The VMware Aria Operations Management Pack for Horizon deployment and scale considerations describes the best practices for deployment and the factors to consider before enabling the management pack for Horizon in the production VMware Horizon environment.
This chapter also provides insights into potential configurations challenges and how best to avoid them. However, new considerations can emerge necessitating the need to test and validate your specific environment and configuration.
There are additional considerations that may impact the deployment. All VMware Horizon environments have a degree of uniqueness that necessitates the need to validate and test for any configuration or environmental conflicts that might prevent a successful deployment. There is a methodology that should be followed to help you achieve a high degree of success. That methodology is based on how VMware Aria Operations and the management packs are designed to collect data against the VMware Horizon APIs, as well as various configuration aspects of the VMware Horizon deployment.
Areas of consideration
- VMware Aria Operations Management Pack for Horizon requirements
- The overall Horizon architecture and network topology
- Size and scale of the VMware Horizon deployment
- Number of Concurrent Sessions per Horizon Pod
- Number of Connection Servers per Horizon Pod
- Load Balancer configuration
- Horizon Connection Server certificates configuration
- Unified Access Gateway (UAG) topology
- Existing monitoring solutions
- API Authentication
VMware Aria Operations Management Pack for Horizon Requirements
- Supports VMware Horizon Versions 7.13, 8.x, and 2xxx
- Supports VMware Aria Operations on-premise version 8.6.2 and above or VMware Aria Operations (SaaS)
- The vCenter for each Horizon Pod must also be monitored by VMware Aria Operations
- UAG and Connection Servers must be monitored by the same VMware Aria Operations instance to get VM performance and service Health Check monitoring
- Connection Server certificates require valid hostnames
- The Horizon adapter requires a VMware Horizon Administrator (full or read-only) privilege to acess the VMware Horizon APIs
- The Horizon adapter must connect directly to a Connection Server and not point to a load-balancer
If the old vRealize Operations Manager for Horizon adapter (V4H) is installed, the VMware Aria Operations Management Pack for Horizon will not collect data.
You must uninstall V4H before installing the VMware Aria Operations Management Pack for Horizon. However, if you have already installed the VMware Aria Operations Management Pack for Horizon, remove the old V4H adapter to resolve the issue.
VMware Horizon Version Support
Check the VMware Product Interoperability Matrix for the latest supported version of VMware Aria Operations and the version of the Management Pack for Horizon you plan to deploy.
VMware Horizon version 7.13 and above are supported with VMware Aria Operations Management Pack for Horizon. This allows the users who are currently using VMware Horizon 7.13 with the older V4H adapter to move to the new VMware Aria Operations Management Pack for Horizon without having to first upgrade to the VMware Horizon 8/2xxx platform. Once you decide to move to VMware Horizon 2xxx the same adapter will support the new version of VMware Horizon.
Even though VMware Horizon version 7.13 and above are supported, not all versions will be supported with the latest version of this Management Pack. Check the VMware Product Interoperability Matrix to confirm the supported versions.
The planned support model is N & N-1, to include ESB branches moving forward. As long as there are no SDK changes in the older versions, they will also be supported not tested.
VMware Aria Operations Version Support
Check the VMware Product Interoperability Matrix for the latest supported version of VMware Aria Operations and the version of VMware Aria Operations Management Pack for Horizon you plan to deploy.
The current minimum supported version with VMware Aria Operations Management Pack for Horizon version 2.6.1 is VMware Aria Operations 8.10, but VMware Aria Operations version 8.12.1 is the recommended version. VMware Aria Operations version 8.12 will also work, but there are some known UI bugs that are resolved in the VMware Aria Operations version 8.12.1 release.
VMware vCenter must Monitor all Horizon Desktops and Management Components
VMware Aria Operations Management Pack for Horizon still relies on the VMware vCenter adapter to pull VM level and Guest OS metrics from the Management Servers and desktops within the Horizon Service. If there are objects outside of VMware Aria Operations monitoring, this management pack will not populate VM level performance metrics, or have the ability to calculate the DC% Performance calculation on those objects.
Connection Server Certificates Require Valid Hostnames
When you configure the Horizon adapter to communicate with one of the Connection Servers in the Horizon Pod, VMware Aria Operations will attempt to validate the Connection Server certificate and the hostname associated with the certificate. If the hostname in the certificate does not match the FQDN of the Connection Server, VMware Aria Operations will reject the certificate as it cannot validate the authenticity of the Connection Server host providing it. It is recommended to have the Subject Alternative Name of the valid FQDN for the Connection Server in the certificate (or wildcard), for VMware Aria Operations to validate the certificate and establish a secure connection to the host. For more details on the Horizon TLS Certificate, see the Horizon TLS Certificate Documentation.
- External versus Internal CAs are not a requirement, but more of a common practice to obscure the internal Connection Server domain names from the outside connections.
- You must have a Subject Alternative Name value on the Connection Server certificates that contains either the FQDN of the Connection Servers or a generic Wildcard (*.yourdomain) that VMware Aria Operations can validate with the Internal CA.
- If SmartCard authentication is set to Required on the VMware Horizon Connection Server, the VMware Horizon API will be inaccessible to this management pack. Change this setting to Optional to allow this managementpack to authenticate against the API.
Note: This issue will be addressed in an upcoming VMware Horizon release.
VMware Horizon Privileges for VMware Aria Operations Management Pack for Horizon
- VMware Horizon versions 7.13 to 8.2 require the Administrators role.
- VMware Horizon version 8.3/2106 and above can use the Administrator (Read only) role.
Load Balancing
The VMware Aria Operations Management Pack for Horizon adapter needs to point directly to a VMware Horizon Pod Connection Server and not to a Load Balancer.
When configuring the VMware Aria Operations Management Pack for Horizon adapter to point to your VMware Horizon Pod, you must provide the FQDN or IP of a Connection Server and not point it to the Load Balancer VIP for the Pod. The VMware Horizon APIs do not support Load Balanced queries, even though it may initially connect and provide some data, the end result will be missing and inconsistent data is sent to the VMware Aria Operations Management Pack for Horizon adapter.
To enable Load-Balancing across the Connection Servers in the Pod, enable the Load-Balancing option under the Advanced Settings of the Horizon adapter. The Horizon adapter will automatically discover every Connection Server in the Pod and will attempt to load-balance API calls across the Connection Servers. This option provides both High-Availability to maintain communication in the case of a loss of Connection Server, as well as scalability in the number of API requests that can be made to the Horizon Pod.
- Load-Balancing your UAGs across Horizon Pod boundaries is not supported in VMware Horizon. For more details, see Understanding Cloud Pod Architecture.
- It removes Fault Domain Isolation between the Horizon Pods.
- VMware Aria Operations Management Pack for Horizon does not support this configuration.
While the Horizon adapter can still collect data regarding the UAGs, each Horizon Pod reports its own distinct UAG servers, and the Horizon adapter will treat the UAG as a net new item per Pod that it is associated with. Horizon Pods can some times intermittently lose their API connection to the UAGs and they are unable to provide the necessary health and connectivity metrics to the Horizon Pod.
VMware Horizon API Scalability and How Pulling Different Metrics Impacts Scale
Regardless of the platform or the cloud platform, all APIs have limitations on the ability to service a certain number of requests in a given time period. With VMware Horizon, the number of requests that can be serviced in a 5-minute interval is dependent on the type of metric and the number of objects that the metrics must come from.
Horizon Pod level metrics regarding configuration and state of the Pod, Pools, Farms, UAGs, and so on, do not impact size or scale since the number of objects are relatively low. Session counts can impact scale dependent on the number of sessions and the types of metrics being requested. For example, session status and properties are on a lower impact because the metrics are directly available in the Horizon Pod API and the time to process them is relatively quick. However, other metrics such as Login Times and Protocol metrics must be queried from the desktop by the Connection Server and the time that it takes to get a response per session from each desktop lowers the number of sessions that can be queried in a given time period.
If the Collection Time starts to exceed the 5-minute collection window, additional tuning to the Horizon adapter or adding additional Connection Servers to the Horizon Pod with the load balancing option enabled, increases the number of session requests that can be made in the 5-minute time window. You can also create new Horizon Pods with an additional VMware Aria Operations Management Pack for Horizon adapter to further increase overall scale.