Many Horizon administrators have been asking for a way to monitor Cloud Connector health status using industry standards. Today, I am excited to announce that Horizon Cloud Connector 2.0 adds support for SNMP!
With this release, Horizon Cloud Connector acts as a service-based agent that sends monitoring information using SNMP (simple network management protocol) traps to an NMS (network management system).
SNMP trap support is added for the following events: lifecycle events like reconfiguration of the appliance, updating to a new version, and unplugging of the appliance; as well as subscription license sync failure.
The SNMP monitoring feature is available from version Cloud Connector 2.0 and above, and is enabled on demand by adding required configurations in the onboarding UI. Only SNMP v3 support is enabled, as it is the most secure version.
This article will walk through the configuration in Cloud Connector. If you’re not familiar with SNMP, scroll down to the end of this article, where we have included a brief definition.
Cloud Connector SNMP Configuration
Follow these steps for your configuration.
Download the MIB files and load them in NMS
- Download MIB files from VMware Knowledge Base (KB) article 1013445
- Download the object identifiers (OIDs) files from VMware KB article 2054359
The traps sent by Horizon Cloud Connector are defined in VMWARE-HZECC-EVENT-MIB.mib.
Configure Horizon Pod – Login to the Cloud Connector onboarding UI and perform the steps to connect the Horizon pod to cloud if not already done.
Copy the Engine ID – Engine ID uniquely and unambiguously identifies an SNMP engine. This is a very important part of SNMP configuration. It is an auto generated value that should be in sync with cloud connector and NMS.
Copy this value from the SNMP Configuration section or configuration summary section.
Configure the Engine ID in the NMS – Copy Cloud Connector Engine ID and add it as part of User Security model in NMS
Configure User and credentials details in NMS – Configure User Security model details such as:
- SNMPv3 USM User,
- SNMPv3 Security Level,
- SNMPv3 Auth Algorithm,
- SNMPv3 Auth Password,
- SNMPv3 Privacy Algorithm,
- SNMPv3 Privacy Password
Note: Authentication and privacy details are optional but highly recommended to use. If you wish to not use them, set the SNMPv3 Security level setting to No Auth, No Priv.
Enable SNMP – Toggle the Enable SNMP to turn on SNMP support.
Provide user and credentials details same as set in NMS – Configure User Security model details same as set in NMS in step above. Please see VMware Docs for each of these fields and their possible values.
Set NMS IP and port on which the trap listener is configured – Configure NMS destination and port information.
Submit the details.
Check SNMP configuration status on summary page
As soon as the configuration is complete, the UI shows the status of SNMP configuration. There is a coldStart trap sent to NMS. This indicates that the configuration is changed.
From this point onwards, whenever there is a trigger event, a trap is sent to configured NMS.
Troubleshooting Horizon Cloud Connector SNMP
The traps are sent as UDP packets. UDP works in fire and forget mode, and Cloud Connector does not attempt a retry. If you see that traps are not received on NMS, please ensure that:
- NMS and Cloud Connector have network connectivity; and,
- The engine ID and all other USM configuration are same at both the Cloud Connector and NMS endpoint.
After ensuring the above, if the issue still persists, please reach out to VMware Support.
For more on SNMP and Horizon Cloud Connector, see these resources:
- VMware Knowledge Base (KB) article 1013445
- VMware KB article 2054359
- Horizon Cloud Connector 2.0 and Later: Monitor the Appliance Using SNMP
You can also learn more about how to unlock cloud-based services with Horizon Control Plane services.
Appendix: What is SNMP?
Simple Network Management Protocol (SNMP) is an application-layer protocol for exchanging management information between network devices. SNMP is one of the most widely accepted network protocols to manage and monitor network elements.
The concept of SNMP is based on the manager and agent. A manager is like a host that controls a group of agents, such as the network devices. SNMPv3 is the most secure version with all functionalities of v2 with enhanced security.
Another important component is MIB (Management Information Base). MIB is a collection of information for managing network elements.
The MIBs comprises of managed objects identified by the name Object Identifier (Object ID or OID). Each Identifier is unique and denotes specific characteristics of a managed device Every Object ID is organized hierarchically in MIB. The MIB hierarchy can be represented in a tree structure with an individual variable identifier.
A typical object ID will be a dotted list of integers. For example, the OID in RFC1213 for “sysDescr” is .22.214.171.124.126.96.36.199.
SNMP supports a very simple message exchange format. It supports basic commands GET, GETNXT, GET BULK, SET, TRAP, INFORM, RESPONSE.
SNMP v3 is the most secure implementation. It adds 3 major security aspects:
- Timeliness – Ensures the information is arriving in a timely way and is not being intercepted, stored and then retransmitted outside the acceptable time window from the time it was sent.
- Authentication – Ensures that packet was not modified in transit. This is done by performing a hashing operation on the entire packet through use of a secret password shared by the agent and manager involved in the exchange. This ensures that only authorized SNMP entities can modify the packet.
- Privacy – Encrypt the data portion of the SNMP packet. Encryption is performed using a secret (password) that is shared between the agent and manager.
SNMP traps enable an agent to notify the SNMP manager (NMS) of significant events by a UDP SNMP message.
SNMP Trap message includes:
- Current sysUpTime value,
- An OID identifying the type of trap
- Optional variable bindings