- 02 Nov 2021
- DarkLight
Recommended Client Monitoring
- Updated on 02 Nov 2021
- DarkLight
Expedient Enterprise Workspace - Recommended Client Monitoring
Overview
Expedient Enterprise Workspace (EEW) integrate deeply with your Active Directory domain in order to facilitate the user login process when an end user accesses their virtual desktops. There are a number of components involved in the login process that are installed on servers within your Active Directory domain. Depending on the services you have with Expedient, Expedient may not have direct access to those servers in order to directly monitor the relevant services and ensure their availability. Expedient will make a best effort attempt to indirectly monitor components that may impact your users ability to log into the EEW platform but Expedient also recommends that clients configure direct monitoring of relevant services. This document outlines a list of services that Expedient recommends to clients utilizing the EEW platform to monitor in order to ensure the highest availability of the platform to their end users. These components would have been configured collaboratively between you and Expedient during the onboarding process. If you need help in identifying which of your servers these services were installed on please contact the Expedient Operations Support Center.
VMware Identity Manager Connector service
The VMware Identity Manager Connector service is a Windows service that communicates to the Workspace One Access component to facilitate user login. It is typically installed on the domain controller that was configured as part of your EEW buildout. It is recommended that you monitor the VMware Identity Manager Connector service to ensure that it is running.
VMware TrueSSO Enrollment Server Service
The VMware TrueSSO Enrollment Server Service is a Windows service. Once users have logged into the EEW platform the TrueSSO service allows users to access any of their assigned desktops without having to provide a user name and password to the virtual desktop once it is launched. This service is typically installed on a server dedicated to running the service. It is recommended that you monitor the VMware TrueSSO Enrollment Server Service to ensure that it is running.
Active Directory Certificate Services
The TrueSSO service relies on an Active Directory Certificate Services (ADCS) Enterprise CA. The ADCS service is typically installed on the domain controller that was configured as part of your EEW buildout. It is recommended that you monitor the Active Directory Certificate Services service to ensure that it is running.
OneLogin Active Directory Connector (or other)
Depending on your particular EEW configuration you may be using OneLogin or another similar identity provider to facilitate 2FA login to the EEW platform. The details in this section are specific to if you are using OneLogin, but if you are using a different identity provider that has an Active Director connector service component, it is recommended that you follow similar steps to monitor the connector service for your identity provider. If you are utilizing OneLogin to access Expedient services (Enterprise Workspace or other) you will have a server within your Active Directory domain that has a OneLogin Active Directory Connector service installed that syncs user information to OneLogin. It is recommended that you monitor the OneLogin Active Directory Connector Windows service to ensure that it is running.
DHCP
Desktop provisioning within the EEW platform relies on DHCP to provide desktop VMs with their IP configuration when the desktops are deployed. It is recommended that you monitor your DHCP pools that are used for your desktop networks to ensure that the IP pools you have configured do not reach exhaustion where all IPs are consumed. If a DHCP scope reaches IP address exhaustion, new desktops may fail to be provisioned. This is more problematic for larger desktop environments, especially if non-persistent (floating) desktop assignments are used.
Public Domain Certificate
The appliances that host the public URLs for your EEW desktop URLs rely on a public certificate and associated key pair to encrypt desktop connection data. This certificate is issued by a public CA (like GoDaddy or DigiCert) for your companies public domain. It is recommended that you monitor for when your public certificate is approaching expiration. When your public certificate is approaching expiration you will need to renew the certificate and work with Expedient in order for us to update your EEW appliances to use the new certificate.