In this recipe, we will look into integrating VMware Horizon View into Orchestrator.
You need the Horizon 7 plugin and you need to load it into Orchestrator. The plugin can be found at https://my.vmware.com/group/vmware/details?productId=577&downloadGroup=HVRO-130-GA .
There is a known issue (plugin version 1.3 at the time of writing). Follow kb.vmware.com/kb/2144316 in order to switch on TLSv1.1 and 1.2 for Orchestrator.
Tip
Always fully read the release notes of any plugin or update. There are five known issues that you need to be aware of: https://pubs.vmware.com/Release_Notes/en/hvro-plugin/horizon-vro-plugin-13-release-notes.html.
You also need the Horizon infrastructure. The minimum would be a Connection Server with one pool and one VM.
The following shows the basic setup, an example, and access point automation.
We will now connect Orchestrator to Horizon. This basic setup will allow a chosen user to do everything:
- Start the workflow Library | Horizon | Configuration | View Pod Configuration | Add View Pod In Configuration.
- Give the POD an alias.
- Enter the FQDN of the connection server. The IP doesn't work most of the times.
- Enter a Horizon user with administrator rights.
- Click on Submit and wait until the workflow has finished.
- Start the workflow Library | Horizon | Configuration | Delegated Admin Configuration | Add delegated Administrator Configuration.
- If the Horizon View Pod isn't a drop-down menu, the last workflow hasn't worked, even if it has showed no error. Check kb.vmware.com/kb/2144316 to fix this issue.
- Choose Yes on all questions in order to make the user you choose in step 9 an admin who is able to perform all the actions on all pools.
- Choose a user or group that is allowed to administer Horizon through Orchestrator:
- Click on Submit and wait until the workflow has finished.
- Run the workflow Library | Horizon | Configuration | Manage Self Service Pool Configuration.
- Set all to Yes to make sure that the user from step 9 is allowed everything.
- Click on Submit and wait until the workflow has finished.
Let's run an example by adding a user to a pool.
- Run the workflow Library | Horizon | Configuration | Workflow delegation | Add User(s) to Desktop Pool.
- Select the delegated administrator you defined earlier.
- Select the pool you would like to add a user to.
- Enter a user (or users) to be added.
- Click on Submit and wait until the workflow has finished.
- Check your pool in Horizon.
Access points can be configured during deployment but also via REST. So let's do that. Please have a look at the following recipes: Working with REST in Chapter 9, Essential Plugins and Working with JSON in Chapter 6, Advanced Programming and Accessing the Control Center via REST plugin in Chapter 7, Interacting with Orchestrator, before starting.
The swagger UI URL for the access point configuration is as follows:
https://[FQDN accesspoint]:9443/swagger-ui/index.html
- Add the Access point as a REST host. The URL is
https://access1.mylab.local:9443/rest/with basic authentication using the admin user you defined during deployment. - Add the following REST operation with
Content-Type=application/jsonand create workflows for it: PUT/v1/config/certs/ssl. - Update the workflows with the header:
request.setHeader("Content-Type", "application/json"); - Edit the PUT
/v1/config/certs/sslworkflow. - Move content to attributes and add
privateKeyandchainas thestringinput-parameter. - Add a scriptable task with the following code:
var propList=new Properties(); propList.put("privateKeyPem",privateKey); propList.put("certChainPem",chain); var jsonObj = new Object(); for each (key in propList.keys){ jsonObj[key]=propList.get(key); } content= JSON.stringify(jsonObj); - This will now enable you to directly put a new SSL certificated onto the access point.
You could now create a workflow that updates the configuration just by using these operations:
- GET
/v1/config/edgeservice - PUT
/v1/config/edgeservice/view
The Horizon plugin is written to be used with the vSphere Web Client or with vRealize Orchestrator. If you explore the workflows that come with the plugin, you will see that there are vCAC (for vRA) and vSphere Web Client specific versions of all the basic workflows shown in workflow delegation.
From here it's just a small step to build the plugin into vRealize Automation or the vSphere Web Client.
Once you run the configuration workflows, the configuration is stored as an Orchestrator configuration (also see the recipe Working with configurations in Chapter 8, Better Workflows and Optimized Working) in a folder called View.
The Horizon plugin also comes with a lot of Orchestrator resource elements (see Working with resources in Chapter 8, Better Workflows and Optimized Working), which contain Icons as well as configured localizations (see recipe Language packs (localization) in Chapter 8, Better Workflows and Optimized Working) for the vSphere Web Client and vCAC (vRA) workflows.
Let's look at the integration of the Horizon Client into vSphere and vRealize Automation.
The Horizon plugin comes with preconfigured workflows aimed at being used in the vSphere Web Client. You find them in the folder Library | Horizon | Workflows | vSphere Web Client.
You can use them directly in the vSphere Web Client. However, you can also customize the workflows; for example, you could restrict the workflows to only one view pool (or a couple of pools). To do so, follow these instructions:
- Take one of the workflows, such as Desktop Allocation for Users, and create a copy of it.
- Edit the copy.
- Move the input-parameter poolID as an attribute by right-clicking on the poolID and selecting Move as attribute.
- Click on General and then put in the name of the pool. The value is case-sensitive.
- Do the same with the PodAlias.
- In the Presentation section, click on Presentation (the top element) and then on General, and enter the following text:
This will add a user to the pool: <b>${poolId}</b> in the Pod: <b>${podAlias}</b> - Running the workflow now will only ask for the user.
An even better method is using configurations (also see the recipe Working with configurations in Chapter 8, Better Workflows and Optimized Working) to manage the settings centrally.
Also, see the example workflow: 11.03 Desktop Allocation for Users.
The Horizon plugin comes with a lot of preconfigured workflows that are ready to be XaaS blueprints and actions.
The process to create a vRA Horizon Integration is a pretty lengthy one and will not fit into this book. However, the Horizon plugin comes with a not so bad PDF that describes the process. Go to the plugin download page or search for using-horizon-vro-plugin-13-guide.pdf.
Some things that are not discussed in this PDF but are essential are as follows:
- Configure a new Tenant with AD connection and external Orchestrator using basic authentication
- Install and configure an Orchestrator with vSphere authentication that uses the same AD as Horizon
- Your Horizon should be connected to the same AD as the Tenant and the Orchestrator (using vSphere Authentication)
- The users/groups you use in vRA should also have permissions in Horizon
- The vRA VDI admins should also be delegated admins in the Horizon plugin
The Horizon plugin also contains a collection of icons (Configuration, Library | Horizon | Icon). You can export these to a local disk and then import them into vRA when you import the workflow or action.
Configure Access points via REST: https://communities.vmware.com/people/Windspirit/blog/2016/08/08/configuring-an-horizon-accesspoint-the-easy-way.
VMware documentation for Horizon plugin: https://pubs.vmware.com/horizon-7-view/topic/com.vmware.ICbase/PDF/using-horizon-vro-plugin-13-guide.pdf.