Monitor the listed URL endpoints for various VMware Identity Manager components to ensure a functional environment. Certain endpoints can also be used for load balancers to ensure the service is up for traffic.
Health Checks for Load Balancers
| Component | Health Check | Expected Return | Notes |
|---|---|---|---|
| VMware Identity Manager Service | /SAAS/API/1.0/REST/system/health/heartbeat |
String: ok Http: 200 |
Frequency every 30 seconds |
| Android Mobile SSO - Certproxy: |
Http: 200 | Frequency every 30 seconds | |
| iOS Mobile SSO - KDC: |
Connection | Frequency every 30 seconds | |
| Certificate adapter:
|
String: ok Http: 200 |
Frequency every 30 seconds | |
| VMware Identity Manager Connector | /hc/API/1.0/REST/system/health/allOk |
String: true Http: 200 |
Frequency every 30 seconds |
| Integration Broker | /IB/API/RestServiceImpl.svc/ibhealthcheck |
String: All Ok Http: 200 |
Frequency every 30 seconds |
| XenApp 7.x Integration: |
String: 'SiteName' Http: 200 |
Frequency every 5 minutes | |
| XenApp 6.x Integration:
|
String: 'FarmName' Http: 200 |
Frequency every 5 minutes |
The health checks for load balancers return simple values for easy parsing by network equipment.
Additional Health Checks for Monitoring
The health checks listed here can be consumed by monitoring solutions that have the ability to parse data and create dashboards. Set the frequency to every 5 minutes.
VMware Identity Manager Service Monitoring and Health
URL call: /SAAS/jersey/manager/api/system/health
or
/SAAS/API/1.0/REST/system/health
Raw output:
{
"AnalyticsUrl":"unknown",
"ElasticsearchServiceOk":"true",
"EhCacheClusterPeers":"unknown",
"ElasticsearchMasterNode":"unknown",
"ElasticsearchIndicesCount":"unknown",
"ElasticsearchDocsCount":"unknown",
"AuditPollInterval":"0",
"AnalyticsConnectionOk":"true",
"EncryptionServiceVerified":"unknown",
"FederationBrokerStatus":"unknown",
"ServiceReadOnlyMode":"false",
"ElasticsearchUnassignedShards":"unknown",
"AuditWorkerThreadAlive":"true",
"BuildVersion":"3.3.0.0 Build xxxxxxx",
"AuditQueueSize":"0",
"DatabaseStatus":"unknown",
"HostName":"unknown",
"ElasticsearchNodesCount":"unknown",
"EncryptionStatus":"unknown",
"FederationBrokerOk":"true",
"EncryptionConnectionOk":"true",
"EncryptionServiceImpl":"unknown",
"ClusterId":"22f6e089-45df-41ab-9c8a-77f3e4589230",
"EhCacheClusterDiagnostics":"unknown",
"ElasticsearchNodesList":"unknown",
"DatabaseConnectionOk":"true",
"ElasticsearchHealth":"unknown",
"StatusDate":"2018-08-06 19:14:40 UTC",
"ClockSyncOk":"true",
"MaintenanceMode":"false",
"MessagingConnectionOk":"true",
"fipsModeEnabled":"true",
"ServiceVersion":"3.3.0",
"AuditQueueSizeThreshold":"null",
"IpAddress":"unknown",
"AuditDisabled":"false",
"AllOk":"true"
}
| "AllOk" | "true", "false" | Roll-up health check to monitor overall health of VMware Identity Manager services |
| "MessagingConnectionOk" | "true", "false" | Verifies that all message producers and consumers are connected to RabbitMQ |
| "DatabaseConnectionOk" | "true", "false" | Verifies the connection to the database |
| "EncryptionConnectionOk" | "true", "false" | Verifies that the connection to the encryption service is okay and the master key store is okay |
| "AnalyticsConnectionOk" | "true", "false" | Verifies the connection to the analytics service |
| "FederationBrokerOk" | "true", "false" | Verifies the embedded auth adapters to ensure their subsystems are okay |
URL call: /catalog-portal/services/health
This health check is specific for the user interface part of VMware Identity Manager.
Raw output:
{
"status": "UP",
"uiService": {
"status": "UP"
},
"apiService": {
"status": "UP"
},
"eucCacheEngine": {
"status": "UP"
},
"cacheEngineClient": {
"status": "UP"
},
"persistenceEngine": {
"status": "UP",
"database": "Microsoft SQL Server",
"hello": 1
},
"tenantPersistenceEngine": {
"status": "UP",
"database": "Microsoft SQL Server",
"hello": 1
},
"diskSpace": {
"status": "UP",
"total": 8460120064,
"free": 4898279424,
"threshold": 10485760
}
}
| "status" | "UP", "DOWN" | Roll-up health check to monitor overall health of the VMware Identity Manager user interface (UI) |
| "uiServer.status" | "UP", "DOWN" | UP if the main UI service is running |
| "apiService.status" | "UP", "DOWN" | UP if the main UI API service is running |
| "eucCacheEngine.status" | "UP", "DOWN" | UP if the Hazelcast cluster engine is running |
| "cacheEngineClient.status" | "UP", "DOWN" | UP if the Hazelcast client for the UI is running |
| "persistenceEngine.status" | "UP", "DOWN" | UP if the main database (SQL) is running |
| "tenantPersistenceEngine.status" | "UP", "DOWN" | UP if the main database (SQL) is running |
| "diskSpace.status" | "UP", "DOWN" | UP if the free disk space is greater than the threshold configured, 10 MB |
| "diskSpace.free" | Bytes | Space free in Bytes on the partition where the VMware Identity Manager UI is installed |
VMware Identity Manager Connector Monitoring and Health
URL call: /hc/API/1.0/REST/system/health
Raw output:
{
"HorizonDaaSSyncConfigurationStatus": "",
"AppManagerServiceOk": "true",
"DomainJoinEnabled": "false",
"XenAppEnabled": "true",
"ViewSyncConfigurationStatus": "",
"ThinAppServiceOk": "true",
"ThinAppSyncConfigurationStatus": "unknown",
"Activated": "true",
"XenAppServiceOk": "false",
"DirectoryServiceStatus": "Connection test successful",
"BuildVersion": "2017.1.1.0 Build 5077496",
"ThinAppServiceStatus": "unknown",
"XenAppServiceStatus": "A problem was encountered Sync Integration Broker",
"HostName": "hostname.company.local",
"NumberOfWarnAlerts": "0",
"JoinedDomain": "true",
"XenAppSyncConfigurationStatus": "Sync configured (manually)",
"DirectorySyncConfigurationStatus": "Sync configured (manually)",
"NumberOfErrorAlerts": "0",
"DirectoryServiceOk": "true",
"HorizonDaaSTenantOk": "true",
"ThinAppDirectoryPath": "",
"StatusDate": "2017-06-27 10:52:59 EDT",
"ViewSyncEnabled": "false",
"ViewServiceOk": "true",
"HorizonDaaSEnabled": "false",
"AppManagerUrl": "https://workspaceurl.com/SAAS/t/qwe12312qw/",
"HorizonDaaSServiceStatus": "unknown",
"DirectoryConnection": "ldap:///ldapcall",
"ServiceVersion": "VMware-C2-2017.1.1.0 Build 5077496",
"IpAddress": "169.118.86.105",
"DomainJoinStatus": "Domain: customerdomainname",
"AllOk": "false",
"ViewServiceStatus": "unknown",
"ThinAppEnabled": "false",
"XenAppSyncSsoBroker": "integrationbrokersso:443 / integrationbrokersync:443"
}
| "AllOk" | "true", "false" | Roll-up health check to monitor overall health of VMware Identity Manager Connector Services. |
| "ViewServiceOk" | "true", "false" | True, if connection to the View Broker is successful. This attribute will be true if View sync is disabled. |
| "HorizonDaaSTenantOk" | "true", "false" | True, if connection to Horizon Cloud is successful. This attribute will be true if Horizon Cloud sync is disabled. |
| "DirectoryServiceOk" | "true", "false" | True, if connection to the directory is successful. This attribute will be true if directory sync is disabled. |
| "XenAppServiceOk" | "true", "false" | True, if connection to the Citrix server is successful. This attribute will be true if Citrix server is disabled. |
| "ThinAppServiceOk" | "true", "false" | True, if connection to the ThinApp packaged applications service is successful. This attribute will be true if packaged applications are disabled. |
| "AppManagerServiceOk" | "true", "false" | True, if able to authenticate correctly to the AppManager. |
| "NumberOfWarnAlerts" | 0 - 1000 | Number of warning alerts that triggered on this Connector. These are available on the Connector Sync Log as “Notes.” They can indicate that a resource was synced in that included a user or group that is not in VMware Identity Manager. Depending on the configuration, this may be by design. The counter continues to increment on each sync until Warn and Error alerts equal 1000 and an administrator clears the alerts. |
| "NumberOfErrorAlerts" | 0 - 1000 | Number of error alerts that triggered on this Connector. These are available on the Connector Sync Log as “Error.” They can indicate that a sync failed. The counter continues to increment on each sync until Warn and Error alerts equal 1000 and an administrator clears the alerts. |
VMware Identity Manager Integration Broker Monitoring and Health
URL call: /IB/API/RestServiceImpl.svc/ibhealthcheck
Raw output:
“All Ok”
This health check verifies that all the software on the Integration Broker is responding properly. It returns a 200 response with the string "All Ok".
VMware Identity Manager Integration Broker Monitoring and Health with Citrix XenApp 7.x
URL call: /IB/API/RestServiceImpl.svc/hznxenapp/admin/xenfarminfo?computerName=&xenappversion=Version7x
This pulls back information from an API call to Citrix. Monitoring can ensure that the values are consistent.
Raw output:
[{
\ “ConfigurationLoggingServiceGroupUid \ “: \ “5e2a5602 - 45a8 - 4b56 - 92e6 - 9fae5a3ff459 \ “,
\ “ConfigurationServiceGroupUid \ “: \ “620d7c6e - b7c1 - 4ee7 - b192 - d00764f477e7 \ “, \ “DelegatedAdministrationServiceGroupUid \ “: \ “0a59914d - 4b6e - 4cca - bbaa - a095067092e3 \ “,
\ “LicenseServerName \ “: \ “xd.hs.trcint.com \ “,
\ “LicenseServerPort \ “: \ “27000 \ “,
\ “LicenseServerUri \ “: \ “https: \ / \ / xd.hs.domain.com: 8083 \ / \ “,
\ “LicensingBurnIn \ “: \ “2014.0815 \ “,
\ “LicensingBurnInDate \ “: \ “8 \ / 14 \ / 2014 5: 00: 00 PM \ “,
\ “LicensingModel \ “: \ “UserDevice \ “,
\ “MetadataMap \ “: \ “System.Collections.Generic.Dictionary `2[System.String,System.String]\“,
\“PrimaryZoneName\“:\“\”,
\“PrimaryZoneUid\“:\“00000000-0000-0000-0000-000000000000\“,
\“ProductCode\“:\“XDT\“,
\“ProductEdition\“:\“PLT\“,
\“ProductVersion\“:\“7.6\“,
\“SiteGuid\“:\“0c074098-02d2-47cf-aa87-7e3asdsad7c\“,
\“SiteName\“:\“customer\“
}]
Raw output exception:
{“ExceptionType”:“System.Management.Automation.CmdletInvocationException”,“Message”:“An invalid URL was given for the service. The value given was ‘mit-xen751.hs.trcint.com’.\u000d\u000a The reason given was: Failed to connect to back-end server ‘mit-xen751.hs.trcint.com’ on port 80 using binding WSHttp. The server may be off-line or may not be running the appropriate service\u000d\u000a\u0009There was no endpoint listening at http:\/\/mit-xen751.hs.trcint.com\/Citrix\/ConfigurationContract\/v2 that could accept the message. This is often caused by an incorrect address or SOAP action. See InnerException, if present, for more details.\u000d\u000a\u0009The remote name could not be resolved: ‘mit-xen751.hs.trcint.com’.“,”StackTrace”:” at System.Management.Automation.Internal.PipelineProcessor.SynchronousExecuteEnumerate(Object input, Hashtable errorResults, Boolean enumerate)\u000d\u000a at System.Management.Automation.Internal.PipelineProcessor.SynchronousExecute(Array input, Hashtable errorResults)\u000d\u000a at System.Management.Automation.Runspaces.LocalPipeline.InvokeHelper()\u000d\u000a at System.Management.Automation.Runspaces.LocalPipeline.InvokeThreadProc()“}
VMware Identity Manager Integration Broker Monitoring and Health with Citrix XenApp 6.x
URL call: /IB/API/RestServiceImpl.svc/hznxenapp/admin/xenfarminfo?computerName=&xenappversion=Version65orLater
This pulls back information from an API call to Citrix. Monitoring can ensure that the values are consistent.
Raw output:
“[{
\ “FarmName \ “: \ “NewFarm \ “,
\ “ServerVersion \ “: \ “6.5.0 \ “,
\ “AdministratorType \ “: \ “Full \ “,
\ “SessionCount \ “: \ “0 \ “,
\ “MachineName \ “: \ “XENAPPTEST \ “
}]”
