6.3
Table Of Contents
- VMware vRealize Operations for Published Applications Installation and Administration
- Contents
- VMware vRealize Operations for Published Applications Installation and Administration
- Introducing vRealize Operations for Published Applications
- System Requirements for vRealize Operations for Published Applications
- Installing and Configuring vRealize Operations for Published Applications
- Install and Configure vRealize Operations for Published Applications
- Downloading the vRealize Operations for Published Applications Installation Files
- Install the vRealize Operations for Published Applications Solution
- Open the Ports Used by vRealize Operations for Published Applications
- Adding a vRealize Operations for Published Applications License Key
- Associate XD-XA Objects with Your vRealize Operations for Published Applications License Key
- Create an Instance of the vRealize Operations for Published Applications 6.3 Adapter
- Enabling Firewall Rules for XenDesktop Delivery Controllers and PVS Server
- Install the vRealize Operations for Published Applications Broker Agent
- Configure the vRealize Operations for Published Applications Broker Agent
- Configure Broker Agent to use Non-Admin User for Citrix Desktop Delivery Controller
- Install a vRealize Operations for Published Applications Desktop Agent
- Push the vRealize Operations for Published Applications Desktop Agent Pair Token Using a Group Policy
- Install and Configure vRealize Operations for Published Applications
- Enable PowerShell Remoting on the Server
- Enable HTTP Protocol for PowerShell Remoting
- Enable HTTPS Protocol for PowerShell Remoting
- Configure Firewall
- Update the etc/host file for DNS Resolution
- Install the Certificate on the Client
- Test Connection from Client Machine
- Flow of Commands for SSL cert Using makecert
- Monitoring Your Citrix XenDesktop and Citrix XenApp Environments
- Managing RMI Communication in vRealize Operations for Published Applications
- Changing the Default TLS Configuration in vRealize Operations for Published Applications
- Managing Authentication in vRealize Operations for Published Applications
- Certificate and Trust Store Files
- Replacing the Default Certificates
- Certificate Pairing
- SSL/TLS and Authentication-Related Log Messages
- Upgrade vRealize Operations for Published Applications
- Create a vRealize Operations Manager Support Bundle
- Download vRealize Operations for Published Applications Broker Agent Log Files
- Download vRealize Operations for Published Applications Desktop Agent Log Files
- View Collector and vRealize Operations for Published Applications Adapter Log Files
- Modify the Logging Level for vRealize Operations for Published Applications Adapter Log Files
- Index
Managing Authentication in
vRealize Operations for Published
Applications 16
RMI servers provide a certificate that the agents use to authenticate the
vRealize Operations for Published Applications adapter. Broker agents use SSL/TLS client authentication
with a certificate that the vRealize Operations for Published Applications adapter uses to authenticate the
broker agents. Desktop agents provide tokens that the vRealize Operations for Published Applications
adapter uses to authenticate the desktop agents.
To increase security, you can replace the default self-signed certificates that the
vRealize Operations for Published Applications adapter and broker agents use.
Understanding Authentication for Each Component
Each vRealize Operations for Published Applications component handles authentication differently.
vRealize Operations for Published Applications Adapter Authentication
When an RMI connection is established between the desktop message server and a desktop agent, or
between the broker message server and a broker agent, the agent requests a certificate from the server to
perform authentication. This certificate is validated against the agent's trust store before proceeding with the
connection. If the server does not provide a certificate, or the server certificate cannot be validated, the
connection is rejected.
When the vRealize Operations for Published Applications adapter is first installed, a self-signed certificate is
generated. The desktop message server and broker message server use this self-signed certificate by default
to authenticate to their agents. Because this certificate is generated dynamically, you must manually pair the
vRealize Operations for Published Applications adapter and broker agent before the agents can
communicate with the vRealize Operations for Published Applications adapter. See Chapter 19, “Certificate
Pairing,” on page 73.
Desktop Agent Authentication
Connections to the desktop message server require an authentication token to verify that the connection is
coming from a valid desktop agent. The desktop agent generates a unique authentication token for each
remote desktop.
In addition, the desktop agent generates a serverID for the XD-XA server and write the serverID into
vRealize Operations Manager. When a desktop agent attempts to send data to the
vRealize Operations for Published Applications adapter, the adapter will verify whether the authentication
token has been cached in memory. If there is no server with same name, the adapter caches the server name
and authentication token in memory. If the server has been cached, compare the cached authentication
token and the one sent. If the tokens are same, accept the message, else reject the desktop agent message.
VMware, Inc.
65