The View composer service is responsible for the creation and provisioning of the Virtual Desktops within vCenter.
- Create a VM in vCenter with the View Agent installed (the Parent VM),
- Shutdown the VM and create a Snapshot,
- In View Manager, create a new Automated linked-clone pool.
What happens next (KB 1021506);
- View Manager creates the linked-clone entry in View LDAP and puts the virtual machine into the Provisioning state.
- View Manager calls View Composer to create the linked clone
- The View Composer Server creates the machine account entry in Active Directory for the new clone and creates a random binary password for the newly created computer account.
- If a replica for the base image and snapshot does not yet exist in the target datastore for the linked clone, View Composer creates the replica in the datastore. If a separate datastore is configured to store all replicas, the replica is created in the replica datastore. (In View 4.5 and later, replicas can be stored in a separate datastore.)
- View Composer creates the linked clone using the vCenter Server API.
- View Composer creates an internal disk on the linked clone. This small disk contains configuration data for QuickPrep or Sysprep. The disk also stores machine password changes that Windows performs every 30 days, according to the policy setting. This disk data ensures that domain connectivity is maintained when a checkpointed desktop is refreshed.
A recompose operation lets the administrator preserve the View Composer persistent disk and all user data inside this disk while changing the operating system disk to a new base image and snapshot. With recompose, an administrator can easily distribute operating system patches and new software to users. Recomposing between major operating system versions are not supported (XP >Vista, XP >Windows7, Vista >Windows7).
Because a new operating system disk is created during a recompose, the clone is also customized again during the recompose operation. When the customization is completed, View Manager takes a new snapshot.
These steps occur during a recompose operation:
- View Manager puts the linked clone into the Maintenance state.
- View Manager calls the View Composer resync API for the linked clones being recomposed, directing View Composer to use the new base image and snapshot.
- If a replica for the base image and snapshot does not yet exist in the target datastore for the linked clone,View Composer creates the replica in the datastore. If a separate datastore is configured to store all replicas, a replica is created in the replica datastore.
- View Composer deletes the current operating system disk for the linked clone and creates a new operating system disk, linked to the new replica.
- The rest of the recompose cycle is identical to the customization phase of the provisioning and customization cycle.
Below is a breakdown of the view client connection process, hopefully this will be useful to you if you are troubleshooting any connectivity issues.
- The View Client initiates a connection to the Connection Server or Security Server, providing a username and password. This occurs over TCP port 443, which is the standard HTTPS port.
- The Connection Server returns a list of entitled Desktops that the user has, and the user then selects one. The information bearing the user’s choice is sent back to the server. Again, this occurs over TCP port 443.
- The View Client initiates the PCoIP connection to the Desktop. This occurs over TCP port 4172.
- The View Client on the client device and the View Agent on the virtual desktop negotiates the PCoIP session. This happens over several back and forth communications on TCP port 4172.
- Once the session has been negotiated, the View Agent initiates a PCoIP data channel connection directly to the View Client. This now occurs over UDP port 4172.
- After that initial connection is created, the Control and Data sessions open up between the View Client and the View Agent over UDP port 4172. At this point, a connection to the Desktop is established.
- While the PCoIP communications over UDP port 4172 goes on, PCoIP also opens up a heartbeat connection between the Client and the Agent using TCP port 4172.
- The Client also opens up a heartbeat connection between itself and the Connection Server. This occurs over TCP port 443. This connection is established so that the Connection Server and View Administrator have some awareness of the current session.
I thought I would publish a series of articles which would provide an overview of Horizon View. This will consist of an overview of the following;
- Connection Servers
- The View Connection Process
- View Security Servers
- View Composer
- View Agent
- View Client
- vCentre’s Involvement in Horizon View
Keep your eyes open for the first article in the next day or so.
Just thought I would remind people of a great VMware Lab tool that has been out for a while now which optimizes Windows 7/8/2008/2012 systems for use with VMware Horizon View.
The optimization tool includes customizable templates to enable or disable Windows system services and features, per VMware recommendations and best practices, across multiple systems. Since most Windows system services are enabled by default, the optimization tool can be used to easily disable unnecessary services and features to improve performance.
You can perform the following actions using the VMware OS Optimization Tool:
- Local Analyze/Optimize
- Remote Analyze
- Optimization History and Rollback
- Managing Templates
You may have noticed users have the ability to the vmxnet3 NIC from within their VDI session, which would have the unfortunate side effect of disconnecting their session and making the desktop unreachable.
To prevent this please make the following change.
To disable HotPlug capability using the vSphere Client:
- Connect to the ESXi/ESX host or vCenter Server using the vSphere Client.
- Power off the virtual machine.
- Right-click the virtual machine and click Edit Settings.
- Click the Options tab.
- Click General > Configuration Parameters > Add Row.
- Insert a new row with the name
devices.hotplug and a value of
- Power on the virtual machine.
To disable HotPlug capability using the vSphere Web Client:
- From a web browser, connect to the vSphere Web Client.
- Log in with Administrator credentials.
- Navigate to the virtual machine you want to modify.
- Right-click the virtual machine and select Edit Settings.
- Click the VM Options tab.
- Click Advanced > Edit Configuration > Add Row.
- Insert a new row with the name
devices.hotplug and a value of
- Power on the virtual machine.
Once complete shutdown the vm then carry out the below actions.
- Create a new snapshot of the parent virtual machine:
- In the vSphere Client, right-click the parent virtual machine and click Snapshot > Take Snapshot.
- Give the snapshot a name and description.
- Click OK.
- Recompose the affected pools to this new snapshot:
- In the View Manager console, select a pool and open it.
- Click View Composer > Recompose, and select the newly created snapshot.
- Click Next.
- Configure the Schedule and Warnings options.
- Click Next.
- Review the confirmation information.
- Click Finish and verify that the recompose operation successfully completes.
- Repeat the recompose procedure for all affected pools.
VMware Horizon View by increasing application performance and removing single points of failure in the deployment. For high availability and scalability, VMware recommends that multiple Connection servers and Security servers be deployed in a load balanced cluster.
Horizon View Connection servers broker client connections, authenticate users and directs incoming requests to the correct endpoint. Load balancer serves as a central aggregation point for traffic flow between clients and Connection servers, sending clients to the best performing and most available Connection server instance. Horizon View Security servers provide an additional layer of security for View infrastructures that are published to users on the internet. Typically deployed in the DMZ, they proxy incoming connections to View Connection Servers on the trusted network. To improve their availability, Load Balancer is used to publish a single virtual service that external clients connect to for secure access to the environment.
VMware recommends that when large numbers of remote users are being serviced, load balancer SSL termination should be considered to offload secure traffic from the View Security servers to improve performance. When inbound traffic is decrypted prior to being passed to View Security servers for processing, the required resources is reduced and the overall solution performance increases.
Note: Configure Load Balancer based on the fact that View Client Connection Process would be in 2 phases these are:
Phase 1: Initial connection establishment, authentication, entitlement.
Phase 2: Client to Virtual Desktop connection.
- Implemented Active Directory, DNS and other core requirements for Horizon View
- Installed VMware ESXi servers, vCenter server, View Connection and Security servers Configured SSL certificates for authentication of View Connection and Security servers
- Installed the Load balancer on the same network as the servers to be load balanced
- Configure the Load balancer topology which suites your organization, consult vendor documentation..
Allow HTTP Connections
To allow SSL-offloaded connections from the Load Balancer to the Connection Servers that are not re-encrypted, the Connection Servers must be configured to accept HTTP connections from intermediate devices. This is accomplished by modifying the locked.properties file on each Connection Server on which HTTP connections are desired. Steps on how to do this are outlined below. The servers will also continue to accept HTTPS connections.
- Navigate to the locked.properties file in the SSLGateway configuration folder on the
- Connection Server, for example <install_directory>VMwareVMware ViewServersslgatewayconflocked.properties
- Add the serverProtocol property. Set it to http using lower case letters
The next two steps are optional:
If desired, change the HTTP listening port from 80 to a non-default port by setting the serverPortNonSSL to an alternate port number on which the Load balancer will communicate with the Connection Server for HTTP connections.
If the Connection Server has multiple network interfaces and you would like to designate a single interface for HTTP connections, set the server Host to the IP address of the desired interface.
- Save the locked.properties file.
- Restart the View Connection Server service on the server
Modify Secure Tunnel External URL The following changes to the Secure Tunnel External URL parameters are required for the Load balancer and the VMware Horizon View environment to interoperate correctly:
- Log in to the View Manager Administrator
- Expand View Configuration and click Servers.
- Select the Connection Servers tab.
- Select each Connection server and click the Edit button after which the Edit View Connection Server Settings box will open.
- Navigate to the General tab. In the HTTP(S) Secure Tunnel External URL text box, enter the Loadbalancer Virtual Service IP address or DNS FQDN to be used for the Security Server pool followed by a colon and the appropriate port number.
- Select the Use Secure Tunnel Connection to Desktop check box.
A nice article has just been published by network communications news on a recent VDI and vSphere project I have just completed for Bernicia Group, I have copied the article below.
Bernicia Group, the housing organisation, has completed a major overhaul of its IT infrastructure, adopting a virtualised environment and reducing its disaster recovery (DR) period from days to less than 30 minutes. The development hopes to cut costs, speed up its processes and bolster security.
Bernicia, which has over 8,000 homes in the North East of England, worked with SITS to virtualise over 80 physical servers and switch from Microsoft Hyper-V to VMware software. The organisation’s storage architecture has been reduced from 18 rack units to three and, with a second virtual infrastructure deployed securely off-site.
SITS has also implemented a resilient Virtual Desktop Infrastructure (VDI) using VMWare Horizon View, providing a faster and universal experience for remote and in-office staff.
More than 300 users can now access software via a virtual PC operating centrally on Bernicia’s servers. Existing PCs are being converted into thin clients and are now centrally managed by IGEL’s Universal Management Suite. Horizon View software has been installed on laptops, tablets and off-site PC’s, increasingly used by Bernicia staff as the organisation expands and remote working rises.
Gary Hind, head of ICT at Bernicia, said: ‘Overall, our new technology infrastructure has allowed us to make major savings in several areas, including in licensing, power consumption and DR contracts, as well as significantly improving our productivity.’
SITS specialises in using best-of-breed products to provide a range of services, including server and desktop virtualisation, business continuity, enterprise storage, data centre facilities and health check and planning services. Earlier this year the business won the coveted Customer Choice Award from Data Protection Specialists Veeam Software.
Source : http://www.networkcommunicationsnews.co.uk/index.php/1624-virtualisation-investment-boosts-Bernicia
Check out the below demo of VMware’s UEM (User Environment Manager)
One to watch out for since the introduction of Horizon View 6.1 VMware have introduced a new port for JMS TCP/4002 Horizon 6.1 Documentation
Also be aware before enabling enhanced mode…
If you plan to change an upgraded View environment from Enabled to Enhanced, you must first upgrade all View Connection Server instances, security servers, and View desktops to Horizon 6 version 6.1 or a later release. After you change the setting to Enhanced, the new setting takes place in stages.
You must manually restart the VMware Horizon View Message Bus Component service on all View Connection Server hosts in the pod, or restart the View Connection Server instances.
After the services are restarted, the View Connection Server instances reconfigure the message security mode on all desktops and security servers, changing the mode to Enhanced.
To monitor the progress in View Administrator, go to View Configuration > Global Settings.
On the Security tab, the Enhanced Security Status item will show Enhanced when all components have made the transition to Enhanced mode.
Alternatively, you can use the vdmutil command-line utility to monitor progress. See Using the vdmutil Utility to Configure the JMS Message Security Mode.
View components that predate Horizon 6 version 6.1 cannot communicate with a View Connection Server 6.1 instance that uses Enhanced mode