6.0
Table Of Contents
- Using the Horizon vCenter Orchestrator Plug-In
- Contents
- Using the Horizon vCenter Orchestrator Plug-In
- Introduction to the Horizon vCenter Orchestrator Plug-In
- Installing and Configuring the Horizon vCenter Orchestrator Plug-In
- Horizon vCenter Orchestrator Plug-In Functional Prerequisites
- Install the Horizon vCenter Orchestrator Plug-In
- Configure the Connection to a View Pod
- Assigning Delegated Administrators to Desktop and Application Pools
- Best Practices for Managing Workflow Permissions
- Set a Policy for De-Provisioning Desktop Virtual Machines
- Using Horizon vCenter Orchestrator Plug-In Workflows
- Making the Workflows Available in vSphere Web Client and vCloud Automation Center
- Exposing Horizon vCenter Orchestrator Plug-In Workflows in vSphere Web Client
- Exposing Horizon vCenter Orchestrator Plug-In Workflows in vCloud Automation Center
- Create Business Groups for Delegated Administrators and End Users
- Create Services for Delegated Administrators and End Users
- Create Entitlements for Delegated Administrators and End Users
- Bind vCAC60 Workflows to Specific Pods and Pools in vCloud Automation Center
- Configure the Catalog Item for the Workflow
- Index
Figure 1‑1. Horizon vCO Plug-In Architecture
Self-service
request and approval
multi-tenancy
vCAC
service catalog
Run and schedule
workflows
vSphere Web Client
Install and customize
workflows
vCO Orchestrator
Self-service for
EU and DA
View management
and automation
Horizon vCO
plugin
IT
admin
End
users
IT
admin
VMware
Security Model
The Horizon vCO plug-in uses a trusted account security model. The administrator provides the credentials
to the initial configuration between the View pod and the Horizon vCO plug-in, and that trusted account is
the security context that all workflows utilize between vCenter Orchestrator and VMware Horizon 6.
Additional levels of permissions also restrict which users can see and edit the workflows within vCenter
Orchestrator. All Horizon vCO plug-in workflows must be explicitly configured for execution. Access to the
workflows requires both the permissions and the vCenter Orchestrator client interaction with the client.
In addition, the third level of security is an access layer between where the workflows are executed, in
vCenter Orchestrator, and where they are exposed to delegated administrators and end users, in the
vSphere Web Client and vCloud Automation Center.
n
Administrators use the vCenter Single Sign-On implementation to allow access by users or groups to
run workflows within vSphere Web Client.
n
Administrators use the service catalog and entitlement mechanisms within vCloud Automation Center
to manage which workflows are exposed to specific users and groups.
Personas Used for Managing Workflows Across Distributed
Organizations
The administrator, delegated administrator, and end user personas describe the various roles and privileges
available to individuals and groups when you implement the Horizon vCO plug-in.
The following list describes the primary personas and their intended use. Organizations can further divide
the roles into geographic and functional areas as necessary.
Chapter 1 Introduction to the Horizon vCenter Orchestrator Plug-In
VMware, Inc. 9