Using the Horizon vCenter Orchestrator Plug-In VMware Horizon 6.0 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new edition. To check for more recent editions of this document, see http://www.vmware.com/support/pubs.
Using the Horizon vCenter Orchestrator Plug-In You can find the most up-to-date technical documentation on the VMware Web site at: http://www.vmware.com/support/ The VMware Web site also provides the latest product updates. If you have comments about this documentation, submit your feedback to: docfeedback@vmware.com Copyright © 2014 VMware, Inc. All rights reserved. Copyright and trademark information. VMware, Inc. 3401 Hillview Ave. Palo Alto, CA 94304 www.vmware.com 2 VMware, Inc.
Contents Using the Horizon vCenter Orchestrator Plug-In 5 1 Introduction to the Horizon vCenter Orchestrator Plug-In 7 Role of the Horizon vCenter Orchestrator Plug-In 8 Functionality Available with the Horizon vCenter Orchestrator Plug-In 8 Horizon vCenter Orchestrator Plug-In Architecture 8 Security Model 9 Personas Used for Managing Workflows Across Distributed Organizations 9 2 Installing and Configuring the Horizon vCenter Orchestrator Plug-In 11 Horizon vCenter Orchestrator Plug-In Functional Pre
Using the Horizon vCenter Orchestrator Plug-In 4 VMware, Inc.
Using the Horizon vCenter Orchestrator Plug-In Using the Horizon vCenter Orchestrator Plug-In describes how to set up and start using the Horizon™ plug-in ® ® to VMware vCenter Orchestrator™. The plug-in allows IT organizations to use VMware vCloud Automation Center™ to automate the provisioning of desktops and applications that are provided by VMware Horizon™ (with View™).
Using the Horizon vCenter Orchestrator Plug-In 6 VMware, Inc.
Introduction to the Horizon vCenter Orchestrator Plug-In 1 The Horizon vCenter Orchestrator (vCO) plug-in allows interaction between vCenter Orchestrator and VMware Horizon 6. You can use this plug-in to expand the settings and methods for provisioning remote desktops and applications. The plug-in contains a set of standard workflows that enable automation, self-service by request and approval, and scalable delegated administration across multi-tenant or highly distributed environments.
Using the Horizon vCenter Orchestrator Plug-In Role of the Horizon vCenter Orchestrator Plug-In You must use the Orchestrator configuration interface to install and configure the Horizon vCO plug-in. You use the Orchestrator client to run and create workflows and access the plug-in API. The Horizon vCO plug-in is powered by vCenter Orchestrator.
Chapter 1 Introduction to the Horizon vCenter Orchestrator Plug-In Figure 1‑1. Horizon vCO Plug-In Architecture Self-service request and approval multi-tenancy vCAC service catalog Run and schedule workflows vSphere Web Client View management and automation Self-service for EU and DA Install and customize workflows End users IT admin vCO Orchestrator IT admin VMware Horizon vCO plugin Security Model The Horizon vCO plug-in uses a trusted account security model.
Using the Horizon vCenter Orchestrator Plug-In Administrator This persona encompasses the typical administrator role. Responsibilities include installation, configuration, and assignment of other personas to roles and privileges. This role is responsible for the various products, configuration, and SSO (single sign-on) implementation. The administrator decides which users can access the various workflows and whether to expose each workflow through vSphere Web Client or through vCloud Automation Center.
Installing and Configuring the Horizon vCenter Orchestrator Plug-In 2 Installing the Horizon vCO plug-in is similar to installing other vCenter Orchestrator plug-ins. Configuring the Horizon vCO plug-in involves running various configuration workflows to connect to View components and to configure roles and permissions.
Using the Horizon vCenter Orchestrator Plug-In vCloud Automation Center You must have access to a vCloud Automation Center server. The Horizon vCO plug-in works with vCloud Automation Center version 6.0.1. The embedded vCenter Orchestrator server packaged with vCloud Automation Center versions 6.0.1 is compatible with this plug-in, or you can install the plug-in in an external vCenter Orchestrator server.
Chapter 2 Installing and Configuring the Horizon vCenter Orchestrator Plug-In 6 Go to the Enabled plug-ins installation status section and confirm that Horizon 1.0.0.xxxxxxx is listed, where xxxxxx is the build number. The status says: Plug-in will be installed at next server startup. 7 Restart the vCenter Orchestrator Server service. 8 Restart the vCenter Orchestrator Configuration service.
Using the Horizon vCenter Orchestrator Plug-In Updating View Pod Connection Information If the user credentials for a View Connection Server instance change, or if the members of a replicated group of View Connection Server instances change, you must run the corresponding workflow in vCenter Orchestrator. You can navigate to the folder that contains these workflows by using the Orchestrator Client and going to Library > Horizon > Configuration > View Pod Configuration.
Chapter 2 Installing and Configuring the Horizon vCenter Orchestrator Plug-In Procedure 1 Log in to the vSphere Web Client as administrator@vsphere.local or as another user with vCenter Single Sign-On administrator privileges. 2 Create a Delegated Administrators group. a Browse to Administration > Single Sign-On > Users and Groups. b Select the Groups tab and click the New Group icon. c Supply a name such as Delegated Admins and click OK. The new group appears in the list.
Using the Horizon vCenter Orchestrator Plug-In Provide Access Rights to the Horizon vCenter Orchestrator Plug-In Workflows After you create a delegated administrators group and assign it permission to perform actions on vCenter extensions, you can give the group permission to view and execute workflows in Orchestrator.
Chapter 2 Installing and Configuring the Horizon vCenter Orchestrator Plug-In Assign Delegated Administrators to Pools The administrator runs the Delegated Administrator Configuration workflow to set the scope of delegated administration. For example, a certain delegated administrator might be limited to performing operations on some pools, and a different delegated administrator might be limited to different pools.
Using the Horizon vCenter Orchestrator Plug-In Best Practices for Managing Workflow Permissions You can use the Orchestrator client to limit which personas can see and interact with the workflows. Ideally, only the administrator interacts with workflows in vCenter Orchestrator by using the Orchestrator client. Delegated administrators and end users should interact with the workflows through the vSphere Web Client or through the service catalog in vCloud Automation Center.
Chapter 2 Installing and Configuring the Horizon vCenter Orchestrator Plug-In n If you choose to save View Composer persistent disks, you can save them on their current datastore or save them to a different datastore. Prerequisites n Verify that you have administrator credentials for the Orchestrator server. The account must be a member of the vCenter Orchestrator Admin group configured to authenticate through vCenter Single Sign-On. n Configure the connection to the View pod.
Using the Horizon vCenter Orchestrator Plug-In 20 VMware, Inc.
Using Horizon vCenter Orchestrator Plug-In Workflows 3 You can use the predefined workflows installed by the Horizon vCO plug-in, or you can copy workflows and customize them. IMPORTANT For security reasons, configuration workflows can be run only from within the Orchestrator client. The folders and workflows that appear in the Horizon folder are the predefined workflows delivered by the Horizon vCO plug-in. To customize a workflow, create a duplicate of that workflow.
Using the Horizon vCenter Orchestrator Plug-In Horizon vCenter Orchestrator Plug-In Workflow Library The Horizon vCO plug-in workflow library contains workflows that you can use to run automated processes to manage View pods, including objects such as remote desktops and applications, pools, entitlements, and View server configuration.
Chapter 3 Using Horizon vCenter Orchestrator Plug-In Workflows Horizon vCenter Orchestrator Plug-In Workflow Reference Each workflow has a specific purpose and requires certain inputs. For the workflows in the vCAC60 folder, the administrator must bind the workflow to a pod and pool. See “Bind vSphereWebClient Workflows to Specific Pods and Pools in vCenter Orchestrator,” on page 30. When a delegated administrator or end user runs the workflow, the workflow operates only on the designated pod and pool.
Using the Horizon vCenter Orchestrator Plug-In Assign User Desktop Allocation Purpose Assigns a user to a specific machine in a desktop pool. An option is provided to entitle the user to a desktop pool as well. Inputs/parameters Pod, pool ID, machine name, user name Binding requirements For the vCAC60 folder, the administrator must bind this workflow to a pool and pod. For the vSphereWebClient folder, no binding is required. Results The user is assigned to the specified machine.
Chapter 3 Using Horizon vCenter Orchestrator Plug-In Workflows Desktop Recycle Purpose This de-provisioning workflow removes user assignment or entitlement from the specified virtual machine desktop. Depending on the pool policy, the virtual machine might be deleted and any persistent disks might be saved. Inputs/parameters Pod, pool ID, user name Scope Works for all types of pools. Prerequisites Run the Add Pool Policy Configuration workflow before running this workflow.
Using the Horizon vCenter Orchestrator Plug-In Self-Service Desktop Allocation Binding requirements For the vCAC60 and vSphereWebClient folders, the administrator must bind this workflow to a pool and pod. Results Specified users are no longer entitled to the specified desktop pool. Purpose Allows end users to allocate a machine to themselves. A new machine gets provisioned only for "specified naming" desktop pools. Inputs/parameters None Scope Works only on automated pools.
Chapter 3 Using Horizon vCenter Orchestrator Plug-In Workflows Self-Service Release Application Self-Service Request Application Unassign User Update App Pool Display Name Update Desktop Pool Display Name VMware, Inc. Binding requirements For the vCAC60 folder, the administrator must bind this workflow to a pool and pod. This workflow does not appear in the vSphereWebClient folder.
Using the Horizon vCenter Orchestrator Plug-In Update Desktop Pool Min Size Update Desktop Pool Spare Size Purpose Changes the minimum number of desktops that the pool can contain. Scope Works only for automated floating and automated dedicated pools that use a naming pattern. Inputs/parameters Pod, pool ID, number to use for the minimum pool size (an integer) Results The minimum number of virtual machines in the pool changes.
Making the Workflows Available in vSphere Web Client and vCloud Automation Center 4 Administrators can expose the Horizon vCO workflows in the vCloud Automation Center self-service catalog or in the vSphere Web Client. Administrators can also bind the workflows to specific pools so that delegated administrators can select a pool and select entitled end users from a drop-down list.
Using the Horizon vCenter Orchestrator Plug-In Exposing Horizon vCenter Orchestrator Plug-In Workflows in vSphere Web Client Administrators can configure Horizon workflows so that delegated administrators can run them from within vSphere Web Client. The delegated administrator can search for the name of the workflow and run and schedule vCenter Orchestrator workflows.
Chapter 4 Making the Workflows Available in vSphere Web Client and vCloud Automation Center 5 Select (string)podAlias Horizon View Pod in the upper portion of the tab and edit its properties. a In the lower portion of the tab, click the Properties tab, and in the Data Binding row, type the pod name and enclose it with quotation marks; for example: "ViewPod1". b Select and delete the Predefined answers property.
Using the Horizon vCenter Orchestrator Plug-In 6 7 Complete the form that appears. Option Action Source Workflow Click Not Set and select the original workflow that you duplicated to bind the workflow to a pod. Target Workflow Click Not Set and select the workflow that you duplicated. Click Submit to run the workflow. If the workflow completes successfully, you can go to the Resources view, expand the folder you created, and see the properties files that were created for each language.
Chapter 4 Making the Workflows Available in vSphere Web Client and vCloud Automation Center Prerequisites n Verify that you have administrator credentials for the Orchestrator server. The account must be a member of the vCenter Orchestrator Admin group configured to authenticate through vCenter Single Sign-On. n Familiarize yourself with the procedures for creating groups in vCloud Automation Center. The vCloud Automation Center documentation is available at https://www.vmware.
Using the Horizon vCenter Orchestrator Plug-In 4 5 Create a service for the delegated administrators business group. a Click the Add Service (+) icon. b On the Details tab, supply a name, and in the Status list, select Active. c Click Add. Repeat the step to create a service for the end users business group. What to do next Create entitlements for delegated administrators and end users.
Chapter 4 Making the Workflows Available in vSphere Web Client and vCloud Automation Center Bind vCAC60 Workflows to Specific Pods and Pools in vCloud Automation Center To expose a workflow through the vCloud Automation Center service catalog, the administrator must use vCloud Automation Center to bind the workflow to a specific pod and pool. Workflows exposed through vCloud Automation Center can be customized using the vCloud Automation Center form editor interface.
Using the Horizon vCenter Orchestrator Plug-In 7 Edit the PoolIds field. a Click in the PoolIds text box and click the Edit (pencil) icon. The Edit Form Field - PoolIds dialog box appears. b On the Details tab, to create a drop-down list of pools, from the Type list, select Drop-down; otherwise, make no changes on this tab. c Click the Constraints tab and configure the following fields.
Chapter 4 Making the Workflows Available in vSphere Web Client and vCloud Automation Center The workflow is now ready to be run by the delegated administrator or end user. When the delegated administrator or end user logs in to vCloud Automation Center and goes to the Catalog tab, the service, or workflow, is listed. The user clicks the Request button, completes the form that appears, and clicks Submit to run the workflow. To check the status of the request, the user can go to the Request tab.
Using the Horizon vCenter Orchestrator Plug-In 38 VMware, Inc.
Index A R access rights 18 access rights to the plug-in 16 Add Delegated Administrator Configuration workflow 17 Add View Pod workflow 13 adding access rights 18 architecture 8 roles 9 S self-service 29 system requirements 11 T trusted account security model 9 B bind a workflow to a pod or pool 30, 35 business groups 32 U C V catalog services 33 configure catalog items 36 credentials, syntax for supplying 28 D vCenter extensions 14 vCenter Orchestrator 8 vCloud Automation Center 29, 32 View pod
Using the Horizon vCenter Orchestrator Plug-In 40 VMware, Inc.
