VMware Hands-on Labs - HOL-MBL-1651


Lab Overview - HOL-MBL-1651 - Advanced Technical Concepts of Horizon 6 from A to Z

Horizon 6 with Guided Tour, Hosted Applications (RDSH), Optimization, Troubleshooting and SSL Certificates


You will gain an in-depth understanding of Horizon 6 Features and Functionality, focusing on newer features and technical details on integration with products such as VMware App Volumes and VMware User Environment Manager.

Lab Captains: Laurel Spadaro, Banit Agrawal, Brent McCoubrey, Peter Schraml


Lab Modules and Estimated Time of Completion


Below is a table that lists the different modules available in this lab, along with the estimated time to complete the various modules.  You can choose the modules that you want to do, with no particular order required. You can enroll in this lab [HOL-MBL-1651] as many times as you would like to complete all modules.  On the ControlCenter desktop, there is a README_MBL_1651.txt file.  It contains the usernames and passwords along with possible command line entries that may be required within certain modules.  For those of you using International keyboards, you can copy and paste the commands from the README_MBL_1651.txt file.

Lab Module List:

Lab Captains: Peter Schraml, Banit Agrawal, Laurel Spadaro, Brent McCoubrey

This lab manual can be downloaded from the Hands-on Labs Document site found here:

http://docs.hol.vmware.com/HOL-2016

This lab may be available in other languages.  To set your language preference and have a localized manual deployed with your lab, you may utilize this document to help guide you through the process:

http://docs.hol.vmware.com/announcements/nee-default-language.pdf


 

Choose your Module

 

  1. In this Lab Manual you can get to the Table of Content at any time by clicking MORE OPTIONS
  2. Then select TABLE OF CONTENTS
  3. This will allow you to choose which module in the lab you would like to complete

Note: At the beginning of some modules you will see instructions to correctly setup the environment.  Those instructions include verifying the power states of VM's.  If the required VM's are not powered on, the module will not work.  

 

Password Sheet and International Keyboards


Throughout this lab, user names and passwords should be provided as they are needed. If you find yourself prompted for credentials, and are unsure of what they are, please see the README_MBL_1651.txt file on the ControlCenter Desktop.  For Non-US keyboards, please leverage the On-Screen Keyboard for help navigating through the lab.


 

Password README_MBL_1651.txt file

 

Navigate to ControlCenter -- Desktop and double-click "README_MBL_1651.txt".

 

 

International Keyboards

 

If you have an non-US keyboard please use the On-Screen Keyboard for easy input

  1. The location of the onscreen keyboard is on the taskbar for ControlCenter desktop
  2. The On Screen Keyboard will appear

For all Virtual Machines the in the lab please Click on Start -- All Programs -- Accessories -- Ease of Access -- On-Screen Keyboard

 

Module 1 (30 Min) - New and In-Demand Features of Horizon 6

Guided Tour of Horizon 6 - Module Description


This module will guide you through an overview of Horizon 6, including popular and new features.


 

Verify the status of the Virtual Machines

 

From the ControlCenter desktop:

  1. Launch Google Chrome
  2. If the log in page for the vSphere Web Client does not appear, click on the Site A Web Client link.  
  3. Log in to the VMware vSphere Web Client as user: CORP\administrator and password: VMware1!
  4. Click on Host and Clusters
  5. Verify the View Connection Server is powered on

If not you will need to power on the VM

  1. Right click on the View Connection Server Virtual Machine.
  2. SelectPower
  3. Select Power On                                                                                                                                                           

It will take a few minutes for the View Connection Server to power on.  Proceed once the server has completed the boot up process.

 

What's New in Horizon 6


The purpose of this module is to give you an overview of Horizon and some of its new features. Due to lab constraints, not all features can be demonstrated. This portion of the lab will highlight some of the new features of Horizon 6, and is intended only to be a guide. As an administrator, you'll have complete control over the environment so please feel free to explore.

Many of the sections in this first module are informational only; that is there are no actual actions for you to take. You, as the Administrator of this environment, are free to explore the Horizon Administrator Console and Virtual Center. This lab is an open book. Be aware that disk space, shared lab resources, and time are limited. With that said, creating a new pool will consume your time and lab resources for little gain in the learning experience. You are encouraged to step through the skills or items that you are interested in, but to click "cancel" before actually completing tasks such as provisioning new VMs.

WARNING: Any changes made in the lab will put your lab at risk. If the lab fails or parts within the lab are deleted they CANNOT be restored and the lab cannot be restarted. The Lab Staff cannot restart or reset the lab and if the lab breaks, you need to redeploy the lab, which may require you to exit the lab and get back in the queue. Please DO NOT generate new desktops as there are a limited amount of resources in the lab and pool and desktop generation will likely fail.

Overview of the new features in Horizon 6


Horizon 6.1.1 New Features Overview


Overview of some of the new features of Horizon 6.1.1.


 

Horizon 6 Client Drive Redirection

 

Client Drive Redirection (CDR)

Users can share folders and drives on their local client systems with remote desktops and applications. Client Driver Redirection is supported on VDI desktops that run on single-user machines and on RDS desktops and applications. The feature is supported on Windows clients and, as a Tech Preview, on Mac OS X Clients.

With client drive redirection (CDR), folders and files are sent across the network without encryption and might contain sensitive data, depending on the content being redirected. To ensure that this data cannot be monitored on the network, use CDR only on a secure network.

The Client Drive Redirection setup option in the Horizon Agent installer is deselected by default. You must select this option to install the CDR feature.

As a best practice, install the Client Drive Redirection setup option only in desktop pools where users require this feature.

Requirements:

Client Drive Redirection is enabled during installation of the Horizon Agent

  1. Install the Horizon Agent and enable the Client Drive Redirection feature.
  2. After installation, connect with the new Horizon Client.
  3. When connecting for the first time there is a pop-up asking to access your local files. Make sure to allow this and selcect "Do not show this dialog again."
  4. In the Horizon Client there is an option called "Share Folders". In the sharing box add local drives and folders to share in the VDI desktop session.
  5. In Windows Explorer, the drives and folders that are mapped are now visible.

You can disable CDR by configuring a Microsoft Remote Desktop Services group policy setting in Active Directory.

  1. In the Group Policy Editor, go to Computer Configuration\Policies\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Device and Resource Redirection.
  2. Enable the Do not allow drive redirection group policy setting.

 

 

Horizon 6 Delivers Linux Desktops

 

Horizon 6 for Linux Desktops

With the Horizon Agent for Linux installer, set up and deploy Linux-based VDI desktop pools in the Horizon Administrator Console. Configure Linux virtual machines to support 3D graphics applications running the NVIDIA GRID GPU cards. Some features such as SSO, automated provisioning, and local drive redirection are not supported in this current 6.1.1 release.

For more information on this topic see this lab Module 9 - Presenting a Linux Hosted Desktop with Horizon 6.

 

 

Rich Graphics with NVIDIA GRID vGPU

 

VMware Horizon 6.1 and vSphere 6 with NVIDIA GRID vGPU enables designers, architects and engineers to run the most advanced, graphics-rich applications in a remote desktop using NVIDIA professional 3D graphics and certified application drivers. This brings workstation-class performance to remote and mobile workers more affordable than ever before, even over high-latency networks.

NVIDIA GRID vGPU software, combined with NVIDIA GRID K1 and K2 graphics adapters, offers a platform that delivers true GPU hardware acceleration shared between multiple virtual desktops. Full support with NVIDIA for the industry'€™s leading ISV applications like Siemens and ESRI, ensure fast and easy ramp up for organizations across all industries at scale.

There are two key requirements to add NVIDIA GRID vGPU 3D VMs to your VMware Horizon environment.

First, you need NVIDIA GRID K1 or K2 cards installed in GRID compatible servers, which must be certified and listed on both the VMware vSphere 6 hardware compatibility list and on the NVIDIA GRID certified server list. It is HIGHLY recommended you acquire the servers with the GPUs preinstalled with the correct cooling and power setup by the server vendor.

Second, NVIDIA GRID vGPU desktops require Horizon 6.1, which includes vSphere 6 and vCenter 6. Once you have installed or upgraded to vSphere 6, vCenter 6, and the Horizon 6.1 releases, you can add GRID VGPU desktops to your Horizon deployment.

Once you have the necessary GRID GPU enabled servers and vCenter 6 and Horizon 6.1 installed, here is the high level summary of what you need to do to get up and running to deploy a large number of 3D desktops:

  1. Install vSphere 6 and the NVIDIA GRID vGPU Manager on each GRID enabled server
  2. In vCenter, create a cluster and add the GRID enabled servers to that cluster
  3. Create the master Windows virtual machine with the desired GRID vGPU profile and install the NVIDIA Windows drivers and the VMware Horizon agent.
  4. Make that master virtual machine into a template virtual machine
  5. Create a Horizon pool, choosing the GRID backed template virtual machine, and use the GRID enabled cluster as the destination for your desktop pool. Horizon will automatically manage the placement of the virtual machines across the GRID cluster
  6. Access your 3D virtual machine from the VMware Horizon Client

Download the NVIDIA GRID vGPU Deployment Guide for VMware Horizon here.

 

 

Horizon Client for Chrome OS

 

As more and more corporate applications are delivered from the cloud, businesses are presented with multiple choices on how to access them.  No longer are businesses required to use full blown desktops or laptops to get their work done. For many, all they need is a way to access the web. With Google Chromebooks, businesses of all sizes can take advantage of the low price, built-in security, fast boot times, and worry-free upgrades that Chromebooks offer.

VMware Horizon Client for Chrome OS makes it easy to work on VMware Horizon Windows virtual desktop and hosted applications from a Chromebook or Chromebox giving you on the go access from any location.  With Unity Touch, easily browse, search, and open Windows applications and files, and easily switch between running applications all without the Start Menu or Task Bar.

The VMware Horizon Client for Chrome OS is available today in Google Play Store.

 

 

VMware User Environment Manager (UEM)

 

 

 

VMware App Volumes

 

VMware App Volumes provides real-time application delivery with lifecycle management. IT can provision applications to users, desktops and RDSH hosts at scale. More information is provided in this lab in Module 7 - VMware App Volumes Integration with Horizon 6.

 

 

Improved PCoIP Performance

The PC over IP (PCoIP) display protocols adaptive technology provides an optimized virtual desktop delivery on both LAN and WAN. Horizon 6 improves the end-user experience by introducing new bandwidth management algorithms that increase the frame rate and reduce its standard deviation.

Horizon 6 also has new PCoIP default settings that improve performance. You can change the settings if needed, but in most use cases, the new defaults are suitable and use less bandwidth.

The changed default settings are:

Build to Lossless (BTL) is set to off:A fully lossless image is usually not required, and disabling BTL reduces the bandwidth by up to 20 percent. In some cases, however, you might need to enable BTL, for example, when a doctor needs to examine a precise image.

Maximum Initial Image Quality changed from 90 percent to 80 percent: This setting controls the quality and compression level of pixels when the screen changes for pictures, animations, or videos. The previous default setting of 90 percent provided a perceptually lossless level of compression, meaning that the human eye could not perceive any distortion in the image. Because the screen is constantly changing for animation and video, people see no perceptible change at 80 percent of lossless. The new default reduces bandwidth usage by up to 30 percent.

Minimum Image Quality changed from 50 percent to 40 percent: This setting specifies the lowest quality and compression level of changed pixels for pictures, animations, and videos. This limit is reached only when the network is congested and the PCoIP session needs to conserve bandwidth. By decreasing the default to 40 percent of lossless, animation and video frame rates are improved by up to 10 percent under constrained conditions.

 

Module 2 (30 Min) - Configuring a VDI Desktop

Creating a VDI Desktop - Module Description


This module is designed to give you experience on how to setup and configure a VDI Desktop pool and entitle users.


 

Verify the status of the Virtual Machines

 

From the ControlCenter desktop:

  1. Launch Google Chrome
  2. If the log in page for the vSphere Web Client does not appear, click on the Site A Web Client link.  
  3. Log in to the VMware vSphere Web Client as user: CORP\administrator and password: VMware1!
  4. Click on Host and Clusters
  5. Verify the following Virtual Machines are powered on.

If not you will need to power on the required VM's

  1. Right click on the Virtual Machine
  2. Select Power
  3. Select Power On                                                                                                                                                                                                                                                        

It will take a few minutes for the VM's to power on.  Proceed once the VM's have completed their boot up process

 

Creating a Desktop Pool - Horizon Administrator Console


In this module, you will be creating a Desktop Pool using the Horizon Administrator Console.  

Horizon 6 offers the ability to create and provision pools of desktops from a centralized management console. Using pools to manage virtual desktops gives the ability to apply settings or deploy applications to all virtual desktops in a pool.

There are three types of desktop pools: automated, manual, and RDS. Automated desktop pools use a vCenter Server virtual machine template or snapshot to create a pool of identical virtual machines. Manual desktop pools are a collection of existing vCenter Server virtual machines, physical computers, or third-party virtual machines. In automated or manual pools, each Windows machine is available for one user to access remotely at a time. RDS desktop pools are not a collection of Windows machines, but instead, provide users with desktop sessions on RDS hosts. Multiple users can have desktop sessions on an RDS host simultaneously.

The Desktop pools are configured using the Horizon 6 Administrator console.


 

Launch Google Chrome to Connect to the Horizon Administrator Console and Log In.

 

  1. Launch Google Chrome from ControlCenter Desktop - double click icon
  2. Select the View Administrator bookmark  Note: Verify that the URL points to hvcs-w8-01.corp.local/admin/#.  You will receive a warning message that the connection is not trusted.  This is because the View Connection server is using a self-signed certificate.  You can click on the Advanced link and then Proceed to hvcs-w8-01.corp.local (unsafe) link to continue the login.  NOTE: Module 5 will cover replacing the self-signed certificate with a trusted certificate
  3. Login with user name: administrator, password: VMware1! and Domain: CORP.
  4. Click Log In.

 

 

Create a Horizon Desktop Pool

 

In this section you will create a Horizon Desktop Pool for the Win7 Desktop.

  1. In the Horizon Administrator, expand catalog in the left Inventory pane and then click Desktop Pools
  2. Click Add button to add a new desktop pool.

 

 

Horizon Desktop Pool Type

 

You will create a manual desktop pool.

  1. Select Manual Desktop Pool option.
  2. Click Next button.

 

 

Horizon Desktop Pool User Assignment

 

Pools can be Dedicated or Floating. In a dedicated-assignment pool, each user is assigned to a virtual desktop. Users receive the same virtual desktop each time they log in.  In a Floating-assignment pool, users are assigned to an available virtual desktop in the pool.  

  1. For User Assignment select Floating option.
  2. Click Next button.

 

 

Horizon Desktop Pool Machine Source

 

  1. Select vCenter virtual machines for source.
  2. Click Next button.

 

 

Horizon Desktop Pool vCenter Server

 

  1. Select your vCenter instance (192.168.110.22 Administrator@corp.local)
  2. Click Next button.

 

 

Horizon Desktop Pool Settings - ID

 

  1. Give your desktop a fun and cool ID and Display Name (Example: Win7_DesktopHOL).
  2. Click Next Button

 

 

Horizon Desktop Pool Settings

 

Desktop Pool Settings determine the machine state, power status when a virtual machine is not in use, display protocol, Adobe Flash quality, and so on.  

  1. Leave the pool settings with the default settings
  2. Click Next button.

 

 

 

Horizon Desktop Pool VM

 

Select Win7-MSW in the top list.

  1. Select Win7-MSW
  2. Click the Add button.  
  3. Click the Next button.

 

 

Ignore Warning for Lab (Optional)

 

If received, ignore the warning about "Virtual Machines in Use".

Click OK to proceed.

 

 

Horizon Desktop Pool Advanced Storage

 

You can configure desktop pools to enable ESXi hosts to cache virtual machine disk data. This feature, called View Storage Accelerator, uses the Content Based Read Cache (CBRC) feature in ESXi hosts. View Storage Accelerator can reduce IOPS and improve performance during boot storms, when many machines start up or run anti-virus scans at once. The feature is also beneficial when administrators or users load applications or data frequently. To use this feature, you must make sure that View Storage Accelerator is enabled for individual desktop pools.

When a virtual machine is created, Horizon indexes the contents of each virtual disk file. The indexes are stored in a virtual machine digest file. At runtime, the ESXi host reads the digest files and caches common blocks of data in memory. To keep the ESXi host cache up to date, Horizon regenerates the digest files at specified intervals and when the virtual machine is recomposed. You can modify the regeneration interval.

The feature can be disabled or enabled when you create or edit a pool. The best approach is to enable this feature when you first create a desktop pool. If you enable the feature by editing an existing pool, you must ensure that a new replica and its digest disks are created before linked clones are provisioned. You can create a new replica by recomposing the pool to a new snapshot or rebalancing the pool to a new datastore. Digest files can only be configured for the virtual machines in a desktop pool when they are powered off.

You can enable View Storage Accelerator on pools that contain linked clones and pools that contain full virtual machines.

Disregard any Advanced Storage Options and warnings.

  1. Click Next button.

 

 

Horizon Desktop Pool - Finished

 

The Ready to Complete screen shows where you can review your settings.

Due to the constraints on the Hands On Lab environment and limited resources, we are NOT going to perform the creation of the desktop pool at this time.  After reviewing, please click cancel.

  1. Click Cancel once you review the settings.
  2. Click OK to confirm

If you wanted to create an actual desktop pool then you would make sure to click on "Entitle Users after the wizard finishes" and click "Finish"

 

 

Desktop Entitlements

 

Before users can access virtual desktops or applications, they must be entitled to use a desktop or application pool.

The following procedure walks you through entitling users to a desktop pool.  You can review the process but we will not be executing the process in this section.

  1. From the Horizon Administration console in the left hand pane select Catalog --> Desktop Pools
  2. Click the name of the Desktop or Application pool you want to entitle.
  3. Select the Entitlements drop down and click on Add Entitlement...
  4. Click Add to start the entitlement process for the pool.
  5. Search criteria in the Name/User name box, enter domain users and click Find.  The Domain Users Group will appear.  Select the Domain Users group and click OK
  6. Validate and click Cancel on the Add Entitlements Window.

 

 

 

Accessing the VDI Desktop

 

Once the users are entitled to Horizon desktop pool(s), they can use the Horizon Client, authenticate to the Horizon Environment and see the list of desktop pool(s) they have access to.  When the user clicks on a desktop pool, the Horizon Connection Broker will provide the virtual desktop name the Horizon Client is to connect to and the desktop session will be started.  

 

Module 3 (45 Min) - Optimizing Horizon 6

Optimizing Horizon 6 - Module Description


This module covers new performance features introduced in Horizon 6 and will demonstrate Windows 7 desktop optimization options along with guiding you through some of the new features including PCoIP tuning.

You will make several changes to the current environment and view the results.  Optimization settings for Horizon 6 should be understood as each change may not have the expected results.  Please optimize your settings based on each use case and the needs of the end user.


 

Module Duration

The estimated time to complete this module is 45 minutes

 

 

Verify the status of the Virtual Machines

 

From the ControlCenter desktop:

  1. Launch Google Chrome
  2. If the log in page for the vSphere Web Client does not appear, click on the Site A Web Client link.  
  3. Log in to the VMware vSphere Web Client as user: CORP\administrator and password: VMware1!
  4. Click on Host and Clusters
  5. Verify the following Virtual Machines are powered on.

If not you will need to power on the required VM's

  1. Right click on the Virtual Machine
  2. SelectPower
  3. Select Power On                                                                                                                                                                                                                                                           

It will take a few minutes for the VM's to power on.  Proceed once the VM's have completed their boot up process

 

 

Pre-Optimized Review


This lab module will touch on important guidelines for configuring a standard Windows image for use in a Horizon 6 environment. It gives administrators the information necessary to create a standard Windows image, whether by leveraging the Microsoft Deployment Toolkit (MDT), by utilizing a script-based approach or a VMware fling (VMware OS Optimization Tool) to optimize traditionally installed Windows virtual machines. The recommended configuration settings optimize the operating system to enhance overall scalability and performance in a Horizon 6 environment. The procedures described in this lab module apply to the Windows 7 and Windows 8 operating systems.

Prior to optimizing an existing Windows 7 virtual machine you will connect and review several items.


 

Launch Horizon Client

 

From the ControlCenter desktop, Double Click on the VMware Horizon View Client icon.

 

 

Log In to hvcs-w8-01.corp.local Horizon Connection Server

 

Double Click on the hvcs-w8-01.corp.local cloud icon.

  1. Log in to the Connection Server hvcs-w8-01.corp.local as user: optimize using password: VMware1!
  2. Click Login to access the desktop pools

 

 

Connect to VP-Win7-Desktop pool

 

  1. Double Click on the VP-Win7-Desktop pool to connect

This will connect you to the Horizon desktop where you will complete the next several steps

 

 

Review Desktop Personalization

 

  1. Right Click on the desktop and choose Personalize

 

 

Review the visuals and sounds settings

 

Notice that you can select any Theme including Aero Themes

  1. Select the Aero Theme Architecture
  2. Minimize the Control Panel window

 

 

Review Unnecessary Services

 

  1. Click the Start button
  2. In the Search field enter the following:services.msc and hit enter to launch

 

 

Review Services

 

  1. Services such as Superfetch, Tablet PC Input Service and others are not relevant for a virtual desktop environment and take up resources.  Part of the optimization process will be to disable such services and other components not needed.  The image shows Superfetch and Tablet PC Input Service already being disabled.  This is due to the fact that some optimization options have already been applied to the virtual desktop

 

 

Disconnect from the Horizon Desktop

 

  1. Log off from the Horizon Desktop by selecting Options, and then Disconnect and Log Off
  2. When prompted to disconnect please answer OK

 

Prepare for Optimizing Windows 7 OS


This lesson goes through the log in process to the Horizon Administrator Console. The Horizon Administrator Console is installed on the Connection Server during the installation process.


 

Log In to Horizon Administrator

 

From the ControlCenter desktop

1. Launch Google Chrome

2. Select the View Administrator shortcut

Note: Verify that the URL points to hvcs-w8-01.corp.local

If you receive a warning about certificates please

3. Click Advanced

4. Proceed to hvcs-w8-01.corp.local (unsafe).

To log in enter

5. User name: Administrator

6. Password: VMware1!

7. Domain: CORP

8. ClickLog In

 

 

Initial Horizon 6 Dashboard

 

You have successfully logged into the Horizon Administrator Console. Review and familiarize yourself with the dashboard.

The Horizon Administrator Console offers a dashboard which will provide you with an overview of your system health. Using the dashboard can help you troubleshoot an issue with your Horizon environment.

  1. Click Dashboard - No matter where you are within the Horizon Administrator Console, you can always see the small dashboard on the top left hand side of the Horizon Administrator Console's interface.
  2. When in the Dashboard view you can see your System Health both for the Horizon 6 and vSphere environments.
  3. You have a special view for troubleshooting your Machine Status, which includes Desktops, Hosted Application Servers.
  4. The Datastores view offers an overview of your storage.

Note: The Horizon Connection Server has a Red alert. This is due to the use of self signed certificates and should be ignored for the lab. In a production environment, certificates from a trusted authority should be used. All self signed certificates should be replaced. For more information please review Module 5 - SSL Certificates in Horizon 6.

 

 

Select the VP-Win7-Desktop Pool to modify its properties

 

  1. On the left pane under Inventory click on Catalog, then Desktop Pools
  2. Double Click the Pool VP-Win7-Desktop to open the settings

 

 

Disable Provisioning of the desktop pool

 

To perform optimizations on Virtual Machines that have already been deployed using Horizon 6, disabling the pool may be required.

In this lab module, a manual pool is used for the desktops due to time limitations. For pools that are deployed and leveraging Composer (linked clones) this step is not required. When Horizon Composer is being used the master image would be modified and tested. Once the image is to your satisfaction a snapshot would be taken and would be used to recompose the pool. This procedure will be walked through in a future lesson.

To focus on the tasks and to conserve steps in the lab a full dedicated (persistent) desktop will be used to perform all tasks.

  1. On the Summary tab click the Edit... button

 

 

Disable the Pool

 

  1. Select Desktop Pool Settings tab
  2. Under State: Clickon the drop down and select Disabled
  3. ClickOK

 

 

Validate the Pool is Disabled

 

  1. Validate the desktop pool is disabled

The Pool is now disabled and users are prevented from logging into the pool. This will allow us to optimize the virtual desktop used for this pool.

 

Optimize the VM and Operating System


This module applies basic concepts from the "VMware Horizon View Optimization Guide for Windows 7 and Windows 8" which is available from http://www.vmware.com/go/view.   The use case definition is critical to the proper deployment of the Horizon environment and effective use of resources. This module does not go through a full optimization process of the Windows 7 operating system.  Based on the use case, the best practices and what optimizations to implement will be used.

This module is only going to review parts of the overall image optimization. In our Windows Optimization Guide for Windows 7 you will find three text files each with different functions.  The guide is located at http://www.vmware.com/files/pdf/VMware-View-OptimizationGuideWindows7-EN.pdf. The scripts are embedded in the PDF.  To use the scripts, rename the script files from .txt to .bat and run the batch file (script) which fits your scenario:

The scripts will need to be run against the gold image.

For Horizon deployments, www.vmware.com/go/view has a wealth of resources available to help you be successful


 

First Step - Install the operating system

 

Due to time constraints the operating system is installed for you. The above illustration reviews the proper Windows install process for a Horizon 6 deployment.

The next steps will walk through the manual changes that are located in the scripts located (embedded) within the optimization guide.  You will also take a look at a new VMware Fling called VMware Optimization Tool located at https://labs.vmware.com/flings.  Administrators need to review and understand all the optimizations and the impacts they will have before moving forward.

 

 

RDP to Win7-OPT-TS to start the optimization

 

  1. From the ControlCenter desktop, double clickthe RDP icon
  2. Double Clickthe Win7-OPT-TS shortcut to connect to the desktop.

 

 

Supply credentials

 

  1. Connect with corp\administrator and password VMware1!

 

 

Minimize cmd.exe window

 

Minimize the cmd.exe window by clicking on the "-" in the top of the window.

 

 

Set Computer Properties

 

  1. Click the Start Menu (Windows) button
  2. Right clickon Computer
  3. Select Properties

 

 

Select Advanced System Settings From Control Panel Home

 

  1. Select Advanced system settings

 

 

Set Performance

 

  1. From the Advanced tabClick Settings..... to open a new dialog window
  2. On the Visual Effects tab change from Let Windows choose what's best for my computer to Adjust for best performance
  3. Click OK
  4. Select the System Protection tab

 

 

System Protection set to Off

 

System protection is set to OFF.  Verify this.  This clears disk space and improves overall performance.

Click CANCEL once verified.

If it is set to ON, you can do the following to set it to OFF.

 

 

Manage Computer Settings

 

  1. Click Start button
  2. Right click on Computer
  3. Select Manage

 

 

Shut Down services

 

The Computer Management Window will open

  1. Select Services andApplications
  2. ClickServices

 

 

How to stop services

 

This step walks you through the process of starting and stopping a service. The list of some of the services that are to be disabled are listed in the table. For the sake of time, the services have already been disabled.

The following is the procedure you would follow to disable a service.  This is just informational.  You do not need to do anything

  1. Right click on the selected service and choose Properties
  2. Select Disabled from the Startup type drop down box (see the next step for services to stop)
  3. Stop the services by Clicking the Stop button
  4. Then click Apply
  5. Click OK

In a real-world scenario, you would repeat this process for the remaining services.

Note: Disabling services can also be accomplished via Group Policies in Active Directory.

 

 

Disconnect from the Win7-OPT-TS Desktop

 

  1. Click Start Menubutton
  2. Click the arrow beside the Log off.
  3. Click on Disconnect. This will disconnect you from the VM and disconnect your RDP connection.

 

 

Launch Google Chrome and Log In to the vSphere Web Client to Modify the Virtual Hardware

 

1. Launch Google Chrome from the ControlCenter Desktop

2. Select the Site A Web Client bookmark

Note: Verify that the URL points to vcsa-01a.corp.local

To log in enter the

3. User name: corp\administrator

4. Password: VMware1!

5. ClickLogin

 

 

Search for Win7-OPT-TS Virtual Machine

 

From the vSphere Web Client

  1. Select Home
  2. In the Search field type Win7-
  3. Select the Virtual Machine Win7-OPT-TS

 

 

Shut Down Win7-OPT-TS VM to optimize the virtual hardware

 

  1. Right click on Win7-OPT-TS
  2. SelectPower
  3. Select Shut Down Guest OS
  4. Select Yes

 

 

Edit Virtual Machine settings

 

Once Win7-OPT-TS has completely shutdown

  1. Clickthe Refresh icon.  (Due to the limited resources of the lab screen refreshes may be delayed)
  2. Right click on Win7-OPT-TS
  3. Select Edit Settings...

 

 

Memory

 

Please DO NOT CHANGE values.

For this lab 1 GB of RAM will be used with a Memory Reservation set at 512 MB based on a typical use case, the RAM value would be increased or decreased as defined in your use case definition.

 

RAM Sizing Impact on Performance

When allocating RAM, avoid choosing an overly conservative setting. Take the following considerations into account:

■ Insufficient RAM allocations can cause excessive Windows paging, which can generate I/O that causes significant performance degradations and increases storage I/O load.

■ VMware ESX/ESXi supports sophisticated memory resource management algorithms such as transparent page sharing and memory ballooning, which can significantly reduce the physical RAM needed to support a given guest RAM allocation. For example, even though 2GB might be allocated to a virtual desktop, only a fraction of that number is consumed in physical RAM.

Note - Transparent page sharing increases total consolidation ratios by reducing the total host memory consumed by all desktops. Over a period of time, for desktop images running on the same host, the transparent page sharing (TPS) feature collapses common memory blocks. The benefits of TPS accrue over time and depend on the number of common memory blocks. For Windows 7, the expected TPS ratio is between 20 and 40 percent.

■ Because virtual desktop performance is sensitive to response times, on the ESX/ESXi host, set nonzero values for RAM reservation settings. Reserving some RAM guarantees that idle but in-use desktops are never completely swapped out to disk. It can also reduce storage space consumed by ESX/ESXi swap files. However, higher reservation settings affect your ability to overcommit memory on an ESX/ESXi host and might affect VMotion maintenance operations.

 

RAM Sizing Impact on Storage

The amount of RAM that you allocate to a virtual machine is directly related to the size of the certain files that the virtual machine uses. To access the files in the following list, use the Windows guest operating system to locate the Windows page and hibernate files, and use the ESX/ESXi host's file system to locate the ESX/ESXi swap and suspend files.

Windows page file:  By default, this file is sized at 150 percent of guest RAM. This file, which is by default located at C:\pagefile.sys, causes thin-provisioned storage to grow because it is accessed frequently. On linked-clone virtual machines, the page file and temporary files can be redirected to a separate virtual disk that is deleted when the virtual machines are powered off. Disposable page-file redirection saves storage, slowing the growth of linked clones and also can improve performance. Although you can adjust the size from within Windows, doing so might have a negative effect on application performance.

Windows hibernate file for laptops:  This file can equal 100 percent of guest RAM. You can safely delete this file because it is not needed in Horizon 6 deployments, even if you use Horizon Client with Local Mode.

ESX/ESXi swap file :  This file, which has a .vswp extension, is created if you reserve less than 100 percent of a virtual machine's RAM. The size of the swap file is equal to the unreserved portion of guest RAM. For example, if 50 percent of guest RAM is reserved and guest RAM is 2GB, the ESX/ESXi swap file is 1GB. This file can be stored on the local datastore on the ESX/ESXi host or cluster.

ESX/ESXi suspend file:  This file, which has a .vmss extension, is created if you set the desktop pool logoff policy so that the virtual desktop is suspended when the end user logs off. The size of this file is equal to the size of guest RAM.

 

 

 

 

CPU

 

Please DO NOT CHANGE values.

For this lab 1 vCPU based on a typical use case, the vCPU value would be increased or decreased as defined in your use case definition.

 

Estimating CPU Requirements for Virtual Desktops

When estimating CPU, you must gather information about the average CPU utilization for various types of workers in your enterprise.

CPU requirements vary by worker type. During your pilot phase, use a performance monitoring tool, such as Perfmon in the virtual machine, esxtop in ESX/ESXi, or vCenter Server performance monitoring tools, to understand both the average and peak CPU use levels for these groups of workers. Also use the following guidelines:

■ Software developers or other power uses with high-performance needs might have much higher CPU requirements than knowledge workers and task workers. Dual virtual CPUs are recommended for compute-intensive tasks, if you need to play 720p video using the PCoIP display protocol, and for Windows 7 and later desktops.

■ Single virtual CPUs are generally recommended for other cases.

Because many virtual machines run on one server, CPU can spike if agents such as antivirus agents all check for updates at exactly the same time. Determine which agents and how many agents could cause performance issues and adopt a strategy for addressing these issues. For example, the following strategies might be helpful in your enterprise:

■ Use Horizon Composer to update images rather than having software management agents download software updates to each individual virtual desktop.

■ Schedule antivirus and software updates to run at nonpeak hours, when few users are likely to be logged in.

■ Stagger or randomize when updates occur.

■ Use an antivirus product that is compatible with the VMware vShield API. install the VMware NSX Guest Introspection Agent (formally vShield Drivers) as one of the components of VMware Tools. NSX Guest Introspection uses the hypervisor to perform antivirus scans without a bulky agent. This strategy avoids resource bottlenecks and optimizes memory use. VMware NSX for Horizon integrates with industry-leading solutions for antivirus, malware, intrusion prevention and next-gen security services.

As an informal initial sizing approach, to start, assume that each virtual machine requires 1/8 to 1/10 of a CPU core as the minimum guaranteed compute power. That is, plan a pilot that uses 8 to 10 virtual machines per core. For example, if you assume 8 virtual machines per core and have a 2-socket 8-core ESX/ESXi host, you can host 128 virtual machines on the server during the pilot. Monitor the overall CPU usage on the host during this period and ensure that it rarely exceeds a safety margin such as 80 percent to give enough headroom for spikes.

 

 

Disable CD/DVD

 

Please review the settings:

Connect At Power On should NOT be enabled

 

 

Video RAM

 

Video RAM can be set in the Horizon Desktop Pool settings via the Horizon Administrator Console or through the vSphere Web Client.  Setting the video RAM via the Horizon Administrator Console will force all virtual desktops in a pool to have the same settings.  Setting the video RAM using the vSphere Web Client allows an admin to make more granular settings on a per VM basis.

Please review the settings and make the required changes

  1. Select Video card
  2. Click Specify custom settings
  3. Change Number of Displays: to 1 (For this Lab only one monitor is required)
  4. Change Total video memory to 96 MB ( The SVGA software GPU uses physical RAM to appear as video ram.)
  5. Change 3D graphics - ensure the Enable 3D support is checked
  6. Click OK

 

RAM Sizing for Specific Monitor Configurations When Using PCoIP

If you use PCoIP, the display protocol from VMware, the amount of extra RAM that the ESX/ESXi host requires depends in part on the number of monitors configured for end users and on the display resolution. PCoIP Client Display Overhead lists the amount of overhead RAM required for various configurations. The amounts of memory listed in the columns are in addition to the amount of memory required for other PCoIP functionality.

PCoIP Client Display Overhead

Display Resolution Width, in Pixels Height, in Pixels 1-Monitor Overhead 2-Monitor Overhead 4-Monitor Overhead

When you consider these requirements, note that virtual machine configuration of allocated RAM does not change. That is, you do not need to allocate 1GB of RAM for applications and another 31MB for dual 1080p monitors. Instead, consider the overhead RAM when calculating the total physical RAM required for each ESX/ESXi host. Add the guest operating system RAM to the overhead RAM and multiply by the number of virtual machines.

Important

To use the 3D rendering feature, you must allocate sufficient VRAM for each Windows 7 or later Horizon desktop.

■ The software-accelerated graphics feature, available with Horizon 5.0 or later, allows you to use 3D applications such as Windows Aero themes or Google Earth. This features requires 64MB (the default) to 128MB of VRAM.

■ The hardware-accelerated graphics feature (vSGA), available with Horizon 5.2 or later and vSphere 5.1 or later, allows you to use 3D applications for design, modeling, and multimedia. This feature requires 64MB to 512MB of VRAM. The default is 96MB.

When 3D rendering is enabled, the maximum number of monitors is 2 and the maximum resolution is 1920 x 1200.

 

 

 

Power on Win7-OPT-TS

 

Power on the VM Win7-OPT-TS to continue the optimization

  1. Right Click on VM Win7-OPT-TS
  2. Select Power
  3. Select Power On

 

 

VMware OS Optimization Tool

 

The VMware OS Optimization Tool helps optimize Windows 7/8/2008/2012 systems for use with VMware Horizon 6. The optimization tool includes customizable templates to enable or disable Windows system services and features, per VMware recommendations and best practices, across multiple systems. Since most Windows system services are enabled by default, the optimization tool can be used to easily disable unnecessary services and features to improve performance.

You can perform the following actions using the VMware OS Optimization Tool:

In the following steps you will leverage the Optimization Tool to analyze remote systems and optimize a Windows 7 virtual machine.

 

 

RDP into the Win7-OPT-TS Desktop to start the optimization

 

  1. Double Clickthe RDP shortcut on the ControlCenter desktop

 

 

Select Win7-OPT-TS

 

Double click on the Win7-OPT-TS shortcut.  

**NOTE** Since the VM was just powered on, it may not have completed the boot up process.  If this is the case, the RDP connection will fail.  Depending on the available resources, you may need to wait 1-2 minutes for the virtual machine to be ready

 

 

Supply credentials

 

  1. Connect with corp\optimize and password VMware1!
  2. Click OK to continue

 

 

Analysis using Optimization Tool

 

From Win7-OPT-TS Desktop

  1. Double Click the Optimize folder

 

 

Launch the VMware OS Optimization Tool for remote analysis

 

  1. Double Click the VMware OS Optimization Tool_1050 icon to start the application

 

 

Select Analyze

 

  1. Select the Analyze tab

 

 

Step through the tool

 

Looking at the VMware OS Optimization Tool interface you will notice that you can interact with Templates or Analyze.

  1. You can change the Templates using the Drop down button, make sure you have Windows7 (built-in) chosen
  2. You have access to review the Optimization settings that will be used for the analysis

 

 

Analyze

 

During the analysis of the system the tool will analyze the registry entries, services, and scheduled tasks. The output after analyzing the operating system is a detailed summary of the current state of the system.

To start the analysis:

  1. Click the Analyze button
  2. Uncheck Persona Management
  3. Click Continue to Analyze to start the task

You will notice that the tool will start several tasks and allow you to review the results once completed

 

 

Review the Analysis result report

 

  1. Analysis Summary

The Analysis Summary displays the output in the form of a graphical bar chart. The graphical chart displays the number of steps that are optimized and unoptimized based on the following step types:

The orange color in the graphical chart denotes the unoptimized status and the blue color denotes the optimized status.

  1. The Optimizations show recommendations for optimizing the system.  

The following table describes the color code which is displayed after analyzing the system.

Icon and Color Code--Description

Green [✔]--The Analysis Status displays this color when the Actual Result is equal to the Expected Result for the following Step Types: Mandatory, Optional, Recommended

Red [X]--The Analysis Status displays this color when the Actual Result is not equal to the Expected Result for the mandatory Step Type.

Blue [i]--The Analysis Status displays this color when the Actual Result is not equal to the Expected Result for the optional Step Type.

Yellow [⧌]--The Analysis Status displays this color when the Actual Result is not equal to the Expected Result for the recommended Step Type.

 

 

Optimize Win7-OPT-TS based on the results

 

  1. Review the Optimizations recommendations
  2. Remove the Check mark from any optimization recommendation you do not want applied.  This is optional.

All optimization recommendations with a check mark will be applied during the Optimize process

  1. Click on Optimize

 

 

Optimization settings are applied

 

The optimization recommendations selected will be applied and your Windows OS will be optimized and ready for use as a gold template

Close the VMware OS Optimization Tool when finished

 

 

Disconnect from the Desktop

 

  1. Click Start Menu (Windows) button
  2. Click the arrow beside the Log off.
  3. Click on Disconnect. This will disconnect you from the VM and disconnect your RDP connection.

 

 

Restart Win7-OPT-TS VM

 

From the ControlCenter, restart the Win7-OPT-TS desktop using the vSphere Web Client

  1. Right click on Win7-OPT-TS
  2. SelectPower
  3. Select Restart Guest OS
  4. Click YES to confirm the Restart.

 

Optimizing the Pool


View Storage Accelerator is a technology that reduces storage loads generated by peak VDI storage reads by caching the common blocks of desktop images into local host memory. The Accelerator leverages a VMware vSphere (version 5.0 or later) platform feature called Content Based Read Cache (CBRC) implemented inside the ESX/ESXi hypervisor. When enabled for specific VMs, the host hypervisor scans the storage disk blocks to generate digests of the block contents. When these blocks are read into the hypervisor, they are cached in the host based CBRC. Subsequent reads of blocks with the same digest will be served from the in-memory cache directly.  This significantly improves the desktop performance, especially during boot storms or anti-virus scanning storms when a large number of blocks with identical contents are read.

Another feature for optimizing the deployment of Link Clones is a new Space Efficient Sparse Virtual Disk that addresses certain limitations with Virtual Disks. The first of these is the ability to reclaim stale or stranded data in the Guest OS filesystem/database. SE Sparse Disks introduces an automated mechanism for reclaiming stranded space. The other feature is a dynamic block allocation unit size. SE Sparse disks have a new configurable block allocation size which can be tuned to the recommendations of the storage arrays vendor, or indeed the applications running inside of the Guest OS.

Benefits of using Space Efficient Virtual Disks

Space efficient virtual disks optimize storage capacity in Horizon 6 deployments that use Horizon Composer linked clones. Customers have typically addressed the challenge of linked clone capacity growth by either doing a Refresh or Recompose operation on pools of desktops. With this new disk format, the need for reclaiming space with a Refresh/Recompose has been eliminated. The space reclamation is automated through Horizon 6 and customers only have to pay for storage capacity used. In addition, customers can now use linked clones to implement Persistent/Stateful desktops using very little storage capacity.

See http://blogs.vmware.com/euc/2013/03/space-efficient-virtual-disks-in-practice.html for more information

This lesson will review the feature of Horizon 5.x - View Storage Accelerator (VSA). VSA is an in-memory cache of common block reads (Content Based Read Cache) and is 100% server based and how to reclaim disk space.


 

Log In to the Horizon Administrator Console

 

If you already have a session opened to the Horizon Administrator Console you can skip to the next step.

From the ControlCenter desktop

1. Launch Google Chrome

2. Select the View Administrator shortcut

Note: Verify that the URL points to hvcs-w8-01.corp.local/admin/#

If you receive a warning about certificates please Click Continue to this website

3. User name: Administrator

4. Password: VMware1!

5. Domain: CORP

6. ClickLog In

 

 

Horizon Configuration Optimization

 

  1. In the left pane under View Configuration select Servers
  2. Choose the vCenter Servers tab
  3. Select 192.168.110.22 (Administrator@corp.local)
  4. Click the Edit button

 

 

Validate View Storage Accelerator Configuration

 

This step validates the View Storage Accelerator configuration.

  1. Select theStorage Tab
  2. Confirm the Enable View Storage Accelerator box is checked

You will notice that the Default host Cache size is set to 1024 MB ( the default is 1024MB, but if there are limited resources you can set the cache size to the minimum of 100 MB).

View Storage Accelerator for vCenter Server

In vSphere 5.0 and later, you can configure ESXi hosts to cache virtual machine disk data. This feature, called View Storage Accelerator, uses the Content Based Read Cache (CBRC) feature in ESXi hosts. View Storage Accelerator improves View performance during I/O storms, which can take place when many desktops start up or run anti-virus scans at once. The feature is also beneficial when administrators or users load applications or data frequently. Instead of reading the entire OS or application from the storage system over and over, a host can read common data blocks from cache.

By reducing the number of IOPS during boot storms, View Storage Accelerator lowers the demand on the storage array, which lets you use less storage I/O bandwidth to support your Horizon 6 deployment.

View Composer Array Integration is not supported in pools that are enabled for View Storage Accelerator. View Composer Array Integration uses vStorage APIs for Array Integration (VAAI) native NFS snapshot technology to clone virtual machines.

 

 

Enable Reclaim VM disk space

 

This step enables advanced disk space management for the individual servers.

  1. Check the Reclaim VM disk space
  2. Click OK to commit these settings.

Space Efficient Virtual Disks are enabled by default when customers provision pools based on Horizon Composer Linked Clones. The Space Efficient Virtual Disk format is only applicable to the linked clone portion of the VM and not applicable to the Master Image or Replica. In addition, this disk format is not applicable for Full Clones. When customers choose to create a Horizon Composer based Linked Clone Pool, they are provided with the option of enabling space reclamation (enabled by default) and defining a threshold for space reclamation.

Disk space reclamation is especially useful for deployments that cannot take advantage of storage-saving strategies such as refresh on log off. For example, knowledge workers who install applications on dedicated desktops might lose their personal applications if the desktops were refreshed or recomposed. With disk space reclamation, Horizon can maintain linked clones at close to the reduced size they start out with when they are first provisioned.

 

 

Select the Pool to modify

 

  1. On the left pane under Inventory Click on Catalog, then Desktop Pools
  2. ClickONLY ONCEon theVP-Win7-Desktop pool to select and highlight the pool.
  3. Click the Edit... button

 

 

Review Pool Graphics Settings

 

Review the settings and the effects on the end users experience:

  1. Select the Desktop Pool Settings Tab
  2. Scroll down to the Remote Display Protocol section
  3. The Default display protocol and Allow users to choose protocol allows you to force the desktop protocol to control the end user experience. In most cases PCoIP will be the protocol to set as default.
  4. 3D Renderer allows you to control from a Pool setting the desktop use of 3D and the vGPU.
    • The Virtual Machine must be running Windows 7 or later guests running with virtual hardware version 8 or later.

The drop down tab give you several choices:

  1. When 3D is disabled, the "Max number of monitors" and "Max resolution of any one monitor" settings determine the amount of vRAM assigned to desktops in this pool.  The greater these values are, the more memory will be consumed on the associated ESX hosts.  This setting does not limit the actual number of monitors a connected Horizon 6 session can be displayed on, but if you do not have enough video ram allocated to support multiple monitors you can experience poor performance.
  2. HTML Access, enabled by VMware Blast technology, allows users to connect to Horizon desktops from Web browsers.  Horizon Client software does not have to be installed on the client devices.

 

 

Enable Caching on Pools using View Storage Accelerator

 

To use View Storage Accelerator on a pool, the feature will need to be enabled. This is done on a per pool basis

  1. Select the Advanced Storage Tab
  2. Check Use View Storage Accelerator to enable host caching for this pool
  3. Click on Add to schedule blackout times for the regeneration process

Regenerate storage accelerator after: defines the scheduled interval to perform digest recompute. Write activity to the VMDK can occur during a pool-virtual machines lifetime, which will result in a large number of invalid hashes in the digest. Data blocks corresponding to these invalid hashes will not be cached. For a continuous benefit, it is important to reduce the number of invalid hashes in the digest by performing digest recompute periodically. The default is 7 days. The Regenerate storage accelerator after: (digest recompute) operation is less intensive than a create operation because the hashes are computed only from the blocks that have been changed since the digest creation or last regeneration.

 

 

Set Regenerate Blackout Days

 

Blackout days are days and times when the cache will not re-generate. This will prevent the regeneration from happening during production times. Regenerate clears out the cache and allows new dynamic content to cache.

  1. Set the Days to Block
  2. Set the Time range
  3. Click OK
  4. Click OK to close the window.

Notice that you can set multiple blocks of times

The Pool is now optimized for use.

 

Post-Optimization Review


This section will show you how to enable provisioning of a pool. This is a required step to access virtual desktops that are a member of the pool. The next section will focus on PCoIP optimizations and tuning and if the pool and virtual machines are inaccessible those steps cannot be performed.


 

Log In to the Horizon Administrator Console

 

If you already have the Horizon Administrator Console open, please go to the next step

From the ControlCenter desktop

1. Launch Google Chrome

2. Select the View Administrator shortcut

Note: Verify that the URL points to hvcs-w8-01.corp.local

If you receive a warning about certificates please Click Continue to this website

3. User name: Administrator

4. Password: VMware1!

5. Domain: CORP

6. ClickLog In

 

 

Select the VP-Win7-Desktop Pool

 

  1. On the left pane under Inventory Click on Catalog, then Desktop Pools
  2. Double Click the VP-Win7-Desktop pool to open the settings

 

 

Enable Provisioning of the Desktop Pool

 

Now that you have completed the optimization configurations for the Virtual Machine hardware, Horizon Pool and OS, you need to enable the pool to allow the users to be able to connect and use those virtual desktops.

  1. On the Summary tab click on the Edit... button

 

 

Enable the Pool

 

  1. Select Desktop Pool Settings tab
  2. Under State: Clickon the drop down and select Enabled
  3. ClickOK

 

 

Validate the Pool is Enabled

 

  1. Validate the State is Enabled

 

 

Launch Horizon Client

 

From the ControlCenter desktop, double click on the VMware Horizon View Client icon.

 

 

Log In to hvcs-w8-01.corp.local Horizon Connection Server

 

Double click on the hvcs-w8-01.corp.local cloud icon.

 

 

Enter Credentials

 

  1. Login as username: optimize using password: VMware1!
  2. Click Login to access the desktop pools

 

 

Connect to the VP-Win7-Desktop pool

 

  1. Double Clickthe VP-Win7-Desktop pool to connect

This will connect you to the Horizon desktop where you will complete the next several steps

 

 

Review Desktop Visual Effects

 

  1. Notice the change in the Visual Effects
  2. The Windows bar and icons have all been changed based on your optimization template

 

 

Review Desktop Personalization

 

  1. Right Click on the desktop and choose Personalize

 

 

Review the visuals and sounds

 

Notice that you can not select any Theme

  1. Notice that your Theme is greyed out and Window shades have been changed
  2. Scroll down and Select the Windows Classic theme

 

 

Disconnect from Horizon Desktop

 

  1. Disconnect from the Horizon Desktop by selecting Options, and then Disconnect and Log Off
  2. Click on OK

 

Optimizing PCoIP using Group Policies


This Lesson will review how to optimize PCoIP using Active Directory Group Policies

Horizon 6 provides GPO ADM templates that will need to be imported in to Active Directory.

Please see http://www.vmware.com/files/pdf/view/VMware-View-5-PCoIP-Network-Optimization-Guide.pdf for more information


 

Launch Group Policy Management

 

On the ControlCenter desktop look for the Group Policy Management(shortcut) icon and Double Click to start the application

 

 

Expand the domain corp.local to find the Group Policy Objects folder and expand it

 

Expand the domain corp.local to find the Group Policy Objects folder and expand it

 

 

Create an Optimize PCoIP Policy

 

  1. Find the Group Policy Object Folder
  2. Right click Group Policy Objects and select New

 

 

Create the new Policy

 

  1. Name the New GPO Optimize PCoIP
  2. Leave the Source Starter GPO as (none)
  3. Click OK

 

 

Edit the Optimize PCoIP Policy

 

  1. Right-click on the Group Policy Optimize PCoIP and selectEdit

 

 

Add the PCoIP policy template

 

  1. Expand the Computer Configuration folder
  2. Expand the Policies folder
  3. Right Click on the Administrative Templates: Policy definitions
  4. Select Add/Remove Templates...

 

 

Add the PCoIP.adm template

 

  1. Click on Add
  2. Enter the path \\controlcenter\c$\program files\vmware\vmware view\agent\extras
  3. Select pcoip.adm
  4. Click Open

 

 

Add the template

 

  1. Click Close

 

 

Browse the PCoIP Session Variables

 

  1. Expandthe Computer Configuration object
  2. Expand the Polices folder.
  3. Expand the Administrative Templates
  4. Expand the Classic Administrative Templates folder
  5. Expand the PCoIP Session Variables folder
  6. Expand the Overridable Administrator Defaults

 

 

Build-to-Lossless

 

NOTE:

The PCoIP display protocol  uses an encoding approach called progressive build, which works to provide the optimal overall user experience even under constrained network conditions.

Progressive build provides a highly compressed initial image, called a lossy image, that is then progressively built to a full lossless state. A lossless state means that the image appears with the full fidelity intended.

On a LAN, PCoIP always displays text using lossless compression. If available bandwidth per session drops below 1Mbs, PCoIP initially displays a lossy text image and rapidly builds the image to a lossless state. This approach allows the desktop to remain responsive and display the best possible image during varying network conditions, providing an optimal experience for users.

The build-to-lossless feature provides the following characteristics:

The PCoIP protocol is efficient enough to provide the build-to-lossless feature in all conditions.

NOTE: Build-to-Lossless has been turned off by default in Horizon 6.

 

 

PCOIP Maximum Session Bandwidth

 

  1. In the right pane,right-clickConfigure the maximum PCoIP session bandwidth and select Edit.

This setting specifies the maximum bandwidth, in kilobits per second, in a PCoIP session.

 

 

Set Max Bandwidth

 

Note: Setting this value prevents the server from attempting to transmit at a higher rate than the link capacity, which would cause excessive packet loss and a poorer user experience. This value is symmetric. It forces the client and server to use the lower of the two values that are set on the client and server side.

Please review and make the necessary changes to the settings:

  1. Confirm that your setting is Enabled
  2. Confirm the value for the Set PCoIP session bandwidth in kilobits per second to 2000
  3. Select OK at the Bottom of the dialog window.

Note: The bandwidth includes all imaging, audio, virtual channel, USB, and control PCoIP traffic. The default is 90000

 

 

PCoIP Audio Bandwidth

 

  1. In the right pane, right-click Configure the PCoIP session audio bandwidth limit and select Edit.

This setting specifies the maximum bandwidth that can be used for audio (sound playback) in a PCoIP session.

Note: It is recommended to review this setting in your environment. Not configured setting could result in higher network traffic due to basic Windows audio bells and themes.

 

 

Set session Audio Bandwidth Limit

 

Note: The audio processing monitors the bandwidth used for audio. The processing selects the audio compression algorithm that provides the best audio possible, given the current bandwidth utilization. This setting has no effect on USB audio

  1. Confirm that your setting is Enabled
  2. Confirm the value for the Set PCoIP session audio bandwidth limit to 50
  3. Select OK at the Bottom of the dialog window.

 

 

Edit PCOIP Image Quality Levels

 

  1. In the right pane, right-click Configure PCoIP image quality levels and select Edit

This setting controls how PCoIP renders images during periods of network congestion.

Note: this setting is one of the important when dealing with remote users. You are able to find the sweet spot for user bandwidth and visual responsiveness

 

 

Configure Image Quality Settings

 

Note: The following settings will not only affect the network bandwidth, but will also affect the user experience based on image quality. If you change the settings to very low values, you could affect the users display to the point of poor usability. The reverse is also correct, if you set the values so high and you run into poor network conditions, then the user will have very poor response times.

1. Confirm that your setting is Enabled

2. Confirm the value for the Set Minimum Image Quality is set at 4 [This value will provide the lowest quality display level for any image.  During times of high latency or low bandwidth this setting will allow the for quick desktop response and sacrifice image quality.]

3. Confirm the value for the Set the Maximum Initial Image Quality is set at 80 [This value is used to reduce the network bandwidth peaks required by PCoIP by limiting the initial quality of the changed regions of the display image. The Remote users will be using applications with medium graphic content and setting the value to 70 speeds up the display.]

4. Confirm the value for the Set the Maximum Frame Rate is set to 18 [Use the Maximum Frame Rate value to manage the average bandwidth consumed per user by limiting the number of screen updates per second. PCoIP defaults to a full 30 frames per second]

Note: depending on the type of applications and content that the end user will be viewing you can adjust the values accordingly. If your users are in a "green screen" type application for the majority of the time, then you could lower the value to 6 FPS.

5. Select OK at the Bottom of the dialog window.

 

 

Save the PCoIP session Policy

 

  1. Select File
  2. Select Exit to save the Policy

There are many more PCoIP settings available in the Horizon 6 PCoIP Template. Please take your time to review them and when done click the top right corner to close the Group Policy Editor.

 

Summary


Remember that PCoIP is a wonderful protocol that can be tuned to meet the needs of your users without sacrificing their experience.  Proper testing should be done for each user profile type and network conditions.  Also, remember that PCoIP is set by default for the best user experience and assumes LAN based connectivity.  Slight tuning of the protocol could greatly improve user experience and lower the network requirements allowing for more concurrent sessions and different use cases.

Horizon 6 enhancements heighten and improve performance, including adjusting the PCoIP defaults, expanding 3D graphics support, and adding support for VMware Virtual SAN.

The PC over IP (PCoIP) display protocol’s adaptive technology provides an optimized virtual desktop delivery on both LAN and WAN. Horizon 6 improves the end-user experience by introducing new bandwidth management algorithms that increase the frame rate and reduce its standard deviation.

Horizon 6 also has new PCoIP default settings that improve performance. You can change the settings if needed, but in most use cases, the new defaults are suitable and use less bandwidth.

The changed default settings are:


Module 4 (30 Min) - Troubleshooting Horizon 6

Troubleshooting Horizon 6 - Module Description


In this module we'll work through some of the common troubleshooting scenarios that new users of Horizon 6 often run in to, as well as some tips and tricks for managing a successful environment.


 

Module Duration

The estimated time to complete this module is 30 minutes

 

 

Verify the status of the Virtual Machines

 

From the ControlCenter desktop:

  1. Launch Google Chrome
  2. If the log in page for the vSphere Web Client does not appear, click on the Site A Web Client link.  
  3. Log in to the VMware vSphere Web Client as user: CORP\administrator and password: VMware1!
  4. Click on Host and Clusters
  5. Verify the following Virtual Machines are powered on.

If not you will need to power on the required VM's

  1. Right click on each Virtual Machine.
  2. SelectPower
  3. Select Power On                                                                                                                                                           

It will take a few minutes for the desktops to power on and then you can proceed.

 

Introduction to Troubleshooting


Horizon 6 is relatively easy to install and configure for IT admins, as well as simple and intuitive for end-users. However, like every piece of software, problems arise and must be resolved. By the very design of virtual desktop infrastructure technology, there are a variety of potential places for trouble including end-point devices, server infrastructure, and software configuration.

In this section we'll work through some of the common troubleshooting scenarios that new users of Horizon 6 often run in to, as well as some tips and tricks for managing a successful environment. Don't forget there are lots of additional resources online including the VMware Communities site, kb.vmware.com, blogs and more to help you work through different challenges you might come across.


Horizon Administrator Console Dashboard


Horizon Administrator Console provides a single pane of glass to manage desktops. This includes identifying issues early on and enabling you to resolve them before they impact end-users. Let's spend a few minutes looking at the Dashboard component of Horizon Administrator.


 

Log In to Horizon Administrator

 

From the ControlCenter desktop

1. Launch Google Chrome

2. Select the View Administrator shortcut

Note: Verify that the URL points to hvcs-w8-01.corp.local

If you receive a warning about certificates please

3. Click Advanced

4. Proceed to hvcs-w8-01.corp.local (unsafe).

To log in enter

5. User name: Administrator

6. Password: VMware1!

7. Domain: CORP

8. ClickLog In

 

 

Dashboard Overview

 

*Note - This step requires no action, it is only for demonstration purposes.

  1. When you log in to the Horizon Administrator console, you default to the Dashboard page.
  2. System Health informs you whether the components are healthy (green), need attention (yellow), or broken (red).
  3. Machine Status window lets you quickly identify any problems with your virtual desktops and RDS hosts.
  4. The Datastores section warns you if any of your datastores are nearing capacity.

 

 

There's a Problem

 

Notice that in the Desktop Status window we have a Problem Desktop.

 

 

Identify Problem Machines

 

 

 

Note the Affected VM

 

We now know which VM is having the problem.

Any time we see an "Agent unreachable" message, we know there is a communication issue between the Horizon agent on the VM and the Horizon Connection server. There are a variety of potential causes for this such as a firewall rule, disconnected NIC, or lack of available IP addresses in a DHCP scope.

 

 

Establish an RDP Connection to Win7-TS

 

First, we'll attempt to log on to the affected VM via direct RDP connection. Minimize but do not close the Horizon Administrator Console window.

1. On the ControlCenter desktop, double-click the RDP icon

2. Double-click the Win7-TS shortcut

3. Log In as user CORP\Administrator with password VMware1!

4. Click OK to continue

 

 

Ping Horizon Connection Server

 

We were able to connect to the VM via standard RDP connection.  This confirms that networking (DHCP, Not Connected Network) is not the cause of the problem.

A quick way to test connectivity between the VM and the connection server is to ping the Connection Server from the VM.

1. Click the Start button

2. Type cmd and hitthe Enter key to open the cmd window

3. In the Command window, type ping hvcs-w8-01.corp.local and hit the Enter key.

 

 

Ping Results

 

The Ping results look good.

Let's next check the Horizon agent service on the VM.

 

 

Check to See if The Horizon Agent is Installed

 

1. Click Start and select Control Panel

2. Click on Uninstall a program

 

 

Validate the Horizon Agent is Installed

 

1. Check to see that the VMware Horizon Agent is installed on the virtual machine

2. Close the Programs and Features window    

We have validated that the Horizon Agent is installed.

Note: If the Horizon Agent is not installed, then you have found the source of your issue and it must be installed. Horizon 6 does not check to see if the Horizon Agent is present before provisioning desktops in a pool.

 

 

Check Horizon Agent Service

 

1. Click the Start button

2. Type services.msc and hit the Enter key to open the services window.

 

 

Note the VMware Services

 

 

 

Change the Startup Type

 

  1. Change the Startup type to "Automatic".
  2. Click "Apply".
  3. Click "Start".

Wait for the Service status to read "Started".

  1. Click "OK".

NOTE: This step must be completed or you will not be able to complete the next steps in this Module.

 

 

Log Off the Win7-TS RDP Session

 

Within the Win7-TS VM click "Start > Log off".

 

 

Horizon Administrator Dashboard

 

 

 

Problem Resolved

 

  1. At this point the Horizon Agent in the VM should be communicating with the connection server, and the Problem Desktops field should read "0".
  2. You may need to click the "Refresh" icon to see the changes.

 

 

Next Steps

NOTE: The previous steps in this module must be completed to fix the problem machine or you will not be able to complete the next steps in this Module.

At this point you can close the Horizon Administrator console, or simply minimize it as it will be used again later in this module.

 

Using WMI for Troubleshooting


Recent versions of Horizon include Windows Management Instrumentation (WMI) classes that are installed with the Horizon agent. These classes enable administrators to observe real-time performance of several metrics on the Windows VM.


 

Launch the Horizon Client

 

From the ControlCenter, double-click the VMware Horizon View Client icon

 

 

Choose the Horizon Connection Server

 

Double-click on hvcs-w8-01.corp.local

 

 

Log In to Horizon

 

1. Username: administrator

2. Password: VMware1!

3. Click Login

 

 

Choose the Win7_TS Desktop Pool

 

 

 

Launch Perfmon

 

Double-click the perfmon - Shortcut icon on the Win7-TS Desktop.

 

 

Perfmon - Known Issue Work-Around

 

As the date of writing this manual there is a known issue where Perfmon may hang. Once you use Task Manager to stop the application, you will not encounter this issue again until you log off.

  1. Click on the Performance Monitor, then Right Click
  2. Choose Properties

If the application hangs at this point, you will use Task Manager to end the application.  Otherwise, click on OK and move on to Clear Existing Counters step

 

 

Perfmon - Start Task Manager

 

As the date of writing this manual there is a known issue where Perfmon may hang. Once you use Task Manager to stop the application, you will not encounter this issue again until you log off.

  1. Right Click on the Task bar
  2. Choose Start Task Manager

 

 

Perfmon - End Process

 

As the date of writing this manual there is a known issue where Perfmon may hang. Once you use TaskManager to stop the application, you will not encounter this issue again until you logoff.

  1. Click on Performance Monitor from the Applications tab
  2. Click End Task
  3. Confirm you would like to End Program, choose End Now
  4. Exit Task Manager when complete

The application will hang at this point and you will use Task Manager to end the application.

 

 

Relaunch Perfmon

 

Double-click the "perfmon" icon on the Win7-TS Desktop.

 

 

Configure Perfmon

 

Click "Performance Monitor"

 

 

Clear Existing Counters

 

Click the red X to delete all existing counters.

 

 

Add Counters

 

 

 

Locate the PCoIP Counters

 

Scroll until you find the PCoIP statistics classes.

 

 

Add the PCoIP Session Imaging Statistic "Imaging TX BW"

 

  1. Expand PCoIP Session Imaging Statistics
  2. Scroll down and select Imaging TX BW kbit/sec
  3. Click the Add button
  4. Notice the counter has been added
  5. Click OK

 

 

Change Counter Scale

 

 

 

Change Counter Scale

 

The purpose of this step is to make it easier to visualize what's happening with the amount of bandwidth being transmitted.

 

 

Arrange Windows

 

In the next step we're going to play a video to generate some bandwidth utilization. You'll want to arrange the perfmon window so that it takes up roughly half the window as shown in the image above.

 

 

Launch Video

 

Double-click the video Introducing VMware Horizon 6_(720p) shortcut from the Windows Desktop.

 

 

Observe Results

 

Notice the increase in bandwidth utilization. The PCoIP protocol will dynamically consume more or less bandwidth as is required to deliver video, audio, USB traffic, print traffic, and more. As an IT Administrator, you can use the PCoIP WMI classes to observe abnormal behavior and identify issues affecting end-user experience.

 

 

Close Windows

 

 

vRealize Operations for Horizon

While the WMI classes within the Horizon Agent are great for troubleshooting one-off issues, VMware has also made available a comprehensive management product called vRealize Operations for View. This tool set will monitor your entire Horizon environment and alert administrators of anomalies in behavior before they become a real problem. This technology moves IT from a reactive to a proactive troubleshooting mode, enabling the very best in customer service.

Please visit HOL-MBL-1652 for more information on Desktop Management with vRealize Operations for Horizon.

Watch the YouTube Video for more information on vRealize Operations for Horizon:

https://www.youtube.com/watch?v=J-aeT3Q8lFE

 

 

Next Steps

 

It is important that you log off of the Win7-TS VM before moving on to the next section of this module.

 

Communicating with End-Users


Planned maintenance windows are a necessity at any organization but we like to make the process as simple and painless for end-users as possible. In this section we'll cover two simple processes for communicating outage information to end-users in a Horizon 6 environment.


 

Item One - Sending Messages to Logged In End-Users

This section will show you how to send messages to logging in end users by configuring Pool Notifications.

 

 

Log in to the Win7_TS Desktop Pool

If you left the Horizon client logged in, double click on the Win7_TS Desktop pool to start a desktop session and proceed to Open the Horizon Administrator Console step.  If you closed the Horizon client, continue on to the next step.

 

 

Launch the Horizon Client

 

From the ControlCenter double-click the VMware Horizon View Client shortcut

 

 

Select hvcs-w8-01.corp.local Connection Server

 

Double click on hvcs-w8-01.corp.local

 

 

Authenticate to the Horizon Client

 

1. User name: Administrator

2. Password: VMware1!

3. Click Login

 

 

Select Win7_TS Desktop Pool

 

Double-click the Win7_TS Desktop pool

 

 

Minimize Win7_TS Desktop session

 

Click on the minimize icon

 

 

Open the Horizon Administrator Console

On the ControlCenter, you may have the Horizon Administrator Console (Google Chrome) minimized. If so, simply maximize the window and go to Select the Pool to Notify step

 

 

Log In to the Horizon Administrator Console

 

From the ControlCenter desktop Launch Google Chrome

Select the View Administrator shortcut

Note: Verify that the URL points to hvcs-w8-01.corp.local

If you receive a warning about certificates please Click Continue to this website

To log in enter the

  1. User name: Administrator
  2. Password: VMware1!
  3. Domain: CORP
  4. ClickLog In

 

 

Configure Pool Notification

In the next steps you will configure pool notifications by selecting the pool, creating your custom message, and verifying message was sent.

 

 

Select the Pool to Notify

 

  1. Click the Desktop Pools item under the Inventory tab and Catalog.
  2. Double-click on the Win7_TS Desktop pool.

 

 

Choose the Sessions Tab

 

Click the Sessions tab.

 

 

Select Active Session

 

The Sessions tab lists all active sessions for the Troubleshooting pool. In this lab, we have only one active session so we'll select only one. In a production environment, you'd have the ability to notify all active users/sessions.

  1. Click on the active session. *NOTE* Do NOT click on where it says "corp.local\administrator" or you'll be sent to another screen. Instead, click anywhere else on the line.
  2. Click Send Message

 

 

Create Custom Message

 

  1. Type in a message for your end-users.
  2. Select the type of message from the drop-down list.
  3. Click OK.
  4. Confirmation message that the message was sent.  Click OK to continue

 

 

Confirm Message was Sent to the users session

 

This process is great for immediate, unplanned outages or for reminding users of an impending issue or outage. In the next section we'll cover a means of communicating with end-users upon every connection with the Horizon client.

 

 

Log out of the Win7_TS Desktop

 

We'll need to log completely out of the Horizon client for the next section to be effective.

1. Click Start

2. Expand the Shut down dialog box

3. Select Log off

 

 

Close the Pool Selection Window

 

Close the Pool Selection window.

This window needs to be completely closed before continuing to the next section.

 

 

Item Two - Using Pre-Login Notifications

The pre-login message feature may be utilized to communicate an upcoming outage, an acceptable usage policy, or any other bit of information you need to share with end-users. As you'll see in this section, end-users will be presented with this information with each launch of the Horizon client.

 

 

Maximize the Horizon Administrator Console

If you closed Google Chrome, simply follow the steps at the beginning of this section to open the Horizon Administrator Console.

 

 

Edit Global Settings

 

  1. Navigate to Inventory > View Configuration > Global Settings
  2. In the General section, click Edit...

 

 

Enter Pre-Login Message

 

  1. Select the check-box to enable the pre-login message.
  2. Enter some text that you'd like end-users to see upon login. This can be used for outage notifications, acceptable usage policies, etc.
  3. Click OK.

 

 

Authenticate to the Horizon Client

We will now validate that the pre-login message works

 

 

Launch the Horizon Client

 

From the ControlCenter double-click the VMware Horizon View Client shortcut

 

 

Select hvcs-w8-01.corp.local Connection Server

 

Double click on hvcs-w8-01.corp.local

 

 

Accept Pre-login Message

 

1. Notice that the pre-login message is displayed.

2. Click Cancel

3. Close the Horizon Client by clicking on the X

 

PCoIP and "Black Screen"


A common issue, especially with initial deployments of Horizon 6, is seeing a black screen after attempting to connect to a Windows VM. In this section we'll show you the symptom and some of the more common causes.

This is an informational section only. There is NO lab work.


 

Symptom

 

*NOTE*: This is an informational section only.  There is NO lab work.

After launching the Horizon client, providing credentials, and selecting a Horizon Desktop pool, the user is presented with a virtual desktop window displaying the title of the pool and an otherwise black screen. In this case you can see we are connecting to the "Mobile Secure Workplace" pool. Typically when this occurs, after several seconds elapse, the window will simply close and the Horizon client will exit.

 

 

Troubleshooting

*NOTE*: This is an informational section only.  There is NO lab work.

While there are a number of reasons this might occur, the most common by far is having a firewall somewhere in the path which is blocking the PCoIP traffic.

 

 

PCoIP Connection Sequence

 

*NOTE*: This is an informational section only.  There is NO lab work.

To troubleshoot any PCoIP issues you should first understand the typical connection sequence for PCoIP.

 

 

Additional Information

For additional information on troubleshooting VMware Horizon 6 issues, be sure to check out kb.vmware.com and article http://kb.vmware.com/kb/1028332

 

Summary


Thank you for stepping through some of the common troubleshooting scenarios that new users of Horizon 6 often run in to.  We hope that you learned some tips and tricks for managing a successful environment.  Remember that there are lots of additional resources online including the VMware Communities site, kb.vmware.com and blogs to help you as you troubleshoot any issues that arise.  Finally, if you are completely stuck please open a Support Request with VMware Global Support Services.


Module 5 (30 Min) - SSL Certificates in Horizon 6

Introduction to SSL Certificates in Horizon 6


With Horizon 6, all communication channels between the Horizon components are secured with SSL authentication mechanisms. Starting in Horizon 5.1, upgrades or new installs, you will find a higher security standard for SSL certificates than in previous releases.

When you install the Horizon 6 servers in your environment, each one includes a default self-signed certificate. Self-signed certificates are issued by the server itself, not by a Certificate Authority. The server identifies and validates itself, which results in an untrusted certificate. Self-signed certificates provide very low-level security because untrusted server certificates are at risk of having traffic intercepted between the clients and the servers. If an unauthorized server steps into the middle of a transaction and responds to the same IP address as the organization’s server, the administrator receives no additional warning beyond the original warning resulting from the self-signed certificate.

Self-signed certificates are acceptable only for a testing environment, and are not secure enough for a production environment. Horizon 6 now makes using the default self-signed certificates more difficult to use by warning users and administrators if certificates are not signed by a Certificate Authority. To ensure a secure production environment, you need to install SSL certificates that are signed by a Certificate Authority (CA).

SSL certificates signed by a CA protect communications against tampering, eavesdropping, and “man-in-the-middle” (MITM) attacks. These certificates provide a secure channel between Horizon clients and Horizon servers for passing of private information, such as passwords and PINs. If you use the default self-signed certificates installed with Horizon servers, communication between Horizon servers and Horizon clients can be compromised.


SSL Setup for Horizon Connection Servers


In the following steps you will configure the Horizon Connection Server with an SSL Certificate using the built-in Microsoft Active Directory Certificate Services, which issues certificates for public key security programs.


 

Microsoft Certificate Authority

 

The Microsoft Certificate Authority service has already been installed and configured to issue certificates for the corp.local domain.

In your organization you might use the MCA, or a third-party signing authority.

Active Directory Certificate Services Overview can be found here: http://technet.microsoft.com/en-us/library/hh831740.aspx

 

SSL certificate security is enhanced in Horizon 5.1 and later



 

Warnings to users if the Horizon Server certificate is not signed

 

Warnings to users if the Horizon Server certificate is not signed by a Certificate Authority

Horizon Clients include improved mechanisms to check certificates and to give warnings when the identity of the Horizon server cannot be fully validated. All Horizon servers are installed with default self-signed certificates. In Horizon 5.1 and later, users by default receive warnings if you do not upgrade the default certificates to ones signed by a CA.

Newer Horizon Clients can communicate only over HTTPS (HTTP over SSL). HTTP

communication is no longer permitted. All Horizon Client communication is encrypted.

 

 

Enhanced Horizon component certificate-checking displayed

 

Enhanced Horizon component certificate-checking displayed in the Horizon Administrator dashboard

Horizon now does more certificate checking to verify the identity of connected components. The Horizon Administrator dashboard displays a red warning symbol next to Horizon servers that do not have certificates signed by a trusted CA (a CA present in the Trusted Certificate Authorities store).

 

 

Support of the Windows Certificate Store

 

Support of the Windows Certificate Store

Horizon now supports only the Windows Certificate Store for managing certificates on Horizon components. Horizon formerly allowed JKS and PKCS certificate stores, or keystores, which use complex Java Keytool and command-line tools to generate certificate requests and import the resulting certificates back into the keystore. Windows administrators were less familiar with these tools than with Windows tools. You can now use the Microsoft Management Console (MMC) Certificates Snap-In to perform part of the process of obtaining and importing certificates. The Windows Certificate Store is installed by default with the Windows operating system on both servers and desktops, and is a familiar certificate management interface for administrators.

This change to using the Windows Certificate Store allows you to better protect the private key for the certificate. The encryption password of the keyfile was stored in a text file if you used other certificate stores. In addition, with the Windows Certificate Store, the process of managing SSL server certificates is simplified and more likely to be accurate. The prior Java Keytool method for generating a CSR, creating a keystore, and importing the certificate into the keystore was more complex.

 

 

SSL Certificates Required for Horizon Servers

 

The following Horizon components require SSL certificates:

 

 

Certificate Types

 

With your Certificate Signing Request, you can ask for a single-server or multiple-server certificate:

 

 

 

Confirm Self-Signed Certificate with the Horizon Administrator Console

In this section we'll confirm that the default, self-signed cert is being used for Horizon Connection Server

 

 

Login to the Horizon Administrator Console

 

  1. From the ControlCenter desktop Launch Internet Explorer - double click icon
  2. Select the View Administrator shortcut in the Favorites Bar

Note: Verify that the URL points to hvcs-w8-01.corp.local

  1. If you receive a warning about certificates please Click Continue to this website

 

 

Log into the Horizon Administrator Console

 

To log in enter the

  1. User name: Administrator
  2. Password: VMware1!
  3. Domain: CORP
  4. ClickLog In

 

 

Untrusted Certificate

 

 

 

Close Internet Explorer

 

We'll need to completely reload the window once we install a valid certificate.

 

Request Signed Certificate from Microsoft CA


In this section we'll request a new certificate from the Microsoft Certificate Authority.


 

Restart Active Directory Services - LAB ONLY STEP

 

Note: In this Lab we have encountered a small issue on some of the Lab deployments and the following step is required.  This step is only required for this module.

  1. Make sure you on the ControlCenter desktop
  2. Click Start
  3. Enter services.msc
  4. Click OK
  5. In the Services window select Active Directory Certificate Services
  6. Click Restart
  7. Next select Active Directory Domain Services
  8. Click Restart
  9. Select Yes to Restart Other Services
  10. Close the Services window and continue.

 

 

RDP to the Connection Server

 

From the ControlCenter desktop

  1. Click Start
  2. Enter mstsc /c in the search window
  3. Hit Enter key
  4. Enter hvcs-w8-01.corp.local
  5. Click Connect

 

 

Enter Credentials

 

1. User name: CORP\administrator

2. Password: VMware1!

3. Click OK

 

 

Validate you're connected to the Connection Server HVCS-W8-01

 

1. Validate you are connected to HVCS-W8-01

2. Maximize the RDP connection screen size by clicking on the Maximize button

 

 

Launch the Microsoft Management Console (MMC)

 

From the HVCS-W8-01 desktop

  1. Right click on Start
  2. Select Run
  3. Type mmc and click OK

*Note* - Make sure you are launching MMC from within the remote desktop session to HVCS-W8-01 and not on the ControlCenter.

 

 

MMC - Add Snap-in

 

We need to add the Certificate Snap-in to MMC

  1. Choose File
  2. Select Add/Remove Snap-in

 

 

Add Certificates Snap-in

 

To manage the local Certificates you need to install/enable the snap-in

  1. ClickCertificates
  2. Click Add
  3. Click Computer account
  4. Click Next

 

 

Select Computer and Finish Snap-in Install

 

  1. Click Local computer
  2. Click Finish
  3. Click OK to close the Snap-ins window

 

 

Self-signed Cert

 

  1. ExpandtheCertificates (Local Computer)
  2. Expand the Personal folder
  3. Click on the Certificates folder
  4. Note the existing self-signed certificate, which was created during the Horizon Connection Server installation.  To identify a certificate is self-signed, usually, the Issued By field will have the same name as the local server as you see in the picture.  Notice the Friendly Name of vdm. (You may need to expand the window to see this information).  This friendly name is used by the Horizon Connection Server to identify which server certificate to use.

 

 

Modify Existing Cert

 

  1. Right click on the existing cert hvcs-w8-01.corp.local
  2. Select Properties

 

 

Change the Friendly Name Value

 

Note the friendly name "vdm". This value is key to enabling the Horizon Connection Server to use the certificate.

  1. Change the friendly name value to self-signed
  2. Click OK

 

 

Request New SSL Certificate

 

To start the Certificate Enrollment

  1. Right click on Certificates
  2. Choose All Tasks
  3. Select Request New Certificate...

 

 

Click "Next"

 

Click Next to begin the enrollment

 

 

Certificate Enrollment Policy

 

 

 

Request Certificates

 

  1. Scroll down to the bottom of the list of certificate types
  2. Select the Web Server box.
  3. Click the link for More information is required to enroll this certificate under the Web Server checkbox.

 

 

Certificate Properties - Subject

 

On the Subject Tab of the properties of the certificate request

  1. Change the Subject name type to Common name from the drop-down list.
  2. In the Value field add the server name by entering: HVCS-W8-01.corp.local
  3. Click Add
  4. Change the Alternative name type to DNS from the drop-down list.
  5. In the Value field add the FQDN by entering HVCS-W8-01.corp.local
  6. Click Add
  7. Click Apply but do NOT click OK yet.

 

 

Certificate Properties - General

 

  1. Select the General tab
  2. Add the name to the Friendly name field by entering vdm
  3. Click Apply but do NOT click OK yet.

 

 

 

Certificate Properties - Private Key

 

  1. Select the Private Key tab.
  2. Expand Key Options
  3. Check the box Make private key exportable
  4. Click Apply
  5. Click OK

 

 

Enroll Certificate

 

Click Enroll to have the certificate issued from the CA

 

 

Certificate Enrollment Success

 

 

 

Review the new issued SSL Certificate

 

  1. ExpandtheCertificates  (Local Computer)
  2. Expand the Personal folder
  3. Click on the Certificates folder
  4. Notice the new certificate has been issued by the ControlCenter-CA
  5. Close MMC when finished reviewing and DO NOT disconnect your RDP connection
  6. Select No to save console settings

 

Note: Be careful not to close your remote connection to HWCS-W8-01

 

 

Restart the Horizon Connection Server service

Now that we've completed the certificate request and have added the new certificate for the Horizon connection server, we'll need to restart a couple of services. This process will cause the connection server to make use of the new certificate.

 

 

Launch Services Control Panel

 

From HVCS-W8-01 desktop

  1. Right click on Start
  2. Select Run
  3. Enter services.msc
  4. Click OK

 

 

Restart the Horizon Connection Server Services

 

1. Click onVMware Horizon View Connection Server

2. Click on Restart

Wait for the service to completely restart before moving on.

3. Click on VMware Horizon View Blast Secure Gateway

4. Click on Restart

5. Validate that all the required VMware Horizon Services are Running.  Only the VMware Horizon View Script Host service is not required.  Wait for the required services to have a status of Running before moving on.

 

 

Minimize the Remote Desktop Session to HVCS-W8-01

 

Minimize the RDP connection

 

Confirm the use of the Signed Certificate with the Horizon Administrator Console


Let's validate that the new certificate is installed correctly and being used by the Horizon Connection Server.


 

Launch Internet Explorer

 

From the ControlCenter desktop

  1. Launch Internet Explorer from Desktop - double click icon

 

 

Connect to the Horizon Administrator Console

 

Select the View Administrator shortcut

  1. Note that this time we do not receive the certificate warning.

Note: Verify that the URL points to hvcs-w8-01.corp.local

 

 

Log into the Horizon Administrator Console

 

To log in enter the

  1. User name: Administrator
  2. Password: VMware1!
  3. Domain: CORP
  4. ClickLog In

 

 

Trusted Certificate

 

 

 

Close Internet Explorer

 

 

Horizon Security Server - Request Signed Certificate from Microsoft CA


This section is informational only and no lab work will be completed in the following steps.

The Horizon Security Server(s) are not Domain joined and the process for securing the connection with a CA signed certificate is outlined below.

In this section we'll request a new certificate from the Microsoft Certificate Authority from a non domain joined Windows Server.


 

Self Signed Certificate for Horizon Security Server

 

 

 

Launch the Microsoft Management Console (MMC)

 

*NOTE*: Information only.  No lab work to be done

From Security Server desktop

  1. Click on Start
  2. Enter MMC
  3. Choose the MMC application to launch

 

 

MMC - Add Snap-in

 

*NOTE*: Information only.  No lab work to be done

We need to add the Certificate Snap-in to the MMC Console

  1. Choose File
  2. Select Add/Remove Snap-in

 

 

Add Certificates Snap-in

 

*NOTE*: Information only.  No lab work to be done

To manage the local Certificates you need to install/enable the snap-in

  1. ClickCertificates
  2. Click Add
  3. Click Computer account
  4. Click Next

 

 

Select Computer and Finish Snap-in Install

 

*NOTE*: Information only.  No lab work to be done

  1. Select Local computer
  2. Click Finish

When prompted click OK

 

 

Self-signed Cert

 

*NOTE*: Information only.  No lab work to be done

  1. ExpandtheCertificates (Local Computer)
  2. Expand the Personal folder
  3. Click on the Certificates folder

Note the existing self-signed certificate, which was created during the Horizon Connection server installation.

 

 

Modify Existing Certificate

 

*NOTE*: Information only.  No lab work to be done

  1. Right-click on the existing certificate (HVCS-W8-02.corp.local)
  2. Select Properties

 

 

Change the Friendly Name Value

 

*NOTE*: Information only.  No lab work to be done

Note the friendly name "vdm". This value is key to enabling the certificate used by the Horizon Connection Server.

  1. Change the friendly name value to self-signed
  2. Click OK

 

 

Request New SSL Certificate

 

*NOTE*: Information only.  No lab work to be done

To start the Certificate Enrollment

  1. Right click Certificates
  2. Select All Tasks
  3. Select Advanced Operations
  4. SelectCreate Custom Request...

 

 

Certificate Enrollment

 

*NOTE*: Information only.  No lab work to be done

Click Next to begin the enrollment

 

 

Certificate Enrollment Policy

 

*NOTE*: Information only.  No lab work to be done

 

 

Custom Request

 

*NOTE*: Information only.  No lab work to be done

  1. In the Template drop down choose (No template) Legacy Key
  2. For the Request format: Choose the PKCS #10 option

 

 

Certificate Information - Custom request

 

*NOTE*: Information only.  No lab work to be done

  1. Click the Details drop down
  2. Click on Properties to modify the request

 

 

Certificate Properties - General

 

*NOTE*: Information only.  No lab work to be done

  1. Select the General tab
  2. Add the name to the Friendly name field by entering vdm
  3. Click Apply but do NOT click OK yet.

 

 

Certificate Properties - Subject

 

*NOTE*: Information only.  No lab work to be done

On the Subject Tab of the properties of the certificate request

  1. Change the Subject name type to Common name from the drop-down list.
  2. In the Value field add the server name by entering: (YOUR SERVER NAME HERE) HVSS-W8-02.corp.local
  3. Click Add
  4. Change the Alternative name type to DNS from the drop-down list.
  5. In the Value field add the FQDN by entering (YOUR FQDN NAME HERE) HVSS-W08-02.corp.local
  6. Click Add
  1. Click Apply but do NOT click OK yet.

 

 

Certificate Properties - Extensions

 

*NOTE*: Information only.  No lab work to be done

On the Extensions Tab of the properties of the certificate request

  1. Expand Key Usage option
  2. Select Decipher Only for the Key Usage
  3. ClickAdd
  4. Click Apply but do NOT click OK yet

 

 

Certificate Properties - Private Key

 

*NOTE*: Information only.  No lab work to be done

  1. Select the Private Key tab.
  2. Expand Key Options
  3. Check the box Make private key exportable
  4. Expand Key Options
  5. Select Exchange for the Key Type
  6. Click Apply
  7. Click OK

 

 

Create the request

 

*NOTE*: Information only.  No lab work to be done

Select Next to complete the custom request

 

 

Save the Offline request

 

*NOTE*: Information only.  No lab work to be done

  1. Choose a file name and location for the certificate request
  2. ChooseBase 64 as the file format
  3. Click Next to complete the custom request

 

 

Web Enrollment for Custom Request

 

*NOTE*: Information only.  No lab work to be done

Open Internet Explorer and go to your CA Web Enrollment server

  1. http://controlcenter.corp.local/certsrv
  2. Authenticate to start the enrollment process
  3. Click OK

 

 

Request a Certificate Task

 

*NOTE*: Information only.  No lab work to be done

  1. Select Request a certificate

 

 

Submit an Advanced Certificate Request

 

*NOTE*: Information only.  No lab work to be done

  1. Select advanced certificate request

 

 

Submit using a base-64 PKCS #10

 

*NOTE*: Information only.  No lab work to be done

  1. Select Submit a certificate request by using a base-64-encoded CMC or PKCS #10 file or submit a renewal request by using a base-64-encoded PKCS #7 file

 

 

Open you Custom Request

 

*NOTE*: Information only.  No lab work to be done

  1. Navigate to your custom certificate request file
  2. Right-click and Open with...Notepad or Wordpad

 

 

Copy your Certificate Request hash

 

*NOTE*: Information only.  No lab work to be done

Select all text from your custom request and copy or cut the information

 

 

Submit a Certificate Request hash

 

*NOTE*: Information only.  No lab work to be done

  1. Paste the custom request data into the Saved Request section of the form
  2. Change the Certificate Template type to Web Server
  3. Click Submit

 

 

Download Signed Certificate Chain

 

*NOTE*: Information only.  No lab work to be done

  1. Change the encoded type to Based 64 encoded
  2. Download certificate chain

 

 

Save Signed Certificate

 

*NOTE*: Information only.  No lab work to be done

  1. Name the signed certificate
  2. Save type as PKCS #7 extension to your Security Server
  3. Click Save

 

 

Import the Signed Certificate

 

*NOTE*: Information only.  No lab work to be done

From the MMC with the Certificate Snap-in installed on the Horizon Security Server

  1. Click Certificates
  2. Expand Personal folder
  3. Right Click on the Certificates folder
  4. Select All Tasks
  5. Select Import

 

 

Start Certificate Import Wizard

 

*NOTE*: Information only.  No lab work to be done

Click Next

 

 

Import the Signed Certificate Chain file

 

*NOTE*: Information only.  No lab work to be done

  1. Click on Browse
  2. Navigate to the PKCS #7 Signed Certificate file
  3. Select your certificate
  4. Click Open
  5. Click Next

 

 

Certificate Store

 

*NOTE*: Information only.  No lab work to be done

  1. Choose the defaults or Personal Certificate store
  2. Click Next

 

 

Finish the Import Wizard

 

*NOTE*: Information only.  No lab work to be done

Click Finish

Click OK when prompted

 

 

Move the Root Certificate

 

*NOTE*: Information only.  No lab work to be done

  1. ExpandtheCertificates (Local Computer)
  2. Expand the Personal folder
  3. Click on the Certificates folder
  4. Drag the Root-CA Certificate to the folder Trusted Root Certification Authority, Certificates folder

 

 

Review the new issued SSL Certificate

 

*NOTE*: Information only.  No lab work to be done

  1. ExpandtheCertificates (Local Computer)
  2. Expand the Personal folder
  3. Click on the Certificates folder

Notice the new certificate has been issued by the ControlCenter-CA

  1. Close MMC when finished reviewing and DO NOT disconnect your RDP connection

 

 

Restart the Horizon Security Server Services

 

*NOTE*: Information only.  No lab work to be done

On the Horizon Security Server

  1. Restart the VMware Horizon View Security Server service
  2. Restart the VMware Horizon View Blast Secure Gateway service (if using Blast)

 

 

Verify Signed Certificate is used.

 

*NOTE*: Information only.  No lab work to be done

Notice that the Security Server is now Green with No problem detected and the SSL Certificate is Valid

 

Module 6 (60 Min) - Hosted Applications and Desktops (RDSH)

Hosted Applications and Desktops (RDSH) - Module Description


This module is designed to give you experience with the new Horizon 6 Published Applications feature.  Attendees can expect to gain knowledge in the setup and configuration of a Microsoft RDS system for use with VMware Horizon 6, installing applications, publishing applications and the experience a user will have using the applications.  Additionally, attendees will obtain first hand experience on how to manage these applications from an administrator’s perspective.


 

Module Duration

The estimated time to complete this module is 60 minutes

 

 

Verify the status of the Virtual Machines

 

From the ControlCenter desktop:

  1. Launch Google Chrome
  2. If the log in page for the vSphere Web Client does not appear, click on the Site A Web Client link 
  3. Log in to the VMware vSphere Web Client as user: CORP\administrator and password: VMware1!
  4. Click on Host and Clusters
  5. Verify the following Virtual Machines are powered on

If not you will need to power on the required VM's

  1. Right click on each Virtual Machine.
  2. Select Power
  3. Select Power On                                                                                                                                                           

It will take a few minutes for the desktops to power on and then you can proceed

 

Configuring a RDSH Server for use with Horizon 6


In this section, you will be reviewing the Remote Desktop Services role on the RDSH-12 server.  There is no lab work to be done to enable RDS services on the RDSH-12 server.

Note: For timing and resource purposes within the lab environment, we have already configured the Remote Desktop Services on RDSH-12. If you do not want to review the Remote Desktop Services setup then please skip to the Configure Desktop Experience section.


 

Open Remote Console Connection to RDSH-12

 

*NOTE*: Information only.  No lab work to be done

Once the vSphere Web Client is loaded

  1. Select VM and Templates
  2. Select RDSH-12
  3. Click the Actions menu
  4. In the actions Menu select Open console

 

 

Log On to RDSH-12

 

*NOTE*: Information only.  No lab work to be done

  1. The vSphere Web client open an new tab for the RDSH-12 console
  2. Click on the Send Ctrl+Alt+Delete button to log on

 

 

Enter credentials

 

*NOTE*: Information only.  No lab work to be done

Log on to RDSH-12 Server Console

  1. User name is corp\administrator
  2. password is VMware1!
  3. Click the arrow to authenticate

 

 

Requirements of Remote Desktop Services on RDSH-12

*NOTE*: Information only.  No lab work to be done

In this lab, Remote Desktop Services is already installed on the RDSH-12 server.  If the services needed to be installed, you would follow the next steps.

Prerequisites

Note: The below procedure is what you would follow to enable RDS functionality for use with Horizon 6.  In order to save you time, the RDS Role (Remote Desktop Session Host) has already been installed.  

Procedure

  1. Log in to the RDS host as an administrator
  2. Start Server Manager
  3. Select Add Roles and Features
  4. Click Next to continue the installation
  5. On the Select Installation Type page, select Role-basedorfeature-based installation
  6. On the Select Destination Server page, select a server
  7. On the Select Server Roles page, select Remote Desktop Services
  8. On the Select Features page, accept the defaults
  9. On the Select Role Services page, select Remote Desktop Session Host
  10. Keep the defaults and Add the Features required for Remote Desktop Session Host
  11. Follow the prompts and finish the installation
  12. The RDS host will reboot and after the administrator logs back in, the installation will continue and complete.

 

 

 

Review the Remote Desktop Session Host configuration

*NOTE*: Information only.  No lab work to be done

The following steps will walk you through validating the Remote Desktop Session Host configuration on RDSH-12

 

 

Select Roles and Features

 

*NOTE*: Information only.  No lab work to be done

From Server Manager on the RDSH-12 server console

1. Select Manage

2. Select Remove Roles and Features

 

 

Remove Roles and Features Wizard

 

*NOTE*: Information only.  No lab work to be done

Select Next to continue

 

 

Select RDSH-12.corp.local

 

*NOTE*: Information only.  No lab work to be done

Keep the defaults and select Next to continue

 

 

Remote Desktop Services

 

*NOTE*: Information only.  No lab work to be done

1. Scroll down to Remote Desktop Services

2. Expand Remote Desktop Services

3. Validate that Remote Desktop Session Host is enabled

With Horizon, only the Remote Desktop Session Host feature is required to integrate RDS hosts.  The other features such as Remote Desktop Connection Broker, Remote Desktop Gateway and Remote Desktop Web Access are not required because those functionalities will be provided by the Horizon Connection Broker servers.

4. Click Cancel

*NOTE*: If you continue and un-install the Remote Desktop Session Host feature, you will break the lab and cannot continue.

 

 

RDSH Licensing

*NOTE*: Information only.  No lab work to be done

Microsoft Remote Desktop Services licensing is a separate role defined generally on a separate server from those delivering remote applications to end users.  The definition of the Remote Desktop Services License Server is generally defined via a Microsoft Group Policy or via broadcast settings within the domain. In the instance of this lab, was set via GPO the Remote Desktop Services License Server on UEM-Server in order to ensure Microsoft Remote Desktop Services licensing works properly.

 

 

Configure Desktop Experience

*NOTE*: Information only.  No lab work to be done

The Desktop Experience feature provides a Windows 8 desktop "look and feel" to Windows 2012 Server.  The end user experience will be that of Windows 8 and will take effect for all new profiles or log on's to the server.  In this lab we DO NOT leverage the Desktop Experience feature.  The following steps are informational only and go through the process of enabling the Desktop Experience.  If you do not want to review the procedure of enabling Desktop Experience, please skip to the next section, Deploy the Horizon Agent to the RDS Host.

 

 

Desktop Experience feature

 

*NOTE*: Information only.  No lab work to be done

 

After Server Manger launched

  1. Select Manage in the top right corner
  2. Select Add Roles and Features

 

 

Install desktop Experience

 

*NOTE*: Information only.  No lab work to be done

 

Select Next to continue

 

 

Select Role Based Installation

 

*NOTE*: Information only.  No lab work to be done

 

  1. Select Role-based or feature-based installation
  2. Select Next to continue

 

 

Select Destination Server

 

*NOTE*: Information only.  No lab work to be done

 

Keep the defaults and select Next to continue

 

 

Add Roles and Features

 

*NOTE*: Information only.  No lab work to be done

 

Keep current settings and select Next to continue

 

 

Select Desktop Experience

 

*NOTE*: Information only.  No lab work to be done.  As mentioned earlier, we are NOT using the Desktop Experience feature in this lab.  Do NOT enable it

 

1. Scroll down to User Interfaces and Infrastructure (2 of 3 installed)

2. Select Desktop Experience

 

 

Add Feature

 

*NOTE*: Information only.  No lab work to be done

 

  1. Select Add Features

 

 

Validate Selection

 

*NOTE*: Information only.  No lab work to be done.  As mentioned earlier, we are NOT using the Desktop Experience feature in this lab.  Do NOT enable it

 

Select Next to continue

 

 

Confirm Selection

 

*NOTE*: Information only.  No lab work to be done

 

1. Select Install

2. Select Yes

3. Select Install

 

 

Installation of Desktop Experience

 

*NOTE*: Information only.  No lab work to be done

 

Once the installation complete, click Close.

The server reboots to complete the installation.

 

Deploy the Horizon Agent to the RDS Host


In this section, you will be deploying the Horizon Agent to the Remote Desktop Services Host RDSH-12.

The Remote Desktop Session Host service allows a server to host applications and remote desktop sessions. With the Horizon Agent installed on an RDS host, users can connect to applications and desktop sessions using the display protocol PCoIP.


 

Launch Google Chrome and Connect to the vSphere Web Client

 

From the ControlCenter desktop launch Google Chrome.  If you already have Google Chrome opened, then skip to the next step

  1. Double click on Google Chrome
  2. Note: Verify that the URL points to vcsa--01a.corp.local

 

 

Log into vSphere Web Client

 

To log in enter the

  1. User name: corp\administrator
  2. Password: VMware1!
  3. ClickLogin

 

 

Launch Remote Console Connection to RDSH-12

 

  1. From the ControlCenter desktop right click the RDSH-12 icon to open menu
  2. Click on Open Console

 

 

Enter credentials

 

Log on to RDSH-12 Server Console

  1. Click SendCtrl+Alt+Delete
  2. User name is corp\administrator
  3. password is VMware1!
  4. Click the arrow to authenticate

 

 

Ensure RDS Server is Configured Properly

In these steps we will ensure the RDSH server is configured properly.

 

 

Open System Properties

 

  1. Right click on the Start Menu
  2. Select System
  3. Select Remote Settings from the context menu

 

 

Check Remote Settings

 

  1. Select the Remote tab
  2. Select Allow remote connections to this computer
  3. Click Select Users button
  4. Ensure CORP\Domain Users is listed. If not, click the "Add..." button, browse to find the users/groups and add them
  5. When done, click the OK button on the Remote Desktop Users window
  6. Click the OK button on the System Properties window
  7. Close the System window

 

 

Install the Horizon Agent on RDSH-12 Server

These next steps will walk through the installation of the Horizon Agent on the RDSH-12 server.

 

 

Verify all App Volume AppStacks are unassigned from RDSH-12

 

Removing the AppStack assignments is NOT part of the standard Horizon Agent installation procedure.  Because of the way the lab has been built, this is a required step for the installation of the Horizon Agent to work properly.

On the ControlCenter desktop, open a new tab in Google Chrome.

  1. Select the App Volumes Manager shortcut
  2. Log in with Username: administrator and Password: VMware1!
  3. Click Login
  4. Select Volumes and then select Assignments
  5. Notice AppStack Office_2010_RDSH_x64 is assigned
  6. Click on the AppStack name - Office_2010_RDSH_x64
  7. The AppStack opens up expanded
  8. Click on Unassign
  9. Click the checkbox and click Unassign
  10. Select Detach AppStack immediately and click on Unassign

 

 

Launch Horizon Agent Install

 

Go back to the RDSH-12 VMRC tab in Google Chrome.

  1. Right-click the Start icon
  2. Select Run
  3. The Run window appears
  4. Type \\uem-server\fileshare\Software\Horizon
  5. Click OK to open the explorer folder
  6. Double click on VMware-viewagent-x86_64-6.1.0-2509441.exe to launch the installation

NOTE: Depending on the amount of resources available at the time of taking the lab, it may take a bit of time for the installer to launch.  Please be patient.

 

 

Horizon Agent Welcome

 

  1. Select Run
  2. Select Next on the Welcome screen

 

 

License Agreement

 

  1. Select I accept the terms in the license agreement option
  2. Select Next

 

 

Network Protocol configuration

 

  1. Select IPv4 option
  2. Select Next

 

 

Setup Options

 

  1. Keep the default settings
  2. Select Next

 

 

Register The Agent with Horizon Connection Server

 

Register the Horizon Agent with the Horizon Connection Server.

  1. Enter the Server: hvcs-w8-01.corp.local
  2. Choose Specify administrator credentials
  3. Set Username to corp\administrator
  4. Set Password to VMware1!
  5. Select Next

 

 

Ready to Install

 

The Horizon Agent is ready to be installed.

  1. Select Install

 

 

Restart

 

Select Finish and you will be notified to restart

  1. Select Finish
  2. Select Yes

The server will reboot to complete the Horizon Agent installation and registration

 

Adding a RDS Farm to Horizon 6


In this section, you will be adding the RDSH-12 server to a Horizon 6 RDS Farm in order to enable application publishing.


 

Creating a RDS Farm - Horizon Administrator Console

Horizon 6 Farm management is done through the Horizon Administrator Console.  

A farm is a collection of one or multiple similar RDS hosts that are grouped together to facilitate management. A farm provides a common set of applications or RDS desktops to users.

Benefits of Application Pools

With application pools, you give users access to remote applications that run on RDS servers in a Data Center.  To the users, the remote applications run along side the local applications that are on their desktop/laptops, and function like they were installed locally.  It's a seamless experience for the users.

Application pools offer a number of important benefits:

 

 

Create a RDS Farm

A RDS Farm allows the grouping of one or multiple similar RDS hosts

 

 

Log In to the Horizon Administrator Console

 

From the ControlCenter desktop

  1. Launch Google Chrome.  If you already have Google Chrome open, then simply add another tab
  2. Select the View Administrator Bookmark
  3. Click on Advanced  

*NOTE*: If you completed Module 5, then you will not get the certificate warning

4.     Click on Proceed tohvcs-w08-01.corp.local (unsafe)

 

 

Log into Horizon Administrator Console

 

To log in enter the

  1. User name: Administrator
  2. Password: VMware1!
  3. Domain: CORP
  4. ClickLog In

 

 

Create RDS Farm

 

Under the Inventory section

1. Expand Resources

2. Select Farms

3. Select Add...

 

 

Create Farm Identification and Settings

 

  1. Create your Farm ID: CorpAPP1
  2. Leave defaults for all other Farm Settings
  3. Select Next

Note: Review the Farm Settings as these will apply only to the PCoIP sessions to this Farm.  PCoIP is the only supported protocol with published applications.  Since this Farm will be used for published applications, be aware of the effect if you choose to Log off a disconnected session

 

 

 

Select RDSH Host

 

  1. Select RDS host rdsh-12.corp.local
  2. Select Next

 

 

Verify Farm Summary

 

  1. Verify the Farm settings
  2. Click Finish

 

 

Validate CorpAPP1 Farm

 

Your newly created farm is on-line

  1. Double Click CorpAPP1 to open the Summary

 

 

Summary

 

  1. Click on RDS Hosts Tab
  2. Verify that the RDSH Server rdsh-12.corp.local is part of your farm.

 

 

Verify Farm Health

 

  1. Under Inventory, click Dashboard.
  2. Expand RDS Farms and CorpAPP1. Verify the RDSH-12.corp.local server has a “green” status
  3. Review the Machine Status for RDS Hosts.  Prepared for use is set to 1

You are now ready to publish applications.

 

Publishing Applications in Horizon 6


In this section, you will be publishing applications that are installed on RDSH-12.corp.local.  The applications may be a combination of natively installed applications, ThinApp applications or App Volumes AppStacks.


 

Publish Applications to an Application Pool

Published applications are grouped in application pools.  An application pool is associated with a single farm.  As a best practice, all servers that are member of the same farm should have all the same applications installed.  This is to avoid issues with load balancing.

When you add applications to application pools, Horizon automatically scans the RDS hosts of the farm and displays all the applications that are found in the Start menu for all users. You can select one or more applications from the list. If you select multiple applications from the list, a separate application pool is created for each application. You can also manually specify an application that is not on the list. The application that you want to manually specify does not have to be already installed.

 

 

Publish Natively Installed Applications

You will publish WordPad and Calculator, two applications that are natively installed when installing Windows Server 2012 R2

 

 

Scan the RDS host for Installed Applications

 

1. Expand Catalog and select Application Pools

2. Select Add...

 

 

Select Applications

 

1. Select the checkbox for Calculator and WordPad

2. Select Next

 

 

Confirm Application Parameters

 

Keep the defaults.  

Select Finish

 

 

Add User Entitlements

 

1. Select Add...

2. In the Name/User name box, enter domain users

3. Select Find

4. Select Domain Users

5. Select OK

 

 

Validate User Entitlements

 

Validate the Domain Users have been granted access

Select OK

 

 

Application Pools

 

Notice that there are two application pools available along with some basic information

 

 

Publish Manually Defined Applications

There may be instances where after an automatic scan, Horizon does not list an application you need to publish.  There can also be the fact that you want to publish ThinApp applications that are in .EXE format.  In the next steps, you will publish a ThinApp package that has been copied locally on RDSH-12.corp.local.  The ThinApp package is Internet Explorer 6.  As you can see, we are starting to integrate multiple solutions to deliver applications

 

 

Manually add an Application

 

In the Horizon Administrator Console

1. Expand Catalog and select Application Pools

2. Select Add...

 

 

Define Application

 

1. Select Add application pool manually

2. Give the application an ID: VirtIE6

3. Set the application's Display Name to: Internet Explorer 6

4. Specify the version: 6

5. Specify the Publisher: Microsoft

6. Type the Path to the application: c:\ThinApps\VirtIE6.exe

7. Define the Start Folder: c:\ThinApps\

8. Enter a Description: Microsoft Internet Explorer 6 - ThinApp

9. Select Finish

 

 

Add Entitlements

 

1. Select Add...

2. In the Name/User name box, enter domain users

3. Select Find

4. Select Domain Users

5. Select OK

 

 

 

Validate User Entitlements

 

Validate the Domain Users have been granted access

Select OK

 

 

Application Pools

 

Notice that the VirtIE6 application pool is now available

 

 

Publish Applications from App Volumes AppStacks

App Volumes provides real-time application delivery to end-users virtual and physical desktops and to RDS hosts. IT can use App Volumes to instantly deliver applications and data to users without compromising user experience. Infrastructure and management costs are reduced by utilizing managed volumes. Unlike traditional application management solutions, App Volumes allows IT to deliver applications with no trade-off between user experience and costs.

By combining App Volumes and RDS hosts, IT can quickly publish applications to their end users.  App Volumes also provides great flexibility as additional RDS hosts may be added to a farm and by simply assigning the proper AppStacks, the RDS hosts instantaneously have the applications and can support user sessions.

 

 

Log In to App Volumes Manager Console

 

From the ControlCenter desktop

1. Launch Google Chrome

2. Select the App Volumes Manager tab

3. Log in as Username: administrator and Password: VMware1!

4. Select Login

 

 

Locate Office_2010_RDSH_x64 AppStack in App Volumes Manager

 

  1. Select Volumes
  2. Select AppStacks
  3. Expand Office_2010_RDSH_x64

 

 

Assign Office_2010_RDSH_x64 to RDSH-12.CORP.LOCAL

 

1. Select Assign

2. In the Search Active Directory field, enter: rdsh-12

3. Select Search

4. Select the checkbox to choose CORP\RDSH-12$

5. Select Assign

6. Select Attach AppStacks immediately

7. Select Assign

 

 

Validate AppStack Attachment

 

1. Click on the arrow beside 1 Attachments

2. Validate the attachment to CORP\RDSH-12$

3. Click on the X

You have completed assigning an AppStack to a RDS Host.  Module 7 of this lab goes into greater detail of App Volumes.

 

 

Publish Applications from an AppStack

Return to the Horizon Administrator Console to publish the newly added applications from the Office 2010 AppStack

 

 

Adding an AppStack Application

 

In the Horizon Administrator

1. Expand Catalog

2. Select Application Pools

3. Select Add...

 

 

Select Office 2010 Applications

 

You will notice that there are quite a few Office 2010 applications available.  If you remember at the beginning of this section when we started publishing natively installed applications, none of the Microsoft Office applications were listed.  This is because the Office AppStack was not assigned.  By assigning the Office AppStack to the RDS host, App Volumes merged the AppStack (VMDK) to the RDS host and made a seamless integration of the registry and filesystem.  The merge is transparent to Windows and so the apps contained in the AppStack appear as natively installed applications.

*NOTE*: Due to the limited resources, it may happen that none of the Office Applications are listed.  If that is the case, you may need to wait a few minutes for the RDS host to complete the App Stack merge.  If after a few minutes the Office Applications are still not listed, reboot the RDS host (rdsh-12.corp.local) and retry the application publishing procedure.

1. Select Microsoft Excel 2010 and Microsoft PowerPoint 2010

2. Select Next

 

 

Validate Application settings

 

Keep the default settings and select Finish

 

 

Add User Entitlements

 

1. Select Add...

2. In the Name/User name box, enter domain users

3. Select Find

4. Select Domain Users

5. Select OK

 

 

Validate User Entitlement

 

Validate the Domain Users have been granted access

Select OK

 

 

Application Pools

 

Notice that you now have Excel and PowerPoint 2010 Application Pools

 

 

Summary

 

You have completed publishing applications in Horizon 6, using three different application types.

1. Natively installed applications

2. ThinApp applications

3. App Volumes AppStack

Continue on to the next step

 

 

Provisioning a RDS Hosted Desktop


In this section, you will be publishing a RDS desktop using the Horizon Administrator Console.  A RDS desktop pool has distinct properties that can satisfy some specific needs of a remote desktop deployment.

Understanding RDS Desktop Pools

A RDS desktop pool and a RDS desktop have the following characteristics:


 

Publish a RDS Hosted Desktop

You will publish a RDS Desktop pool within the Horizon Administrator console.  

A RDS desktop pool has distinct properties that can satisfy some specific needs of a remote desktop deployment.

 

 

Inventory Catalog of Desktop Pools

 

  1. Under Inventory, expand the Catalog section
  2. Select Desktop Pools
  3. You will see a listing of currently provisioned VDI and RDS Desktop pools

 

 

Add a Desktop Pool

 

1. Select the Add... button to begin the process for adding a desktop pool

 

 

Add RDS Desktop Pool

 

  1. Select the RDS Desktop Pool option
  2. Select Next

 

 

RDS Desktop Pool Identification

 

  1. Type in a Desktop Pool ID: RDS-Desktop
  2. Type in a Display Name: RDS Desktop
  3. Type in a Description RDS Desktops from RDSH-12
  4. Select Next

 

 

RDS Desktop Pool Settings

 

  1. Define the Desktop Pool Settings as desired
  2. Select Next

 

 

Select RDS Farm

 

  1. Click Select an RDS farm for this desktop pool
  2. Select CorpAPP1 from the Farm ID
  3. Select Next

 

 

Complete the RDS Desktop Pool

 

  1. Verify the settings
  2. Check the Entitle users after this wizard finishes box
  3. Select Finish

 

 

Add Pool Entitlements

 

NOTE:  With any desktop or application pool creation, entitlements may be completed at a later time if desired.  It must be completed in order for users to access the resources defined within the pool.

  1. Click Add... to start the entitlement process for the newly added pool

 

 

Adding Users or Groups

 

  1. Enter domain users in the Name/User name field
  2. Click the Find button to search for the group
  3. Select the Domain Users group
  4. Select OK

 

 

Add Entitlements Validation

 

  1. Validate and select Close

 

 

Review RDS Desktop Pool

 

Your Hosted Desktops are ready for testing.

 

 

End User Experience and Validating Published Applications


In this section you will be validating the Horizon RDS configurations and verify both RDS published applications and desktops configured in the prior steps work as expected.

You will log in as the CEO, who is a member of Domain Users, and is entitled to the applications that you published in earlier steps.


 

ControlCenter console

 

Return to the ControlCenter desktop

 

 

Launch the Horizon Client

 

From the Control Center desktop,  Double Click on the VMware Horizon View Client icon.

 

 

Log In to HVCS-W8-01.CORP.LOCAL Horizon Connection Server

 

Double Click on the hvcs-w8-01.corp.local cloud icon.

 

 

Log In to HVCS-W8-01.CORP.LOCAL Horizon Connection Server

 

  1. Log inas user: ceo using password: VMware1!
  2. Select Login

 

 

Entitled Applications - End User Experience

 

The Entitled Applications and Desktops will now be shown.

  1. Notice in addition to traditional Horizon desktop pools, you now have access to a Hosted RDS desktop pool - RDS Desktop
  2. Notice the applications you're entitled to will be listed.  Applications published via the natively installed applications, ThinApps and App Volumes AppStack are available

 

 

Launch Hosted Applications

 

  1. Double click on the Microsoft Excel 2010 icon to launch the application.

Note: This application is contained in an App Volumes AppStack (VMDK) that has been attached and is executing on RDSH-12.corp.local and is presented to you via a PCoIP connection

 

 

Launching a Hosted App

 

The Horizon Client will ask the Connection Server which RDS host in the Application Farm should service the request.  If the user has an existing session to a RDS host then the same connection will be reused to launch the application.  If the server for which the existing session does NOT have the application, then an additional session will be launched on a RDS host that has the application.

There will be a momentary delay as the application loads.

 

 

Hosted Application Use

 

Microsoft Excel launches and asks for a key for activation.  Because this is a lab environment, we have not installed the required KMS license server.  A KMS license server is required for Office applications when using App Volumes.  The App Volumes documentation provides the required information on how to properly configure an Office AppStack.

1. Click the X to close the Microsoft Office Activation Wizard

2. Minimize Microsoft Excel

 

 

Launch Internet Explorer 6

 

1. Double click on Internet Explorer 6

2. Select No

3. You now have Internet Explorer 6 running on a Windows 2012 R2 server!

4. Close Internet Explorer 6

 

 

End User options for Horizon Hosted Applications - Mark as Favorite

 

The Horizon Client has several options for Hosted Applications

  1. Right Click on the Calculator icon
  2. Select Mark as Favorite
  3. Notice that a yellow Star appears on the icon
  4. Click on the Favorites filter
  5. When the favorites filter is selected, only the applications that have been tagged as favorites are listed

 

 

End User options for Horizon Hosted Applications - Show Favorites View

 

To return back to the complete application/desktop list, click on the Show All View icon to clear the filter

 

 

End User options for Horizon Hosted Applications - Reconnect Behavior

 

  1. Click on Settings
  2. Choose Applications
  3. Review the Reconnect Behavior and choose Ask to reconnect to open applications.
  4. Select OK to save the settings

 

 

Hosted Applications Reconnect

 

  1. Close the Horizon Client by clicking the plug icon
  2. Select OK

 

 

Close Horizon Client

 

  1. Close the Horizon Client by clicking the x

 

 

Launch the Horizon Client

 

From the ControlCenter desktop,  Double Click on the VMware Horizon View Client icon.

 

 

Log In to HVCS-W8-01.CORP.LOCAL Horizon Connection Server

 

Double Click on the hvcs-w8-01.corp.local cloud icon

 

 

Log In to HVCS-W8-01.CORP.LOCAL Horizon Connection Server

 

  1. Log in as user: ceo using password: VMware1!
  2. Select Login

 

 

Review Hosted Applications Reconnect Behavior

 

  1. Review the Reconnect informational warning
  2. Select Reconnect to Applications

Did you notice that the connection to Microsoft Excel was re-established.  Microsoft Excel should be minimized on the taskbar 

This feature allows you to disconnect from an application session and have a "follow me application".  You could connect from an Android device, iOS device, Mac OS X, Linux desktop or any endpoint that is using the VMware Horizon Client and your applications will be reconnected to exactly where you left off.

3.    Expand Microsoft Excel

4.    Close Microsoft Excel

 

 

End User options for Horizon Hosted Applications - Create Shortcut

 

The Horizon Client has several options for Hosted Applications

  1. Right Click on the Microsoft Excel 2010 icon
  2. Click on Create Shortcut
  3. Notice that a shortcut for Microsoft Excel 2010 has appeared on the ControlCenter desktop
  4. Close the VMware Horizon Client by clicking on the X

 

 

Launch a Hosted Application from the Desktop Shortcut

 

  1. On the ControlCenter desktop, double click the Microsoft Excel 2010 icon

In this lab you will be prompted to authenticate using the Horizon Client to connect to the application session.  If you deploy the Horizon Client with the Login as Current User enabled, then you will not be prompted and the application will start seamlessly.  The application may also start without asking credentials if the session is still active.  When you close the last application, Horizon maintains the session on the RDS host for a minimum of 1 minute.  This allows a user who accidently shutdown an application to re-launch their application and not have to log in again

  1. Log in as user: ceo using password: VMware1!
  2. Select Login

 

 

 

Hosted Application from the Desktop Shortcut

 

Notice that Microsoft Excel started.

  1. Click on the X to close the License activation warning
  2. Click on the X to close Microsoft Excel

 

 

Entitled Hosted Desktop - End User Experience

 

From the Control Center desktop,  Double Click on the VMware Horizon View Client icon

 

 

Log In to HVCS-W8-01.CORP.LOCAL Horizon Connection Server

 

Double Click on the hvcs-w8-01.corp.local cloud icon.

 

 

Log In to HVCS-W8-01.CORP.LOCAL Horizon Connection Server

 

  1. Log in as user: ceo using password: VMware1!
  2. Select Login

 

 

Hosted Desktop - End User Experience

 

Double click the RDS Desktop icon

 

 

RDS Hosted Desktop Launch

 

Session is initiating

 

 

RDS Hosted Desktop

 

There will be a momentary delay as the desktop loads.

  1. Right Click on Start
  2. Select System
  3. Notice the desktop is Windows Server 2012 R2 Standard
  4. Review that you are connected to RDSH-12

Feel free to test this connection out.  The RDS Hosted session is connected using PCoIP and can be tuned using Group Policy Objects, please see the Optimization module for more information

Note: Hosted RDS desktops are multiple users sessions connected to a single server.  All memory, cpu and network resources are shared across all users connected.  This could allow for a user to utilize more compute power on that shared server and create a poor experience for the others connected.  Windows Desktop pools are individual desktops that each have their own compute

 

 

RDS Hosted Desktop Disconnect

 

When done, we need to disconnect and logoff

  1. At top ribbon, click the Options button
  2. Then select Disconnect and Log Off from the Options Menu
  3. Select OK

 

 

Horizon Client Disconnect

 

You can close the Horizon Client

  1. Click the Disconnect button in the upper-left to disconnect and log out
  2. Select OK
  3. At the Horizon client screen you can click the X to close the application

 

 

VMware Horizon 6 Clients Video (Optional)

Please watch this optional video to see the Horizon Client on Windows, Mac OS X, Android and iOS devices

*This video has no audio.

 

Horizon Migration Tool Fling


In this lab you have setup Hosted Applications and Desktops in Horizon 6, but what if you already have an investment in other technologies and would like to migrate the existing applications/desktops with entitlements ?  Then this is the tool you have been waiting for!

 

This Fling is currently in development and all information in this article is subject to change.  The information is current as of early June 2014.  Please visit the Flings site for the most current information http://vmw.re/1wajDXh

 


 

labs.vmware.com/flings

 

 

 

Fling Description

What is the Horizon Migration Tool  fling ?

A tool that facilities helping customers migrate from XenApp to Horizon 6.  The initial capability would simply take XenApp published apps and their associated User / Group mapping, convert that to a Horizon compatible LDIF Schema and import it into Horizon 6 Application Pools automatically creating the Application pools and associated entitlements.

 

 

Migrate Citrix XenApp apps to Horizon 6 Hosted Applications

 

Sample user scenario:

 

 

Workflow for Migration

 

 

 

Video Demonstrating Migration

 

Module 7 (90 Min) - VMware App Volumes Integration with Horizon 6

Introduction to App Volumes



 

Information Technology Pain Points

In the following steps, you'll read through some pain points experienced by today's IT administrators.

 

 

Time and Resources

 

Managing applications and their lifecycle consumes time and resources. There are Electronic Software Distribution (ESD) infrastructure management systems (e.g., SCCM), application packaging, application distribution, application package deployment failure diagnosis, and application package upgrades.  All of these take time and resources to appraise and administrate.

 

 

Application Packaging Resources

 

With Application Packaging, finding and retaining qualified people can be difficult due to the level of experience and unique skill sets required.

 

 

Electronic Software Delivery

 

Electronic Software Delivery - or ESD - can be very complicated. Application deployment success is generally mixed because of environmental configurations.  And combining multiple different application packages together on end points often introduces conflicts.  Additionally, removing applications can be difficult, leaving files or registry settings behind which can cause security or conflict/upgrade concerns later on.

 

 

Application Virtualization

 

While Application Virtualization and Isolation solves problems such as application conflicts and legacy application support, it can also introduce other issues such as application-to-application interaction and application to OS integration when the application or applications are not properly packaged or virtualized.

Additionally, Application Virtualization has a range of "gray areas" which may prevent an application from being virtualized for deployment/update reasons.

 

Application Virtualization Gray Areas:

Every true application virtualization product or solution has these four issues or “gray areas”.  These include products such as ThinApp and it’s competitors.  The difference between ThinApp and other solutions is, ThinApp only has these four issues while its competitors have issues in addition to the below four.

 

 

 

User Installed Applications

 

In the past, when users were able to install their own applications, they were permanently bound to a single, unique desktop.  Additionally, some user installed apps (UIA) break applications installed by IT departments, making coexistence of IT managed and user installed apps so difficult to maintain, IT would solve the problem by denying users the necessary permissions to install their own applications.

This introduces difficulty in managing other personalization aspects of the desktop experience.

 

Benefits of Using App Volumes


In this Module we will introduce you to the benefits of using App Volumes in different use cases.


 

What is VMware App Volumes?

 

VMware App Volumes (formerly CloudVolumes) provides real-time application delivery to end-users virtual and physical desktops and to RDS hosts. IT can use App Volumes to instantly deliver applications and data to users without compromising user experience. Infrastructure and management costs are reduced by utilizing managed volumes. Unlike traditional application management solutions, App Volumes allows IT to deliver applications with no trade-off between user experience and costs.

 

 

App Volumes Dynamic Delivery Benefits

With App Volumes, you no longer have to package, modify or stream your applications to end users.  You now simply deliver applications in seconds.

 

 

App Volumes Simplicity

 

Integration it into existing environment infrastructures now takes a matter of minutes.  Once App Volumes is implemented, provisioning of applications is as easy as installing them once and deploying to all.

 

 

App Volumes Agility

 

Now you can logically manage your application sets based upon a variety of scenarios such as business needs, geographical locations, or combination thereof.

Delivery or upgrade of applications across any number of VMs may be done in seconds.

 

 

App Volumes Flexibility

 

In the past, persistent virtual desktop infrastructures were always more costly than non-persistent.  With VMware App Volumes, customers with VMware Horizon 6 or Citrix XenApp 6.5 with XenDesktop can now get the same look and feel of a persistent virtual desktop at non-persistent costs.

 

 

App Volumes Efficiency

 

App Volumes may also help optimize storage consumption, storage IOPS, and network bandwidth by taking advantage of a single source for applications on the same storage and network, thus reducing virtual desktop sizes and traffic.

 

 

Managed Application Containers for the Just-In-Time Apps Model

 

If you imagine the OS as an Abstraction layer, you can see now, with VMware App Volumes, no longer are we locked to traditional-style virtual desktops with data and applications.  Customers may now deliver applications and user data in a "just-in-time" scenario, as the user logs in!

 

Overview of App Volumes


In this Module we will provide an overview of App Volumes and the components.


 

App Volumes Components

 

The following four items make up VMware App Volumes.

 

 

Last Mile Desktop Management

 

App Volumes works with the underlying Hypervisor to deliver applications above the OS.   We classify this as Hypervisor Content Delivery.

Hypervisor Content Delivery

 

With App Volumes incorporated into a VDI environment, you are now able to deliver the just-in-time desktop to all users.

 

 

Verify the status of the Virtual Machines

 

From the ControlCenter desktop:

  1. Launch Google Chrome
  2. If the log in page for the vSphere Web Client does not appear, click on the Site A Web Client link.  
  3. Log in to the VMware vSphere Web Client as user: CORP\administrator and password: VMware1!
  4. Click on Host and Clusters
  5. Verify the following Virtual Machines are powered on.

If not you will need to power on the required VM's

  1. Right click on each Virtual Machine.
  2. SelectPower
  3. Select Power On                                                                                                                                                           

It will take a few minutes for the desktops to power on and then you can proceed.

 

 

Introduction to App Volumes Management Console

 

Repeating what is mentioned in the Lab Introduction | Lab Configuration section, for this lab, the App Management Console is installed on a Windows Server 2012 system named APPVOLS-01.CORP.LOCAL.

1. If not already open, launch the Google Chrome browser on the ControlCenter.  

2. Open a second tab and click on the App Volumes Manager shortcut to open the App Volumes Manager Console.

 

 

Authenticate to App Volumes Management Console

 

Once the App Volumes authentication screen appears, login with the Administrator credentials.

NOTE: It is ok to use cached credentials on this page as the lab has stored these within the browser settings.

 

 

App Volumes Console - Dashboard

 

Once authenticated, you will be taken to the App Volumes Dashboard.

In this console you can see such things as License Utilization, User/Computer/AppStack Utilization, and (scrolling down) Most Recent User/Computer/AppStack information.

Selecting any one of the objects listed, will take you to the details of the object.

Click next in the lab manual to continue when you are done exploring.

 

 

App Volumes Console - VOLUMES Section

 

Moving to the right one section, click on the VOLUMES section.

This will show you 5 tabs:

 

 

App Volumes Console - DIRECTORY Section

 

Continuing to the right, one more section, you should now have the Directory section activated.

The Directory section allows an administrator to view and set assignments via Active Directory objects such as Users, Computers, Groups, or OUs., Additionally, using the Online tab, an administrator can get a quick report of which Active Directory entitlements are currently online.

 

 

App Volumes Console - INFRASTRUCTURE Section

 

Within the Infrastructure section an administrator can get a list of all systems which the App Volumes management server has seen and the status of each system.  Additionally, App Volumes administrators may view and create clones of other VMs, review Storage information utilized by App Volumes, and define groups of storage locations so they may collectively function as one.

 

 

App Volumes Console - INFRASTRUCTURE Section - Storage Group Distribution Settings

 

When defining a Storage group, administrators are given the opportunity to set different distribution strategies as needed.  A distribution strategy controls how files are distributed across the group of storage defined.

NOTE:  You DO NOT need to create a Storage Group within the Hands On Lab. This is just an example of what is possible.

 

 

App Volumes Console - ACTIVITY Section

 

Moving another section to the right to the Activity section, here administrators have the option of viewing Pending Actions, a history of actions in the Activity Log, and any System Messages.

 

 

App Volumes Console - CONFIGURATION Section

 

The last section on the far right of the console is the Configuration section. Here administrators can install or update their App Volumes license, define Active Directory connectivity settings, view and configure who is an App Volumes Administrator, view and configure the underlying Hypervisor communication settings such as for vCenter/vSphere, and configure storage settings and upload prepackaged volumes.

License - Allows an administrator to view the licensed configuration and/or update/install a new license as needed.

Active Directory - App Volumes uses Active Directory to assign applications to users, computers, groups, and OUs.  Any credentials provided here are stored in encrypted format. This account only needs READ access to Active Directory, and the account should be configured to not have an expiring password.

Administrators - Allows administrators to choose the Active Directory group responsible for administering the App Volumes Manager.  Only users in this group will be able to login to the Manager.

Hypervisor - Simply allows for defining a supported hypervisor and provide credentials.

Storage -Set the default storage location for AppStacks and Writable Volumes. You must use storage that is accessible to all virtual machine host servers and, while local host storage may be used, it should be noted volumes will only be attached for VMs which reside on the same host.

 

 

Conclusion

This concludes the App Volumes Overview and Introduction of all settings within the App Volumes Management Console.

Please continue on to the next step.

 

Rapid Application Deployment



 

Application Delivery Concepts

 

Now with VMware App Volumes, customers can containerize their applications and rapidly deliver them based upon organizational groups, units, or individual users and computers to create the customized, rapidly deployed desktop.

 

 

Deliver AppStack to User or Usergroup

In the following set of steps, we will assign the CEO user a handful of AppStacks based upon group memberships and his specific user account to build out his custom desktop in a rapid deployment fashion.

 

 

Open Active Directory Users and Computers

 

On the ControlCenter Desktop, within the Administrative Tools of the Start Menu, open Active Directory Users and Computers.

 

 

Add a Sales Users Group

 

  1. Select the Users container object on the left and click the Create Group button on the menu bar.
  2. Define the Sales Users group as shown and click the OK button.
  3. Open the Sales Users group Properties and on the Members tab, click the Add... button.
  4. Enter the CEO and click the Check Names button.  Once it resolves, click the OK button.
  5. Click the OK button to close the Sales Users Properties window once the CEO is validated.

 

 

Log In to the Win7-MSW Desktop using the vSphere Web Client

 

From the ControlCenter desktop, launch Google Chrome and log in to the vSphere Web Client.  

**NOTE** If you still have your session opened to the vSphere Web client please go to the next step

  1. Launch Google Chrome
  2. Login as administrator@corp.local with password of VMware1!  Click on the Login button to continue

 

 

Log In to the Win7-MSW desktop

 

1. Right click on Win7-MSW and select Open Console

2. Click on the Send Ctrl+Alt+Delete button and log in as corp\ceo with the password VMware1!

3. In the DOS Windows, Press any key to continue to close the window

NOTE:  If you receive a Microsoft Windows message to restart the system, please select "Restart Now".

 

 

 

IF NEEDED - Open App Volumes Console

If not already open, you need to open the App Volumes Management console.

 

 

Launch Google Chrome

 

Launch Google Chrome on the ControlCenter desktop.  Once open, shift to the App Volumes Manager tab.

 

 

App Volumes Manager Authentication

 

Skip this step if you are already authenticated to the App Volumes Management Interface.

Once the App Volumes authentication screen appears, login with the Administrator credentials.

NOTE: It is ok to use cached credentials on this page as the lab has stored these within the browser settings.

 

 

Navigate to AppStacks

 

Navigate within App Volumes Manager console to the AppStacks tab underneath the VOLUMES section.

 

 

Assign the Core Apps to All Users

 

In these steps, you will assign the Office 2010 (Win7x86) AppStack as the core set of apps to all users.

 

 

Assign Office 2010 (Win7x86) AppStack

 

Assign the Office 2010 (Win7x86) AppStack to Domain Users group and select Attach AppStacks immediately

1. Expand the Office 2010 (Win7x86) AppStack

2. Click on Assign

3. Enter domain users in the Search Active Directory and click on the Search button

4. Select the check-box for Domain Users and click on Assign

5. Select Attach AppStacks immediately and click on Assign

 NOTE: Depending on the resources available in the lab, the time to complete the AppStack attachment may vary

 

 

Assign the Departmental Apps

NOTE: The CEO should be a member of the Sales Users group, assuming you added him to the Sales Users group in the previous steps of this chapter.

Assign the Sales Apps (x86) AppStack to the Sales Users group.

 

 

Assign Sales Apps (x86) AppStack

 

Assign the Sales Apps(x86) AppStack to Sales Users group and select Attach AppStacks immediately

1. Expand the Sales Apps (x86) AppStack

2. Click on Assign

3. Enter sales users in the Search Active Directory and click on the Search button

4. Select the check-box for Sales Users and click on Assign

5. Select Attach AppStacks immediately and click on Assign

 NOTE: Depending on the resources available in the lab, the time to complete the AppStack attachment may vary

 

 

 

Assign the Individual Apps

 

Assign the Open Office 4 (Win7x86) AppStack to the CEO User.

 

 

Assign Open Office (Win7x86) AppStack

 

Assign the Open Office 4(Win7x86) AppStack to the CEO user and select Attach AppStacks immediately

1. Expand the Open Office 4 (Win7x86) AppStack

2. Click on Assign

3. Enter ceo in the Search Active Directory and click on the Search button

4. Select the check-box for CORP\ceo and click on Assign

5. Select Attach AppStacks immediately and click on Assign

 NOTE: Depending on the resources available in the lab, the time to complete the AppStack attachment may vary

 

 

Conclusion

 

Switch back to the desktop session on Win7-MSW.  You should now see all of the applications within each of the assigned AppStacks appear on the desktop/start menu of the CEO user within the Win7-MSW Desktop.

Feel free to test the applications and play around with different AppStack delivery configurations.

*** Before moving on to the next module, make sure to RESTART the Win7-MSW desktop *** Keep the console session open to Win7-MSW.  You will need to access the desktop again in the next section.

1. Select Start

2. Expand the Shutdown dialog box and select Restart

Click to the next step when ready.

 

User Installed Applications and Writable Volumes


VMware App Volumes allows provisioning and assignment of Writable Volumes for users and desktops. Users then have the ability to install and configure their own applications. This feature is called User Installed Applications (UIA).

In this module you will learn how VMware App Volumes supports User Installed Applications (UIA) and supports access to these applications across multiple desktops and desktop types.

Activity Outline:

  1. Confirm that AD user has active, attached writable volume
  2. In a desktop session confirm the presence of a Writable Volume
  3. Install an application (VLC player) in a virtual desktop
  4. Once installed, access the newly installed application
  5. Same AD user now accesses a desktop and confirms application availability and functionality
  6. Show a different AD user accessing the same desktop and confirming that the application is NOT available

 

IF NEEDED - Launch Google Chrome

 

If you haven't done-so already, please open Google Chrome by using the Shortcuts icons on the ControlCenter desktop.

 

 

Open Browser Tabs

 

In two separate browser tabs, open vCenter Web Client and App Volumes Manager.

 

 

vCenter Web Authentication

 

In vCenter Web Client, log in with "CORP\Administrator" and "VMware1!"

NOTE: You may use Windows Session Authentication.

 

 

App Volumes Manager Authentication

 

In App Volumes Manager log in with "Administrator" and "VMware1!"

NOTE:  You may use cached credentials.

 

 

Confirm AD User has a Writable Volume

Please verify first that the user CTO has a writable volume assigned

 

 

Verify Writable Volume status and assignment

 

In App Volumes Manger, go to the VOLUMES tab, then Writables subtab.

You should see a Writable Volumes assigned to domain user "CORP\cto" with status "Enabled".

 

 

Check the user directory

 

You can also navigate to DIRECTORY then Users to see more information about a particular user.  Click on the user CORP\cto

 

 

User details

 

You can see overall user details...

 

 

Writable Volume details

 

...and if you scroll down, you can see assigned writable volumes. You can see creation date, status, what storage is being used, and how many times it has been used.

 

 

Confirmed

You have confirmed that a user has an active, attached writable volume.

 

 

Remove Domain User assignment to Office 2010 (Win7x86) App Stack

 

1. Select Volumes, App Stacks

2. Click on the plus sign ( + ) to expand the details of the Office 2010 (Win7x86) App Stack

3. Click on Unassign

4. Select CORP\Domain Users checkbox and click on Unassign

5. Select Detach AppStack immediately and click Unassign

**NOTE** This procedure is to have a clean desktop with none of the office shortcuts that are created with the app stack assignment.  However, having app stacks assigned does not prevent a user from installing applications to their writable volume

 

 

Verify Writable Volume is present in the Virtual Desktop

To progress with this module please verify that the writable volume is presents in the desktop.

 

 

Log In to the Win7-AppVol-01 desktop console as CORP\CTO

 

From the vSphere Web Client

1. Select Win7-AppVol-01

2. Right click on Win7-AppVol-01 and select Open Console

3. Click on Send Ctrl+Alt+Delete and log in as corp\cto with password VMware1!

 

 

Open Computer Manager.

 

Once the desktop session launched, open Computer Manager.

1. Click on Start

2. Right click on Computer and select Manage

 

 

Open Disk Manager

 

You will see the attached Writable Volume with size of 10GB.

 

 

Writable Volume in Explorer

 

If you open an Explorer Window you should not see any evidence of the attached, active Writable Volume.

 

 

Install and validate an application in the CTO's desktop

In the next step you will install VLC player and validate the use of the writable volume.

 

 

Find the VLC Installer

 

From the Win7-AppVol-01 desktop

  1. Type UNC path into search bar \\uem-server\fileshare\Software\VLC\
  2. The search result shows vlc-2.2.1-win32
  3. Right click on vlc-2.2.1-win32 and select Run as administrator

 

 

Confirm User account Control

 

Confirm the User Account Control dialog box with Yes

 

 

Language Selection

 

Choose "English" for the language and click "OK".

 

 

Welcome

 

Click "Next" at Welcome to VLC screen.

 

 

EULA

 

Click "Next" to accept the EULA.

 

 

Components

 

Now select "Minimum" for the type of install. Then click "Next".

 

 

Install location

 

You will take the default of "C:\Program Files\VideoLAN\VLC" for the destination. Click Install to proceed.

 

 

Install completed

 

Ensure the check box to "Run VLC media player" is checked and click Finish button.  This will launch the application.

 

 

Play a video

 

1. Select Media, Open File

2. Select Libraries, Videos and double click on Sample Videos

3. Double click on Wildlife to start the video

 

 

VLC is Working

 

The quality won't be amazing but you should see a video play (filled with creatures galore).

 

 

Desktop Shortcut

 

And would you look at that, a shortcut on the desktop. Boom!

 

 

Get out of here

 

Close VLC Player and restart the desktop.

1. Click on Start

2. Expand the Shutdown dialog box and select Restart

 

 

Log in to Win7-MSW at CORP\CTO

 

You have just completed installing VLC Player as the CTO user on the Win7-AppVol-01 desktop.  You didn't notice it but the installation of VLC player was actually done to the CTO's writable volume.  If you noticed, there was nothing special that had to be done or any special tweaking of the application to make it work.  In the next steps, you will log in to the Win7-MSW desktop and see that the VLC player application is there.

1. Select the Win7-MSW tab from the Google Chrome browser

2. Click on Send Ctrl+Alt+Delete

3. Log in as corp\cto with password VMware1!

 

 

Validate VLC Player is available

 

Notice that the VLC media player shortcut is on the desktop and if you double click on the shortcut, VLC media player will launch.  VLC is available because the CTO's writable volume was connected when the CTO logged into the desktop and all apps in the writable volume (for this example only VLC was installed) were made visible to windows.  If you are still skeptical, log out from the Win7-MSW desktop and log in to the same desktop as CORP\CEO.  You will notice there is no VLC player installed.

 

 

Conclusion

This concludes the User Installed Applications and Writable Volumes section.  You may log out of the Win7-MSW desktop.

 

ThinApp Package Integration


In the next steps you will learn how to attach an AppStack that contains ThinApp packages


 

Assign a ThinApp Repository as an AppStack

App Volumes supports the use ThinApp msi's to create an App Volumes Appstack.  This is relevant if you require application segmentation/isolation within an AppStack

 

 

Authenticate to App Volumes

 

From the ControlCenter desktop, launch Google Chrome if it is not already open and log into the App Volumes Management Console.

 

 

IF NEEDED - Log In to App Volumes Management Console

 

Skip this step if you are already logged into the App Volumes Management Console.

Once the App Volumes authentication screen appears, log in with the Administrator credentials.

NOTE: It is ok to use cached credentials on this page as the lab has stored these within the browser settings.

 

 

Open the AppStacks catalog

 

To enable the AppStack, do the following:

  1. Browse to the VOLUMES section.
  2. Ensure the AppStacks tab is selected.
  3. Click in the Filter box and type in "ThinApp".  This will display the "ThinApp Package Repository (x86)" AppStack.
  4. Click the "+" (plus) sign to the left of the "ThinApp Package Repository (x86)" to expand it.

 

 

 

View the ThinApp Package Repository AppStack Details

 

In the catalog, expand the AppStack titled "ThinApp Package Repository (x86)".

You will see some details about the applications that are part of this repository. You can see the number of applications, assignments, and current attachments.

 

 

Application Listing

 

By clicking the little arrow next to the application count, you will get a scrollable list of all 10 applications in this repository. Neat!

 

 

Close the app list.

 

After you've reviewed the apps, let's close the listing.

 

 

Assign the ThinApp Package Repository AppStack Details

 

Click the "Assign" button to start the assignment process.

 

 

Define the Object Assignment

 

Here you would define the Active Directory object to assign the AppStack to (User, User Group, Computer, or OU).

For this exercise we will search Active Directory for the CEO user to assign this AppStack to.

  1. Type ceo in the search box.
  2. Click the Search button.
  3. Select the CORP\ceo user object by checking the box to the right.
  4. Click the Assign button immediately below the selected (CORP\ceo) object.
  5. A popup window will appear.  Ensure the "Attach AppStacks on next login or reboot" option is selected.
  6. Click the Assign button within the popup window.

 

 

Double check

 

You should see the assignment count increment here. If you click the dark arrow next to the Assignment count, you will see a list of Assigned users, groups, computers, or OUs on the right.

 

 

Conclusion

The CEO now has access to the ThinApp Packaged applications. You will now confirm this by logging in to Win7-MSW desktop as the CEO.

Click to continue.

 

 

Verify ThinApp Packaged applications assignment

In the next step you will verify that the CEO has the AppStack attached to the next desktop he accesses.

 

 

Login to the Win7-MSW desktop

 

If you already have a console session to Win7-MSW, goto the next step

  1. From the ControlCenter, double click on Google Chrome
  2. Login to the vSphere Web Client as administrator@corp.local with password VMware1!  Click Login to continue
  3. Under Hosts and Clusters, expand Datacenter Site A, Cluster Site A.  Verify that Win7-MSW is powered on. Right click on Win7-MSW and select Open Console

 

 

Login as CORP\CEO

 

  1. Click on Send Ctrl+Alt+Delete button
  2. Verify the CEO user was logged on before otherwise click on Switch User
  3. Login as corp\ceo with password VMware1!
  4. Click on the cross of the command window to close the window.

 

 

Validate ThinApp Packaged Apps

 

You will see many application shortcuts on the desktop and you should be able to launch and utilize the ThinApp packaged applications delivered via App Volumes.

1. Double click on Adobe Reader 7.1 shortcut.  After double clicking the shortcut, you will notice on the bottom right of your screen the ThinApp popup message indicating Adobe Reader 7.1 is being launched.

2. Adobe Reader 7.1 is running

3. Notice that the ThinApp AppStack contains multiple versions of Adobe Reader.  We are combining the isolation features of ThinApp with the instant application entitlement of App Volumes.  The BEST of both worlds!

Feel free to explore the environment a bit here if desired.

NOTE:  It may take a minute for Applications to launch and appear properly on the desktop due to lab environment restrictions.

 

 

Questions to Ponder

Questions:

  1. Could you have assigned the AppStack immediately?  Why or why not?
  2. Assuming you could assign the AppStack immediately, what would be the difference in outcome to the end user?

NOTE:  Scroll down for answers.

 

 

 

 

 

 

 

 

Answers:

Yes, you can assign this and all AppStacks immediately.  It is important to note, however, this will depend upon the application(s) provisioned within the AppStack as some applications may not perform as expected when attached immediately.

One big difference to note is the end user (in this case, the CEO) will immediately notice new applications within their desktop.  Additionally, you may have noticed when logging in as the CEO user, there was a ThinApp package launched immediately upon login (specifically the OpenOffice 3 package quickstart entry point).  Any  provisioned application which has STARTUP shortcuts will not launch those specific shortcuts when the AppStacks they are provisioned within are attached immediately (vs. upon login or bootup) since Windows only looks at shortcuts within the STARTUP folders at login of the user.

 

 

Conclusion

You have completed assigning and testing an AppStack which is a ThinApp repository.

 

 

Unassign the ThinApp Package Repository AppStack

Please unassign the Thinapp Appstack to finish the module.

 

 

Authenticate to App Volumes

 

From the ControlCenter desktop, you need to launch Google Chrome if it is not already open and authenticate to App Volumes Management Console.

If Firefox is already opened and you are already authenticated, simply restore the application to the screen and skip the next step for authentication.

 

 

IF NEEDED - Authenticate to App Volumes Management Console

 

Skip this step if you are already authenticated to the App Volumes Management Interface.

Once the App Volumes authentication screen appears, login with the Administrator credentials.

NOTE: It is ok to use cached credentials on this page as the lab has stored these within the browser settings.

 

 

Open the Assigned AppStacks

 

Now you need to open the AppStack Assignments by doing the following:

  1. Select the VOLUMES section.
  2. Click on the Assignments tab.
  3. You should see the ThinApp Package Repository(x86) as an assigned AppStack.  Click on the words, ThinApp Package Repository (x86) to open the details on the AppStack.

 

 

Detach the ThinApp Package Repository (x86) AppStack

 

After opening the AppStack details, you can now unassign it.

 

  1. Click the "Unassign" button.  This will take you to an "Unassign AppStack" window.
  2. Check the selection box to the right for the AppStack in question.
  3. Click the 2nd "Unassign" button.  This will generate a "Confirm Unassign" pop-up window.
  4. Ensure "Detach AppStack on next logout or reboot" is selected.
  5. Click the 3rd "Unassign" button to finally initiate the process for AppStack detachment.

 

 

Log Off the CEO from Win7-MSW desktop

 

If you still have the CEO desktop logged in and running, please return to it and logoff.

 

 

Log In to the Win7-MSW desktop as the CEO

 

If you log back to the CEO's Win7-MSW desktop, you will notice the ThinApp packaged applications are no longer available.  Keep this in mind for the next step.

When you are ready, please close all applications and log off of the Win7-MSW Desktop.

 

 

Conclusion

You have completed unassignment of the ThinApp Package Repository (x86) AppStack.

Click to continue.

 

Module 8 (30 Min) - VMware User Environment Manager Integration with Horizon 6

Lab Modules and Estimated Times


This module is to help you better understand VMware User Environment Manager and how to deploy the solution.  User Environment Manager is already installed and so you will be reviewing the installation and configuration.

Read through the titles and descriptions of each volume and click on the link provided (or use the Table of Contents to browse to the section) if you wish to take a lab.

NOTE: To return to this page, use the Table of Contents to select this module "Lab Modules and Estimated Times of Completion".


 

Basic Lab Steps

The basic steps to this lab and each of its modules are as follows:

 

 

Section 1 - Introduction and overview of VMware User Environment Manager (30 Min)

This module includes a brief introduction and overview of VMware User Environment Manager to educate you on what the solution provides.

You will also go through a guided tour of the setup and configuration of the environment.

Estimated Time: 30 Minutes

Section 1:1 - What is VMware User Environment Manager

 

Section 1:1 - What is VMware User Environment Manager


VMware User Environment Manager™ offers personalization and dynamic policy configuration across any virtual, physical and cloud-based environment. It is a critical component of VMware Workspace Environment Management solutions, which support user-centric computing and address both end-to-end application and user management. User Environment Manager can simplify end-user profile management by providing organizations with a single and scalable solution that leverages existing infrastructure. IT can easily map infrastructure (including networks and printer mappings) and dynamically set policies for end users. With this solution, end users can also enjoy a personalized and consistent experience across devices and locations. Organizations leveraging User Environment Manager can increase workplace productivity while driving down the cost of day-to-day desktop support and operations.

Key Benefits:

 


 

Overview

 

 

 

How It Works

 

User Environment Manager clients are installed on RDS or VDI hosts, and devices such as desktops and laptops. Clients are enabled and configured through central GPOs in Active Directory that IT administrators have set up with User Environment Manager. IT can then set up policies and settings using the management console.  When a user logs onto their laptop or virtual desktop for example, policy settings such as network and printer mappings and shortcuts are automatically configured according to the set policy. IT can even create dynamic contextual policies based on conditional statements from the management console.  Application settings can also be predefined such that when a user opens up an application, the application configuration settings are automatically configured for quick application access. Settings can be applied to published applications and virtual desktops, such as VMware Horizon 6, RDSH desktops and apps, or Citrix XenApp and XenDesktop.

 

 

Use Cases

Customers can use User Environment Manager to manage virtual, physical, and cloud-hosted environments. A typical use case could be a user accessing their applications on their physical laptop while traveling. That user also has access to use a virtual desktop when in the office. As soon as the user logs into the virtual desktop, the application settings are applied as if the user was still working on their physical laptop. IT can also set up dynamic policy to adjust based on triggers, such as network location. If that user has to have different predefined, non-default settings because they are accessing applications from a physical laptop in an unsecured location, IT can set up a dynamic policy. Other implementations of User Environment Manager can also be applied, such as policies that follow the user from published application to virtual desktop.

 

 

Availability

User Environment Manager is available as standalone product or as a part of VMware Horizon Enterprise. Citrix customers can also take advantage of User Environment Manager as part of the VMware Horizon Application Management Bundle. User Environment Manager licenses are available on a named user/ device or per concurrent connection basis.

 

Section 1:2 - Review the Installation of VMware User Environment Manager


In this Module, you will review the current installation of VMware User Environment Manager.  The module will walk you through the installation and configuration process you would follow to deploy User Environment Manager.


 

User Environment Manager Shares

User Environment Manager requires two file shares.  The first file share will contain the central configuration files of the environment.  The second file share will contain the individual user configurations.  

 

 

Login to the UEM-SERVER VM.  

 

From the ControlCenter, launch the RDP client to connect to the UEM-SERVER VM

1. Double Click the RDP shortcut on the desktop

2. Double Click on UEM-Server and click Connect

4. Login as CORP\Administrator with the password: VMware1! and click OK to continue

 

 

 

Launch Windows File Explorer

 

From the UEM-SERVER console, launch the Windows File Explorer and go to the root of C: drive.  You will see the folders UEM-profile and UEM-settings.  The UEM-profile folder contains all of the users configurations and the UEM-settings contains the configuration information of the User Environment instance.

 

 

UEM-settings folder Properties

 

Both the UEM-profile and UEM-settings folders are shared and the proper permissions are assigned.  There are two levels of security that need to be set.  There are the share permissions and the NTFS file permissions.

 

The UEM-settings folder must have the following share permissions:

Everyone - Read

Domain Administrators - Full Control

 

  1. In Windows Explorer select the UEM-settings folder
  2. Right click to access the menu.  Choose Properties

 

 

Review the Share permissions on UEM-settings folder

 

  1. Select the Sharing tab and click Advanced Sharing
  2. Notice the folder has been shared as UEM-settings$
  3. Click on the Permissions button
  4. Notice that Everyone has the Read permission
  5. Notice that Administrators has Full Control permission
  6. Click on Cancel, and Cancel again to return to the UEM-settings properties dialog box

 

 

Review the NTFS permissions on UEM-settings folder

 

The UEM-settings folder must have the following NTFS permissions:

Everyone - Read & Execute

Domain Administrators - Full Control

 

  1. On the UEM-settings properties dialog box, select the Security tab
  2. Notice that Everyone has the Read & Execute permissions
  3. Notice that Domain Administrators has Full Control permissions
  4. Click Close to close properties window

 

 

Review the Share permissions on the UEM-profile folder

 

The UEM-profile folder must have the following share permissions:

Everyone - Change

 

1. In Windows Explorer select the UEM-profile folder and right click to access the menu.  Choose Properties

2. Select the Sharing tab and click Advanced Sharing

3. Notice the folder has been shared as UEM-profile$

4. Click on the Permissions button

5. Notice that Everyone has the Change permission

6. Click on Cancel, and Cancel again to return to the UEM-settings properties dialog box

 

 

Review the NTFS permissions on the UEM-profile folder

 

  1. On the UEM-settings properties dialog box, select the Security tab
  2. Notice that Everyone has the Modify permissions
  3. Notice that Domain Administrators has Full Control permissions
  4. Click Close to close out of the Properties dialog box

 

 

Close the RDP session to the UEM-Server

 

  1. Right Click on the Window
  2. Select "Shutdown or sign out"
  3. Select "Sign Out" to exit from the RDP session and it will close the window

 

 

GPO Preparation

Basic GPO's are used to enable the User Environment Manager.  A number of ADMX templates are provided for you to use to enable and configure the options you need for your environment

 

 

VMware User Environment Manager ADMX Files

 

The ADMX that are distributed with VMware User Environment Manager are placed in the PolicyDefinitions folder of a Domain Controller.  In the lab, the Domain Controller is the ControlCenter VM.  The ADMX files are the administrative templates that will allow us to configure the behavior of the FLexEngine client agent as well as the Flex Plus Management Console.

 

 

Review the Vmware-UEM GPO

 

VMware User Environment Manager is configured with Group Policy.  We will review the GPO settings that have been configured

  1. On the ControlCenter VM, double click on the Group Policy Management (shortcut) link.

 

 

Select the Vmware-UEM GPO

 

Select the Vmware-UEM GPO.  Notice that the policy applies to Authenticated Users and the Link is Enabled

 

 

Review the settings

 

  1. Right click on the Vmware-UEM GPO and select Edit

 

 

FlexEngine Policy settings

 

FlexEngine is the agent component that runs in the desktop VM's, RDSH hosts and physical desktops.  

Expand User Configuration, Policies, Administrative Templates, VMware UEM, FlexEngine.  You will notice there are a number of configuration options available and some of them have been enabled and configured.

DirectFlex - advanced settings: By default, DirectFlex exports profile information when an application is closed.  When an application is launched, DirectFlex will import the settings into the users profile

Flex config files - Use this setting to configure the central location of the Flex config (.INI) files that is processed by FlexEngine.  In a typical configuration this would be the "General" folder as created by the VMware UEM Management Console in the UEM configuration share.  In the lab, this has been set to \\uem-server\UEM-settings$\general  

Run FlexEngine as Group Policy Extension - Enable this setting to run FlexEngine earlier during logon by running as a Group Policy client-side extension.  When this setting is enabled, FlexEngine runs automatically during logon.  To guarantee that the FlexEngine Group Policy client-side extension will run during each logon, you must enable the "Always wait for the network at computer startup and logon" Group Policy setting.  You also need to make sure that the "FlexEngine.exe -s" command is configured through a Group Policy Logoff Script to run when a user logs off.

FlexEngine logging - Use this setting to configure the location and name of the FlexEngine log file.  You can capture log information for each user and control the level of logging for troubleshooting purposes.  In the lab, this has been set to \\uem-server\uem-profiles$\%username%\logs\flex.log

Profile archive backups - Use this setting to configure where backups of users configuration will be stored.  The backups allow users or helpdesk personnel to restore users application configurations in the event that the current settings are causing issues.  The default number of backups for each profile archive is 1.  You can change the number of backups to meet your requirements.  In the lab, this has been set to \\uem-server\uem-profiles$\%username%\Backups

Profile archives - Profile archives are stored in ZIP format but are not compressed by default.  You can enable compression if needed.  In the lab, this has been set to \\uem-server\uem-profile$\%username%\Archives.  Compress profile archives and Retain file modification dates have also been enabled

FlexEngine refresh settings - These are optional settings to control the behavior of windows appearance (ex: wallpaper), mouse and keyboard settings at logon

Feel free to open up each configuration option and review the settings.  Please don't make any changes as it may lead to other modules not working properly

 

 

Configure the GPO for VMware User Environment Manager

In these next set of steps we will configure the Group Policies for VMware User Environment Manager.  This will give the participant an understanding of the specific group policies that must be set to make VMware User Environment Manager functions.  

 

 

Setup Folder Redirection in the Vmware-UEM GPO

 

Folder redirection is optional but is recommended for some user data folders to be redirected to network shares so they are available to the user but not managed by VMware User Environment Manager.  This helps to keep logon times as quick as possible.  In some production user environments folder redirection may already be configured and can likely be used as configured.

Folder redirection requires a Folder which needs to be created before you start.

 

  1. Create a Folder Home on the control center and share it as Home$
  2. In the Group Policy Management Console right click the created Vmware-UEM GPO and select Edit from the menu.  This will launch the Group Policy Management Editor.
  3. In the left navigation under User Configuration \ Policies expand Windows settings out so the Folder Redirection menu expands.
  4. Right click on Desktop under Folder Redirection and select Properties from the dropdown menu.
  5. In the Desktop Properties dialog click the down arrow on the Setting filed dropdown and select Basic-Redirect Everyone's folder to the same location.
  6. in the Root Path field type "\\ControlCenter\HOME$"  Make sure the example path matches the one in the screen shot
  7. Click OK and Click Yes in the Warning dialog.

As an optional step, you can repeat steps 4-7 for the Start Menu and Documents folders. (*** This is an optional step and one that you should decide if you want to do for your own organization when deploying such a solution). It's important to understand that in a corporate deployment, you will take the time to decide which folders get redirected, they are all important but depending on your organization, they might not all be redirected.

 

 

Open up the UEM ADMX template to verify.

 

We will now review the previously configured Vmware-UEM GPO with the items needed for the FlexEngine and Flex Plus Management Console to operate properly.  

  1. If the Group Policy Management Console is not still running launch it by clicking on the Windows button on the taskbar and selecting Group Policy Management from the menu.  You can also launch it by typing "gpmc.msc" in the search field and pressing Enter
  2. In the left pane of the Group Policy Management Console click the down arrow next to Domains then corp.local
  3. Right click the Vmware-UEM GPO and select Edit from the menu. This will launch the Group Policy Management Editor
  4. In the left pane of the Group Policy Management editor click the arrow next to Policies under User Configuration to open the menu tree to the next level, then Administrative Templates to open the menu tree to the next level, then VMware UEM and finally click on the FlexEngine folder
  5. This will open up all the FlexEngine policies in the right hand pane so that we can review the settings

 

 

Enable the Always Wait for network at computer startup and logon policy

 

In order to ensure that the Flex+ configuration files and redirected folders are available to the user when the computer starts and the user logs on, we must wait for the network to be available.   This policy enforces that wait time.  

  1. In the left hand pane of the Group Policy Management Editor under Computer Configuration, click on the arrow next to Policies to expand the menu
  2. Click on the arrow next to Administrative Templates to expand the menu
  3. Click on the arrow next to System to expand the menu
  4. Scroll down until the Logon folder becomes visible
  5. In the left pane click on Logon to select it
  6. In the right pane click on Always Wait for the network at computer startup and logon item and right-click the Always Wait for the network at computer startup and logon item and select Edit from the menu
  7. Verify the Enabled Radio button is checked and if not enable it and Click OK
  8. In the left pane of the Group Policy Management editor scroll to the top of the page
  9. Click the arrow next to Computer Configuration to clean up the display for the next step

 

 

Verify the logoff script configuration

 

A logoff script is required to tell FlexEngine to save its configuration after the user logs off the computer. This has been already configured.

We will review the logoff script which is part of the same GPO that we have been configuring.

Below you find the steps that are required to configure the logon scripts.

  1. In the left pane of the Group Policy Management Editor click the arrow next to User Configuration to expand then expand the Policies Menu
  2. Click the arrow next to User Windows Settings to expand the`menu
  3. Select scripts (Logon/Logoff)
  4. In the right pane of the Group Policy Management Editor right click Logoff and select Properties from the menu.
  5. Click Add in the Logoff Properties dialog
  6. In the Script Name filed type "c:\Program Files\Immidio\Flex Profiles\FlexEngine.exe" (***Important to note, you cannot browse because FlexEngine is not installed on that specific computer, you need to manually type it in)
  7. In the Script Parameters field type "-s"  This is the command to save the configuration on logoff. OK. OK
  8. Exit the Group Policy Management Editor by clicking the Red X in the upper right corner 

 

 

Launch User Environment's Management Console

 

On the ControlCenter, double click on Management Console.  This will launch the User Environment Management Console which is used to configure the user's environment.  You can navigate through the console to see the basic settings that have been configured

Please take Lab HOL-MBL-1652 for an overview of the VMware User Environment Manager

 

Lab Finish


This concludes the VMware User Environment Manager hands on lab.  If you would like to follow a lab that takes you through some more advanced configuration scenarios with User Environment Manager, please take lab HOL-MBL-1652, Module 7 - Dynamically Managing Desktop Settings within the User Environment.

Please take the time to fill out any surveys so we may understand areas needing improvements, modifications, or corrections.

Thank you for taking the time to work though this lab and any feedback you may have provided!

 

 


Module 9 (45 Min) - Presenting a Linux Hosted Desktop with Horizon 6

Introduction to Linux Desktop


Why Linux Desktop's

Delivering, managing and accessing Linux virtual desktops with Horizon 6 for Linux eliminate the need to license commercial operating systems.

Get full support for Linux desktops and provide seamless access to office, 3D graphics, and developer applications. ​

Horizon 6 for Linux is ideal for software developers, CAD/CAM developers, cost sensitive deployment wishing to reduce software licensing costs and anyone else who needs the cost savings, security and customization available under Linux.

** This module describes the workflow in configuring the Linux Desktop VM, installing the View agent, and configuring the Linux desktop VM for 3D vDGA. All the following steps are for informational purposes only and you don't have to do anything.


 

Top Use Cases

 

Government, Energy, Simulation, Transportation, Manufacturing, Media & Entertainment and Aerospace are key industries using Linux desktops today.

RedHat has a number of customers using RHEL for Mathematica and numerical analysis.

With Horizon 6 for Linux, organizations can now extend the benefits of desktop and application virtualization to Linux users. Horizon for Linux centralizes desktop management and secures data in the data center while supporting end users with seamless access to Linux services across devices, locations, mediums, and connections. Furthermore, this solution allows organizations to move away from costly Windows licensing and to embrace low-cost endpoints to deliver the best possible total cost of ownership.

 

 

Supported Distributions

 

Ubuntu LTS (32bit and 64bit)

RedHat Enterprise Linux 6.6 (RHEL 6.6)

CentOS 6.6

NeoKylin (Tech Preview)

 

 

 

Requirements

Horizon 6.1.1 or higher

vSphere* 5.5 U2 or higher (6.0 or higher recommended)

Horizon Client for Windows, Mac or Linux 3.3 or higher

Linux agent (Latest)

*vDGA requires vSphere 6.0 or higher

 

 

Pre-Requisites

Java Runtime Edition (JRE)*  

DNS & Hostname

VMware Tools

Windows Active Directory

*The agent installer with download JRE if it is not present

 

 

Supported Features

 

* HTML Access works on some browsers but is not supported

 

 

Sizing Guidelines for Linux Desktops

 

 

Linux Desktop Deployment


It is important to understand the possibilities of creating a Linux pool in an automated fashion, at the moment this is not possible with Horizon direct.


 

Provisioning

 

You have the ability to create an automated pool in three different ways by using different tools. Depending on what you consider to use, the diagram above gives you indication on the level of complicity.

 

 

Steps to Prepare a Template

 

 

 

PowerCLI

 

Power shell scripts are the easiest way to automate the pool cloning for Linux virtual machines.

Benefits

Note: PowerShell Scripts and CSV can be found in DeployLinuxAgents.zip

 

 

vRealize Orchestrator

 

To automate the pool creating with vRealize Orchestrator is a medium easy way to manage your Linux desktop pool creation.

Benefits

 

 

Kickstart / PXE Boot

 

To automate the pool creating with Kickstart / PXE Boot is a harder way to manage your Linux desktop pool creation as it requires more backend components like the PXE server.

Benefits

 

yum install system-config-kickstart
or
apt-get install system-config-kickstart

 

 

 

Preparing the Linux Virtual Machine

 

VMware Tools can be installed using apt-get install open-vm-tools which will stay up-to-date with Linux updates (apt-get update).

Name resolution and a working DNS is critical for successfully creating a Linux pool

 

 

Virtual Machine Display Settings

 

It is important to understand why the number of displays and video RAM is important. Leaving this as the default (4MB) will result in low screen resolutions and the VM being unable to resize to the Horizon Client’s display resolution

 

 

Installing the Horizon Agent

 

  1. Copy the Horizon agent .tar to the virtual machine
  2. Extract the .tar file and CD to VMware-viewagent directory
  3. Execute ./install_viewagent.sh and specify parameters

Values:

*-n specifies a name for the Linux agent on that virtual machine. It’s not required, but an example would be (linux-centOS-x64-1)

 

 

Create a Linux Desktop Pool

 

  1. Create a manual desktop pool
  2. Select ‘Other sources’
  3. The display protocol selection is ignored for Linux Desktops
  4. HTML Access may work, but is NOT supported! (yet)

 

Linux Desktop and 3D with vDGA


This part will show the steps required to configure vDGA with Linux desktop.


 

Linux 3D Graphics Primer

 

Disabling Compiz will improve performance on Ubuntu.
Nouveau must be disabled for NVIDIA drivers to be loaded.
Linux uses OpenGL (not DirectX) for 3D graphics.

 

 

Preparing the Linux desktop for vDGA

 

 

 

Disable the Nouveau driver

 

  1. Edit /boot/grub/grub.conf and add rdblacklist=nouveau
  2. Edit /etc/modprobe.d/blacklist.conf and append with

Note: Ubuntu requires you to create /etc/modprobe.d/blacklist-nouveau.conf

 

 

Install the NVIDIA Driver

 

  1. Install the prerequisites
    # yum install gcc-c++ kernel-devel kernel-headers -y
  2. Download the NVIDIA driver and enable the execute bit
    # chmod +x NVIDIA-Linux-x86_64-346.59.run
  3. Exit X and run the installer
    # init 3
    # ./NVIDIA-Linux-x86_64-346.59.run -kernel-source-path=/usr/src/kernels/2.6.32-504.16.2.el6.x86_64/

  Note: For Ubuntu, install driver with sudo apt-get install nvidia-current-updates

 

 

Configure X.Org

 

  1. Get the NVIDIA GPU Device ID: lspci | grep VGA
  2. Edit /etc/X11/xorg.conf

 

 

Linux Desktop Best practices

This section covers some of the best practices.

 

 

Environment & Setup

 

 

Optimizing Linux Desktops

This section talks about some of the optimizations you could do in Linux desktop.

 

 

Disable Compiz (Ubuntu)

 

 

 

Disable Unnecessary Services

 

 

 

Troubleshooting the Horizon Agent

 

  1. Check that the agent is running
  2. Check agent config files (make sure they are not empty!):
  3. Make sure DNS name resolution is working

The Horizon Agent is installed to /usr/lib/vmware/viewagent

 

 

Un-installing the Horizon Agent

 

 

 

Linux Command

 

  1. $ sudo /usr/lib/vmware/viewagent/bin/uninstall_viewagent.sh
  2. $ sudo rm /etc/vmware/jms /etc/vmware/ssl -R
  3. $ sudo rm /etc/vmware/viewagent-machine.txt /etc/vmware/viewagent-config.txt

 

 

Remove Horizon desktop pool and registered machine

 

 

Module 10 (60 Min) - Sizing VDI and RDSH deployments using View Planner 3.5

View Planner Tool for VDI Sizing


In this module, you will learn about the View Planner tool which gets widely used for VDI and RDSH large scale sizing.  


 

Verify the status of the Virtual Machines

 

From the ControlCenter desktop:

  1. Launch Google Chrome
  2. If the log in page for the vSphere Web Client does not appear, click on the Site A Web Client link.  
  3. Log in to the VMware vSphere Web Client as user: CORP\administrator and password: VMware1!
  4. Click on Host and Clusters
  5. Verify the following Virtual Machines are powered on

If not you will need to power on the required VM's

  1. Right click on each Virtual Machine.
  2. SelectPower
  3. Select Power On                                                                                                                                                           

It will take a few minutes for the desktops to power on and then you can proceed.

 

 

What is View Planner?

 

VMware View Planner is a tool designed to simulate a large-scale deployment of virtualized desktop systems and study its effects on an entire virtualized infrastructure. The tool is scalable from a few virtual machines running on one VMware ESX host up to hundreds of virtual machines distributed across a cluster of ESX hosts. View Planner assists in the setup and configuration of the testing infrastructure, runs a set of application operations selected to be representative of real-world user applications, and reports data on the latencies of those operations.

In this lab, the focus is to get hands on with View Planner tool and how to use the tool to select VDI workloads and size the VDI deployment. The RDSH sizing is not covered in this module, however, same steps can be applied to do the RDSH sizing as well.

Below, you will find more details on View Planner operations, architecture, and modes. You can skip the section below if you want to get quickly started. More details on the View Planner tool can be found in the View Planner user guide.

 

 

Configurable and Extensible

 

A selection of applications to run in the workload:

 

 

View Planner Operations

View Planner runs can be performed in any of the following three modes:

When a run is started, a controller running in the virtual appliance powers on the desired number of desktop virtual machines, powers on the appropriate number of client virtual machines (for remote-mode or passive-mode runs), manages the workload execution, and gathers results. A reporting tool running in the controller appliance provides access to results of completed runs.

 

 

 

Web Management Interface

 

Most interaction with View Planner is through a web interface provided by the controller appliance. It is through this interface that:

 

 

Scoring Methodology: QoS

 

When the run is completed, the desktop and client virtual machines both report their results to the harness, where they are stored in a database for generating the score.

The View Planner workload operations are separated into the three groups : interactive operations (Group A), I/O operations (Group B), and background load operations (Group C). The operations in Groups A and B are used to determine Quality of Service, while the operations in Group C are used to generate additional load.

To generate the benchmark score, the 95th percentile of the Group A QoS results and the 95th percentile of the Group B QoS results during the middle iterations in the steady-state phase of a View Planner run is calculated. For a successful run, these percentiles must each be at or below the default thresholds of 1 second and 6 seconds respectively for Group-A and Group-B.

 

Setting up the View Planner Harness


First, we need to install the ViewPlanner Linux appliance which is the central controller.

This step is done for you to minimize the time required and below steps are for information only.


 

Deploy the View Planner Harness

 

In this lab, a View Planner controller appliance has been deployed upfront for you. So, you don't need to deploy the appliance, however steps are provided below.

The View Planner Harness can be deployed using the View Planner controller appliance in following steps:

  1. Obtain a View Planner controller appliance as an .ova file from VMware
  2. Deploy the View Planner controller appliance on an ESX host using Deploy OVF Template function in vSphere Client
  3. Follow the steps of Deploy OVF Template wizard and click Finish at the final step to complete the deployment process.

You can check out this appliance by:

  1. Open vSphere Client by clicking on the vSphere Client icon on the desktop of this machine. At the VMware vSphere Client dialog (see the Open vSphere Client screen shot), enter IP address / Name as vcsa-01a.corp.local, user name as administrator@vsphere.local, password as VMware1! and then click Login
  2. In vSphere Client, look for the virtual machine named viewplanner. This machine works as the View Planer harness. Right-click on this machine and select Console in the drop-down menu to open the console (see the Open View Planner controller appliance screen shot).
  3. Power-on the appliance if it is not already powered on and then wait for the login screen to appear.
  4. When the console opens, you can login to the View Planner controller appliance by entering the credentials Login: root, Password: vmware

 

 

Setting up the View Planner Harness

 

After you complete the deployment and login to the harness, you need to configure the View Planner controller appliance by running following command in the command line of the console:

        cd /root/ViewPlanner

        source setup.sh

        python ./harness_setup.pyc -i <ipaddr> -m <netmask> -g <gateway> -d <full-domainname> -n <dnsip1> [,<dnsip2>, ...]

        Replacing <ipaddr>, <netmask>, <gateway>, <full-domainname>, <dnsip1> with appropriate values, including the static IP address and the domain name.

        The View Planner controller appliance you are working on already has this settings. So, you don't have to do the configuration. Instead, please look at the above screen shot which shows an example of the settings.

 

 

Setting the Timezone in the Harness

Please set the timezone of the appliance as per your timezone. Below example is for Pacific time zone (PDT).

$  date

$  cd  /etc

$  rm -f  localtime

$  ln -s /usr/share/zoneinfo/US/Pacific localtime

$  date

 

 

Verify the View Planner controller appliance working properly

 

You can verify the setting is completed by accessing the web interface of View Planner Controller via web browser. To do that:

  1. Open Firefox by clicking the Mozilla Firefox icon on the desktop.
  2. On the address bar, type the IP 192.168.110.96 and hit the Enter button.
  3. At the login page, use the default credentials: Login: root, Password: vmware to login theView Planner Controller

You now can see the View Planner web interface as in the above screen shot.

 

Setting up Desktop and Client Images


To run the ViewPlanner workload, the desktop and client image needs to be prepared and ViewPlanner agent needs to be installed in both desktop and client VM.


 

Create Desktop Image

 

Desktop image is a virtual machine hosting applications for VDI workload. This desktop requires several software packages including Horizon Agent, View Planner Desktop Agent and benchmarking applications such as MS. Office, Firefox, Adobe Reader, etc. Creating this desktop involves following steps:

  1. Create a virtual machine on ESX using vSphere Client.
  2. Install Microsoft Windows on this virtual machine and applications (MS Office, Adobe Reader, etc)
  3. Install Horizon Agent
  4. Install View Planner Agent

A desktop with all required software has been prepared for you. You can look at this desktop virtual machine by

  1. Open vSphere Client and look for a virtual machine named Win7-OPT-TS
  2. Right click on the machine and select Open Console
  3. If the VM is powered off, please power on the VM and wait for the login screen.
  4. If the desktop gets into repair state, please reset the desktop.
  5. Press Ctrl+Alt+Del or Select menu VM  / Guest / Send Ctrl+Alt+Del and use the "corp\administrator" as user and enter password VMware1! to login
  6. Check out several software package that has been installed on this machine.

 

 

Create Client Image

Client image is a virtual machine that is used as a client to connect the Desktop machine to run the VDI workload. Creating a Client machine also involve 4 steps like creating Desktop and software required by Client include View Client, View Planner Client Agent. A client machine named Win7-MSW has been prepared in this lab and you can find in the vSphere Client.

 

 

Going to View Planner Snapshot on Client Image

 

First, open the console of VM Win7-MSW using vSphere client (just like we did for the desktop VM earlier) and then follow these steps:

  1. Open the snapshot manager
  2. Go to the snapshot "WithAutoLogon"
  3. Click the "Go to" button
  4. Close the window

Your VM is now ready for the View Planner run.

 

Setting up Active Directory and Horizon Servers


To run the remote mode with PCoIP, ViewPlanner agent needs to be installed in View and AD server.


 

Setting up Active Directory Server

 

An Active Directory (AD) server is required for remote-mode and passive-mode runs. For AD server, this setting has been done for you and includes following tasks (below steps are for informational purpose only):

  1. Enable Active Directory on a Windows Server based machine
  2. Install View Planner AD Server Agent on this machine. In our lab testbed, this AD server has been setup whose IP and domain name are 192.168.110.10 and corp.local. For this lab, a dummy AD is configured and few AD users have been pre-created. This step was done though a change in /root/ViewPlanner/adminops.cfg file in View Planner harness.
  3. Customize View Planner for AD installation by setting up AD Information in Config tab of the View Planner web interface using the the above IP Address and Domain Name as in the above screenshot.

 

 

Setting up Horizon Server

 

VMware Horizon is required when you need benchmarking VDI workload using RDP or PCoIP protocol. Setting up a Horizon Server for View Planner involves following tasks which are also completed:

  1. Please power on the Horizon connection server using vSphere client if it is not already powered on.
  2. Install and set up a Horizon Connection Server. After installation, this server can be accessed via Horizon Administrator web interface to create desktop pool for VDI benchmarking.
  3. Install View Planner Agent for Horizon.
  4. Customize View Planner for Horizon by setting View Information in Config tab of the View Planner web interface using the information of Horizon. For this lab, Horizon Address/Name is 192.168.110.91, Horizon User Name: Administrator and Horizon Password: VMware1!

 

 

Verifying Active Directory and Horizon Servers are working

 

You now can check that Active Directory and Horizon Servers are properly working with View Planner by doing this steps:

  1. Open and login View Planner web interface in Firefox which you have done in a previous task.
  2. Click on the Config tab, then click on TestAD / TestView and check to see if the message showing testing is successful or not.

 

Create a Workload Profile


In this section you will define the workload profile with the set of applications, thinktime, and the number of iterations.


 

Workload profile

 

A workload profile includes one or several applications that you will use for your benchmark. To create a workload profile, in View Planner web interface

1.     Click the Config tab.

2.     In the Workload Customization pane click New. This will open a New Profile window.

3.     In the New Profile window:

4.      Your new configuration named Word_1i is now available in the Workload Profiles drop-down menu.

 

Create a Run Profile


In this section, you will create a run profile to start the workload profile you created in the previous step.


 

Creating Run Profile

 

In this task, you will create a run profile for benchmarking a workload including single Microsoft Word application for single VDI desktop using PCoIP protocol. For scale runs and provisioning, please follow the user guide.

For a single VM run, please follow the steps:

  1. In the View Planner web interface, go to "Run & Reports" tab and click the New button.
  2. In the New Run Profile window, enter following information:

 

 

 

Checking Run Profile

 

After creating a Run profile, you can check for this profile from the Run Profiles drop-down menu. You may get a warning about using dummy AD which you can ignore as the users have already been precreated for you.

 

Executing and Monitoring the Run


In this part, you will execute the Word profile you created in the previous step.


 

Executing the Run Profile

 

To start benchmarking your workload, select the Run profile that you have just created from the Run Profile drop-down menu and then click Run button as in the above image.

You can monitor the status of the run by looking at the status bar where completed steps are highlighted with green color.

 

 

 

Monitoring the Log from harness

 

To monitor the log on the ViewPlanner harness, Open a Putty ssh session to harness 192.168.110.96 using credentials (root/vmware)

   $ cd ViewPlanner

   $ tail -f viewplanner.log

 

 

Monitoring the Client

 

From the vSphere client, open up the console for client VM Win7-MSW. You will notice that VM is getting powered on. After it power-ons, the VM will register with the harness. Then, it receives the command from the harness to initiate a PCoIP connection to connect to the desktop and then the workload will start.

If you don't see any progress after a minute or so, check the viewplanner.log in the putty window and see if the desktop VM have registered. If the desktop registration count is zero, then open up the console client for Win7-OPT-TS. Check if the desktop VM is stuck in repair state, if yes, reset the desktop and wait for the desktop to be registered after the reboot.

 

 

Analyzing the Run after Completion


Now that the workload has completed and results are uploaded, you can analyze the output results and PDF report.


 

End of Run

 

At the end of run, if you see the console of Win7-MSW, you will see a command window in the desktop. This window ran a python script to upload the results. Also, you are still logged in from the View Client. You can log off the view session by clicking on "Disconnect and Log off" as shown in the screenshot above.

 

 

PDF Report

 

When the generating-report step status changes to green, it means and the run complete and a report and performance data of the run will be created and added to the report list.

To view the report of the latest run, click on the Refresh button and click on the Report button on the list of reports as shown in the above image. Please refresh the web browser if you see a older/cached version of the PDF report.

When the PDF report is opened in the browser, please scroll down to the page 5 to View Planner Score section. Check out the QoS Summary for the score of the run:

[Please disregard the comments about missing events as not all the applications were ran in this test]

 

Creating a Custom Application


For this part, we will build and run a custom application (Visio). Since Visio is not a supported/regular application in ViewPlanner, you will implement the Visio workflow in this part.

Please log into Win7-OPT-TS desktop with the credentials:

User:  Corp\Administrator

Password:  VMware1!


 

Writing custom app: MS Visio

 

View Planner allows users to add their own applications as the workload for VDI benchmarking. For example, if you want to use Visio software which is not in the list of available applications, you can create a custom application for Visio and add it to View Planner. Two tasks involve in creating custom application:

  1. Write the application in AutoIT script to automatically simulate user operations on the application.
  2. Edit the configuration file config.txt of View Planner to register this application.

In this lab, such a custom application named Visio (visio.au3) has been prepared and declared in config.txt. It locates the C:\ drive of the WIN7-OPT-TS. The above image shows an example of this script for Visio.

 

 

Visio Operations

 

Browse through the Visio code written in AutoIT (very easy to learn language).

 

 

Register the new custom app

 

First verify that you have a V: drive which is a map of C:\viewplanner-input-data. If the V: drive doesn't exist in My Computer, please open a command prompt and run this command

           subst   V:   C:\viewplanner-input-data

 

1. Open up the data disk golden folder (V:\golden) and open the "config.txt" file.

2. Modify the custom application section (We have already added the VISIO_OPS line for you).

3. Open a command prompt by running "cmd" command after typing Window-R button.

4. Run "python c:\server.pyc update" - this will register the new custom application with the harness

5. You can also test the new custom application by running  "c:\viewplanner.exe customapp" in the command window.

If you already have the putty ssh open to the harness (192.168.110.96)  (root/vmware), then go to the terminal and restart the vdiappd service:

   $  service vdiappd restart

 

 

 

Running the Custom Application


Now the custom app is implemented, you can define the workload profile and run profile and execute the Visio workload.


 

View Planner - Config

 

Go back to the VMware View Planner tab and select the Config tab.

 

 

New Workload Profile

 

From Workload Customization, select New.

 

 

Define custom application workload profile

 

After the registration step, you will see that Visio is now appearing in the list of applications. Please define the Visio profile (Visio_1i) with 1 iteration and 2 second think time.

 

 

Revert Snapshot - Win7-MSW

 

Back in the vSphere Client, you will need to revert back to the 'WithAutoLogin' snapshot for Win7-MSW.

 

 

Running Custom App: Visio

 

As discussed in prior section of creating a run profile, create a run profile with the same parameters except for the workload profile. Now, select "Visio_1i" as the workload profile and then save/execute the run profile.

After the run is started, please monitor the run, harness logs, client screen to see the update and then when run is complete, you will be able to see the PDF report with Visio operations response times.

 

Lab Conclusion

Horizon 6: Advanced Technical Concepts of Horizon 6 from A to Z


Lab Captains: Peter Schraml, Banit Agrawal, Laurel Spadaro, Brent McCoubrey and Mike Barnett want to thank you for your time reviewing the lab content.  We hope you found the information useful and will be able to put the concepts and lessons to use in your Horizon 6 deployment.


 

Please continue with other content in this lab or Enroll Again

Please ENROLL AGAIN for HOL-MBL-1651 as many times as you would like or Invite a Friend.

 

 

Scan the QRcode with your smart phone or tablet for more information on Horizon 6 with View

 

Scan the QRcode with your smartphone or tablet or enter the URL http://bit.ly/HOL-MBL-1651 in your browser.

 

Conclusion

Thank you for participating in the VMware Hands-on Labs. Be sure to visit http://hol.vmware.com/ to continue your lab experience online.

Lab SKU: HOL-MBL-1651

Version: 20150923-103903