What is the preferred way to monitor vmware view environments for User-ID?

Reply
Highlighted
L4 Transporter

What is the preferred way to monitor vmware view environments for User-ID?

How are others monitoring their Vmware view / horizon environments for user-id?

I see there is a terminal services agent you can use, (looks like you can only install on windows and citrix) but I haven't found specifics on actually monitoring the vmware view environment/and what permissions that account would need in vmware. Can anyone point me in the right direction for monitoring a vmware view environment for user-id?

 

 

There is a vm information sources area, but I'm thinking that that is only for obtaining VM tags for use in security policy and DAG - NOT for user-id user to ip mapping specifically.  

 

The below link talks about it - but doesn't give clear direction on how/what to look at for vdi view environments:

https://www.paloaltonetworks.com/solutions/initiatives/virtual-desktop-infrastructure


Accepted Solutions
Highlighted
Cyber Elite

@Sec101,

Can you explain how you actually have VMWare Horizon configured within your environment, because there are quite a few different ways you could be using this that would change how you would collect the user information. A lot of the time I see companies simply granting a user entitlement to a vm host and you can continue to pull user-id information directly from Active Directory as you are now. Again though, there are a lot of different ways you can configure Horizon and we need a bit more information on how you've actually got things configured.

 

Horizon itself though is generally not something I collect information from unless I'm using it as a user-id source or feeding login events in through the API. Generally, people are using it to allow a user access directly to a machine or a TS. You really only need to do things differently if you've enabled ThinApp.

View solution in original post

Highlighted
L2 Linker

If "turns out backend is mostly Windows" = remote desktop services on a terminal server, then the terminal server agent is the way to go.  If "turns out the backend is mostly Windows" = users gaining access to full clone or linked clone or instant clone virtual machines, then your existing user-id infrastructure which monitors AD logins will work without installing the terminal server agent.

View solution in original post


All Replies
Highlighted
Cyber Elite

@Sec101,

Can you explain how you actually have VMWare Horizon configured within your environment, because there are quite a few different ways you could be using this that would change how you would collect the user information. A lot of the time I see companies simply granting a user entitlement to a vm host and you can continue to pull user-id information directly from Active Directory as you are now. Again though, there are a lot of different ways you can configure Horizon and we need a bit more information on how you've actually got things configured.

 

Horizon itself though is generally not something I collect information from unless I'm using it as a user-id source or feeding login events in through the API. Generally, people are using it to allow a user access directly to a machine or a TS. You really only need to do things differently if you've enabled ThinApp.

View solution in original post

Highlighted
L4 Transporter

let me check and get back to you on the exact application here.   Should have the answer shortly.  Thank you for the quick reply!

Highlighted
L4 Transporter

Turns out the backend is mostly Windows.  Terminal services agent it is.  Hoping this solves the problem.

Highlighted
L2 Linker

If "turns out backend is mostly Windows" = remote desktop services on a terminal server, then the terminal server agent is the way to go.  If "turns out the backend is mostly Windows" = users gaining access to full clone or linked clone or instant clone virtual machines, then your existing user-id infrastructure which monitors AD logins will work without installing the terminal server agent.

View solution in original post

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!