Overview of Horizon View

VMwareHorizonView

I thought I would publish a series of articles which would provide an overview of Horizon View. This will consist of an overview of the following;

  1. Connection Servers
  2. The View Connection Process
  3. View Security Servers
  4. View Composer
  5. View Agent
  6. View Client
  7. vCentre’s Involvement in Horizon View

Keep your eyes open for the first article in the next day or so.

Horizon View: Pool Provisioning Fails

I came across this little beauty the other day and wanted to share the resolution with you, in my case it was the web service on the vCenter server had stopped.

Problem

Provisioning of a desktop pool fails, and you see one of the following error messages in the event database.

  • Cannot log in to vCenter at address VC_Address
  • The status of vCenter at address VC_Address is unknown

Cause

  • The View Connection Server instance cannot connect to vCenter for one of the following reasons.
  • The Web service on the vCenter Server has stopped.
  • There are networking problems between the View Connection Server host and the vCenter Server.
  • The port numbers and login details for vCenter or View Composer have changed.

Solution

  • Verify that the Web service is running on the vCenter.
  • Verify that there are no network problems between the View Connection Server host and the vCenter.
  • In View Administrator, verify the port numbers and login details that are configured for vCenter and View Composer.

VMware OS Optimization Tool

Just thought I would remind people of a great VMware Lab tool that has been out for a while now which optimizes Windows 7/8/2008/2012 systems for use with VMware Horizon View.

screenshot-1Mediu (1)

The optimization tool includes customizable templates to enable or disable Windows system services and features, per VMware recommendations and best practices, across multiple systems. Since most Windows system services are enabled by default, the optimization tool can be used to easily disable unnecessary services and features to improve performance.

You can perform the following actions using the VMware OS Optimization Tool:

  • Local Analyze/Optimize
  • Remote Analyze
  • Optimization History and Rollback
  • Managing Templates

https://labs.vmware.com/flings/vmware-os-optimization-tool

 

Disabling the HotPlug capability within ESXi5.x Virtual Machines / VDI

You may have noticed users have the ability to the vmxnet3 NIC from within their VDI session, which would have the unfortunate side effect of disconnecting their session and making the desktop unreachable. Screenshot 2015-08-21 13.34.13

To prevent this please make the following change.

To disable HotPlug capability using the vSphere Client:

  1. Connect to the ESXi/ESX host or vCenter Server using the vSphere Client.
  2. Power off the virtual machine.
  3. Right-click the virtual machine and click Edit Settings.
  4. Click the Options tab.
  5. Click General > Configuration Parameters > Add Row.
  6. Insert a new row with the name devices.hotplug and a value of false.
  7. Power on the virtual machine.

Screenshot 2015-08-21 13.34.56
To disable HotPlug capability using the vSphere Web Client:

  1. From a web browser, connect to the vSphere Web Client.
  2. Log in with Administrator credentials.
  3. Navigate to the virtual machine you want to modify.
  4. Right-click the virtual machine and select Edit Settings.
  5. Click the VM Options tab.
  6. Click Advanced > Edit Configuration > Add Row.
  7. Insert a new row with the name devices.hotplug and a value of false.
  8. Power on the virtual machine.

Once complete shutdown the vm then carry out the below actions.

  1. Create a new snapshot of the parent virtual machine:
    1. In the vSphere Client, right-click the parent virtual machine and click Snapshot > Take Snapshot.
    2. Give the snapshot a name and description.
    3. Click OK.
  2. Recompose the affected pools to this new snapshot:
    1. In the View Manager console, select a pool and open it.
    2. Click View Composer > Recompose, and select the newly created snapshot.
    3. Click Next.
    4. Configure the Schedule and Warnings options.
    5. Click Next.
    6. Review the confirmation information.
    7. Click Finish and verify that the recompose operation successfully completes.
    8. Repeat the recompose procedure for all affected pools.

Load Balancing VMware Horizon View

VMware Horizon View by increasing application performance and removing single points of failure in the deployment. For high availability and scalability, VMware recommends that multiple Connection servers and Security servers be deployed in a load balanced cluster. 

Horizon View Connection servers broker client connections, authenticate users and directs incoming requests to the correct endpoint. Load balancer serves as a central aggregation point for traffic flow between clients and Connection servers, sending clients to the best performing and most available Connection server instance. Horizon View Security servers provide an additional layer of security for View infrastructures that are published to users on the internet. Typically deployed in the DMZ, they proxy incoming connections to View Connection Servers on the trusted network. To improve their availability, Load Balancer is used to publish a single virtual service that external clients connect to for secure access to the environment.

VMware recommends that when large numbers of remote users are being serviced, load balancer SSL termination should be considered to offload secure traffic from the View Security servers to improve performance. When inbound traffic is decrypted prior to being passed to View Security servers for processing, the required resources is reduced and the overall solution performance increases.

Note: Configure Load Balancer based on the fact that View Client Connection Process would be in 2 phases these are:

Phase 1: Initial connection establishment, authentication, entitlement.

Phase 2: Client to Virtual Desktop connection.

Minimum prerequisites:

  • Implemented Active Directory, DNS and other core requirements for Horizon View
  • Installed VMware ESXi servers, vCenter server, View Connection and Security servers Configured SSL certificates for authentication of View Connection and Security servers
  • Installed the Load balancer on the same network as the servers to be load balanced
  • Configure the Load balancer topology which suites your organization, consult vendor documentation..

Allow HTTP Connections

To allow SSL-offloaded connections from the Load Balancer to the Connection Servers that are not re-encrypted, the Connection Servers must be configured to accept HTTP connections from intermediate devices. This is accomplished by modifying the locked.properties file on each Connection Server on which HTTP connections are desired. Steps on how to do this are outlined below. The servers will also continue to accept HTTPS connections.

  1. Navigate to the locked.properties file in the SSLGateway configuration folder on the
  2. Connection Server, for example <install_directory>VMwareVMware ViewServersslgatewayconflocked.properties
  3. Add the serverProtocol property. Set it to http using lower case letters
    The next two steps are optional:
    If desired, change the HTTP listening port from 80 to a non-default port by setting the serverPortNonSSL to an alternate port number on which the Load balancer will communicate with the Connection Server for HTTP connections.
    If the Connection Server has multiple network interfaces and you would like to designate a single interface for HTTP connections, set the server Host to the IP address of the desired interface.
  4. Save the locked.properties file.
  5. Restart the View Connection Server service on the server

Modify Secure Tunnel External URL The following changes to the Secure Tunnel External URL parameters are required for the Load balancer and the VMware Horizon View environment to interoperate correctly:

  1. Log in to the View Manager Administrator
  2. Expand View Configuration and click Servers.
  3. Select the Connection Servers tab.
  4. Select each Connection server and click the Edit button after which the Edit View Connection Server Settings box will open.
  5. Navigate to the General tab. In the HTTP(S) Secure Tunnel External URL text box, enter the Loadbalancer Virtual Service IP address or DNS FQDN to be used for the Security Server pool followed by a colon and the appropriate port number.
  6. Select the Use Secure Tunnel Connection to Desktop check box.

Source: http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2127195#sf40032378

Virtualisation investment boosts Bernicia

A nice article has just been published by network communications news on a recent VDI and vSphere project I have just completed for Bernicia Group, I have copied the article below.

Bernicia_HQ-fill-492x327

Bernicia Group, the housing organisation, has completed a major overhaul of its IT infrastructure, adopting a virtualised environment and reducing its disaster recovery (DR) period from days to less than 30 minutes. The development hopes to cut costs, speed up its processes and bolster security.

Bernicia, which has over 8,000 homes in the North East of England, worked with SITS to virtualise over 80 physical servers and switch from Microsoft Hyper-V to VMware software. The organisation’s storage architecture has been reduced from 18 rack units to three and, with a second virtual infrastructure deployed securely off-site. 

SITS has also implemented a resilient Virtual Desktop Infrastructure (VDI) using VMWare Horizon View, providing a faster and universal experience for remote and in-office staff.

More than 300 users can now access software via a virtual PC operating centrally on Bernicia’s servers. Existing PCs are being converted into thin clients and are now centrally managed by IGEL’s Universal Management Suite. Horizon View software has been installed on laptops, tablets and off-site PC’s, increasingly used by Bernicia staff as the organisation expands and remote working rises.
Gary Hind, head of ICT at Bernicia, said: ‘Overall, our new technology infrastructure has allowed us to make major savings in several areas, including in licensing, power consumption and DR contracts, as well as significantly improving our productivity.’

SITS specialises in using best-of-breed products to provide a range of services, including server and desktop virtualisation, business continuity, enterprise storage, data centre facilities and health check and planning services. Earlier this year the business won the coveted Customer Choice Award from Data Protection Specialists Veeam Software.

Source : http://www.networkcommunicationsnews.co.uk/index.php/1624-virtualisation-investment-boosts-Bernicia

TCP/4002 View 6.1 & Horizon View Enhanced Security Mode

One to watch out for since the introduction of Horizon View 6.1 VMware have introduced a new port for JMS TCP/4002 Horizon 6.1 Documentation

Screenshot 2015-08-11 21.15.34

Screenshot 2015-08-11 21.12.30

 

Also be aware before enabling enhanced mode…

If you plan to change an upgraded View environment from Enabled to Enhanced, you must first upgrade all View Connection Server instances, security servers, and View desktops to Horizon 6 version 6.1 or a later release. After you change the setting to Enhanced, the new setting takes place in stages.
1
You must manually restart the VMware Horizon View Message Bus Component service on all View Connection Server hosts in the pod, or restart the View Connection Server instances.
2
After the services are restarted, the View Connection Server instances reconfigure the message security mode on all desktops and security servers, changing the mode to Enhanced.
3
To monitor the progress in View Administrator, go to View Configuration > Global Settings.
On the Security tab, the Enhanced Security Status item will show Enhanced when all components have made the transition to Enhanced mode.
Alternatively, you can use the vdmutil command-line utility to monitor progress. See Using the vdmutil Utility to Configure the JMS Message Security Mode.
View components that predate Horizon 6 version 6.1 cannot communicate with a View Connection Server 6.1 instance that uses Enhanced mode