Monitor the listed URL endpoints for various VMware Identity Manager components to ensure a functional environment. Certain endpoints can also be used for load balancers to ensure the service is up for traffic.

Health Checks for Load Balancers

Component

Health Check

Expected Return

Notes

VMware Identity Manager Service

/SAAS/API/1.0/REST/system/health/heartbeat

String: ok

Http: 200

Frequency every 30 seconds.

Android Mobile SSO - Certproxy:

:5262/system/health

Http: 200

Frequency every 30 seconds.

iOS Mobile SSO - KDC:

TCP half-open to port 88

Connection

Frequency every 30 seconds.

VMware Identity Manager Connector

/hc/API/1.0/REST/system/health/allOk

String: true

Http: 200

Frequency every 30 seconds.

Integration Broker

/IB/API/RestServiceImpl.svc/ibhealthcheck

String: All Ok

Http: 200

Frequency every 30 seconds.

XenApp 7.x Integration:

/IB/API/RestServiceImpl.svc/hznxenapp/admin/xenfarminfo?computerName=&xenappversion=Version7x

String: 'SiteName'

Http: 200

Frequency every 5 minutes

XenApp 6.x Integration:

/IB/API/RestServiceImpl.svc/hznxenapp/admin/xenfarminfo?computerName=&xenappversion=Version65orLater

String: 'FarmName'

Http: 200

Frequency every 5 minutes

The health checks for load balancers return simple values for easy parsing by network equipment.

Additional Health Checks for Monitoring

The health checks listed here can be consumed by monitoring solutions that have the ability to parse data and create dashboards. Set the frequency to every 5 minutes.

VMware Identity Manager Service Monitoring and Health

URL call: /SAAS/API/1.0/REST/system/health

Raw output:

{
    "AnalyticsUrl": "https://aws-analytics.vmwareidentity.com",
    "AuditPollInterval": "0",
    "EncryptionServiceVersion": "unknown",
    "AnalyticsConnectionOk": "true",
    "EncryptionServiceVerified": "Master Keystore verified",
    "FederationBrokerStatus": "ok",
    "ServiceReadOnlyMode": "false",
    "AuditWorkerThreadAlive": "true",
    "BuildVersion": "2.8.0.0.7382 Build 2a459ff64bce76576hgjh789tyhgo876ruyv",
    "AuditQueueSize": "1",
    "DatabaseStatus": "connection successful",
    "HostName": "svc1.servr.comp.local",
    "EncryptionStatus": "connected",
    "FederationBrokerOk": "true",
    "EncryptionConnectionOk": "true",
    "EncryptionServiceImpl": "Remote: Encryption Service DB",
    "ClusterId": "38u76ghj7-54f2-4803-b73b-4g6587gjh8",
    "DatabaseConnectionOk": "true",
    "StatusDate": "2017-01-16 16:28:03 UTC",
    "MaintenanceMode": "false",
    "MessagingConnectionOk": "true",
    "ServiceVersion": "2.8.0.0",
    "IpAddress": "192.168.211.31",
    "AuditDisabled": "false",
    "AllOk": "true"
}

"AllOk"

"true", "false"

Roll-up health check to monitor overall health of VMware Identity Manager services

"MessagingConnectionOk"

"true", "false"

Verifies that all message producers and consumers are connected to RabbitMQ

"DatabaseConnectionOk"

"true", "false"

Verifies the connection to the database

"EncryptionConnectionOk"

"true", "false"

Verifies that the connection to the encryption service is okay and the master key store is okay

"AnalyticsConnectionOk"

"true", "false"

Verifies the connection to the analytics service

"FederationBrokerOk"

"true", "false"

Verifies the embedded auth adapters to ensure their subsystems are okay

URL call: /catalog-portal/services/health

This health check is specific for the user interface part of VMware Identity Manager.

Raw output:

{
	"status": "UP",
	"uiService": {
		"status": "UP"
	},
	"apiService": {
		"status": "UP"
	},
	"eucCacheEngine": {
		"status": "UP"
	},
	"cacheEngineClient": {
		"status": "UP"
	},
	"persistenceEngine": {
		"status": "UP",
		"database": "Microsoft SQL Server",
		"hello": 1
	},
	"tenantPersistenceEngine": {
		"status": "UP",
		"database": "Microsoft SQL Server",
		"hello": 1
	},
	"diskSpace": {
		"status": "UP",
		"total": 8460120064,
		"free": 4898279424,
		"threshold": 10485760
	}
}

"status"

"UP", "DOWN"

Roll-up health check to monitor overall health of the VMware Identity Manager user interface (UI)

"uiServer.status"

"UP", "DOWN"

UP if the main UI service is running

"apiService.status"

"UP", "DOWN"

UP if the main UI API service is running

"eucCacheEngine.status"

"UP", "DOWN"

UP if the Hazelcast cluster engine is running

"cacheEngineClient.status"

"UP", "DOWN"

UP if the Hazelcast client for the UI is running

"persistenceEngine.status"

"UP", "DOWN"

UP if the main database (SQL) is running

"tenantPersistenceEngine.status"

"UP", "DOWN"

UP if the main database (SQL) is running

"diskSpace.status"

"UP", "DOWN"

UP if the free disk space is greater than the threshold configured, 10 MB

"diskSpace.free"

Bytes

Space free in Bytes on the partition where the VMware Identity Manager UI is installed

VMware Identity Manager Connector Monitoring and Health

URL call: /hc/API/1.0/REST/system/health

Raw output:

{
	   "HorizonDaaSSyncConfigurationStatus": "",
	   "AppManagerServiceOk": "true",
	   "DomainJoinEnabled": "false",
	   "XenAppEnabled": "true",
	   "ViewSyncConfigurationStatus": "",
	   "ThinAppServiceOk": "true",
	   "ThinAppSyncConfigurationStatus": "unknown",
	   "Activated": "true",
	   "XenAppServiceOk": "false",
	   "DirectoryServiceStatus": "Connection test successful",
 	   "BuildVersion": "2017.1.1.0 Build 5077496",
	   "ThinAppServiceStatus": "unknown",
	   "XenAppServiceStatus": "A problem was encountered Sync Integration Broker",
	   "HostName": "hostname.company.local",
	   "NumberOfWarnAlerts": "0",
	   "JoinedDomain": "true",
	   "XenAppSyncConfigurationStatus": "Sync configured (manually)",
	   "DirectorySyncConfigurationStatus": "Sync configured (manually)",
	   "NumberOfErrorAlerts": "0",
	   "DirectoryServiceOk": "true",
	   "HorizonDaaSTenantOk": "true",
	   "ThinAppDirectoryPath": "",
	   "StatusDate": "2017-06-27 10:52:59 EDT",
	   "ViewSyncEnabled": "false",
	   "ViewServiceOk": "true",
	   "HorizonDaaSEnabled": "false",
	   "AppManagerUrl": "https://workspaceurl.com/SAAS/t/qwe12312qw/",
	   "HorizonDaaSServiceStatus": "unknown",
	   "DirectoryConnection": "ldap:///ldapcall",
	   "ServiceVersion": "VMware-C2-2017.1.1.0 Build 5077496",
	   "IpAddress": "169.118.86.105",
	   "DomainJoinStatus": "Domain: customerdomainname",
	   "AllOk": "false",
	   "ViewServiceStatus": "unknown",
	   "ThinAppEnabled": "false",
	   "XenAppSyncSsoBroker": "integrationbrokersso:443 / integrationbrokersync:443"
}

"AllOk"

"true", "false"

Roll-up health check to monitor overall health of VMware Identity Manager Connector Services.

"ViewServiceOk"

"true", "false"

True, if connection to the View Broker is successful. This attribute will be true if View sync is disabled.

"HorizonDaaSTenantOk"

"true", "false"

True, if connection to Horizon Cloud is successful. This attribute will be true if Horizon Cloud sync is disabled.

"DirectoryServiceOk"

"true", "false"

True, if connection to the directory is successful. This attribute will be true if directory sync is disabled.

"XenAppServiceOk"

"true", "false"

True, if connection to the Citrix server is successful. This attribute will be true if Citrix server is disabled.

"ThinAppServiceOk"

"true", "false"

True, if connection to the ThinApp packaged applications service is successful. This attribute will be true if packaged applications are disabled.

"AppManagerServiceOk"

"true", "false"

True, if able to authenticate correctly to the AppManager.

"NumberOfWarnAlerts"

0 - 1000

Number of warning alerts that triggered on this Connector. These are available on the Connector Sync Log as “Notes.” They can indicate that a resource was synced in that included a user or group that is not in VMware Identity Manager. Depending on the configuration, this may be by design. The counter continues to increment on each sync until Warn and Error alerts equal 1000 and an administrator clears the alerts.

"NumberOfErrorAlerts"

0 - 1000

Number of error alerts that triggered on this Connector. These are available on the Connector Sync Log as “Error.” They can indicate that a sync failed. The counter continues to increment on each sync until Warn and Error alerts equal 1000 and an administrator clears the alerts.

VMware Identity Manager Integration Broker Monitoring and Health

URL call: /IB/API/RestServiceImpl.svc/ibhealthcheck

Raw output:

“All Ok”

This health check verifies that all the software on the Integration Broker is responding properly. It returns a 200 response with the string "All Ok".

VMware Identity Manager Integration Broker Monitoring and Health with Citrix XenApp 7.x

URL call: /IB/API/RestServiceImpl.svc/hznxenapp/admin/xenfarminfo?computerName=&xenappversion=Version7x

This pulls back information from an API call to Citrix. Monitoring can ensure that the values are consistent.

Raw output:

[{
	 \ “ConfigurationLoggingServiceGroupUid \ “:  \ “5e2a5602 - 45a8 - 4b56 - 92e6 - 9fae5a3ff459 \ “,
	 \ “ConfigurationServiceGroupUid \ “:  \ “620d7c6e - b7c1 - 4ee7 - b192 - d00764f477e7 \ “,		 \ “DelegatedAdministrationServiceGroupUid \ “:  \ “0a59914d - 4b6e - 4cca - bbaa - a095067092e3 \ “,
	 \ “LicenseServerName \ “:  \ “xd.hs.trcint.com \ “,
	 \ “LicenseServerPort \ “:  \ “27000 \ “,
	 \ “LicenseServerUri \ “:  \ “https:  \  /  \  / xd.hs.domain.com: 8083 \  /  \ “,
	 \ “LicensingBurnIn \ “:  \ “2014.0815 \ “,
	 \ “LicensingBurnInDate \ “:  \ “8 \  / 14 \  / 2014 5: 00: 00 PM \ “,
	 \ “LicensingModel \ “:  \ “UserDevice \ “,
	\ “MetadataMap \ “:  \ “System.Collections.Generic.Dictionary `2[System.String,System.String]\“,
	\“PrimaryZoneName\“:\“\”,
	\“PrimaryZoneUid\“:\“00000000-0000-0000-0000-000000000000\“,
	\“ProductCode\“:\“XDT\“,
	\“ProductEdition\“:\“PLT\“,
	\“ProductVersion\“:\“7.6\“,
	\“SiteGuid\“:\“0c074098-02d2-47cf-aa87-7e3asdsad7c\“,
	\“SiteName\“:\“customer\“
}]

Raw output exception:

{“ExceptionType”:“System.Management.Automation.CmdletInvocationException”,“Message”:“An invalid URL was given for the service.  The value given was ‘mit-xen751.hs.trcint.com’.\u000d\u000a    The reason given was: Failed to connect to back-end server ‘mit-xen751.hs.trcint.com’ on port 80 using binding WSHttp. The server may be off-line or may not be running the appropriate service\u000d\u000a\u0009There was no endpoint listening at http:\/\/mit-xen751.hs.trcint.com\/Citrix\/ConfigurationContract\/v2 that could accept the message. This is often caused by an incorrect address or SOAP action. See InnerException, if present, for more details.\u000d\u000a\u0009The remote name could not be resolved: ‘mit-xen751.hs.trcint.com’.“,”StackTrace”:”   at System.Management.Automation.Internal.PipelineProcessor.SynchronousExecuteEnumerate(Object input, Hashtable errorResults, Boolean enumerate)\u000d\u000a   at System.Management.Automation.Internal.PipelineProcessor.SynchronousExecute(Array input, Hashtable errorResults)\u000d\u000a   at System.Management.Automation.Runspaces.LocalPipeline.InvokeHelper()\u000d\u000a   at System.Management.Automation.Runspaces.LocalPipeline.InvokeThreadProc()“}

VMware Identity Manager Integration Broker Monitoring and Health with Citrix XenApp 6.x

URL call: /IB/API/RestServiceImpl.svc/hznxenapp/admin/xenfarminfo?computerName=&xenappversion=Version65orLater

This pulls back information from an API call to Citrix. Monitoring can ensure that the values are consistent.

Raw output:

“[{
  	 \ “FarmName \ “:  \ “NewFarm \ “,
	 \ “ServerVersion \ “:  \ “6.5.0 \ “,
	 \ “AdministratorType \ “:  \ “Full \ “,
	 \ “SessionCount \ “:  \ “0 \ “,
	 \ “MachineName \ “:  \ “XENAPPTEST \ “
	}]”