對各種 VMware Identity Manager 元件監控列出的 URL 端點,以確保環境的正常運作。您也可以將特定端點用於負載平衡器,以確保服務可正常傳輸流量。
負載平衡器的健全狀況檢查
元件 | 健全狀況檢查 | 符合預期的傳回 | 附註 |
---|---|---|---|
VMware Identity Manager 服務 | /SAAS/API/1.0/REST/system/health/heartbeat |
字串:ok HTTP:200 |
每隔 30 秒的頻率 |
Android 行動 SSO - Certproxy: |
HTTP:200 | 每隔 30 秒的頻率 | |
iOS 行動 SSO - KDC: |
連線 | 每隔 30 秒的頻率 | |
憑證配接器:
|
字串:ok HTTP:200 |
每隔 30 秒的頻率 | |
VMware Identity Manager Connector | /hc/API/1.0/REST/system/health/allOk |
字串:true HTTP:200 |
每隔 30 秒的頻率 |
Integration Broker | /IB/API/RestServiceImpl.svc/ibhealthcheck |
字串:All Ok HTTP:200 |
每隔 30 秒的頻率 |
XenApp 7.x 整合: |
字串:' SiteName' HTTP:200 |
每隔 5 分鐘的頻率 | |
XenApp 6.x 整合:
|
字串:'FarmName' HTTP:200 |
每隔 5 分鐘的頻率 |
負載平衡器的健全狀況檢查會傳回簡單值以便網路設備輕鬆進行剖析。
用於監控的其他健全狀況檢查
此處列出的健全狀況檢查,可藉由監控有能力剖析資料並建立儀表板的解決方案來取用。請將頻率設為每隔 5 分鐘。
VMware Identity Manager 服務監控和健全狀況
URL 呼叫: /SAAS/jersey/manager/api/system/health
或
/SAAS/API/1.0/REST/system/health
原始輸出:
{ "AnalyticsUrl":"unknown", "ElasticsearchServiceOk":"true", "EhCacheClusterPeers":"unknown", "ElasticsearchMasterNode":"unknown", "ElasticsearchIndicesCount":"unknown", "ElasticsearchDocsCount":"unknown", "AuditPollInterval":"0", "AnalyticsConnectionOk":"true", "EncryptionServiceVerified":"unknown", "FederationBrokerStatus":"unknown", "ServiceReadOnlyMode":"false", "ElasticsearchUnassignedShards":"unknown", "AuditWorkerThreadAlive":"true", "BuildVersion":"3.3.0.0 Build xxxxxxx", "AuditQueueSize":"0", "DatabaseStatus":"unknown", "HostName":"unknown", "ElasticsearchNodesCount":"unknown", "EncryptionStatus":"unknown", "FederationBrokerOk":"true", "EncryptionConnectionOk":"true", "EncryptionServiceImpl":"unknown", "ClusterId":"22f6e089-45df-41ab-9c8a-77f3e4589230", "EhCacheClusterDiagnostics":"unknown", "ElasticsearchNodesList":"unknown", "DatabaseConnectionOk":"true", "ElasticsearchHealth":"unknown", "StatusDate":"2018-08-06 19:14:40 UTC", "ClockSyncOk":"true", "MaintenanceMode":"false", "MessagingConnectionOk":"true", "fipsModeEnabled":"true", "ServiceVersion":"3.3.0", "AuditQueueSizeThreshold":"null", "IpAddress":"unknown", "AuditDisabled":"false", "AllOk":"true" }
"AllOk" | "true", "false" | 用來監控 VMware Identity Manager 服務整體健全狀況的彙總健全狀況檢查 |
"MessagingConnectionOk" | "true", "false" | 確認所有訊息產生者和取用者皆已連線至 RabbitMQ |
"DatabaseConnectionOk" | "true", "false" | 確認資料庫的連線 |
"EncryptionConnectionOk" | "true", "false" | 確認加密服務的連線正常,且主要金鑰儲存區也正常運作 |
"AnalyticsConnectionOk" | "true", "false" | 確認分析服務的連線 |
"FederationBrokerOk" | "true", "false" | 確認內嵌式驗證配接器的子系統正常運作 |
URL 呼叫: /catalog-portal/services/health
這是 VMware Identity Manager 使用者介面部分專用的健全狀況檢查。
原始輸出:
{ "status": "UP", "uiService": { "status": "UP" }, "apiService": { "status": "UP" }, "eucCacheEngine": { "status": "UP" }, "cacheEngineClient": { "status": "UP" }, "persistenceEngine": { "status": "UP", "database": "Microsoft SQL Server", "hello": 1 }, "tenantPersistenceEngine": { "status": "UP", "database": "Microsoft SQL Server", "hello": 1 }, "diskSpace": { "status": "UP", "total": 8460120064, "free": 4898279424, "threshold": 10485760 } }
"status" | "UP", "DOWN" | 用來監控 VMware Identity Manager 使用者介面 (UI) 整體健全狀況的彙總健全狀況檢查 |
"uiServer.status" | "UP", "DOWN" | 如果主要 UI 服務正在執行中,則為 UP |
"apiService.status" | "UP", "DOWN" | 如果主要 UI API 服務正在執行中,則為 UP |
"eucCacheEngine.status" | "UP", "DOWN" | 如果 Hazelcast 叢集引擎正在執行中,則為 UP |
"cacheEngineClient.status" | "UP", "DOWN" | 如果 UI 的 Hazelcast 用戶端正在執行中,則為 UP |
"persistenceEngine.status" | "UP", "DOWN" | 如果主要資料庫 (SQL) 正在執行中,則為 UP |
"tenantPersistenceEngine.status" | "UP", "DOWN" | 如果主要資料庫 (SQL) 正在執行中,則為 UP |
"diskSpace.status" | "UP", "DOWN" | 如果可用磁碟空間大於設定的臨界值 10 MB,則為 UP |
"diskSpace.free" | 位元組 | VMware Identity Manager UI 安裝所在磁碟分割上的可用空間 (以位元組為單位) |
VMware Identity Manager Connector 監控和健全狀況
URL 呼叫:/hc/API/1.0/REST/system/health
原始輸出:
{ "HorizonDaaSSyncConfigurationStatus": "", "AppManagerServiceOk": "true", "DomainJoinEnabled": "false", "XenAppEnabled": "true", "ViewSyncConfigurationStatus": "", "ThinAppServiceOk": "true", "ThinAppSyncConfigurationStatus": "unknown", "Activated": "true", "XenAppServiceOk": "false", "DirectoryServiceStatus": "Connection test successful", "BuildVersion": "2017.1.1.0 Build 5077496", "ThinAppServiceStatus": "unknown", "XenAppServiceStatus": "A problem was encountered Sync Integration Broker", "HostName": "hostname.company.local", "NumberOfWarnAlerts": "0", "JoinedDomain": "true", "XenAppSyncConfigurationStatus": "Sync configured (manually)", "DirectorySyncConfigurationStatus": "Sync configured (manually)", "NumberOfErrorAlerts": "0", "DirectoryServiceOk": "true", "HorizonDaaSTenantOk": "true", "ThinAppDirectoryPath": "", "StatusDate": "2017-06-27 10:52:59 EDT", "ViewSyncEnabled": "false", "ViewServiceOk": "true", "HorizonDaaSEnabled": "false", "AppManagerUrl": "https://workspaceurl.com/SAAS/t/qwe12312qw/", "HorizonDaaSServiceStatus": "unknown", "DirectoryConnection": "ldap:///ldapcall", "ServiceVersion": "VMware-C2-2017.1.1.0 Build 5077496", "IpAddress": "169.118.86.105", "DomainJoinStatus": "Domain: customerdomainname", "AllOk": "false", "ViewServiceStatus": "unknown", "ThinAppEnabled": "false", "XenAppSyncSsoBroker": "integrationbrokersso:443 / integrationbrokersync:443" }
"AllOk" | "true", "false" | 用來監控 VMware Identity Manager Connector 服務整體健全狀況的彙總健全狀況檢查。 |
"ViewServiceOk" | "true", "false" | 如果成功連線至 View Broker,則為 true。如果停用 View 同步,此屬性將為 true。 |
"HorizonDaaSTenantOk" | "true", "false" | 如果成功連線至 Horizon Cloud,則為 true。如果停用 Horizon Cloud 同步,此屬性將為 true。 |
"DirectoryServiceOk" | "true", "false" | 如果成功連線至目錄,則為 true。如果停用目錄同步,此屬性將為 true。 |
"XenAppServiceOk" | "true", "false" | 如果成功連線至 Citrix 伺服器,則為 true。如果停用 Citrix 伺服器,此屬性將為 true。 |
"ThinAppServiceOk" | "true", "false" | 如果成功連線至 ThinApp 封裝應用程式服務,則為 true。如果停用封裝應用程式,此屬性將為 true。 |
"AppManagerServiceOk" | "true", "false" | 如果能對 AppManager 正確進行驗證,則為 true。 |
"NumberOfWarnAlerts" | 0 - 1000 | 在此連接器上觸發的警告警示數目。這些項目會在 [連接器同步記錄] 上顯示為「注意事項」。這些項目可能表示已同步的資源中包含不在 VMware Identity Manager 中的使用者或群組。根據組態,這可能是刻意的設計。計數器會隨著每次的同步而持續遞增,直到「警告」和「錯誤」警示等於 1000 個,而此時管理員會清除警示。 |
"NumberOfErrorAlerts" | 0 - 1000 | 在此連接器上觸發的錯誤警示數目。這些項目會在 [連接器同步記錄] 上顯示為「錯誤」。這些項目可能表示同步失敗。計數器會隨著每次的同步而持續遞增,直到「警告」和「錯誤」警示等於 1000 個,而此時管理員會清除警示。 |
VMware Identity Manager Integration Broker 監控和健全狀況
URL 呼叫: /IB/API/RestServiceImpl.svc/ibhealthcheck
原始輸出:
“All Ok”
此健全狀況檢查會確認 Integration Broker 上的所有軟體皆可正確回應。它會傳回一個包含「All Ok」字串的 200 回應。
使用 Citrix XenApp 7.x 的 VMware Identity Manager Integration Broker 監控和健全狀況
URL 呼叫: /IB/API/RestServiceImpl.svc/hznxenapp/admin/xenfarminfo?computerName=&xenappversion=Version7x
這會從對 Citrix 的 API 呼叫中撤回資訊。監控可確保這些值的一致性。
原始輸出:
[{ \ “ConfigurationLoggingServiceGroupUid \ “: \ “5e2a5602 - 45a8 - 4b56 - 92e6 - 9fae5a3ff459 \ “, \ “ConfigurationServiceGroupUid \ “: \ “620d7c6e - b7c1 - 4ee7 - b192 - d00764f477e7 \ “, \ “DelegatedAdministrationServiceGroupUid \ “: \ “0a59914d - 4b6e - 4cca - bbaa - a095067092e3 \ “, \ “LicenseServerName \ “: \ “xd.hs.trcint.com \ “, \ “LicenseServerPort \ “: \ “27000 \ “, \ “LicenseServerUri \ “: \ “https: \ / \ / xd.hs.domain.com: 8083 \ / \ “, \ “LicensingBurnIn \ “: \ “2014.0815 \ “, \ “LicensingBurnInDate \ “: \ “8 \ / 14 \ / 2014 5: 00: 00 PM \ “, \ “LicensingModel \ “: \ “UserDevice \ “, \ “MetadataMap \ “: \ “System.Collections.Generic.Dictionary `2[System.String,System.String]\“, \“PrimaryZoneName\“:\“\”, \“PrimaryZoneUid\“:\“00000000-0000-0000-0000-000000000000\“, \“ProductCode\“:\“XDT\“, \“ProductEdition\“:\“PLT\“, \“ProductVersion\“:\“7.6\“, \“SiteGuid\“:\“0c074098-02d2-47cf-aa87-7e3asdsad7c\“, \“SiteName\“:\“customer\“ }]
原始輸出例外狀況:
{“ExceptionType”:“System.Management.Automation.CmdletInvocationException”,“Message”:“An invalid URL was given for the service. The value given was ‘mit-xen751.hs.trcint.com’.\u000d\u000a The reason given was: Failed to connect to back-end server ‘mit-xen751.hs.trcint.com’ on port 80 using binding WSHttp. The server may be off-line or may not be running the appropriate service\u000d\u000a\u0009There was no endpoint listening at http:\/\/mit-xen751.hs.trcint.com\/Citrix\/ConfigurationContract\/v2 that could accept the message. This is often caused by an incorrect address or SOAP action. See InnerException, if present, for more details.\u000d\u000a\u0009The remote name could not be resolved: ‘mit-xen751.hs.trcint.com’.“,”StackTrace”:” at System.Management.Automation.Internal.PipelineProcessor.SynchronousExecuteEnumerate(Object input, Hashtable errorResults, Boolean enumerate)\u000d\u000a at System.Management.Automation.Internal.PipelineProcessor.SynchronousExecute(Array input, Hashtable errorResults)\u000d\u000a at System.Management.Automation.Runspaces.LocalPipeline.InvokeHelper()\u000d\u000a at System.Management.Automation.Runspaces.LocalPipeline.InvokeThreadProc()“}
使用 Citrix XenApp 6.x 的 VMware Identity Manager Integration Broker 監控和健全狀況
URL 呼叫: /IB/API/RestServiceImpl.svc/hznxenapp/admin/xenfarminfo?computerName=&xenappversion=Version65orLater
這會從對 Citrix 的 API 呼叫中撤回資訊。監控可確保這些值的一致性。
原始輸出:
“[{ \ “FarmName \ “: \ “NewFarm \ “, \ “ServerVersion \ “: \ “6.5.0 \ “, \ “AdministratorType \ “: \ “Full \ “, \ “SessionCount \ “: \ “0 \ “, \ “MachineName \ “: \ “XENAPPTEST \ “ }]”