Architecture and Operation

FlexNet Manager Suite 2022 R1 (On-Premises)

The following diagram shows the operational architecture for the VMware Horizon adapter.



Summary

The VMware Horizon adapter has been created to collect supplementary VDI data. This data will show:
  • Existing VDI devices and templates
  • Existing desktop pools where these VDI devices and templates are installed
  • What user groups have access to these desktop pools.

The FlexNet inventory agent which is installed on the VDI template, collects application evidence from each of the VDI devices purported by the VMware Horizon adapter. This application evidence shows all of the software that end-users have access to.

To import the collected supplementary VDI data into FlexNet Manager Suite, the VMware Horizon adapter uses PowerShell to query the REST APIs available on each connection server. The connection server acts as a broker and is the main component that fetches the virtual desktop or application(s) and delivers it to the end-user.

VMware Horizon documentation pertaining to the API used for gathering application evidence on the connection server is available here.

There are 5 main components in the above diagram:
  • Desktop pool: A collection of existing virtual machines. The FlexNet inventory agent is installed on each virtual machine, allowing for communication via an endpoint between the virtual machine and the connection server. It is this endpoint that enables the connection server to talk to the virtual machine. Note: Access to a desktop pool is defined in Active Directory.
  • Horizon Pod / Horizon Pod Federation:
    • A Horizon Pod is a collection of existing connection servers. The connection server in VMware Horizon acts as a broker and is the main component that fetches the virtual desktop or application(s) and delivers it to the end-user. The connection server verifies what each user can access by checking the group and user permissions defined in Active Directory. To be able to pull the data into FlexNet Manager Suite, the connection server is queried by the VMware Horizon adapter which is set up on the inventory beacon. The VMware Horizon adapter then collects the information needed to represent the VMware Horizon inventory in FlexNet Manager Suite.
    • A Horizon Pod Federation is a collection of existing connection server pods.
  • Inventory Beacon: Connects to a single connection server in each pod, or in the case of a pod federation a single connection server in that federation, and uploads the inventory to the Batch and Inventory Servers. The inventory beacon also imports data from Active Directory, including groups (and their members), users, and computers, and the security identifiers for each item within Active Directory. (These security identifiers, or SIDs, are the same identifiers that the VMware Horizon adapter reports for usage of the applications delivered by VMware Horizon).
  • Inventory Server: Is where the application evidence (.NDI file from each VDI device) is received, processed and imported to the IM inventory database. .NDI files are produced by running the FlexNet inventory agent on the VDI.
  • Batch Server: Is where data from the IM Inventory Database is processed and imported to the FlexNet Manager Suite Compliance database which in turn drives the VDI template UI. Note: The VMware Horizon adapter has been configured as a new compliance connection.

    VDI data is sent to the Batch server as intermediate data files which are then processed (matched/merged) with data from other compliance connections to produce a single view of the data and imported to the FlexNet Manager Suite database.

What data is retrieved

The data listed below is retrieved by means of running functions in the PowerShell reader that is used to connect to the VMware Horizon REST API on the configured connection server.
Functions Retrieved data
Site name Returns a string that represents the site name associated with the data from the connection server. If Cloud Pod Architecture (CPA) is in use, the name of the Pod Federation is used: (/rest/federation/v1/cpa - name).

If CPA is not in use, the cluster name which represents a group of connection servers sharing the same configuration is used: (/rest/config/v1/environment-properties - cluster_name).
Desktop pools Returns each desktop pool along with the following properties for each pool.

/inventory/v2/desktop-pools - source

/inventory/v2/desktop-pools - provisioning_settings - base_snapshot_id

/rest/inventory/v2/desktop-pools - name

/rest/inventory/v2/desktop-pools - id
Machines Returns a list of VDIs associated with a desktop pool and the corresponding properties for that VDI.

/rest/inventory/v1/machines - name

/rest/inventory/v1/machines - dns_name

/rest/inventory/v1/machines - desktop_pool_id
User access Returns the Active Directory SID for a user or group that has access to a desktop pool.

/rest/entitlements/v1/desktop-pools- ad_user_or_group_ids

If CPA is in use: /entitlements/v1/global-desktop-entitlements
Test connection A test connection button is available in the FlexNet Beacon UI. Selecting test connection will show a successful test if the configured user is able to successfully log into the REST API on the connection server, going through any configured proxy.

If the connection fails, the relevant error is fed back to the user.

FlexNet Manager Suite (On-Premises)

2022 R1