so that you can use them in your
vRealize Operations Manager instance.
There are two types of external user identity sources:
Lightweight Directory Access Protocol (LDAP): Use the LDAP source if you want to use the Active
n
Directory or LDAP servers as authentication sources. The LDAP source does not support multidomains even when there is a two-way trust between Domain A and Domain B.
Single Sign-On (SSO): Use a single sign-on source to perform single sign-on with any application that
n
supports vCenter single sign-on, including vRealize Operations Manager. For example, you can install a
standalone vCenter Platform Services Controller (PSC) and use it to communicate with an Active
Directory server. Use a PSC if the Active Directory has a setup that is too complex for the simple LDAP
source in vRealize Operations Manager, or if the LDAP source is experiencing slow performance. If
your PSC is congured to use Active Directory with integrated Windows authentication mode, SSO
users can log in using Windows authentication.
Roles and Privileges in vRealize Operations Manager
vRealize Operations Manager provides several predened roles to assign privileges to users. You can also
create your own roles.
You must have privileges to access specic features in the vRealize Operations Manager user interface. The
roles associated with your user account determine the features you can access and the actions you can
perform.
Each predened role includes a set of privileges for users to perform create, read, update, or delete actions
on components such as dashboards, reports, administration, capacity, policies, problems, symptoms, alerts,
user account management, and adapters.
Administrator
PowerUser
PowerUserMinusRemed
iation
ContentAdmin
AgentManager
Includes privileges to all features, objects, and actions in
vRealize Operations Manager.
Users have privileges to perform the actions of the Administrator role except
for privileges to user management and cluster management.
vRealize Operations Manager maps vCenter Server users to this role.
Users have privileges to perform the actions of the Administrator role except
for privileges to user management, cluster management, and remediation
actions.
Users can manage all content, including views, reports, dashboards, and
custom groups in vRealize Operations Manager.
Users can deploy and congure Endpoint Operations Management agents.
VMware, Inc. 13
vRealize Operations Manager Customization and Administration Guide
GeneralUser-1 through
GeneralUser-4
These predened template roles are initially dened as ReadOnly roles.
vCenter Server administrators can congure these roles to create
combinations of roles to give users multiple types of privileges. Roles are
synchronized to vCenter Server once during registration.
ReadOnly
Users have read-only access and can perform read operations, but cannot
perform write actions such as create, update, or delete.
User Scenario: Manage User Access Control
As a system administrator or virtual infrastructure administrator, you manage user access control in
vRealize Operations Manager so that you can ensure the security of your objects. Your company just hired a
new person, and you must create a user account and assign a role to the account so that the new user has
permission to access specic content and objects in vRealize Operations Manager.
In this scenario you will learn how to create user accounts and roles, and assign roles to the user accounts to
specify access privileges to views and objects. You will then demonstrate the intended behavior of the
permissions on these accounts.
You will create a new user account, named Tom User, and a new role that grants administrative access to
objects in the vRealize Operations Clusters. You will apply the new role to the user account.
Finally, you will import a user account from an external LDAP user database that resides on another
machine to vRealize Operations Manager, and assign a role to the imported user account to congure the
user's privileges.
Prerequisites
Verify that the following conditions are met:
vRealize Operations Manager is installed and operating properly, and contains objects such as clusters,
n
hosts, and virtual machines.
One or more user groups are dened.
n
Procedure
1 Create a New Role on page 14
You use roles to manage access control for user accounts in vRealize Operations Manager.
2 Create a User Account on page 15
As an administrator you assign a unique user account to each user so that they can use
vRealize Operations Manager. While you set up the user account, you assign the privileges that
determine what activities the user can perform in the environment, and upon what objects.
3 Import a User Account and Assign Permissions on page 16
You can import user accounts from external sources, such as an LDAP database on another machine,
or a single sign-on server, so that you can give permission to those users to access certain features and
objects in vRealize Operations Manager.
What to do next
Create a new role.
Create a New Role
You use roles to manage access control for user accounts in vRealize Operations Manager.
In this procedure, you will add a new role and assign administrative permissions to the role.
14 VMware, Inc.
Chapter 1 Configuring Users and Groups in vRealize Operations Manager
Prerequisites
Verify that you understand the context of this scenario. See “User Scenario: Manage User Access Control,”
on page 14.
Procedure
1 In vRealize Operations Manager, select Administration in the left pane and click Access Control.
2 Click the Roles tab.
3 Click the Add icon on the toolbar to create a new role.
The Create Role dialog box appears.
4 For the role name, type admin_cluster, then type a description and click OK.
The admin_cluster role appears in the list of roles.
5 Click the admin_cluster role.
6 In the Details grid below, on the Permissions pane, click the Edit icon.
The Assign Permissions to Role dialog box appears.
7 Select the Administrative Access - all permissions check box.
8 Click Update.
This action gives this role administrative access to all the features in the environment.
What to do next
Create a user account, and assign this role to the account.
Create a User Account
As an administrator you assign a unique user account to each user so that they can use
vRealize Operations Manager. While you set up the user account, you assign the privileges that determine
what activities the user can perform in the environment, and upon what objects.
In this procedure, you will create a user account, assign the admin_cluster role to the account, and associate
the objects that the user can access while assigned this role. You will assign access to objects in the vRealize
Operations Cluster. Then, you will test the user account to conrm that the user can access only the specied
objects.
Prerequisites
Create a new role. See “Create a New Role,” on page 14.
Procedure
1 In vRealize Operations Manager, select Administration in the left pane and click Access Control.
2 Click the User Accounts tab.
3 Click the Add icon to create a new user account, and provide the information for this account.
Option Description
User Name
Password
Confirm Password
First Name
Last Name
Email Address
VMware, Inc. 15
Type the user name to use to log in to vRealize Operations Manager.
Type a password for the user.
Type the password again to conrm it.
Type the user's rst name. For this scenario, type Tom.
Type the user's last name. For this scenario, type User.
(Optional). Type the user's email address.
vRealize Operations Manager Customization and Administration Guide
Option Description
Description
Disable this user
Require password change at next
login
(Optional). Type a description for this user.
Do not select this check box, because you want the user to be active for this
scenario.
Do not select this check box, because you do not need to change the user's
password for this scenario.
4 Click Next.
The list of user groups appears.
5 Select a user group to add the user account as a member of the group.
6 Click the Objects tab.
7 Select the admin_cluster role from the drop-down menu.
8 Select the Assign this role to the user check box.
9 In the Object Hierarchies list, select the vRealize Operations Cluster check box.
10 Click Finish.
You created a new user account for a user who can access all the vRealize Operations Cluster objects.
The new user now appears in the list of user accounts.
11 Log out of vRealize Operations Manager.
12 Log in to vRealize Operations Manager as Tom User, and verify that this user account can access all the
objects in the vRealize Operations Cluster hierarchy, but not other objects in the environment.
13 Log out of vRealize Operations Manager.
You used a specic role to assign permission to access all objects in the vRealize Operations Cluster to a user
account named Tom User.
What to do next
Import a user account from an external LDAP user database that resides on another machine, and assign
permissions to the user account.
Import a User Account and Assign Permissions
You can import user accounts from external sources, such as an LDAP database on another machine, or a
single sign-on server, so that you can give permission to those users to access certain features and objects in
vRealize Operations Manager.
Prerequisites
Congure an authorization source. See the vRealize Operations Manager Information Center.
n
Procedure
1 Log out of vRealize Operations Manager, then log in as a system administrator.
2 In vRealize Operations Manager, select Administration, and click Access Control.
3 On the toolbar, click the Import Users icon.
16 VMware, Inc.
Chapter 1 Configuring Users and Groups in vRealize Operations Manager
4 Specify the options to import user accounts from an authorization source.
a On the Import Users page, from the Import From drop-down menu, select an authentication
source.
b In the Domain Name drop-down menu, type the domain name from which you want to import
users, and click Search.
c Select the users you want to import, and click Next.
d On the Groups tab, select the user group to which you want to add this user account.
e Click the Objects tab, select the admin_cluster role, and select the Assign this role to the user
check box.
f In the Object Hierarchies list, select the vRealize Operations Cluster check box, and click Finish.
5 Log out of vRealize Operations Manager.
6 Log in to vRealize Operations Manager as the imported user.
7 Verify that the imported user can access only the objects in the vRealize Operations Cluster.
You imported a user account from an external user database or server to vRealize Operations Manager, and
assigned a role and the objects the user can access while holding this role to the user.
You have nished this scenario.
Configure a Single Sign-On Source in vRealize Operations Manager
As a system administrator or virtual infrastructure administrator, you use single sign-on to enable SSO users
to log in securely to your vRealize Operations Manager environment.
After the single sign-on source is congured, users are redirected to an SSO identity source for
authentication. When logged in, users can access other vSphere components such as the vCenter Server
without having to log in again.
Create Single Sign-On Source and Import User Groups in vRealize Operations Manager
(hp://link.brightcove.com/services/player/bcpid2296383276001?bctid=ref:video_create_sso)
Prerequisites
Verify that the server system time of the single sign-on source and vRealize Operations Manager are
n
synchronized. If you need to congure the Network Time Protocol (NTP), see “vRealize Operations
Manager Cluster and Node Maintenance,” on page 139.
Verify that you have access to a Platform Services Controller through the vCenter Server. See the
n
VMware vSphere Information Center for more details.
Procedure
1 Log in to vRealize Operations Manager as an administrator.
2 Select Administration > Authentication Sources, and click the Add icon on the toolbar.
3 In the Add Source for User and Group Import dialog box, provide information for the single sign-on
source.
Option Action
Source Display Name
Source Type
VMware, Inc. 17
Type a name for the import source.
Verify that SSO SAML is displayed.
vRealize Operations Manager Customization and Administration Guide
Option Action
Host
Port
User Name
Password
Grant administrator role to
vRealize Operations Manager for
future configuration?
Automatically redirect to vRealize
Operations single sign-on URL?
Import single sign-on user groups
after adding the current source?
Advanced options
Enter the IP address or FQDN of the host machine where the single signon server resides. If you enter the FQDN of the host machine, verify that
every non-remote collector node in the vRealize Operations Manager
cluster can resolve the single sign-on host FQDN.
Set the port to the single sign-on server listening port. By default, the port
is set to 443.
Enter the user name that can log into the SSO server.
Enter the password.
Select Yes so that the SSO source is reregistered automatically if you make
changes to the vRealize Operations Manager setup. If you select No, and
the vRealize Operations Manager setup is changed, single sign-on users
will not be able to log in until you manually reregister the single sign-on
source.
Select Yes to direct users to the vCenter single-sign on log in page. If you
select No, users are not redirected to SSO for authentication. This option
can be changed in the vRealize Operations Manager Global Seings.
Select Yes so that the wizard directs you to the Import User Groups page
when you have completed the SSO source setup. If you want to import
user accounts, or user groups at a later stage, select No.
If your environment uses a load balancer, enter the IP address of the load
balancer.
4 Click Test to test the source connection, and then click OK.
The certicate details are displayed.
5 Select the Accept this check box, and click OK.
6 In the Import User Groups dialog box, import user accounts from an SSO server on another machine.
Option Action
Import From
Domain Name
Result Limit
Search Prefix
Select the single sign-on server you specied when you congured the
single sign-on source.
Select the domain name from which you want to import user groups. If
Active Directory is congured as the integrated Windows Authentication
(WA) source in the Platform Services Controller (PSC), and you are
importing user groups from an Active Directory tree, verify that the
groups are not domain local groups. Domain local groups are only visible
within a single domain, unless the domain is the one in which the PSC is
congured. If Active Directory is congured as the LDAP source in the
PSC, you can only import universal groups and domain local groups if the
vCenter Server resides in the same domain.
Enter the number of results that are displayed when the search is
conducted.
Enter a prex to use when searching for user groups.
7 In the list of user groups displayed, select at least one user group, and click Next.
8 In the Roles and Objects pane, select a role from the Select Role drop-down menu, and select the
Assign this role to the group check box.
9 Select the objects users of the group can access when holding this role.
To assign permissions so that users can access all the objects in vRealize Operations Manager, select the
Allow access to all objects in the system check box.
10 Click OK.
18 VMware, Inc.
Chapter 1 Configuring Users and Groups in vRealize Operations Manager
11 Familiarize yourself with single-sign on and conrm that you have congured the single sign-on source
correctly.
a Log out of vRealize Operations Manager.
b Log in to the vSphere Web Client as one of the users in the user group you imported from the
single sign-on server.
c In a new browser tab, enter the IP address of your vRealize Operations Manager environment.
d If the single sign-on server is congured correctly, you are logged in to
vRealize Operations Manager without having to enter your user credentials.
Edit a Single Sign-On Source
Edit a single sign-on source if you need to change the administrator credentials used to manage the single
sign-on source, or if you have changed the host of the source.
When you congure an SSO source, you specify either the IP address or the FQDN of the host machine
where the single sign-on server resides. If you want to congure a new host, that is, if the single sign-on
server resides on a dierent host machine than the one congured when the source was set up,
vRealize Operations Manager removes the current SSO source, and creates a new source. In this case, you
must reimport the users you want to associate with the new SSO source.
If you want to change the way the current host is identied in vRealize Operations Manager, for example,
change the IP address to the FQDN and the reverse, or update the IP address of the PSC if the IP address of
the congured PSC has changed, vRealize Operations Manager updates the current SSO source, and you are
not required to reimport users.
Procedure
1 Log in to vRealize Operations Manager as an administrator.
2 Select Administration, and then select Authentication Sources.
3 Select the single sign-on source and click the Edit icon.
4 Make changes to the single sign-on source, and click OK.
If you are conguring a new host, the New Single Sign-On Source Detected dialog box appears.
5 Enter the administrator credentials that were used to set up the single sign-on source, and click OK.
The current SSO source is removed, and a new one created.
6 Click OK to accept the certicate.
7 Import the users you want to associate with the SSO source.
VMware, Inc. 19
vRealize Operations Manager Customization and Administration Guide
Audit Users and the Environment in vRealize Operations Manager
At times you might need to provide documentation as evidence of the sequence of activities that took place
in your vRealize Operations Manager environment. Auditing allows you to view the users, objects, and
information that is collected. To meet audit requirements, such as for business critical applications that
contain sensitive data that must be protected, you can generate reports on the activities of your users, the
privileges assigned to users to access objects, and the counts of objects and applications in your
environment.
Auditing reports provide traceability of the objects and users in your environment.
User Activity Audit
Run this report to understand the scope of user activities, such as logging in,
actions on clusters and nodes, changes to system passwords, activating
certicates, and logging out.
User Permissions Audit
Generate this report to understand the scope of user accounts and their roles,
access groups, and access privileges.
System Audit
Run this report to understand the scale of your environment. This report
displays the counts of congured and collecting objects, the types and counts
of adapters, congured and collecting metrics, super metrics, applications,
and existing virtual environment objects. This report can help you determine
whether the number of objects in your environment exceeds a supported
limit.
System Component
Audit
Run this report to display a version list of all the components in your
environment.
Reasons for Auditing Your Environment
Auditing in vRealize Operations Manager helps data center administrators in the following types of
situations.
You must track each conguration change to an authenticated user who initiated the change or
n
scheduled the job that performed the change. For example, after an adapter changes an object, which is
associated with a specic object identier at a specic time, the data center administrator can determine
the principal identier of the authenticated user who initiated the change.
You must track who made changes to your data center during a specic range of time, to determine
n
who changed what on a particular day. You can identify the principal identiers of authenticated users
who were logged in to vRealize Operations Manager and running jobs, and determine who initiated the
change.
You must determine which objects were aected by a particular user during a time specic range of
n
time.
You must correlate events that occurred in your data center, and view these events overlayed so that
n
you can visualize relationships and the cause of the events. Events can include login aempts, system
startup and shutdown, application failures, watchdog restarts, conguration changes of applications,
changes to security policy, requests, responses, and status of success.
You must validate that the components installed in your environment are running the latest version.
n
20 VMware, Inc.
Chapter 1 Configuring Users and Groups in vRealize Operations Manager
System Component Audit
A system component audit report provides a version list of every component installed in the system.
Where You Audit System Components
To audit system components, select Administration, click Audit, and click the System Component Audit
tab. A list of components installed in the environment appears on the page.
Table 1‑1. System Component Audit Actions
Option Description
Download Display the version information in a new browser window.
Managing Custom Object Groups in
VMware vRealize Operations Manager
A custom object group is a container that includes one or more objects. vRealize Operations Manager uses
custom groups to collect data from the objects in the group, and report on the data collected.
Why Use Custom Object Groups?
You use groups to categorize your objects and have vRealize Operations Manager collect data from the
groups of objects and display the results in dashboards and views according to the way you dene the data
to appear.
You can create static groups of objects, or dynamic groups with criteria that determines group membership
as vRealize Operations Manager discovers and collects data from new added to the environment.
vRealize Operations Manager provides commonly used object group types, such as World, Environment,
and Licensing. vRealize Operations Manager uses the object group types to categorize groups of objects. You
assign a group type to each group so that you can categorize and organize the groups of objects that you
create.
Types of Custom Object Groups
When you create custom groups, you can use rules to apply dynamic membership of objects to the group, or
you can manually add the objects to the group. When you add an adapter to vRealize Operations Manager,
the groups associated with the adapter become available in vRealize Operations Manager.
Dynamic group membership. To dynamically update the membership of objects in a group, dene rules
n
when you create a group. vRealize Operations Manager adds objects to the group based on the criteria
that you dene.
Mixed membership, which includes dynamic and manual.
n
Manual group membership. From the inventory of objects, you select objects to add as members to the
n
group.
Groups associated with adapters. Each adapter manages the membership of the group. For example,
n
the vCenter Server adapter adds groups such as datastore, host, and network, for the container objects
in the vSphere inventory. To modify these groups, you must do so in the adapter.
Administrators of vRealize Operations Manager can set advanced permissions on custom groups. Users
who have privileges to create groups can create custom groups of objects and have
vRealize Operations Manager apply a policy to each group to collect data from the objects and report the
results in dashboards and views.
VMware, Inc. 21
vRealize Operations Manager Customization and Administration Guide
When you create a custom group, and assign a policy to the group, vRealize Operations Manager can use
the criteria dened in the applied policy to collect data from and analyze the objects in the group.
vRealize Operations Manager reports on the status, problems, and recommendations for those objects based
on the seings in the policy.
How Policies Help vRealize Operations Manager Report On Object Groups
vRealize Operations Manager analyzes the objects in the object group and reports on the workload, capacity,
stress, anomalies, and faults of the object group, among other aributes.
When you apply a policy to an object group, vRealize Operations Manager uses threshold seings, metrics,
super metrics, aributes, properties, alert denitions, and problem denitions that you enabled in the policy
to collect data from the objects in the group, and report the results in dashboards and views.
When you create a new object group, you have the option to apply a policy to the group.
To associate a policy with the custom object group, select the policy in the group creation wizard.
n
To not associate a specic policy with the object group, leave the policy selection blank. The custom
n
object group will be associated with the default policy. If the default policy changes, this object group
will be associated with the new default policy.
vRealize Operations Manager applies policies in priority order, as they appear on the Active Policies tab.
When you establish the priority for your policies, vRealize Operations Manager applies the congured
seings in the policies according to the policy rank order to analyze and report on your objects. To change
the priority of a policy, you click and drag a policy row. The default policy is always kept at the boom of
the priority list, and the remaining list of active policies starts at priority 1, which indicates the highest
priority policy. When you assign an object to be a member of multiple object groups, and you assign a
dierent policy to each object group, vRealize Operations Manager associates the highest ranking policy
with that object.
User Scenario: Creating Custom Object Groups
As a system administrator, you must monitor the capacity for your clusters, hosts, and virtual machines.
vRealize Operations Manager must monitor them at dierent service levels to ensure that these objects
adhere to the policies established for your IT department, and discover and monitor new objects added to
the environment. You will have vRealize Operations Manager apply policies to the object groups to analyze,
monitor, and report on the status of their capacity levels.
To have vRealize Operations Manager monitor the capacity levels for your objects to ensure that they adhere
to your policies for your service levels, you will categorize your objects into Platinum, Gold, and Silver
object groups to support the service tiers established.
You will create a group type, and create dynamic object groups for each service level. You will dene
membership criteria for each dynamic object group to have vRealize Operations Manager keep the
membership of objects current. For each dynamic object group, you will assign the group type, and add
criteria to maintain membership of your objects in the group. To associate a policy with the custom object
group, you can select the policy in the group creation wizard.
Prerequisites
Know the objects that exist in your environment, and the service levels that they support.
n
Understand the policies required to monitor your objects.
n
Verify that vRealize Operations Manager includes policies to monitor the capacity of your objects.
n
Procedure
1 To create a group type to identify service level monitoring, select Content and click Group Types.
22 VMware, Inc.
Chapter 1 Configuring Users and Groups in vRealize Operations Manager
2 On the Group Types toolbar, click the plus sign and type Service Level Capacity for the group type.
Your group type appears in the list.
3 Select Environment, and click Custom Groups.
A folder named Service Level Capacity appears in the list of custom groups in the navigation pane, and
the Environment Overview displays the Groups tab.
4 To create a new object group, click the plus sign on the Groups toolbar.
The New Group workspace appears where you dene the data and membership criteria for the
dynamic group.
a In the Name text box, type a meaningful name for the object group, such as Platinum_Objects.
b In the Group Type drop-down menu, select Service Level Capacity.
c (Optional) In the Policy drop-down menu, select your service level policy that has thresholds set to
monitor the capacity of your objects.
To associate a policy with the custom object group, select the policy in the group creation wizard.
To not associate a specic policy with the object group, leave the policy selection blank. The custom
object group will be associated with the default policy. If the default policy changes, this object
group will be associated with the new default policy.
d Select the Keep group membership up to date check box so that vRealize Operations Manager can
discover objects that meet the criteria, and add those objects to the group.
5 Dene the membership for virtual machines in your new dynamic object group to monitor them as
platinum objects.
a From the Select Object drop-down menu, select vCenter Adapter, and select Virtual Machine.
b From the empty drop-down menu for the criteria, select Metrics.
c From the Pick a metric drop-down menu, select Disk Space and double-click Current Size.
d From the conditional value drop-down menu, select is less than.
e From the Metric value drop-down menu, type 10.
6 Dene the membership for host systems in your new dynamic object group to monitor them as
platinum objects.
a Click Add another criteria set.
b From the Select Object drop-down menu, select vCenter Adapter, and select Host System.
c From the empty drop-down menu for the criteria, select Metrics.
d From the Pick a metric drop-down menu, select Disk Space and double-click Current Size.
e From the conditional value drop-down menu, select is less than.
f From the Metric value drop-down menu, type 100.
7 Dene the membership for cluster compute resources in your new dynamic object group.
a Click Add another criteria set.
b From the Select Object drop-down menu, select vCenter Adapter, and select Cluster Compute
Resources.
c From the empty drop-down menu for the criteria, select Metrics.
d From the Pick a metric drop-down menu, select Disk Space and double-click capacityRemaining.
e From the conditional value drop-down menu, select is less than.
VMware, Inc. 23
vRealize Operations Manager Customization and Administration Guide
f From the Metric value drop-down menu, type 1000.
g Click Preview to determine whether objects already match this criteria.
8 Click OK to save your group.
When you save your new dynamic group, the group appears in the Service Level Capacity folder, and
in the list of groups on the Groups tab.
9 Wait ve minutes for vRealize Operations Manager to collect data from the objects in your
environment.
vRealize Operations Manager collects data from the cluster compute resources, host systems, and virtual
machines in your environment, according to the metrics that you dened in the group and the thresholds
dened in the policy that is applied to the group, and displays the results about your objects in dashboards
and views.
What to do next
To monitor the capacity levels for your platinum objects, create a dashboard, and add widgets to the
dashboard. See “Using Dashboards,” on page 27.
Managing Application Groups
An application is a container construct that represents a collection of interdependent hardware and software
components that deliver a specic capability to support your business. vRealize Operations Managerbuilds
an application to determine how your environment is aected when one or more components in an
application experiences problems, and to monitor the overall health and performance of the application.
Object membership in an application is not dynamic. To change the application, you manually modify the
objects in the container.
Reasons to Use Applications
vRealize Operations Manager collects data from components in the application and displays the results in a
summary dashboard for each application with a real-time analysis for any or all of the components. If a
component experiences problems, you can see where in the application the problems arise, and determine
how problems spread to other objects.
User Scenario: Adding an Application
As the system administrator of an online training system, you must monitor components in the Web,
application, and database tiers of your environment that can aect the performance of the system. You build
an application that groups related objects together in each tier. If a problem occurs with one of the objects, it
is reected in the application display and you can open a summary to investigate the source of the problem
further.
In your application, you add the DB-related objects that store data for the training system in a tier, Webrelated objects that run the user interface in a tier, and application-related objects that process the data for
the training system in a tier. The network tier might not be needed. Use this model to develop your
application.
Procedure
1 Click Environment in the left pane.
2 Click the Applications tab and click the plus sign.
3 Click Basic n-tier Web App and click OK.
The Application Management page that appears has two rows. Select objects from the boom row to
populate the tiers in the top row.
24 VMware, Inc.
Chapter 1 Configuring Users and Groups in vRealize Operations Manager
4 Type a meaningful name such as Online Training Application in the Application text box.
5 For each of the Web, application, and database tiers listed, add the objects to the Tier Objects section.
a Select a tier name. This is the tier that you populate.
b To the left of the object row, select object tags to lter for objects that have that tag value. Click the
tag name once to select the tag from the list and click the tag name again to deselect the tag from
the list. If you select multiple tags, objects displayed depend on the values that you select.
You can also search for the object by name.
c To the right of the object row, select the objects to add to the tier.
d Drag the objects to the Tier Objects section.
6 Click Save to save the application.
The new application appears in the list of applications on the Environment Overview Applications page. If
any of the components in any of the tiers develops a problem, the application displays a yellow or red
status.
What to do next
To investigate the source of the problem, click the application name and evaluate the object summary
information. See the vRealize Operations Manager User Guide.
VMware, Inc. 25
vRealize Operations Manager Customization and Administration Guide
26 VMware, Inc.
Customizing How
vRealize Operations Manager
Displays Your Data 2
You format the content in vRealize Operations Manager to suit your information needs, using views,
reports, dashboards and widgets.
Views display data, based on an object type. You can select from various view types to see your data from a
dierent perspective. Views are reusable components that you can include in reports and dashboards.
Reports can contain predened or custom views and dashboards in a specied order. You build the reports
to represent objects and metrics in your environment. You can customize the report layout by adding a
cover page, a table of contents, and a footer. You can export the report in a PDF or CSV le format for further
reference.
You use dashboards to monitor the performance and state of objects in your virtual infrastructure. Widgets
are the building blocks of dashboards and display data about congured aributes, resources, аpplications,
or the overall processes in your environment. You can also incorporate views in dashboards using the
vRealize Operations Manager View Widget.
This chapter includes the following topics:
“Using Dashboards,” on page 27
n
“Using Widgets,” on page 38
n
“Using Views,” on page 43
n
“Using Reports,” on page 46
n
Using Dashboards
Dashboards present a visual overview of the performance and state of objects in your virtual infrastructure.
You use dashboards to determine the nature and timeframe of existing and potential issues with your
environment.
You start with several predened dashboards in vRealize Operations Manager. You can create additional
ones that meet your specic needs using widgets, views, badges, and lters to change the focus of the
information. You can clone and edit the predened dashboards or start from scratch. To display data that
shows dependencies, you can add widget interactions in dashboards. You can provide role-based access to
various dashboards for beer collaboration in teams.
Create Custom Dashboards (hp://link.brightcove.com/services/player/bcpid2296383276001?
bctid=ref:video_create_dashboards_vrom)
VMware, Inc. 27
vRealize Operations Manager Customization and Administration Guide
User Scenario: Create and Configure Dashboards and Widgets
As a virtual infrastructure administrator, you monitor your vCenter Server environment to detect
problematic resources. You must identify the problems and take action.
Prerequisites
Verify that you have the necessary access rights to perform this task. Your vRealize Operations Manager
administrator can tell you which actions you can perform.
You will create a dashboard to monitor the overview status of vCenter Server instance objects. You will
create another dashboard to view detailed information about the objects. You will link the widgets on the
two dashboards and create a way to link the widgets from one dashboard to the other.
Procedure
1 Create a Dashboard to View Object Status on page 28
To view the status of all objects of a vRealize Operations Manager instance, create a dashboard.
2 Create a Detailed Object Status Dashboard on page 29
To see the issues that might cause problems for an object in a vRealize Operations Manager instance,
create a dashboard.
3 Congure Dashboard Navigation on page 31
To link the widgets from one dashboard to another, you create dashboard navigations.
4 Work with Dashboard Navigations on page 31
To verify that the dashboard navigation works as expected, you must test it.
Create a Dashboard to View Object Status
To view the status of all objects of a vRealize Operations Manager instance, create a dashboard.
Each widget in a dashboard has a specic conguration. For more information about the widgets, see
“Widget Denitions List,” on page 39.
Procedure
1 In the left pane of vRealize Operations Manager, click the Content icon and click Dashboards.
2 Click the Create Dashboard icon to create and congure a dashboard.
Option Description
Dashboard name
Dashboard default
3 Click Widget List.
4 To locate the Environment Overview widget, use the Filter option in the widgets list.
Enter Environment Health.
Select whether this dashboard is the default for this
vRealize Operations Manager instance.
5 Select the Environment Overview widget and drag it to the right panel.
The widget is added to the dashboard.
6 In the upper-right corner of the widget, click the pencil icon and congure the widget.
Option Action
Widget title
Refresh Content
28 VMware, Inc.
Retain the default.
Select On. The widget refreshes its data depending on the refresh interval.
Chapter 2 Customizing How vRealize Operations Manager Displays Your Data
Option Action
Self Provider
Refresh interval value
Select On.
On. You dene the objects for which data appears in the widget.
n
O. You congure other widgets to provide the objects to the widget
n
using the dashboard widget interactions options.
Retain the default
7 Click the tab.
8 In the Filter text box, enter vCenter Server.
The lter limits the list to only vCenter Server instances.
9 In the objects list, select a vCenter Server instance to monitor.
The Selected Object text eld shows the selected object.
10 Click Save.
11 In the widgets list, select the Health Chart widget and drag it to the left panel to add it to the
dashboard.
12 Click Widget Interactions.
13 From the Selected Object(s) drop-down menu next to Health Chart, select Environment Overview and
click Apply Interactions.
14 Click Save.
What to do next
Create a dashboard that shows the detailed status for a selected object. See “Create a Detailed Object Status
Dashboard,” on page 29.
Create a Detailed Object Status Dashboard
To see the issues that might cause problems for an object in a vRealize Operations Manager instance, create a
dashboard.
Each widget has a specic conguration. For more information about the widgets, see “Widget Denitions
List,” on page 39. For more information about widget interactions, see “Widget Interactions,” on page 41.
Prerequisites
Create a dashboard that shows the objects and their health status for a vCenter Server. See “Create a
Dashboard to View Object Status,” on page 28.
VMware, Inc. 29
vRealize Operations Manager Customization and Administration Guide
Procedure
1 In the left pane of vRealize Operations Manager, click the Content icon and click Dashboards.
2 Click the Create Dashboard icon to create a dashboard and congure the dashboard.
Option Action
Dashboard name
Dashboard default
Enter Detailed Object Status.
Select whether this dashboard is the default for this
vRealize Operations Manager instance.
3 Click Widget List.
4 To locate specic widgets, use the Filter option in the widgets list.
5 Drag the widgets to the right panel.
The widgets are added to the dashboard.
Option Description
Object List
Metric Chart
Alert List
Mashup Chart
Shows a list of all dened resources.
Shows a line chart with the recent performance of the selected metrics.
Shows a list of alerts for the objects that the widget is congured to
monitor. If no objects are congure, the list displays all alerts in your
environment.
Brings together disparate pieces of information for a resource. It shows a
health chart, an anomaly count graph, and metric graphs for key
performance indicators (KPIs). This widget is typically used for a
container.
6 Click Widget Interactions.
7 From the Selected Object(s) drop-down menu next to the Metric Chart, Mashup Chart, and Alert List,
select Object List.
8 Click Apply Interactions.
9 Click Save.
30 VMware, Inc.
Loading...