The various components of vRealize Operations for Horizon use certificates and tokens to perform authentication.

When an RMI connection is established between a message server and an agent, the agent requests a certificate from the server to perform authentication. The agent validates this certificate against its trust store before proceeding with the connection. If the server does not provide a certificate, or the server certificate cannot be validated, the agent rejects the connection.

The broker message server also requests a certificate from broker agents that it validates against its trust store. If the agent does not provide a certificate, or the agent certificate cannot be validated, the server rejects the connection.

Desktop agents generate a unique authentication token for each remote desktop and a server ID for the local Horizon server. They then send the server ID to vRealize Operations Manager.

Desktop agents include the authentication token and server ID when they attempt to send data to the Horizon Adapter. The adapter instance compares the authentication token with the one stored in its memory and rejects the communication attempt if they do not match. If the token does not exist on the adapter instance, it caches the token in memory. It then checks whether a virtual machine with the specified server ID exists in vRealize Operations Manager and adds the virtual machine to the topology if so.