Horizon on Azure Sync to ControlUp

 
Using our synchronization scripts, you can automatically populate the ControlUp organizational tree with your Horizon VDI running on the Azure cloud. Our sync script is run as a Windows scheduled task so that when you add or remove machines, those changes are automatically reflected in the organizational tree in ControlUp. You don't have to make any of those changes manually. When the script is run, your ControlUp organization reflects your current Horizon VDI for monitoring and remediation.
  • The sync script is written in PowerShell and stored in our GitHub repository.
  • You must run the credentials script twice for the dual authentication required by Horizon Cloud.
  • You set the Windows scheduled task to run the sync script on the ControlUp monitor machine. 

Prerequisites

  • The sync has to be performed on a machine which has the ControlUp monitor component installed. You can read about Adding a ControlUp Monitor.
  • The ControlUp monitor must be version 8.1.5.600 or higher.
  • The user running the scripts must have a local profile on the ControlUp monitor machine. Ensure that the same user logs onto the machine at some point before running the scripts.

1. Access the scripts from our GitHub repository 

You download the sync scripts from our GitHub repository of environment scripts which also includes synchronization scripts for other environments, including Horizon installed on-premises.
  1. Download the following scripts:
    store.credentials.ps1
    Horizon_Azure_Sync.ps1
    Build-CUTree.ps1 
  2. Copy these scripts to the machine running the ControlUp monitor. These scrips must reside in the same folder on the monitor machine.
  3. Optionally, in a PowerShell window, run this command to see the script's parameters, their descriptions, and default values:
      get-help \<path to the file>\Horizon_Azure_Sync.ps1
Here are the parameters in the sync script Horizon_Azure_Sync.ps1. These are the parameters to assign when adding the argument in step 3. Set up a Windows Scheduled Task.
Name Description
folderPath *Mandatory. The target folder in the ControlUp organizational tree to save these objects.
preview Displays the expected results without committing any changes to the ControlUp environment.
base

The base of the URL shown after manual logon to the Horizon Azure admin portal.

For example in this URL: https://cloud-us-2.horizon.vmware.com/horizonadmin, the base would be cloud-us-2.

delete Enables the script to execute removing objects from the ControlUp organizational tree. Use with the Preview parameter to see the proposed changes before making them.
logfile Specify a text file to log the output. Can be used for debugging and with the preview parameter to see the proposed changes. Log data is appended to this file with each run of the script.
siteName Specify a ControlUp Monitor site to assign the objects. Default value: default

2. Create the credentials files by running the Store_credentials.ps1 script

The Horizon on Azure Cloud requires dual authentication. To run the scheduled task on the ControlUp monitor machine, you need both sets of credentials. Therefore you have to run the Store_credentials.ps1 script twice to create those credentials files to access both: 
  • The MyVMware site.
  • The Horizon Cloud Active Directory.
To create the required credentials files:
  1. Access the ControlUp monitor machine as the user who will be running the scheduled task.
  2. On the monitor machine, go to the folder where you saved the Store_credentials.ps1 script.
  3. Run a PowerShell prompt.
  4. Run this command: 
    & '.\store credentials' -credential $null -credentialType HorizonCloudmyVMware
    Note: If you are not in the same folder as where the store_credentials.ps1 script is saved, you must give the full path after the '.'.

  5. When prompted, enter the User name and Password to access the MyVMware site.CredentialPromptMyVMware.jpg
  6. Run this command from the same folder as the script:
    & '.\store credentials' -credential $null -credentialType HorizonCloudDomain
  7. When prompted, enter the User name and Password as the domain\username used to access the Horizon Cloud site.
    CredentialPromptCloudDomain.jpg

Once you have run the script twice, two encrypted .xml files are created in this folder on the ControlUp monitor machine: C:\ProgramData\ControlUp\ScriptSupport.
The names of those encrypted files include the user who ran these scripts and must be the same user to run the scheduled task. The user who ran the scripts and created these encrypted files is admingle.
CredentialFiles.jpg
If you are running the scheduled task under a different account, you need to run the script again twice to set up new credentials files as these can be used only by the account that created them on the same machine they were created.

3. Set up a Windows Scheduled Task

Follow the steps in this article to create the Windows Scheduled Task.

In the Windows Local Security Policy, ensure that this user’s role has Log on as a batch job properties.

LogOnAsABatch.jpg

The credential tasks are set to run powershell.exe with these command lines for the create and delete tasks respectively:
-ExecutionPolicy RemoteSigned -NoLogo -File "C:\CU Environment Sync Scripts\Horizon_Azure_Sync.ps1"  -folderPath "\Datacenter\Virtual Desktops\Horizon Cloud"  -logfile "C:\CU Environment Sync Scripts\HZ Azure Sync.log" -base "cloud-us-2"
 
-ExecutionPolicy RemoteSigned -NoLogo -File "C:\CU Environment Sync Scripts\Horizon_Azure_Sync.ps1"  -folderPath "\Datacenter\Virtual Desktops\Horizon Cloud"  -logfile "C:\CU Environment Sync Scripts\HZ Azure Sync Deletes.log" -base "cloud-us-2" -Delete
 
Powered by Zendesk