Architecture and Operation

IT Asset Management (Cloud)

The following diagram shows the operational architecture for the VMware Horizon adapter.



Summary

The VMware Horizon adapter has been created to collect supplementary VDI data. This data will show:
  • Existing VDI devices and templates
  • Existing desktop pools in Horizon where these VDI devices and templates are installed
  • What users have access to these desktop pools.

The FlexNet Inventory Agent which is installed on the VDI template, collects application evidence from each of the VDI devices purported by the VMware Horizon adapter. This application evidence shows all of the software that end-users have access to.

To import the collected supplementary VDI data into IT Asset Management, the VMware Horizon adapter uses PowerShell to query the REST APIs available on each connection server. The connection server acts as a broker and is the main component that fetches the virtual desktop or application(s) and delivers it to the end-user.

VMware Horizon documentation pertaining to the REST API used for gathering application evidence on the connection server is available here.

There are 5 main components in the above diagram:
  • Desktop pool: A collection of existing virtual machines. The FlexNet Inventory Agent collects the application evidence from these machines which is then mapped to users who have access to that desktop pool. Note: Access to a desktop pool is defined in Active Directory.
  • Pod / Pod Federation:
    • A Pod is a collection of existing connection servers. The connection server in VMware Horizon acts as the broker and is the main component that fetches the virtual desktop or application(s) and delivers it to the end-user. The connection server verifies what each user can access by checking the group and user permissions defined in Active Directory. To be able to pull the data into IT Asset Management, the connection server is queried by the VMware Horizon adapter which is set up on the inventory beacon. The VMware Horizon adapter then collects the information needed to represent the VMware Horizon inventory in IT Asset Management.
    • A Pod Federation is a collection of existing connection server pods.
  • Inventory Beacon: Connects to a single connection server in each pod, or in the case of a pod federation a single connection server in that federation. Inventory is then uploaded to the Batch and Inventory Servers. The inventory beacon also imports data from Active Directory, including groups (and their members), users, and computers, and the security identifiers for each item within Active Directory. (These security identifiers, or SIDs, are the same identifiers that the VMware Horizon adapter reports for usage of the applications delivered by VMware Horizon).
  • Inventory Server: Is where the application evidence (.NDI file from each VDI device) is received, processed and imported to the IM inventory database. .NDI files are produced by running the FlexNet Inventory Agent on the VDI.
  • Batch Server: Is where data from the IM Inventory Database is processed and imported to the IT Asset Management Compliance database which in turn drives the VDI template UI. Note: The VMware Horizon adapter has been configured as a new compliance connection. VDI data is sent to the Batch server as intermediate data files which are then processed (matched/merged) with data from other compliance connections to produce a single view of the data and imported to the IT Asset Management database.

What data is retrieved

The data listed below is retrieved by means of running functions in the PowerShell reader that is used to connect to the VMware Horizon REST API.
Functions Retrieved data
Site name

Returns a string that represents the site name associated with the data from the connection server. If Cloud Pod Architecture (CPA) is in use, the name of the Pod Federation is used: (/rest/federation/v1/cpa - name).

If CPA is not in use, the cluster name which represents a group of connection servers sharing the same configuration is used: (/rest/config/v1/environment-properties - cluster_name).
Desktop pools

Returns each desktop pool along with the following properties for each pool.

/inventory/v2/desktop-pools - source

/inventory/v2/desktop-pools - provisioning_settings - base_snapshot_id

/rest/inventory/v2/desktop-pools - name

/rest/inventory/v2/desktop-pools - id
Machines Returns a list of VDIs associated with a desktop pool or delivery group and the corresponding properties for that VDI.

/rest/inventory/v1/machines - name

/rest/inventory/v1/machines - dns_name

/rest/inventory/v1/machines - desktop_pool_id
User access Returns the Active Directory SID for a user or group that has access to a desktop pool.

/rest/entitlements/v1/desktop-pools- ad_user_or_group_ids

If CPA is in use: /entitlements/v1/global-desktop-entitlements
Test connection A test connection button is available in the FlexNet Beacon UI. Selecting test connection will show a successful test if the configured user is able to successfully log into the API, going through any configured proxy.

If the connection fails, the relevant error is fed back to the user.

IT Asset Management (Cloud)

Current