VMware Aria Operations Design for Intelligent Operations Management for VMware Cloud Foundation

You use VMware Aria Operations to monitor the state of the components in the VMware Cloud Foundation instance. You review collected metrics by using VMware Aria Operations dashboards. You can use the self-monitoring capability of VMware Aria Operations to receive alerts about issues that are related to its operational state. You connect VMware Aria Operations with the management domain and one or more virtual infrastructure (VI) workload domain components of your VMware Cloud Foundation instance by using cloud accounts, adapters, and direct integrations.

In this validated solution, VMware Aria Operations monitors the following components:

SDDC Manager
vCenter Server
vSAN
ESXi hosts
NSX
Clustered Workspace ONE Access

Note:

This validated solution also supports monitoring of VMware Aria Operations for Logs and VMware Aria Automation. For information on solution interoperability with these components, see VMware Cloud Foundation Validated Solutions.

VMware Aria Operations Integrations for VMware Cloud Foundation

You activate and configure integrations for VMware Aria Operations to facilitate collecting data from each VMware Cloud Foundation instance and establish the necessary integration.

Table 1. Integrations
Integration	Description	Method
VMware Cloud Foundation	Includes dashboards for VMware Cloud Foundation.	Manual activation and configuration.
VMware Identity Manager	Provides metrics for Workspace ONE Access.	Configuration automated by SDDC Manager.
VMware Infrastructure Health	Provides metrics and dashboards for the health and efficiency of VMware cloud management plane applications.	Manual activation and auto-configuration.
Ping	Provides metrics on the availability of endpoints.	Manual activation and configuration.

Table 2. Design Decisions on Integrations for Intelligent Operations Management
Design Decision ID	Design Decision	Design Justification	Design Implication
IOM-VAOPS-CFG-020	Activate the VMware Cloud Foundation integration in VMware Aria Operations.	Provides the ability to configure VMware Cloud Foundation instance specific cloud accounts to gather metrics for SDDC Manager, vCenter Server, vSAN, and NSX Local Manager.	You must activate the integration manually.
IOM-VAOPS-CFG-021	Activate the VMware Identity Manager integration for VMware Aria Operations.	Provides the ability for VMware Aria Operations to communicate with Workspace ONE Access endpoints.	The integration is installed and activated by SDDC Manager.
IOM-VAOPS-CFG-022	Activate the VMware Infrastructure Health integration in VMware Aria Operations.	Provides a unified operations view of each VMware Cloud Foundation instance including the associated management and workload domains. Provides information on the health of associated management components.	You must configure a VMware Cloud Foundation cloud account before activating the integration. You must activate the integration manually.
IOM-VAOPS-CFG-023	Activate the Ping integration in VMware Aria Operations.	Provides metrics on the availability of endpoints.	You must activate the integration manually.

For information about the design decisions on service accounts for the VMware Aria Operations , see Service Accounts Design for VMware Aria Operations for Intelligent Operations Management for VMware Cloud Foundation.

VMware Aria Operations Cloud Accounts

You use cloud accounts to add endpoints as adapter instances, providing VMware Aria Operations with the ability to communicate with them. VMware Aria Operations can collect data from the following private cloud accounts:

Table 3. Cloud Accounts in VMware Aria Operations
cloud account	Additional Data Source	Description
VMware Cloud Foundation	SDDC Manager	Provides VMware Aria Operations with the ability to communicate with SDDC Manager to discover workload domains and their management components.
	vCenter Server	Provides VMware Aria Operations with the ability to communicate with the vCenter Server for a workload domain and to gather metrics.
	vSAN	Provides VMware Aria Operations with the ability to gather vSAN metrics from vCenter Server.
	NSX	Provides VMware Aria Operations with the ability to gather metrics from NSX Manager.
	Application Discovery	Provides VMware Aria Operations with the ability to discover applications, running on virtual machines in vCenter Server

Table 4. Design Decision on Cloud Accounts for Intelligent Operations Management
Design Decision ID	Design Decision	Design Justification	Design Implication
IOM-VAOPS-CFG-024	Remove the existing vCenter Server cloud account created by SDDC Manager.	The existing cloud account is not used when utlizing the VMware Cloud Foundation integration.	You must manually remove the existing cloud account.
IOM-VAOPS-CFG-025	Remove the existing Principal Credential for the vCenter Server created by SDDC Manager.	The existing Principal Credential is not used when utlizing the VMware Cloud Foundation integration.	You must manually remove the existing credential.
IOM-VAOPS-CFG-026	Configure a credential for each VMware Cloud Foundation instance with a service account using least privileage access.	Provides the required access when enabling the VMware Cloud Foundation integration in VMware Aria Operations to collect SDDC Manager domain and metric data.	You must maintain the life cycle, availability, and security controls for the account in Active Directory.
IOM-VAOPS-CFG-027	Configure a VMware Cloud Foundation cloud account for each VMware Cloud Foundation instance using a credential and assign to the local-instance collector group.	Provides metric collection of SDDC Manager and workload domains.	You must manually create the cloud account.
IOM-VAOPS-CFG-028	Configure a Principal Credential for each workload domain vCenter Server for each VMware Cloud Foundation instance with a service account using least privileage access.	Provides the required access when enabling the VMware Cloud Foundation integration in VMware Aria Operations to collect vCenter Server metric data.	You must maintain the life cycle, availability, and security controls for the service account in Active Directory.
IOM-VAOPS-CFG-029	Configure a vCenter Server cloud account for each workload domain vCenter Server instance using a Principal Credential and assign to the local-instance collector group.	Provides metric collection of vCenter Server.	You must manually create the cloud account.
IOM-VAOPS-CFG-030	Enable the vSAN cloud account for each workload domain in the VMware Cloud Foundation instance.	Provides metric collection from all vSAN enabled clusters in a workload domain.	Service account usage across vCenter Server instances expands the risk of losing connectivity from VMware Aria Operations in the event of an account issue.
IOM-VAOPS-CFG-031	Configure a NSX-T Client Certificate Credential for each NSX Manger instance with least privileage access.	Provides the required access when enabling the VMware Cloud Foundation integration in VMware Aria Operations to collect NSX Manager metric data.	You must manage the credentials and the life cycle of certificates and their corresponding private keys.
IOM-VAOPS-CFG-032	Configure an NSX cloud account for each workload domain NSX Manager instance for each VMware Cloud Foundation using a NSX Client Certificate credential and assign to the local-instance collector group.	Provides metric collection for an NSX Manager.	You must manually add the credentials for the cloud account.
IOM-VAOPS-CFG-033	Configure a VMware Identity Manager cloud account for the clustered Workspace ONE Access instance and assign to the default collector group.	Provides metric collection from the clustered Workspace ONE Access instance.	The cloud account is configured by SDDC Manager. The load on the analytics cluster, though minimal, increases.
IOM-VAOPS-CFG-034	Configure a Ping cloud account for the VMware Aria Operations analytics cluster nodes and assign to the default collector group.	Provides metrics on the availability of VMware Aria Operations analytic nodes.	You must add the cloud account instance manually.
IOM-VAOPS-CFG-035	Configure a Ping cloud account for the VMware Cloud Proxy for VMware Aria Operations appliances and assign to the local-instance collector group.	Provides metrics on the availability of VMware Cloud Proxy for VMware Aria Operations appliances.	You must add the cloud account instance manually.
IOM-VAOPS-CFG-036	Configure a Ping adapter for the clustered Workspace ONE Access nodes and assign to the default collector group.	Provides metrics on the availability of the clustered Workspace ONE Access nodes.	You must add the cloud account instance manually.

VMware Aria Operations Metrics

VMware Aria Operations collects data from objects in your environment. Each piece of collected data is called a metric observation or value. VMware Aria Operations uses integrations and management packs to collect raw metrics. In addition to the metrics it collects, VMware Aria Operations calculates capacity metrics, badge metrics, and metrics to monitor the health of your system.

Table 5. VMware Cloud Foundation Metrics
Type	Description
Self-monitoring metrics for VMware Aria Operations	Collects metrics that monitor its own performance that are useful for diagnosing problems with VMware Aria Operations.
vCenter Server	Collects metrics for vSphere components that are useful to troubleshoot issues in your environment.
vSAN	Collects metrics for vSAN objects, such as disk I/O and space utilization.
NSX	Collects metrics for NSX objects, such as logical switches, edge nodes, and controller clusters.
VMware Identity Manager	Collects metrics for Workspace ONE Access, such as certificates, storage space, database connections.
VMware Cloud Foundation	Aggregates metrics from installed adapters and provides out of the box dashboards for VMware Cloud Foundation, including SDDC Manager and workload domain inventory and capacity metrics.
Ping	Verifies the availability of end points that exist in your virtual environment by using ICMP.

VMware Aria Operations Alerts

Alert definitions are a combination of symptoms and recommendations that identify problem areas in VMware Aria Operations and generate alerts on which you act for those areas.

Alert definitions are provided for various objects in your environment through integrations. You can also create your own alert definitions based on metrics and criteria specific to your environment.

Table 6. Design Decisions on Alerts for Intelligent Operations Management
Decision ID	Design Decision	Design Justification	Design Implication
IOM-VAOPS-CFG-037	Define and configure application, virtual machine, and container related alerts.	Alerts can be used to detect and notify administrators about conditions that endanger the operation of individual or groups of workloads running in your environment.	Individual alerts may need to be manually created and maintained.
IOM-VAOPS-CFG-038	Define and configure virtual infrastructure and ESXi host related alerts.	Alerts can be used to detect and notify administrators about conditions that endanger the operation of your virtual infrastructure as a whole or down to its discrete components.	Individual alerts may need to be manually created and maintained.
IOM-VAOPS-CFG-039	Define and configure software-defined networking related alerts.	Alerts can be used to detect and notify administrators about conditions that endanger the operation of NSX software-defined networking components.	Individual alerts may need to be manually created and maintained.
IOM-VAOPS-CFG-040	Define and configure storage related alerts.	Alerts can be used to detect and notify administrators about conditions that endanger the operation of vSAN or disk/file-based storage or individual storage layer components.	Individual alerts may need to be manually created and maintained.