Horizon View and preparation for VCP6-DTM Study guide continue today with Objective 2.2: Configure Horizon (with View). Today's (long) chapter is divided into several sections, each one of those very important and “un-skippable”. This guide shall help, but it's only a part of the equation…
So far we have covered few chapters (the road is long). One of the chapters (products) withing the EUC (End user computing) suite is VMware Mirage. It's one of the products that's getting better and better with each release. The installation and architecture of Mirage can be followed through this post, where the Endpoint Management (VMs or physical PCs or servers) can be found here.
But let's focus on today's objective.
We will cover:
- Explain the purpose of and configure the Events database
- Enable Horizon View Storage Accelerator
- Configure and modify Horizon View global settings
- Modify Horizon View security server settings
- Describe virtual printing services and architecture
- Enable disk space reclamation
- Configure the following:
- Syslog server
- External URL settings
- Default roles
- Custom roles
- Required permissions
- Display protocol settings
- Location aware printing
- Profile store for Persona management
- Virtual profile group policies
Explain the purpose of and configure the Events database
The event database is necessary to register events which are happening in your Horizon View environment. The event database allows the admin to look for events during a certain time frame (configurable) . You can create an event DB by adding it to an existing DB server.
There are quite a few different types of events that are recorded (logged). For example:
- Admin's action (creating/modifying destkop pools, adding/removing entitlements)
- End user actions ( logging or starting destkops)
- Errors and (or) system failures
- SQL database – can be 2005 or 2008
- Oracle database – both 10g or 11g can be used.
Both can be on the same instance as the vCenter database.
The same way as we created Horizon View Composer DB, we will do for the View Event DB. Let's go to check VCP6-DTM Objective 1.2 – Install Horizon (with View) Composer Server where we did that.
We did have used standalone SQL server where we created a composer DB. Let's login to SQL Management studio and add another DB there. This time for Horizon View Events DB. First, create a new login. Expand the Security > Logins > Right click > New login
You can (or you don't want to) the Enforce password policy (which also unselect the enforce password expiration and user must change password at next login).
Then create a new database:
And here is our Horizon View event DB
Then login to the Horizon View Administrator and go to View Configuration > Event Configuration > Edit > Add the SQL server which hosts the SQL DB (or Oracle)….
The table prefix allows to have single Events DB shared by several Connection servers…. Validate and you should see this screen. If you're using SQL express than you should change the port as the default 1433 isn't used by SQL Express, which uses random connection port.
As I mentioned in the beginning, it's possible to change the defaults of the settings for the Events.
Enable Horizon View Storage Accelerator
When ESXi hosts are caching virtual machine disks data – this feature is called View Storage Accelerator. It uses the Content based Read Cache (CRBC). View Storage Accelerator improves View performance during I/O storms, which can take place when many virtual machines start up or run anti-virus scans at once. The feature is also beneficial when administrators or users load applications or data frequently. Instead of reading the entire OS or application from the storage system over and over, a host can read common data blocks from cache.
Login to the Horizon View Administrator > Select View Configuration > Servers > On the Storage Settings page, make sure that the Enable View Storage Accelerator check box i
The default cache size applies to all ESXi hosts that are managed by this vCenter Server instance. The default value is 1,024MB. The cache size must be between 100MB and 2,048MB.
Configure and modify Horizon View global settings
View Administrator session timeout – time after which the admin will get logged out…
Forcibly disconnect users after
Single Sign-on (SSO)
For client that supports applications, if user stops using the keyboard and mouse disconnect their applications and discard SSO Credentials:
Other clients – discard SSO credentials:
Enable automatic status updates check box:
Display pre-login message:
Display warning before forced log off – this allows the user to be informed
Enable Windows Server Desktops:
Modify Horizon View security server settings
The different security settings can be found in the Horizon View 6.2 admin guide.
For example the Reauthenticate secure tunnel connections after network interruption means that:
- Determines if user credentials must be reauthenticated after a network interruption when Horizon clients use secure tunnel connections to remote desktops.
- When you select this setting, if a secure tunnel connection is interrupted, Horizon Client requires the user to reauthenticate before reconnecting.
- This setting offers increased security. For example, if a laptop is stolen and moved to a different network, the user cannot automatically gain access to the remote desktop without entering credentials.
- When this setting is not selected, the client reconnects to the remote desktop without requiring the user to reauthenticate.
- This setting has no effect when the secure tunnel is not used.
Describe virtual printing services and architecture
An end users must be able to send print jobs to the nearest available printer. IT administrators also need an easy way to manage printers and printer drivers. VMware Horizon 6 satisfies both requirements with two advanced features for printing from View virtual desktops:
- Printer redirection – Printer redirection enables end users to send print jobs from a View virtual desktop to a network printer or to a printer locally attached to the user’s client device. There is support for a wide range of client devices, including Windows and Linux PCs, Macintosh computers, and thin and zero clients
- Location-based printing – Location-based printing determines which printer to use based on the location of the end user’s client device and the mapping rules specified by the IT administrator
Printing from virtual desktops or virtual applications is called virtual printing. Img. courtesy of VMware. Check this PDF called Horizon 6 view virtual printing solutions
The virtual printing's central piece reside in the Horizon View Agent. The View Agent installed on the virtual desktop and provides features such as connection monitoring, virtual printing and access to local USB devices. The View Agent is installed by running the appropriate View Agent installer (can be x86 or x64) .
Note that additional installer used to be required to add the HTML (Blast) access, this was referred to as the Feature Pack Installer but this is no longer the case. The HTML access is now included within the agent installer.
Enable disk space reclamation
In View Administrator to edit the vCenter Server settings, navigate to the Storage tab, and select Reclaim VM disk space.
Use View Administrator to edit the pool settings, navigate to the Advanced Storage section, select Reclaim VM disk space, and set the threshold for space reclamation to 1GB.
Configure the following:
SSL – To configure a View Connection Server instance, security server, or View Composer instance to use an SSL certificate, you must import the server certificate and the entire certificate chain into the Windows local computer certificate store on the View Connection Server, security server, or View Composer host.
In a pod of replicated View Connection Server instances, you must import the server certificate and certificate chain on all instances in the pod.
By default, the Blast Secure Gateway (BSG) uses the SSL certificate that is configured for the View Connection Server instance or security server on which the BSG is running. If you replace the default, self-signed certificate for a View server with a CA-signed certificate, the BSG also uses the CA-signed certificate. Certificates with Subject Alternative Name (SAN) and wildcard certificates are supported.
Syslog server – If you plan to use a Syslog server to listen for the View events on a UDP port, you must have the DNS name or IP address of the Syslog server and the UDP port number. The default UDP port number is 514.
If you plan to collect logs in a flat-file format, you must have the UNC path to the file share and folder in which to store the log files, and you must have the user name, domain name, and password of an account that has permission to write to the file share.
To enable View event log messages to be generated and stored in Syslog format, in log files, select the Log to file: Enable check box. The log files are retained locally unless you specify a UNC path to a file share.
To store the View event log messages on a file share, click Add next to Copy to location, and supply the UNC path to the file share and folder in which to store the log files, along with the user name, domain name, and password of an account that has permission to write to the file share.
An example of a UNC path is:
Click Add next to Send to syslog servers, and supply the server name or IP address and the UDP port number.
External URL settings – In View Administrator, click View Configuration > Servers > Select the Connection Servers tab, select a View Connection Server instance, and click Edit > Type the secure tunnel external URL in the External URL text box. The URL must contain the protocol, client-resolvable host name and port number.
For example: https://myserver.example.com:443
Default roles – The default admin roles are not modifiable. See description in VMware Horizon View Documentation here.
You can find the default roles in View configuration > Administration
The roles are:
- Administrators (read only)
- Agent registration Administrators
- Global configuration and policy Administrators
- Global configuration and policy Administrators (read only)
- Inventory Administrators
- Inventory Administrators (read only)
- Local Administrators
- Local Administrators (read only)
Custom roles – If the predefined administrator roles do not meet your needs, you can combine specific privileges to create your own roles in View Administrator.
Add custom role: View configuration > Administration > Add Role
Required permissions – usual common admin tasks needs a priviledge or a permission.Some operations require permission at the root access group in addition to access to the object that is being manipulated.
- Managing Pools
- Managing Machines
- Managing Persistend disks
- Privileges for Managing Users and Administrators
- Privileges for General Administration Tasks and Commands
Display protocol settings – View supports RDP or PCoIP (PC over IP). You can set policies to control which protocol is used or to allow end users to choose the protocol when they log in to a desktop. If you use the HTML Access client, available with the HTML Access feature, the Blast protocol is used, rather than PCoIP or RDP.
PCoIP (PC over IP) provides an optimized desktop experience for the delivery of a remote application or an entire remote desktop environment, including applications, images, audio, and video content.
Remote Desktop Protocol is the same multichannel protocol many people already use to access their work computer from their home computer. Microsoft Remote Desktop Connection (RDC) uses RDP to transmit data.
Microsoft RDP is a supported display protocol for remote desktops that use virtual machines, physical machines, or shared session desktops on an RDS host. (Only the PCoIP display protocol is supported for remote applications.)
Location aware printing – see above concerning the virtual printing services and architecture. To use the location-based printing feature, you must install the Virtual Printing setup option with View Agent and install the correct printer drivers on the desktop. Configure the location-based printing GPO
Profile store for Persona management – Use View Persona Management to retain user settings and data between sessions even after the desktop has been refreshed or recomposed. View Persona Management has the ability to replicate user profiles to a remote profile store (CIFS share) at configurable intervals.
To configure View Persona Management, you set up a remote repository that stores user profiles, install View Agent with the View Persona Management setup option on virtual machines that deliver remote desktop sessions, add and configure View Persona Management group policy settings, and deploy desktop pools.
Tasks to do:
- Overview of Setting Up a View Persona Management Deployment
- Configure a User Profile Repository
- Install View Agent with the View Persona Management Option
- Install Standalone View Persona Management
- Add the View Persona Management ADM Template File
- Configure View Persona Management Policies
- Create Desktop Pools That Use Persona Management
Virtual profile group policies – The View Persona Management ADM Template file contains group policy settings that you add to the Group Policy configuration on individual systems or on an Active Directory server. You must configure the group policy settings to set up and control various aspects of View Persona Management.
Overview of the Horizon View Extras bundle…
The ADM Template file is named ViewPM.adm.
Location of View Persona Management Settings in the Group Policy Window:
Windows 7 and later or Windows Server 2008 and later:
Computer Configuration > Administrative Templates > Classic Administrative Templates (ADM) > VMware View Agent Configuration > Persona Management
Windows Server 2003:
Computer Configuration > Administrative Templates > VMware View Agent Configuration > Persona Management