VMware View 4 Premier Add-On: 10 pack
Contents
1. The ability of users to download an online desktop for use on their local system is conferred through entitlement and Offline Desktop access policy While a desktop is checked out View Manager administrators are still able to access the online system while monitoring the offline equivalent The flow of a typical online and offline usage scenario is illustrated in Figure 7 1 with each stage summarized in Table 7 1 VMware Inc Chapter 7 Offline Desktop Figure 7 1 Offline Desktop Usage Flow 1 vCenter View Connection Server Internet datastore desktops in virtual machines remote user 2 vCenter View Connection Server Internet datastore ESX remote user 3 vCenter View Connection Server Internet datastore ESX remote user VMware Inc 169 View Manager Administration Guide 170 Table 7 1 Offline Desktop Stage Description Stage Description 1 The remote user starts View Client with Offline Desktop and is presented with a list of their entitled desktops The user selects an Offline Desktop compatible desktop and initiates a download that copies the desktop virtual machine onto their local system 2 Once the virtual machine is downloaded the user can log in to Windows and use their desktop locally even in the absence of a network connection The online equivalent is shut down and locked in order to prevent access or modificati2. VMware Inc 205 View Manager Administration Guide Table 9 2 shows which parameters are applicable to each desktop type Table 9 2 Mapping Desktop Parameters to Desktop Types Individual Individual Terminal Managed Unmanaged Manual Managed Manual Unmanaged Server Parameters Desktop Desktop Pool Pool Pool Non Non Persistent Persistent Persistent Persistent Desktop Yes Yes Yes Yes Yes Yes Yes State Virtual Yes Yes Yes machine power policy Automatic Yes Yes Yes Yes Yes Yes Yes logoff after disconnect Allow users Yes Yes Yes to reset their desktop Allow Yes Yes multiple sessions per user Install View Agent on an Unmanaged Desktop Source During installation the installer detects when the agent is being installed on an unmanaged desktop source An unmanaged desktop source is a virtual machine that is not running on an ESX server At the same time the desktop source is also registered with a View connection server After it is registered the specified View connection server and its replica instances can communicate with the desktop source This section discusses installing the View agent on an unmanaged desktop source For information about installing View agents on managed desktop sources see Preparing the Guest System on page 68 206 VMware Inc Chapter 9 Unified Access To install VMware View Agent on an unmanaged desktop source 1 Run the View Agent executable file o
3. Shadow bitmaps Determines if shadow bitmaps should be used Shadow bitmaps are always disabled in full screen mode therefore this property has no effect when in full screen mode Cache persistence active Determines if persistent bitmap caching should be used Persistent caching can improve performance but requires additional disk space Enable compression Determines if the compression of RDP data is used and is enabled by default Windows key combination redirection Determines where Windows key combinations are applied When this property is enabled the available settings are m Apply key combinations locally m Send key combinations to VM Enable Credential Security Service Specifies whether the View desktop connection uses Network Level Authentication NLA In Windows Vista remote desktop connections require NLA by default If the guest operating system requires NLA for remote desktop connections you must enable this setting or View Client will not be able to connect to the View desktop In addition to enabling this setting you must also verify that the following conditions are met Both the client and guest operating systems support NLA m Direct client connections are enabled for the View Connection Server instance Tunneled connections are not supported with NLA m The View Secure Authentication component is not installed in View Agent on the guest operating system Single sign on i
4. In addition to the standard privileges described in vCenter Server Permissions for View Manager Users on page 37 the View Composer service requires that you enable some additional privileges described in Table 6 2 Table 6 2 Create View Composer Role Required Privileges Privilege Group Privilege s to Enable Folder Create Folder Datastore Browse Datastore File Management Virtual Machine Inventory Configuration State Provisioning gt Clone Provisioning gt Allow Disk Access Resource Assign Virtual Machine To Resource Pool Global Enable Methods Disable Methods NOTE Administrative users in vCenter Server have all the requisite permissions enabled by default Local System Administrator View Composer requires that the vCenter Server user is also a system administrator on the machine hosting the service the vCenter Server To address this requirement any vCenter Server user used by View Manager to deploy linked clone desktops must be a member of the local system Administrators group on the vCenter Server 144 VMware Inc Chapter 6 View Composer Preparing a Parent VM The Parent VM is used by linked clone desktops as the base image for each linked desktop clone For a Parent VM to be used by View Manager in a linked clone desktop deployment you must first install the View Agent on its operating system Make sure that you have administrative rights to the Parent VM and that the following
5. Specify how the desktops derived from this template will participate in your network If you want to automatically add deployed desktops to a domain select Windows Server Domain and enter the appropriate name in the field provided In the user name password and password confirmation fields enter the credentials for a user who has the requisite level of permission to add a systems to this domain Ensure that Generate New Security ID SID is selected and click Next Deploying an Automated Desktop Pool 1 From within the View Administrator click the Desktops and Pools button and then click the Inventory tab In the Global desktop and pool view pane ensure that the Desktops and Pools tab is selected and click Add You are presented with the Add Desktop wizard From here you can configure and deploy a new linked clone desktop pool Select Automated Desktop Pool and click Next Select the type of desktop pool you want to create and click Next Pool Type Description Persistent Desktops in this type of pool are allocated statically in order to ensure that users connect to the same system each time they log in Desktop assignment takes place the first time the user connects Non persistent Desktops in this type of pool are allocated dynamically when the user logs in and are returned to the pool when the user disconnects From the list provided select the vCenter Server that will be used by this desktop Click Next VMw
6. 212 In the desktop pane select an individual desktop and click on the Desktop Sources tab Select the desktop source and click Change Select the virtual machine for the desktop to use and click OK All available virtual machines that are running a supported guest operating system and that another virtual desktop is not using appear in the table including virtual machines that are suspended or not powered on A confirmation page appears Click OK to change the original desktop source to the selected one You return to the main page and you can see the desktop source that you changed VMware Inc Chapter 9 Unified Access Delete a Desktop You can delete an individual desktop or a desktop pool To remove unmanaged desktops you must unregister them See Unregister a Desktop Source To delete an unmanaged desktop pool 1 On the Desktops tab select an unmanaged desktop pool or desktop and click Delete A warning message appears that you are trying to permanently delete this desktop pool Only the desktop pool is deleted The registration information of the unmanaged desktops that belong to the pool is not deleted 2 If any of the desktop sources have active sessions select the action to be taken m Leave active Active sessions remain until the user logs off The View Connection Server does not track these connections Terminate Terminates all active sessions immediately 3 Click OK to delete th
7. 3 Enter search text in the text box and click Find Search results appear in the Events table Click more at the end of each message to display more details about the event VMware Inc 63 View Manager Administration Guide 64 VMware Inc Virtual Desktop Deployment Virtual desktop deployment is the task of preparing individual or multiple virtual machines for View Manager client connections Once deployed prepared systems can be accessed directly or act as a template from which View Manager can create an extensible pool of cloned desktops This chapter covers the end to end requirements and procedures associated with desktop deployment and concentrates specifically on the creation of desktops and desktop pools from virtual machines managed by vCenter Server This chapter discusses the following topics VMware Inc Overview of Virtual Desktop Deployment on page 66 Preparing the Guest System on page 68 Individual Desktops on page 71 Automated Desktop Pools on page 74 Manual Desktop Pools on page 81 Entitling a Desktop or Pool on page 85 Searching Desktops and Entitled Users and Groups on page 89 Disabling View Manager and Deleting Objects on page 91 65 View Manager Administration Guide Overview of Virtual Desktop Deployment 66 The procedure for deploying virtual desktops varies depending on whether you are creating an automated pool from a virtual machine
8. Number of View Connection Server instances Number of security servers Number of View desktop sources Number of Ephemeral Ports Fill in Your Site s Value C5 clients servers 10 number of ephemeral ports on each View Connection Server VMware Inc 45 View Manager Administration Guide Table 2 4 Worksheet for Number of Ephemeral Ports and TCB Hash Table Size Continued TCB Hash Table Size for View Connection Servers Fill in Your Site s Value C5 clients servers desktops 20 number of TCB hash table rows on each server TCB Hash Table Size for Security Servers Fill in Your Site s Value Cs clients security servers 10 number of TCB hash table rows on each security server Optimizing the Java Virtual Machine You can increase the size of the Java Virtual Machine JVM heap memory configuration to support a large number of concurrent View desktop sessions View Connection Server uses its own instance of the JVM to run its application processes The default heap size for the View Connection Server JVM is 512MB This configuration can support approximately 750 concurrent View desktop sessions The JVM heap is implemented as a contiguous memory block On 32 bit Windows computers the maximum size of an allocated contiguous memory block is 2GB The JVM requires approximately 0 5GB of that space for normal operation Therefore on a 32 bit Windows computer JVM programs ca
9. The check box value specified at the command line takes precedence over the check box value specified on the View Client connection dialog box This setting is disabled by default VMware Inc 201 View Manager Administration Guide 202 VMware Inc Unified Access Large enterprises use a mix of physical PCs server based desktops or applications that are published using terminal services virtual desktops and blade PCs Users requiring access to more than one platform must use several different interfaces Unified Access enables View Manager to provide a unified interface through which users can access their desktops being delivered by multiple back ends The term desktop source is used in this chapter to refer to terminal servers physical computers or unmanaged virtual machines This chapter describes the following topics VMware Inc Prepare Multiple Back End Machines to Access Remote Desktops on page 204 Install View Agent on an Unmanaged Desktop Source on page 206 Add and Change Desktop Sources on page 207 Enable or Disable a Desktop on page 211 Entitle Users and Groups to a Desktop on page 211 Delete a Desktop on page 213 Unregister a Desktop Source on page 213 203 View Manager Administration Guide Prepare Multiple Back End Machines to Access Remote Desktops 204 A desktop source must be prepared to deliver desktop access If desktop sources do not
10. The initial disk usage of a linked clone virtual machine is far lower than that of a full clone because the operating system and client applications are derived from a Parent VM The greatly reduced storage overhead for operating system and user data is accomplished through the use of delta disks and thin provisioning Every new desktop created in a standard non linked clone automated pool is a duplicate of a base template Consequently each standard clone uses the same amount of disk space as the base template because the operating system data and user data of the base template is replicated by every clone created in the pool View Composer greatly reduces the physical storage overhead of linked clone desktop pools through use of delta disks abstract storage mechanisms whose logical size can be greater than their physical size Thin disk growth depends on factors including workload power off policy and pool type In a linked clone deployment delta disks are used by the desktop to store the data difference between its own operating system and the operating system of the Parent VM from which it is derived Immediately after deployment the difference between the Parent VM and each of its linked clones is extremely small therefore the delta disk is also extremely small VMware Inc 129 View Manager Administration Guide 130 Because the delta disks for each desktop will inevitably grow over time during linked clone deployment yo
11. This section provides the number of Terminal Services sources and other sources standalone virtual machines and physical systems currently registered with View Connection Server Administrators The Administrators table contains a list of all users and groups that are allowed to log in to View Administrator All entities in this list reside within the current Active Directory domain forest m Click Add to search for Active Directory users or groups in order to add them as View Connection Server administrators a The Add Administrator window is displayed From here you can view search on and filter all Active Directory users within the domain forest b In Type select Users checkbox Groups checkbox or both c From the Domain drop down list choose the domain that contains the users or groups you want to add or select Entire Directory to search across the entire Active Directory domain forest d Using the fields provided you can search by name or description Click Find to execute the search NOTE If you want to view a list of all users in the domain leave the Name and Description fields blank e From the table choose the user or groups you want to add and click OK m To remove an administrator from the list select their entry and click Remove Global Settings This section provides information about the global product configuration parameters that apply to all areas of the product To change a setting click Edi
12. keyalg RSA trustcacerts file certificate p7 If you are using a temporary certificate you may be presented with the following message is not trusted Install reply anyway This message is generated because the root certificate given to you is not trusted by Java because it is a test certificate and not for production use To configure the View Connection Server to use the new certificate 1 Place a new certificate file in the following location on a standard replica or security server instance of View Connection Server C Program Files VMware VMware View Server sslLgateway conf Create or edit the following file on each server C Program Files VMware VMware View Server ssLgateway conf locked properties Add the following properties keyfile keys p12 keypass lt secret gt This changes the values as needed to match what you created in the previous step Restart the View Connection Server service Assuming your environment is configured to use SSL a message like the following will appear in the View Connection Server log 13 57 40 676 INFO lt Thread 1 gt NetHandler Using SSL certificate store keys p12 with password of 6 characters This message indicates that the configuration is in use To convert a PKCS 12 certificate to PKCS 7 1 Create a PKCS 12 certificate and choose Tomcat as Web server type when exporting the file Open the certificate file in Windows Explorer Click Details gt Copy to
13. on page 45 to fill in values for your deployment VMware Inc Chapter 2 Installation Setting TCP Hash Table Size in the Windows Registry You can edit the Windows registry to increase the size of the TCB hash table on the Windows Server computer on which View Connection Server runs To increase the size of the TCB hash table on Windows Server 1 On the Windows Server start the Windows Registry Editor a Select Start gt Command Prompt b At the command prompt type regedit 2 Inthe registry locate the correct subkey and click Parameters HKEY_LOCAL_MACHINE SYSTEM CurrentControlSet Services Tcpip Parameters 3 Click Edit gt New and add the following registry entry Value Name MaxHashTableSize Value Type DWORD Value data lt calculated hash table size gt Valid Range 64 65536 decimal 4 Exit the Registry Editor 5 Restart the Windows Server computer Active Directory group policies can override registry entries When possible use a group policy to set the size of the TCB hash table on View Connection Server Worksheet to Calculate Ephemeral Ports and TCB Hash Table Use this worksheet to calculate the number of ephemeral ports and the size of the TCB hash table on each View Connection Server and security server in your deployment Table 2 4 Worksheet for Number of Ephemeral Ports and TCB Hash Table Size Configuration Parameters Fill in Your Site s Value Projected number of concurrent client connections
14. View Manager Components on page 14 m System Requirements on page 14 Overview of View Manager View Manager integrates with VMware vCenter Server allowing administrators to create desktops from virtual machines running on VMware ESX server and then deploy them to end users In addition View Manager utilizes your existing Active Directory infrastructure for user authentication and management Once a desktop has been created Web based or locally installed client software enables authorized end users to securely connect to centralized virtual desktops back end physical systems or terminal servers Figure 1 1 shows a high level view of an example View Manager environment and its main components these components are described in more detail in later sections of this book VMware Inc 11 View Manager Administration Guide Figure 1 1 Example High Level View of a View Manager Environment Windows Linux Mac View Client View Portal View Portal Thin Client network Microsoft View View Active Directory Administrator Connection eee browser Server Non vCenter VMs VMware vCenter Server with View Composer Physical PCs Blade PCs View Agent Terminal Servers ESX hosts running Virtual Desktop VMs desktop OS 000 virtual machine ESX host View Manager Features The major features of View Manager are described below m Enterprise class connection brokering View Manage
15. on page 65 VMware Inc 125 View Manager Administration Guide 126 VMware Inc View Composer The View Composer feature provides a versatile and highly storage efficient alternative to creating and managing many standalone virtual machines This chapter provides an overview of View Composer In addition to offering a conceptual overview of how linked clone desktops are created within vCenter Server by View Composer and managed by View Manager the following sections describe how to prepare vCenter Server and a base virtual machine image for use in a View Composer deployment This chapter discusses the following topics m Overview of View Composer on page 127 m Preparing vCenter Server for View Composer on page 137 m Preparing a Parent VM on page 145 m Deploying Linked Clone Desktops from View Manager on page 147 m Refreshing Recomposing and Rebalancing Linked Clone Desktops on page 156 m Using an Existing View Composer Database on page 161 m Using the SviConfig Tool for View Composer on page 162 Overview of View Composer The View Composer feature enables View Manager administrators to rapidly clone and deploy multiple desktops from a single centralized base image called a Parent VM Once the desktops have been created they remain indirectly linked to a snapshot residing on the Parent VM VMware Inc 127 View Manager Administration Guide 128 The link is indirect bec
16. On the Desktops tab click Add 207 View Manager Administration Guide 208 In the Desktop Type window select Individual Desktop and click Next In the Desktop Source window select Physical computers or virtual machines not managed by a vCenter Server and click Next Enter the Unique ID and the Display name and Description The unique ID is the name that View Manager uses to identify the desktop The desktop display name is what the user sees when logging in The unique ID and display name can be arbitrary but if you do not specify a display name the unique ID is used for both If your installation has multiple VirtualCenter or vCenter Servers see Uniqueness of Unique ID on page 214 NOTE You can use any alphanumeric character including spaces to provide an optional description The description can be up to 1024 characters long and is only visible from the View administrator interface After you provide the desktop identification details click Next Specify the desktop parameters and click Next For more information on the parameters that are applicable to unmanaged individual desktops see Table 9 2 Mapping Desktop Parameters to Desktop Types on page 206 In the table on the Desktop Source page select the desktop source to be added as an individual desktop and click Next You can only select one desktop source All registered desktop sources that are running a supported guest operating system and th
17. Program Files VMware VMware View Server Extras GroupPolicyFiles Microsoft TechNet provides detailed guidance on how to load GPO templates directly into Active Directory http technet microsoft com en us library cc728217 aspx Application of Group Policies Once the GPO templates have been loaded into Active Directory they are read and applied at startup for desktops and during logon for users By default client systems refresh most Group Policy settings approximately every 90 minutes NOTE The policy update interval is controlled by a general Windows policy and can itself be modified VMware Inc 187 View Manager Administration Guide Computer Configuration GPO With the Computer Configuration GPO you can set policies that are applied to all systems regardless of who connects to the desktop Where equivalent policies exist in the User Configuration GPO the policies contained in this group are overridden View Agent Configuration Use the GPOs described in Table 8 8 and Table 8 9 to configure View Agent behavior Table 8 8 View Agent Configuration Properties Property Recursive enumeration of trusted domains Description Determines if every domain trusted by the domain in which the agent resides is enumerated In order to establish a complete chain of trust the domains trusted by each trusted domain are also enumerated and the process continues recursively until all trusted domains are discovered This inf
18. VMware Inc 145 View Manager Administration Guide Installing the View Agent on the Parent VM If it is not already present you must install the View Agent on the Parent VM to allow the View Connection Server to communicate with the desktop clones created from the base image To install View Agent 1 Run the following executable on the guest system where xxxxxx is the build number of the file VMware viewagent xxxxxx exe 2 When the VMware Installation wizard appears click Next 3 Accept the VMware license terms and click Next 4 Select your custom setup options You must install the View Composer Agent You can also select or deselect the following features 146 If you want to allow users to download a copy of their virtual desktops from the View Connection Server for use on a local computer such as a laptop install the Offline Desktop component Offline Desktop is not supported with vSphere 4 Offline Desktop is an experimental feature Refer to System Requirements on page 14 for more information about experimental features If virtual desktop users need to access locally connected USB devices with their virtual desktops install the USB Redirection component NOTE Windows 2000 does not support USB redirection If you want to enable single sign on SSO install the View Secure Authentication component If enabled when users log in to View Client they are not prompted to re enter their auth
19. meet the following conditions remote desktop delivery fails m Install View agent on the back end machine For more information about installing View agents see Install View Agent on an Unmanaged Desktop Source on page 206 m Ensure that the back end machine meets the following requirements m Itison the same domain as the View server or is on a trusted domain to enable single sign on m It allows the required domain users and groups to remotely connect to the machine to enable single sign on m Ensure that a back end machine that is not managed by vCenter Server is powered on and is reachable by the View Connection Server m Enable RDP connectivity on the back end machine When these conditions are met the machine is available to deliver remote desktops Desktop Parameters You must set desktop parameters when you are configuring managed and unmanaged individual desktops desktop pools and terminal servers The desktop parameters differ for managed and unmanaged resources This section explains the significance of the desktop parameters and also discusses the mapping between desktop resources and their specific parameters VMware Inc Chapter 9 Unified Access Table 9 1 describes all the desktop parameters Table 9 1 Desktop Parameters Property Desktop pool state Parameter Description Enabled After being created the desktop pool is enabled and ready for immediate use Disabled After being c
20. select the Log in as current user check box when connecting to the View Connection Server instance These users must reauthenticate with their smart card and PIN when they log in to a View desktop Configure the smart card removal policy NOTE You cannot configure the smart card removal policy when smart card authentication is set to Not Allowed Select the Disconnect user sessions on smart card removal check box to cause users to be disconnected from the View Connection Server instance when they remove their smart cards Users must then reauthenticate to gain access to their View desktops Deselect the Disconnect user sessions on smart card removal check box to allow users to remain connected to the View Connection Server instance when they remove their smart cards Users can start new View desktop sessions without reauthenticating VMware Inc Chapter 5 Client Management The smart card removal policy does not apply to users who connect to the View Connection Server instance with the Log in as current user check box selected even if they log in to their client system with a smart card 5 Click OK 6 Restart the View Connection Server service NOTE Smart card authentication replaces Windows password authentication only If SecurID is enabled users are required to authenticate using this mechanism also Configuring User Profiles A user principal name UPN is an account name and a domain name identifying the dom
21. the Global desktop and pool view pane Entitling a Desktop or Pool Once a desktop or desktop pool has been created you can entitle Active Directory users or groups to access it To entitle a desktop to an Active Directory user or group 1 VMware Inc From within View Administrator click the Desktops and Pools button and then click the Global desktop and pool view entry under the Inventory tab Choose the desktop or pool you want to entitle from the Global desktop and pool view pane Click Entitlements You are presented with the Entitlements window which lists the users and groups who can use this desktop or pool Click Add The user and group entitlement window is displayed From here you view search on and filter all Active Directory users within the domain forest In Type select Users Groups or both From the Domain drop down menu choose the domain that contains the users or groups you want to entitle or select Entire Directory to search across the entire Active Directory domain forest Using the fields provided you can search by name or description Click Find to execute the search NOTE If you want to view a list of all users in the domain leave the Name and Description fields blank 85 View Manager Administration Guide 86 7 From the table choose the user or groups who you want to be able to use this desktop or pool and click OK 8 You are returned to the first page of the Entitlements windo
22. when they log in to their desktops You can use the vdmadmin command to configure domain filtering which limits the domains that a View Connection Server instance or security server searches and that it displays to end users See the Command Line Tool for View Manager technical note for details View LDAP View LDAP is an embedded Lightweight Directory Access Protocol directory that serves as the data repository for all View Manager configuration information View LDAP is provided as part of the View Connection Server installation View LDAP contains the following components that are used within View Manager m Specific View Manager schema definitions m Directory information tree DIT definitions Access control lists ACLs View LDAP contains entries that represent the following View Manager objects m Virtual desktop entries that represent each accessible virtual desktop this contains references to the Foreign Security Principal FSP entries of Windows users and Windows user groups in Active Directory who are authorized to use this desktop m Virtual desktop pool entries that represent multiple virtual desktops managed together m Virtual machine entries that represent each virtual desktop m View Manager component configuration entries used to store configuration settings View LDAP also includes a set of View Manager plug in DLLs that provide automation and notification services for other View Manager components NOT
23. 10g Standard Release 2 10 2 0 1 0 First apply patch 10 2 0 3 0 to the client and Oracle 10g Enterprise Release 2 10 2 0 1 0 server then apply patch 5699495 to the client Oracle 10g Standard Release 1 10 1 0 3 0 N A Oracle 10g Enterprise Release 1 10 1 0 3 0 Oracle 10g Enterprise Edition Release 2 10 2 0 1 0 64 bit First apply patch 10 2 0 3 0 to the client then apply patch 5699495 to the client Oracle 10g Enterprise Edition Release 2 10 2 0 3 0 64 bit N A Oracle 11g Standard Edition Not compatible with VirtualCenter Server 2 5 Oracle 11g Enterprise Edition Not compatible with VirtualCenter Server 2 5 VMware Inc 25 View Manager Administration Guide 26 VMware Inc Installation This chapter describes how to install and back up one or more instances of View Connection Server and also considers the different deployment scenarios you may encounter during this operation Before installing View Connection Server refer to Chapter 1 Introduction on page 11 to view the system requirements and hardware and device support After installing and configuring View Connection Server refer to View Connection Server Backup on page 40 for information on how to back up your View Manager configuration information and Optimizing Your Installation on page 41 for information on how to configure your View environment to accommodate very large desktop deploy
24. Enter the external URL in the External URL field The name must contain the protocol address and port number For example https view example com 443 Click OK The security server is added to the Security Servers list in the Configuration view Select the security server entry and click Create Configuration File Your browser will download the configuration file Save this file as config properties in a convenient location and then copy it to the following location on the security server C Program Files VMware VMware View Server sslgateway conf NOTE On the security server you must restart the VMware View Security Server service for these changes to take effect Creating SSL Server Certificates A Secure Sockets Layer SSL certificate is a cryptographically sealed data object that contains the identity of a server the server s public encryption key and the digital signature of the certificate issuer Certificates serve two major purposes VMware Inc They can provide authenticated proof to a client that the web site they visit is owned by the company or individual who has installed the certificate They contain the public key that the client uses to establish an encrypted connection to a server 99 View Manager Administration Guide 100 By default in View Connection Server when a client visits a secure page such as View Administrator they are presented with the self signed certificate provided with the
25. File gt PKCS7 Select Include Details of Certificate VMware Inc 5 6 Chapter 5 Client Management Save the file with a P7 extension Add this certificate to your keystore as described in To submit the CSR and import the certificate on page 103 Using Existing SSL Certificates Your organization may already have a valid CA signed SSL certificates that you want to use with View Connection Server In order to use an SSL certificate you will require both the certificate and the private key that accompanies it Exporting from Microsoft IIS Server In order to use an existing Microsoft IIS SSL server certificate you must first export it from the IIS application server that hosts the Web site or sites that use it Windows provides visual tools to assist you with this To export an SSL server certificate from the IIS application 1 VMware Inc On the IIS application server host system click Start gt Administrative Tools gt Internet Information Services IIS Manager The Internet Information Services Manager is displayed From the tree widget in the left pane expand the local computer entry and then click Web Sites to view the list of sites hosted by the server In the right pane right click the Web site entry that contains the SSL certificate you want to export and select Properties from the context menu The Web site properties window is displayed Select the Directory Security tab Under Secure co
26. Flash content that overrides any Web page settings If Adobe Flash quality for a given Web page is higher than the maximum level allowed quality is reduced to the specified maximum Lower quality results in more bandwidth savings The following Adobe Flash render quality modes are available m Do not control Quality is determined by Web page settings a Low m Medium m High If no maximum level of quality is specified the system defaults to a value of Low Adobe Flash uses timer services to update what is shown on the screen at a given time A typical Adobe Flash timer interval value is between 4 and 50 milliseconds By throttling or prolonging the interval you can reduce the frame rate and thereby reduce bandwidth The following throttling modes are available m Disabled No throttling is performed The timer interval is not modified m Conservative mode Timer interval is 100 milliseconds This setting results in the lowest number of dropped frames m Moderate mode Timer interval is 500 milliseconds m Aggressive mode Timer interval is 2500 milliseconds The setting results in the highest number of dropped frames Audio speed remains constant regardless of which throttling mode you select To configure Adobe Flash quality and throttling 1 From within View Administrator click Edit and select Desktop Pool Settings 2 Select an appropriate quality mode from the Adobe Flash quality drop down menu 3 Select an appropriate th
27. Internet on page 97 for information on how to add an external URL to a security server to make it accessible from the Internet Offline Desktop If you intend to use the Offline Desktop feature you must also ensure that port 902 is similarly accessible on your ESX ESXi server this port is used to establish the TCP connection through which the offline desktop data is downloaded and uploaded Refer to Chapter 7 Offline Desktop on page 167 for more information about this component RDP When View Agent is installed on a desktop virtual machine or an unmanaged desktop source the application installer configures the local firewall rule for inbound RDP connections to match the current RDP port of the host operating system in most cases this will be port 3389 36 VMware Inc Chapter 2 Installation If an administrator subsequently changes the port number used for RDP the associated firewall rules for both the desktop virtual machine or unmanaged desktop source and the back end firewall must be similarly modified by the administrator For more information about desktop virtual machines and unmanaged desktop sources refer to Desktop Sources on page 66 vCenter Server Permissions for View Manager Users To use vCenter Server with View Manager administrators must have permission to carry out certain operations in vSphere These permissions are granted by creating and assigning vCenter Server roles to a View Manage
28. Log in as current user Description Determines whether the Log in as current user check box is visible on the View Client connection dialog box When the check box is visible users can select or deselect it and override its default value When the check box is hidden users cannot override its default value You can specify the default value for the Log in as current user check box by using the policy setting Default value of the Log in as current user checkbox This setting is enabled by default Default value of the Log in as current user checkbox Specifies the default value of the Log in as current user check box on the View Client connection dialog box This setting overrides the default value specified during View Client installation If a user runs View Client from the command line and specifies the LlogInAsCurrentUser option that value overrides this setting When the Log in as current user check box is selected the identity and credential information that the user provided when logging in to the client system is passed to the View Connection Server instance and ultimately to the View desktop When the check box is deselected users must provide identity and credential information multiple times before they can access a View desktop This setting is disabled by default Brokers Trusted For Delegation Specifies the View Connection Server instances that accept the user identity and credential information
29. OK and exit Registry Editor 6 Restart the Windows Server computer Configuring the System Page File Settings You can optimize the virtual memory on the Windows Server computers on which your View Connection Server instances are installed by changing the system page file settings When Windows Server is installed the operating system calculates an initial and maximum page file size based on the physical memory installed on the computer These default settings remain fixed even after you restart the computer If the Windows Server computer is a virtual machine you can change the memory size through vCenter Server However as long as Windows uses the default setting the system page file size does not adjust to the new memory size To configure system page file settings 1 On the Windows Server computer on which View Connection Server is installed navigate to the Virtual Memory dialog box By default Custom size is selected An initial and maximum page file size appear 2 Click System managed size Windows continually recalculates the system page file size based on current memory use and available memory VMware Inc 47 View Manager Administration Guide 48 VMware Inc View Administrator View Administrator is where you perform all of the configuration deployment analytical and administrative tasks related to View Manager and desktop management This chapter describes the features of View Administrator and the task
30. Users Pane Tab Summary Tab Context Description Summary User This tab provides an overview of all information associated Group with a selected user or user group including general information such as Number of users group only Number of subgroups group only Default domain Contact details user only if available Active sessions user only Group membership user only Desktop and desktop pool entitlement VMware Inc Chapter 3 View Administrator Table 3 2 Users Pane Tab Summary Continued Tab Entitled Users and Groups Context Global Description This tab provides a complete list of all users and user groups that are entitled to use the desktops and pools managed by View Connection Server The default domain of each user the number of desktops or pools to which they are entitled and any active sessions are also provided Desktops and Pools User Group This tab provides information about the desktop entitlements for a specific user or group It displays the same information as that provided in the Entitled Users and Groups tab and also describes the type of desktop or pool to which the selected user or group is entitled Active Sessions All This tab lists all the currently active desktop sessions either globally or for the selected user or group The user name start time duration and virtual machine address for each connected user are shown You can select us
31. VMware Inc Chapter 5 Client Management Table 5 1 View Client Command Line Options Continued Property Description staycheckedout Offline Desktop only Backs up the data on a checked out desktop to the server but keeps the offline desktop checked out This property requires the desktopName property to be supplied offlineDirectory lt xxx gt Offline Desktop only Specifies the local directory path into which a new offline desktop is downloaded This property requires the desktopName property to be supplied All parameters except file languageId rollback checkout checkin staycheckedout and of flineDirectory can also be specified by Active Directory group policies Refer to Chapter 8 Component Policies on page 179 for more information about this NOTE Command line properties override system policies which in turn override user policies View Client Configuration File The connection options required by View Client can be loaded on startup from an external configuration file The file must be a Unicode UTF 16 or ASCII text file that contains entries of the following format serverURL lt URL gt userName lt user name gt domainName lt domain name gt password lt password gt desktopName lt desktop name gt To launch View Client so that it reads the configuration file on startup enter the following C ProgramFiles VMware VMware View CLlient bin wswc f lt filename gt V
32. View including how to install the various software components how to deploy servers and how to provision desktops and control user access This guide also describes the client software that connects users to virtual desktops running on VMware vSphere or to physical systems running within your network environment This chapter includes these topics m Intended Audience on page 9 m Document Feedback on page 9 m Technical Support and Education Resources on page 10 Intended Audience This book is intended for anyone who wants to install administrate or configure View Manager The information in this manual is written for experienced Windows or Linux system administrators who are familiar with virtual machine technology and datacenter operations Document Feedback VMware welcomes your suggestions for improving our documentation If you have comments send your feedback to docfeedback vmware com VMware Inc 9 View Manager Administration Guide Technical Support and Education Resources The following sections describe the technical support resources available to you To access the current version of this book and other books go to http www vmware com support pubs Online and Telephone Support To use online support to submit technical support requests view your product and contract information and register your products go to http www vmware com support Customers with appropriate support contra
33. View Client The following registry entries are not shown when the desktop is launched using View Portal m ViewClient_Machine_Name m ViewClient_Machine_Domain m ViewClient_IP_Address m ViewClient_LoggedOn_Domainname m ViewClient_LoggedOn_Username m ViewClient_MAC_Address m ViewClient_Type VMware Inc 123 View Manager Administration Guide Using PCoIP Display Protocol PCoIP provides an optimized PC experience for the delivery of images audio and video content for a wide range of users on the LAN or across the WAN PCoIP can compensate for an increase in latency or a reduction in bandwidth to ensure that end users can remain productive regardless of network conditions PCoIP is supported as the display protocol for View desktops with virtual machines and with physical machines that contain Teradici host cards For information on PCoIP system requirements see PCoIP on page 20 To configure virtual desktops to use PCoIP to communicate with View Client see Chapter 4 Virtual Desktop Deployment on page 65 Using HP RGS Display Protocol RGS is a display protocol from HP that allows users to access the desktop of a remote computer over a standard network You can configure desktops to run using HP RGS as the display protocol instead of RDP or PCoIP NOTE View Client supports the use of HP RGS as the display protocol when connecting to HP Blade PCs HP Workstations and HP Blade Workstations Connections to
34. View Connection Server clients and their desktop sources To support a large View desktop deployment you can increase the size of the TCB hash table The TCB is a memory resident data structure that contains socket numbers the location of incoming and outgoing data buffers bytes received or unacknowledged and other information To retrieve this information quickly Windows Server stores TCB data structures in a hash table By default the operating system configures the number of hash table rows based on the number of CPUs in the Windows Server computer You use two different formulas to calculate the TCB hash table size on View Connection Server instances and security servers To support a large number of View desktops you can optimize the size of the TCB hash table on each View Connection Server instance Calculate the size in rows To calculate the size of the TCB hash table for View Connection Servers Use the following formula number of hash table rows on each View Connection Server instance CCS clients servers desktops 20 Where clients projected number of concurrent client connections servers number of View Connection Server instances in replicated group desktops number of View desktop sources in your deployment VMware Inc 43 View Manager Administration Guide 44 For example you might have 3 000 concurrent client connections three View Connection Server instances and 6 000 View desktop sources in
35. a certificate authority in accordance with their enrollment process and request a certificate in PKCS 7 format As part of this process you may need to provide proof of identity proof of domain ownership and so forth For testing purposes many certificate authorities also provide a free temporary SSL certificate based on an untrusted root Thawte https www thawte com cgi server try exe VeriSign http verisign com ssl buy ssl certificates free ssl certificate trial GlobalSign http globalsign com free ss certificate free ssl htm Some CAs only provide certificates in PKCS 12 format If you download this type of certificate you must refer to To convert a PKCS 12 certificate to PKCS 7 on page 104 for information on how to convert the certificate file to PKCS 7 before proceeding 2 If you have received either a temporary or full certificate from the CA copy the contents of the file into a text editor and save it as certificate p7 The contents of the file will resemble a slightly longer version of the following example MIIF AYJKoZIhvcNAQcCoIIF6TCCBeUCAQEXADALBgk LDCCApWgAwIBAgIQTpY7DsV1in1HeMGgMjMR2PZANBgk 17coVx71 1CBOLFmx66NyK1ZK5mObgvd2d1nsAP nnS EhCsdpikSpbtdo18jUubV6z1kQ71CrRQtbi wWtdqxQE VMware Inc 103 View Manager Administration Guide 104 From a command prompt enter the following where lt secret gt is the keystore password keytool import keystore keys p12 storetype pkcs12 storepass lt secret gt
36. a short lived endpoint that is created by the operating system when a program requests any available user port The operating system selects the port number from a predefined range typically between 1024 and 65535 and releases the port after the related TCP connection terminates By default you can create a maximum of approximately 4 000 ephemeral ports that run concurrently on Windows Server 2003 VMware Inc 41 View Manager Administration Guide If your View Manager deployment is likely to use more than 800 concurrent client connections you should increase the number of available ephemeral ports To support a large number of concurrent client connections you can calculate the optimal number of ephemeral ports to configure on each View Connection Server instance To calculate the number of ephemeral ports Use the following formula number of ephemeral ports 5 clients servers 10 Where clients projected number of concurrent client connections servers number of View Connection Server instances in replicated group For example you might plan a deployment managed by three View Connection Server instances If you anticipate having 3 000 concurrent client connections you would need 5 010 ephemeral ports as shown in Table 2 1 Table 2 1 Example Calculating the Number of Ephemeral Ports Configuration Parameter Sample Values Projected number of concurrent client connections 3 000 Number of View Connection S
37. and allow the browser to automatically install the required components on the client system However if you choose to do this you must be aware of the following m View Portal does not provide Virtual Printing or USB support m Windows Start Menu entries for View Portal are not created after installation VMware Inc Chapter 5 Client Management If you install View Client from the executable Virtual Printing and USB support are offered within the application and Start Menu entries are created NOTE View Portal does not support USB redirection regardless of installation path To install View Client 1 VMware Inc Run the View Client executable on the system that will host the client where xxx is the build number of the file VMware viewc Lient xxx exe When the VMware Installation wizard appears click Next Accept the VMware license terms and click Next Choose your custom setup options m Ifyou do not want users to access locally connected USB devices through their desktops deselect the USB Redirection component m Ifyou want to require all users to provide identity and credential information to log in to a View Connection Server and again to access a View desktop deselect the Log in as current user component NOTE Windows XP Home Windows Vista Home Basic Windows Vista Home Premium and Windows 2000 do not support the Log in as current user feature If you selected the Log in as current user c
38. cannot be installed on the same machine You cannot install View Client with Offline Desktop on any system that has VMware ACE VMware Player VMware Server or VMware Workstation installed These applications must be uninstalled prior to installing View Client with Offline Desktop View Client with Offline Desktop Supported Guests The following 32 bit operating systems can be downloaded and used by View Client with Offline Desktop m Windows XP Professional SP2 m Windows XP Professional SP3 VMware Inc Chapter 1 Introduction View Client and View Client with Offline Desktop MMR The multimedia redirection MMR feature delivers the multimedia stream directly to the client using a virtual channel This enables full fidelity playback MMR is supported by View Client and View Client with Offline Desktop on Windows XP Windows XP Embedded and Windows Vista client operating systems Make sure that the MMR port is added as an exception to your firewall software The default port is 9427 MMR supports the following media formats m AC3 m MP3 m MPEG 1 m MPEG 2 m MPEG 4 part2 WMA m WMV 7 8 9 The recommended application to use with these files is Windows Media Player 10 this application supports MMR and should be installed on both the client and View Manager desktop NoTE MMR will not work correctly if the View Client video display hardware does not have overlay support View Portal ActiveX controls are requi
39. connect and click Next Configure shortcuts for the View Client and click Next To launch View Client when installation is completed select the check box Click Install gt Finish To start View Client with Offline Desktop 1 VMware Inc If View Client does not start automatically after installation double click the desktop shortcut or click Start gt Programs gt VMware gt View Manager Client In the Connection Server drop down menu enter the host name or IP address of a View Connection Server Optional If the Log in as current user check box is displayed you can select this check box to use the credentials that you specified when you logged in to this system to log in to the View Connection Server and the View desktop If you do not select Log in as current user you have to provide credentials to log in multiple times before you can access a View desktop If you select Log in as current user and you are authorized to log in to the View Connection Server you are not prompted to enter login credentials in Step 5 Click Connect 175 View Manager Administration Guide 5 Enter the credentials for an entitled user select the domain and click Login If you type the user name as user domain it is treated as a user principal name UPN because of the at sign so the domain drop down menu dims 6 Select a desktop from the list provided and click Connect View Client attempts to connect to the specified deskt
40. described in To generate a Security Server config properties file from the Configuration view on page 99 if you intend to use message security mode in your View environment the configuration file created by this procedure contains information that is critical to this type of global configuration 98 To set the external URL on a standard or replica server 1 From within View Administrator click the Configuration button 2 Under View Servers select a View Connection Server entry and click Edit 3 Enter a URL in the External URL field The name must contain the protocol address and port number For example https view exampLe com 443 Click OK VMware Inc Chapter 5 Client Management Security Server External URLs The external URL of a security server cannot be defined from within View Administrator Instead you can use View Administrator to generate a configuration file that contains the externally resolvable security server name port number and protocol This file is then placed on the security server To generate a Security Server config properties file from the Configuration view 1 From within View Administrator on the standard or replica server associated with the security server click the Configuration button Click the Servers entry in the left pane Under Security Servers click Add The Add Security Server window is displayed Enter the FQDN of the security server in the Server Name field
41. disabled This property is disabled by default Toggle Display Settings Control Determines whether to disable the Settings tab in the Display control panel when a client session uses the PCoIP display protocol This property is enabled by default CommandsToRunOnConnect A list of one or more commands that are executed when a client logs on to a desktop For more information see Client Computer Information on page 121 VMware Inc 189 View Manager Administration Guide Table 8 9 View Agent Configuration Properties Agent Configuration Continued Property CommandsToRunOnReconnect Description A list of one or more commands that are executed when a client reconnects to a desktop that contains an active session For more information see Client Computer Information on page 121 View Client Configuration Use the GPO described in Table 8 10 Table 8 11 and Table 8 12 to configure View Client and View Client with Offline Desktop behavior Table 8 10 View Client Configuration Properties Property Disable time zone forwarding Description Determines if the time zone of the View Manager desktop is synchronized with that of the connected client When enabled this property will only apply if the Disable Time Zone Synchronization property of the View Agent Configuration policy is not set to disabled This property is disabled by default Pre login message precedes smart card
42. experiment with We do not expect these features to be used in a production environment However if you do encounter any issues with an experimental or tech preview feature we are interested in any feedback you are willing to share Please submit a support request via the normal access methods You will receive an auto acknowledgement of your request We cannot however commit to troubleshoot provide workarounds or provide fixes for these features VMware Inc Chapter 1 Introduction View Connection Server View Connection Server is not supported on servers that have the Windows Terminal Server role installed Remove the Windows Terminal Server role from any server on which you will be installing View Connection Server View Connection Server runs on a 32 bit or 64 bit dedicated physical or virtual server with the following specifications m Pentium IV 2 0Ghz processor or higher dual processors are recommended m 2GB RAM or higher 3GB RAM is recommended for deployments of 50 or more View Manager desktops m One or more 10 100Mbps network interface controllers NIC 1Gbps NIC is recommended NOTE The above specifications apply to any additional View Connection Server instances that are installed in your environment for the purposes of high availability or external access Supported Operating Systems The View Connection Server can be installed on the following 32 bit operating systems m Windows Server 2003 R2 Sta
43. hardware fails and recover quickly from unplanned outages without duplicate hardware Secure access Optional secure encapsulation capabilities allow all network connections to be encrypted Support for two factor authentication With RSA SecurID access control is strengthened USB client device and Virtual Printing support USB devices and printers can be locally connected to clients yet accessed from a virtual desktop Web based management user interface A Web based administrative console allows virtual desktops to be managed from any location Support for non vSphere systems physical machines or terminal services systems can be also managed by View Manager ensuring a seamless integration of existing architectures into the View environment Scalable virtual infrastructure linked clone technology allows multiple desktops to be deployed from a single base image Subsequent changes to this image can be automatically proliferated among all desktops in linked clone pool View Manager is a fully internationalized product 13 View Manager Administration Guide View Manager Components View Manager consists of the following major components View Connection Server a software service that acts as a broker for client connections by authenticating and then directing incoming remote desktop user requests to the appropriate virtual desktop physical desktop or terminal server View Agent a software service that is in
44. illustrated in Figure 6 5 134 VMware Inc Chapter 6 View Composer Figure 6 5 Desktop Rebalance After parent VM base image snapshot E Poa 1 e 2 se Se OS data disk user data disk user data disk OS data disk J OS data disk user data disk user data disk OS data disk free space free space A high level of storage overcommit introduces the possibility of virtual machines growing to such a level that all free space within the datastore is consumed When the volume of space being used by the virtual machines on the datastore reaches m 95 A log entry is generated that states the datastore is short on free space m 99 Every virtual machine resident within the datastore is suspended VMware Inc 135 View Manager Administration Guide The rebalance feature offers administrators a graceful mechanism for introducing additional storage to a datastore in order to prevent the latter outcome In addition prior to executing the rebalance action you may also retire old storage and make resource pool alterations and host changes Only desktops in the Ready Error or Customizing state with no schedules or pending cancellations can be rebalanced In addition you cannot rebalance the load between the local storage systems on multiple standalone ESX servers It is recommended to keep linked clone desktop virtual machines on a datastore with no other type of virtual machine so that the rebalance action is applied
45. individual users to simultaneously connect to multiple desktops in the same pool Refresh OS disk on logoff persistent pools only Never the base operating system image is never refreshed Always the base operating system image is refreshed every time the user logs off Every the base operating system image is refreshed on a recurring basis at a specified time Enter a positive number of days in the field provided At the base operating system image is refreshed when the size of the operating system data reaches a certain level on the datastore Enter a percentage value in the field provided Default display protocol Select the display protocol that you want View Connection Server to use when communicating with View Client PCoIP Provides an optimized PC experience for the delivery of images audio and video content for a wide range of users on the LAN or across the WAN PColIP is supported as the display protocol for individual desktops with virtual machines and with physical machines that contain Teradici host cards Microsoft RDP A multi channel protocol that allows a user to connect to a computer running Microsoft RDC Allow users to override the default protocol Select if you want to allow users to override the default display protocol from within View Client Max number of monitors If you are using PCoIP select the maximum number of monitors on which users can display the desktop Not
46. name is what the user sees when logging in The unique ID and display name can be arbitrary but if you do not specify a display name the unique ID is used for both If your installation has multiple VirtualCenter or vCenter Servers see Uniqueness of Unique ID on page 214 NOTE You can use any alphanumeric character including spaces to provide an optional description The description can be up to 1024 characters in length and is only visible from within the View administrator interface After you provide the desktop identification details click Next Specify the desktop parameters and click Next For more information on the parameters that are applicable to unmanaged persistent and non persistent pools see Table 9 2 Mapping Desktop Parameters to Desktop Types on page 206 In the table on the Desktop Sources page select the desktop sources to include in the pool and click Next All registered desktop sources that are running a supported guest operating system and that another desktop or desktop pool is not using appear in the table For more information about registering desktop sources see Install View Agent on an Unmanaged Desktop Source on page 206 Review the information in Ready to Complete and click Finish to accept it or Back to make corrections Click Finish The desktop is added successfully and appears in the main Desktops page 209 View Manager Administration Guide 210 To add a termin
47. pools deleting unmanaged 213 desktop sources adding and changing 207 adding and removing 211 changing an individual 212 227 View Manager Administration Guide 228 power policies 179 preparing to access remote desktops 204 Unified Access 203 unmanaged installing View Agent on 206 unregistering 213 desktops adding unmanaged individual 207 automated pool 67 checking out 176 cloning 127 connecting using View Client 96 connecting using View Portal 96 database system requirements 24 deleting 213 enabling and disabling 211 entitling users and groups to 85 211 individual 67 manual pools 67 non provisioned 66 Offline Desktop 167 provisioned 66 rebalancing 133 recomposing 131 refreshing 132 restricting access using tags 86 sources 66 terminal server pools 68 unmanaged 67 disabling View Manager 91 disconnecting active sessions 90 E entitling users and groups to a desktop 85 211 events displaying 63 searching 63 Events view 63 G GPO user configuration for View Client 195 View Connection Server configuration 194 GPOs Computer Configuration 188 User Configuration 195 View Agent 195 View Client 195 View Client Configuration 190 View Common Configuration 194 View Configuration 188 View Server Configuration 194 Group Policies on Windows NT 186 l individual desktops 67 71 installing replica servers 30 security servers 32 standalone servers 30 standard servers 30 View Agent on an unm
48. prerequisites are in place Ensure that the Parent VM m Isjoined to the Active Directory domain in which you want linked clone desktops to reside m Networking settings proxies and so forth are properly configured m Uses DHCP in order to acquire its IP address m System disk is to be attached to the SCSI 0 0 Virtual Device Node This property can be configured from within vCenter Server m Operating system power settings are set to remain on at all times m System disk contains a single volume multiple virtual disks are supported y CAUTION Do not attempt to deploy clones from a Parent VM that contains more than one volume as the result of disk partitioning Multiple partitions are not supported by the View Composer service m The View Agent service is installed and is running NOTE For automated updating of View Agent in large environments VMware recommends using standard Windows update mechanisms such as Altiris SMS LanDesk BMC or other systems management software If you have not already done so install the latest operating system and application service packs and patches on the Parent VM DHCP Lease Removal It is recommended that you release any DHCP information that may exist on the Parent VM so that a leased IP address is not replicated amongst the linked clones in the pool You can release a DHCP lease by opening a command prompt on the Parent VM and entering the following ipconfig release
49. printers work together without conflict NOTE A redirected USB printer is a device attached to a local USB port that has been manually redirected from within View Client to communicate with a remote desktop If a user redirects a USB port from their local system to a remote desktop any USB printer attached to that port becomes available for use on the remote system providing the required drivers are also installed However because this redirection effectively removes the USB printer from their local environment the virtual equivalent on the remote system will also be removed Adobe Flash Bandwidth Reduction You can reduce the amount of bandwidth used by Adobe Flash content that runs in View desktop sessions This reduction can improve the overall browsing experience and make other applications running in the desktop more responsive NOTE Adobe Flash bandwidth reduction is available for Internet Explorer sessions on Microsoft Windows only and for Adobe Flash versions 9 and 10 only To make use of Adobe Flash bandwidth reduction settings Adobe Flash must not be running in full screen mode The desktop user can override Adobe Flash settings in the desktop For more information see Overriding Bandwidth Reduction Settings in the Desktop on page 121 VMware Inc 119 View Manager Administration Guide 120 Setting Adobe Flash Quality and Throttling You can specify a maximum allowable level of quality for Adobe
50. satisfied with the configuration click Finish to deploy the individual desktop Once the deployment has been initiated you can monitor the progress of the individual desktop by selecting either the Desktops and Pools or Desktop Sources tabs in the Global desktop and pool view pane Automated Desktop Pools 74 Automated desktop pools contain one or more dynamically generated desktops that are automatically created and customized by View Manager from a vCenter Server virtual machine template Desktop pools of this type can be either m Persistent Desktops in this type of pool are allocated statically in order to ensure that users connect to the same system each time they log in Desktop assignment takes place the first time the user connects m Non persistent Desktops in this type of pool are allocated dynamically when the user logs in and are returned to the pool when the user disconnects Automated desktop pools can use the linked clone feature to rapidly deploy desktops from a single Parent VM However this section describes a deployment that does not use this feature For more information about linked clones including the deployment procedure refer to Chapter 6 View Composer on page 127 Virtual Machine Templates After you install and configure the guest system convert the virtual machine to a template You can then use the template as a desktop source for automated desktop pools View Composer linked clone
51. template an individual desktop instance or a pool of manually selected virtual desktops However in all of these cases a base or guest system must first be selected and configured for use with View Manager Desktop Sources Different desktop sources have different capabilities in terms of application support and user experience They also differ in the way they are configured and managed and the provisioning choices they offer The desktop sources supported by View Manager include the following View Manager Provisioned and vCenter Server Managed the desktop source is a virtual machine that is provisioned by View Manager and is managed by a vCenter Server To add this desktop source the following settings must be specified by the administrator m vCenter Server that provisions and manages the virtual machines You can only use vCenter Servers that are known to the View Manager server m Template used to provision the virtual machines m Location in the vCenter Server inventory hierarchy where you want to add the virtual machines m Data store for the virtual machines m Customization specification for the virtual machines View Manager Non Provisioned and vCenter Server Managed the desktop source is a virtual machine that is managed by a vCenter Server but not provisioned by View Manager Virtual machines already exist on the vCenter Server To add this desktop source the following settings must be specified by the adminis
52. that is passed when a user selects the Log in as current user check box If you do not specify any View Connection Server instances all View Connection Server instances accept this information To add a View Connection Server instance use one of the following formats m domain system m system domain com m The Service Principal Name SPN of the View Connection Server service 192 VMware Inc Chapter 8 Component Policies Table 8 12 View Client Configuration Properties Security Settings Continued Property Ignore incorrect SSL certificate common name Chost name field Description Determines if errors associated with incorrect server certificate common names are disabled When the common name on the certificate does not correlate with the host name of the server that sends it an error results When this property is enabled this error is ignored This property is disabled by default Ignore bad SSL certificate date received from the server Determines if errors associated with invalid server certificate dates are disabled This error occurs when the date on certificate sent by the server has passed Ignore unknown certificate authority problems Determines if errors associated with an unknown certification authority on the server certificate are ignored This error occurs when the certificate sent by the server is signed by an untrusted third party authority Ignore certificate re
53. that predate View Manager 3 0 will be refused when attempting to communicate If a security server exists in your View Manager environment and you enable this setting you must have an appropriately configured config properties file resident on the security server Refer to To generate a Security Server config properties file from the Configuration view on page 99 for more information about this Message security is supported in View Manager 3 1 and later If you change the message security mode from Disabled or Mixed to Enabled you cannot launch a desktop that has a View Agent from Virtual Desktop Manager version 2 1 or earlier If you then change the message security mode from Enabled to Mixed or Disabled the desktop still fails to launch To be able to launch a desktop after changing the message security mode from Enabled to Mixed or Disabled reboot the affected desktop VMware Inc Chapter 3 View Administrator Table 3 4 Global Settings Continued Property Description Direct connection for Offline Desktop if available supports tunneled or Offline Desktop operations non tunneled communications for LAN based data transfers When tunneling is enabled all traffic is routed through the View Connection Server When tunneling is not enabled data transfers take place directly between the online desktop host system and the offline client Use SSL for Offline Desktop Determines if communications and data transfers t
54. the View Connection Server If no backup has yet taken place the time indicated is the same as Check out Time In addition to the above information you can view the host name and IP address of a client system and the name of the checked out desktop and its DNS entry or IP address by selecting a desktop from the list and clicking Details Client Connection Multiple users may be entitled to use a system but only the user who initially checks out a desktop can access it locally using the View Client with Offline Desktop application If a user connects to the offline desktop in the absence of a network connection the locally cached user information is used to authenticate the user Once logged in if the connection is restored the user must reauthenticate in order to continue to use their desktop if RSA authentication is enabled this information will also be required VMware Inc 177 View Manager Administration Guide 178 Removing Access In addition to the standard methods of account suspension or removal offered by Active Directory Offline Desktop sessions can be terminated from within the administrative interface by removing user entitlement from an individual desktop or desktop pool or by discarding the offline session If you remove entitlement from an individual desktop or desktop pool that contains an active checked out session where the View Connection Server is able to communicate with the client the desktop is susp
55. the desktop is allowed to do this NoTE A rollback cannot be executed during any type of active transfer VMware Inc Component Policies A policy is a rule or set of rules defined by a system administrator that governs the behavior of an application Within View Manager policies can be used to establish the configuration of constituent components by controlling the logging of information managing client access restricting device usage establishing security parameters for client usage and so forth Some component policies can be assigned through View Administrator whereas others are contained within Group Policy Objects inside Active Directory and are applied to users or desktops at the Windows registry level The following sections describe the purpose of each type of policy and where they are configured and applied This chapter discusses the following topics m Power Policy on page 179 m Client Policies on page 183 m Group Policy Objects on page 186 Power Policy During the deployment process many types of desktop or desktop pool present you with the opportunity to configure the power policy of their desktop sources Power policy controls how desktops behave when they are not in use and is therefore an important mechanism for the management of resources within your View Manager environment NOTE A View Manager desktop is not in use before the user has logged in or after the user has disconnect
56. under the Databases entry in the Object Explorer Exit Microsoft SQL Server Management Studio Express To add an ODBC data source 1 VMware Inc On the vCenter Server host system select Start gt Administrative Tools gt Data Source ODBC The Microsoft ODBC Data Source Administrator wizard is displayed Select the System DSN tab Click Add and select SQL Native Client from the list Click Finish The Create a New Data Source to SQL Server setup wizard is displayed In the appropriate fields enter aname for example VMware View Composer and a brief description of the View Composer database In the Server field enter the SQL Server database information in the form lt host_name gt lt server_name gt where lt host_name gt is the name of the host system and lt server_name gt is the SQL Server instance For example VCHOST1 SQLEXP_VIM Click Next 139 View Manager Administration Guide 140 9 Ensure that the Connect to SQL Server to obtain default settings for the additional configuration options check box is selected and select one of the following options m Ifyou are using local SQL Server select Windows NT authentication It is also known as trusted authentication and is supported only if the SQL Server is running on the vCenter Server host m If you are using remote SQL Server select SOL Server authentication Windows NT authentication is not supported on remote SQL Server Click Next
57. virtual desktops use a snapshot instead of a virtual machine template as a base image See Chapter 6 View Composer on page 127 VMware Inc Chapter 4 Virtual Desktop Deployment To create a virtual machine template in vCenter 1 2 Power off the virtual machine Right click the previously configured guest system and select one of the following options m Clone to Template Select this option if you want to use the selected guest system as the basis for a new template without altering the virtual machine itself If you select this option you are presented with a setup wizard that asks you to provide the name of the template environmental information about where you want the template to reside and the disk format to use m Convert to Template select this option if you want to change the guest system into a template This process is instant Customization Specifications Customization specifications are optional but they can greatly expedite automated desktop pool deployments by providing configuration information for such general properties as licensing domain attachment and DHCP settings To create a customization specification 1 2 3 VMware Inc In vCenter Server click Edit gt Customization Specifications Click New to create a new Customization Specification Ensure that Windows is selected in the Target Virtual Machine OS drop down menu and provide a name and an optional description for the custo
58. virtual machines running on ESX are not currently supported Installing HP RGS Components VMware does not bundle or license HP RGS with View Contact HP to license a copy of HP RGS software version 5 2 5 to use with View HP RGS consists of a server side component called RGS Sender and a client side component the RGS Receiver Before you can configure View to use HP RGS you must install HP RGS Sender in the remote desktop operating system and install HP RGS Receiver in the desktop Ensure that the RGS Sender application or port is added as an exception to any firewall software used The default RGS port is 42966 For information about how to install and configure these HP RGS components see the HP RGS documentation available at http www hp com CAUTION Do not install RGS USB on either the sender or receiver 124 VMware Inc Chapter 5 Client Management Configuring HP RGS in View Administrator Make sure that you are using direct connections to the View Connection Server tunneling is turned off To verify that direct connections are used 1 2 3 4 From within the View Administrator click Configuration Select Servers and select the server you want to configure Click Edit In the Edit Server Settings dialog box verify that the Direct connection to desktop check box is selected To configure virtual desktops to use HP RGS to communicate with View Client see Chapter 4 Virtual Desktop Deployment
59. xmL pri The RSA public private key pair is exported from the SviKeyContainer container to a file called keys xm1 that is saved locally to the ASP NET IIS registration tool 2 Copy the keys xml file to the system on which you want to install a new instance of the View Composer service 3 Import the key pair data into the local key container by entering the following from the command prompt on the target system where lt path gt is the path to the exported file aspnet_regiis pi SviKeyContainer lt path gt keys xm1 4 Install the View Composer service using the procedure described in Adding the View Composer Service to vCenter Server on page 143 and provide the required information about the existing data source but select Use the existing RSA key container when prompted Using the SviConfig Tool for View Composer 162 The SviConfig utility accompanies the View Composer application and offers View Manager administrators the ability to upgrade or restore the View Composer database The path to the SviConfig executable file is C Program Files VMware VMware View Composer sviconfig exe The commands described in this section are intended for experienced View Composer administrators and are intended to resolve issues relating to the View Composer service VMware Inc Chapter 6 View Composer Upgrade View Composer Database databaseupgrade The database upgrade command is used to upgrade a View Composer 1 0 sch
60. 9 View Client View Client with Offline Desktop 20 View Portal 23 View Composer 24 2 Installation 27 VMware Inc Overview of View Connection Server 28 View Connection Server Instances 28 Standard Server Installation 30 Replica Server Installation 30 Security Server Installation 32 External URL 36 Offline Desktop 36 RDP 36 vCenter Server Permissions for View Manager Users 37 Initial View Manager Configuration 38 View Connection Server Backup 40 Optimizing Your Installation 41 Ephemeral Ports 41 Increasing the Size of the TCB Hash Table 43 Worksheet to Calculate Ephemeral Ports and TCB Hash Table 45 Optimizing the Java Virtual Machine 46 Configuring the System Page File Settings 47 View Manager Administration Guide 3 View Administrator 49 Overview of View Administrator 49 Desktops and Pools View 50 Users and Groups View 53 Configuration View 55 Product Licensing and Usage 56 Servers 56 Registered Desktop Sources 61 Administrators 61 Global Settings 61 Events View 63 4 Virtual Desktop Deployment 65 Overview of Virtual Desktop Deployment 66 Desktop Sources 66 Desktop Delivery Models 67 Preparing the Guest System 68 Installing the View Agent on the Guest System 69 Using the View Agent on Virtual Machines with Multiple NICs 71 Individual Desktops 71 Deploying an Individual Desktop 71 Automated Desktop Pools 74 Virtual Machine Templates 74 Customization Specifications 75 Deploying an Automated Desktop Pool 76 Manual Deskt
61. Composer database to an existing Oracle 10g instance and make this data source visible to all other components running on the host system These instructions assume that Oracle 10g is installed on the vCenter Server host The instructions also assume that you are configuring the database on Windows Server 2003 SP2 or higher Some steps are different if you configure the ODBC data source on a Windows XP Professional SP2 host VMware Inc 141 View Manager Administration Guide To add a View Composer database to Oracle 10g 1 10 11 On the vCenter Server host select Start gt All Programs gt Oracle OraDb10g_home gt Configuration and Migration Tools gt Database Configuration Assistant to start the Oracle Database Configuration Assistant When the Welcome page appears click Next On the Operations page select Create a database and click Next On the Database Templates page select the Data Warehouse template and click Next On the Database Identification page enter a Global Database Name and an Oracle System Identifier SID prefix For simplicity enter the same value for both On the Management Options page click Next to accept the default settings On the Database Credentials page enter a password for the SYSTEM account and click Next On the remaining configuration pages click Next to accept the default settings On the Creation Options page verify that Create Database is selected and click Finish Revie
62. Configuration GPOs 194 power policies in automated pools 181 of desktop sources 179 product compatibility requirements 22 provisioned desktops 66 Q QuickPrep tool to personalize desktops 137 R rebalancing desktops 133 rebalancing linked clone desktops 159 rebooting active sessions 90 229 View Manager Administration Guide 230 recomposing linked clone desktops 158 linked desktop clones 132 refreshing linked clone desktops 156 Remote Desktop Connection for View Client 21 replica server installation 30 restricted entitlements 86 RSA SecurlD authentication 114 S scripts svi support 217 vdm support 215 searching desktops 89 entitled users and groups 89 searching events 63 security server installation setting up the DMZ 32 smart card authentication 106 SSL certificates configuring new 104 creating 99 creating signing requests 101 exporting Microsoft IIS server 105 importing 103 using existing 105 validating 102 support updating support requests 219 support for View Composer 217 svi support script 217 system requirements product compatibility 22 Remote Desktop Connection 21 View Agent 19 View Client 20 View Connection Server 15 system requirements for View Manager Components 14 T terminal server pools 68 troubleshooting 215 collecting diagnostic information 215 216 svi support script 217 vdm support script 215 View Manager support script 216 tunneling for Offline Desktops 171 U Un
63. Configure the desktop provisioning properties and click Next Property Parameter Description Provisioning Enabled the desktops in the pool will be immediately created upon completion of the deployment procedure or after a desktop is deleted Disabled the desktops in the pool will not be immediately created upon completion of the deployment procedure or after a desktop is deleted Number of desktops Specifies the number of desktops to create in this pool This setting is disabled if you select Enable Advanced Pool Settings in the Advanced Settings panel VM naming pattern By default a prefix is used to identify all desktops in a pool as part of the same group The prefix can be up to 13 characters in length and a numeric suffix is appended to this entry in order to distinguish each desktop from others in the same pool You can override this behavior by entering a name that contains a token representing the pool number the token can appear anywhere in the name For example amber n desktop After deployment n is replaced with the pool number of the desktop Fixed length tokens can be entered using the n fixed construction For example amber n fixed 3 After deployment n fixed 3 is replaced with a fixed length pool number for each the desktop amber 001 amber 002 amber 003 and so forth A 15 character limit applies to names that contain a token but only to the replaced form where the token
64. Connection Servers VirtualCenter Management Server Microsoft Active Directory ESX hosts running Virtual Desktop virtual machines Security servers implement a subset of View Connection Server functionality and do not need to reside in an Active Directory domain In addition security servers do not contain a View LDAP configuration repository and do not access any other authentication repositories such as Active Directory or RSA Authentication Manager VMware Inc 35 View Manager Administration Guide To install a security server 1 aoa A WO N Run the following executable on the system that will host the security server where xxx is the build number of the file VMware viewconnectionserver xxx exe The Installation wizard is displayed Click Next Accept the license terms and click Next Accept or change the destination folder and click Next Choose Security Server Each security server is paired with a View Connection Server and forwards all traffic to that server Enter the FQDN of the standard or replica server with which the security server is to communicate Click Next gt Install gt Finish External URL By default the FQDN of the host is required by View Client in order to establish a connection with View Connection Server This information will not be available to clients who attempt to contact the server from outside your network environment Refer to Client Connections from the
65. D checks user names against the Active Directory user names and denies access to entries that do not match m Clear node secret refers to the node secret on View Agent See Node Secret Reset For more information about this setting see the RSA Authentication Manager user documentation In the Upload RSA authentication agent configuration file sdconf rec field enter the location of the sdconf rec file or click Browse to search for the file For more information about the sdconf rec file refer to the RSA Authentication Manager user documentation Click OK VMware Inc Chapter 5 Client Management Node Secret Reset If a View Client connection with RSA SecurID displays Access Denied and the RSA Authentication Manager Log Monitor displays the error Node verification Failed clear the node secret on View Connection Server and then do the following 1 Run RSA Authentication Manager Host Mode 2 Select Agent Host menu gt Edit Agent Host 3 Select the View Connection Server from the list and select OK 4 Deselect Node Secret Created and click OK NOTE Node Secret Created is selected by default each time you edit it View Client Command Line Options View Client has a number of startup options that can be invoked when launching the application from a command prompt Options are preceded by a hyphen ora forward slash are case insensitive and can be abbreviated down to their shortest unique form For exa
66. Desktop Sources tabs in the Desktops pane VMware Inc 155 View Manager Administration Guide Once the process is complete you can entitle users or groups to use the desktop pool by carrying out the procedure described in Entitling a Desktop or Pool on page 85 Refreshing Recomposing and Rebalancing Linked Clone Desktops You can recompose refresh or rebalance only those linked clone desktops that are part of a persistent pool If you want to change the Parent VM of a non persistent linked clone desktop pool you must modify the pool directly by using the pool deployment wizard The deployment wizard can be invoked by clicking Edit on the summary page for the non persistent pool If you want to make changes to the datastore profile add or remove a storage or modify the pool configuration before rebalancing you must first use the Edit Desktop wizard to reconfigure the pool NOTE Rebalancing will automatically initiate a refresh of the target desktop or desktops In addition only desktops in the Ready Error or Customizing state with no schedules or pending cancellations can be rebalanced You can schedule only one refresh recomposition or rebalance operation at a time V CAUTION Do not modify the Parent VM for example convert it to a template from within vCenter Server before or during any of the procedures described in this section 156 To refresh a linked clone desktop pool 1 From within the Vi
67. E Security server instances do not contain the View LDAP component VMware Inc 29 View Manager Administration Guide Standard Server Installation A standard server deployment creates a single standalone View Connection Server This server could later become the first server instance within a replicated View Connection Server group When a standard server instance is created during View Connection Server installation anew local View LDAP instance is also created The schema definitions DIT definition ACLs and so forth are loaded and the data is initialized NOTE Most configuration data in View LDAP is maintained from View Administrator although View Connection Server manages some entries automatically To install a standard server 1 Run the following executable on the system that will host the View Connection Server where xxx is the build number of the file VMware viewconnectionserver xxx exe The VMware Installation wizard is displayed Click Next Accept the VMware license terms and click Next Accept or change the destination folder and click Next Choose the Standard deployment option a F WwW N Click Next gt Install gt Finish Replica Server Installation 30 Replica servers are additional View Connection Server instances that are installed in order to provide high availability and load balancing When a replica server is installed a local LDAP instance is also created and the View LDAP data
68. Offline Desktop is not supported with vSphere 4 To use the Offline Desktop experimental feature VMware Infrastructure 3 5 Update 3 or Update 4 is required Smart Card Support Smart cards and smart card readers that use a PKCS 11 or Microsoft CryptoAPI provider are supported Display Protocols View Client supports the RDP PCoIP and HP RGS display protocols PCoIP PCoIP provides an optimized desktop experience for the delivery of the entire desktop environment including applications images audio and video content for a wide range of users on the LAN or across the WAN PCoIP can compensate for an increase in latency or a reduction in bandwidth to ensure that end users can remain productive regardless of network conditions PCoIP is supported as the display protocol for View desktops with virtual machines and with physical machines that contain Teradici host cards Key features and restrictions include the following m Remote connections using Virtual Private Networks VPNs are supported m Connections to Windows XP and Windows Vista desktops with the View Agent operating system versions listed in Table 1 1 are supported m Connections from Windows XP and Windows Vista clients with the View Client operating system versions listed in Table 1 1 are supported m View clients that use PCoIP can connect to View security servers but PCoIP sessions with the desktop ignore the security server PCoIP uses UDP for streaming audio and
69. PIN request When enabled the pre login message is sent before a smart card PIN request When disabled the pre login message is presented after a smart card PIN request This property is enabled by default Tunnel proxy bypass address list Specifies a list of tunnel addresses The proxy server is not used for these addresses Use a semicolon to separate multiple entries Determines if the VMware View Client should use proxy pac file Determines whether View Client uses a Proxy Automatic Configuration PAC file Enabling this setting causes View Client to use a PAC file A PAC file commonly called proxy pac helps Web browsers and other user agents find the appropriate proxy server for a particular URL or Web site request If you enable this setting on a multi core machine the WinINet application that View Client uses to find the proxy server information might crash Disable this setting if this problem occurs on your machine This property is disabled by default URL for View Client online help Specifies an alternate URL from which View Client can retrieve help pages This setting is intended for use in environments that cannot retrieve the remotely hosted help system because they do not have internet access 190 VMware Inc Chapter 8 Component Policies Table 8 11 View Client Configuration Properties Scripting Definitions Property Server URL Description Determines the URL used by View C
70. Protocol 124 Using HP RGS Display Protocol 124 Installing HP RGS Components 124 Configuring HP RGS in View Administrator 125 6 View Composer 127 Overview of View Composer 127 Linked Clone Desktop Disk Usage 129 Thin Provisioning 130 Storage Overcommit 130 Desktop Recomposition 131 Desktop Refresh 132 Desktop Rebalance 133 Persistent and Non Persistent Desktops 136 Using QuickPrep for Linked Clone Desktop Deployment 137 Preparing vCenter Server for View Composer 137 Creating a SQL Server Database and Data Source for View Composer 138 VMware Inc 5 View Manager Administration Guide Creating an Oracle 9i Database and Data Source for View Composer 140 Configuring an Oracle 10g Database and Data Source for View Composer 141 Adding the View Composer Service to vCenter Server 143 vCenter Server User Permissions 144 Preparing a Parent VM 145 DHCP Lease Removal 145 Installing the View Agent on the Parent VM 146 Creating a Parent VM Snapshot 147 Deploying Linked Clone Desktops from View Manager 147 Refreshing Recomposing and Rebalancing Linked Clone Desktops 156 Using an Existing View Composer Database 161 Using the SviConfig Tool for View Composer 162 Upgrade View Composer Database databaseupgrade 163 Restore View Composer Database restoredata 164 7 Offline Desktop 167 Overview of Offline Desktop 167 Offline Desktop Licensing and vCenter Server Access 170 Storage Communications and Security 170 Offline Desktop Policies 172 Suppo
71. SLES 10 SP1 experimental Java JRE Lee thar Tee rdesktop Ubuntu 8 04 experimental Mac OS X Tiger 10 4 experimental Safari Java JRE 1 5 0 RDC 2 0 Mac OS X Leopard 10 5 experimental View Agent You must have administrative privileges to install View Agent on Windows View Manager desktops View Composer You cannot use the View Composer feature of View Manager to deploy desktops that run Windows Vista Ultimate Edition or Windows XP Professional SP1 For more information about View Composer refer to Chapter 6 View Composer on page 127 Volume Licensing and Windows Vista Ultimate Windows Vista Ultimate is not designed for broad enterprise deployment and therefore does not support volume licensing in order to deploy desktop clones that use Windows Vista Ultimate you must first contact Microsoft in order to determine your licensing obligations VMware Inc 19 View Manager Administration Guide 20 View Client View Client with Offline Desktop You must have administrative privileges to install View Client or View Client with Offline Desktop on the client desktop In order to redirect the USB devices attached to the client system for use on the View Manager desktop you must enable the USB redirection feature when you install either client application NOTE Offline Desktop is an experimental feature Refer to System Requirements on page 14 for more information about experimental features
72. Select the Change the default database to check box and select the name of the database you have created for View Composer from the associated list in this example ViewComposer Click Next Click Finish gt OK 10 Click OK to close the Microsoft ODBC Data Source Administrator wizard Creating an Oracle 9i Database and Data Source for View Composer The following instructions describe how to add a new View Composer database to an existing Oracle 9i instance and make this data source visible to all other components running on the host system These instructions assume that Oracle 9i is installed on the vCenter Server host The instructions also assume that you are configuring the database on Windows Server 2003 SP2 or higher Some steps are different if you configure the ODBC data source on a Windows XP Professional SP2 host To add a View Composer database to Oracle 9i 1 a AeA N On the vCenter Server host select Start gt All Programs gt Oracle OraHome92 gt Configuration and Migration Tools gt Database Configuration Assistant to start the Oracle Database Configuration Assistant When the Welcome page appears click Next On the Operations page select Create a database and click Next On the Database Templates page select the Data Warehouse template and click Next On the Database Identification page enter a Global Database Name and an Oracle System Identifier SID prefix For simplicity enter the same value
73. Similarly if user access is removed that is if entitlement is withdrawn or the account is suspended the client system becomes inaccessible when the cache expires or after the client is made aware of this change by the View Connection Server whichever comes first In this scenario the user is not notified prior to disconnection Tunneled Communications and SSL Offline Desktop supports tunneled or non tunneled communications for LAN based data transfers m When tunneling is enabled all traffic is routed through the View Connection Server m When tunneling is not enabled data transfers take place directly between the online desktop host system and the offline client You can disable tunneling by selecting the Direct connection for Offline Desktop operations check box in the Configuration page of the administrative interface In addition to specifying the route for communications you can encrypt the communications and data transfers that take place between the Offline Desktop client and the View Connection Server by selecting the Require SSL for Offline Desktop operations check box in the Configuration page of the administrative interface NOTE Bypassing the tunnel and using an unencrypted connection increases data transfer speed at the expense of secure data communication The encryption setting has no effect on the offline data itself which is always encrypted on the client system VMware Inc 171 View Manager Adm
74. View Administrator the Web based administrative component of View Manager This component is described in detail in Chapter 3 View Administrator on page 49 NOTE This component is only available on standard and replica server instances To perform an initial configuration 1 Open a browser supported by View Administrator and enter the following URL where lt server gt is the host name or IP address of a standard or replica View Connection Server instance https lt server gt admin NOTE View Administrator is accessed through a secure SSL connection The first time you connect your browser may present you with an intermediary page that warns you that the security certificate associated with the address is not issued by a trusted certificate authority This is expected behavior because the default root certificate supplied with View Connection Server is self signed Log in using the appropriate credentials Initially all domain users who are members of the local administrators group on the View Connection Server are allowed to login to the View Administrator you can use the interface to change the list of View Manager administrators later The first time you log in the Configuration view is shown After you have licensed the product the Desktop view is displayed after log in NOTE If the Configuration view is not shown click the Configuration R button at the top of the screen Within the Configur
75. View Manager Administration Guide View Manager 4 0 1 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new edition To check for more recent editions of this document see http www vmware com support pubs EN 000242 02 vmware View Manager Administration Guide You can find the most up to date technical documentation on the VMware Web site at http www vmware com support The VMware Web site also provides the latest product updates If you have comments about this documentation submit your feedback to docfeedback vmware com Copyright 2010 VMware Inc All rights reserved This product is protected by U S and international copyright and intellectual property laws VMware products are covered by one or more patents listed at http www vmware com go patents VMware is a registered trademark or trademark of VMware Inc in the United States and or other jurisdictions All other marks and names mentioned herein may be trademarks of their respective companies VMware Inc 3401 Hillview Ave Palo Alto CA 94304 www vmware com 2 VMware Inc Contents About This Book 9 1 Introduction 11 Overview of View Manager 11 View Manager Features 12 View Manager Components 14 System Requirements 14 View Connection Server 15 Operating System Support for Installed Components 17 Operating System Support for Web Components 18 View Agent 1
76. able at any given time the power policy for those desktops ensures that they are always powered on This behavior is illustrated in the following pooling example the parameters for which are provided in Table 8 3 Table 8 3 Pooling Example 1 Type Minimum Maximum Available Power Policy Non Persistent Automated Pool 10 20 2 Suspend VM After the deployment process is completed 10 desktops are created 2 are powered on and immediately available and 8 are in a suspended state For each new user that connects a desktop is powered on so as to maintain the availability level When the number of connected users exceeds 8 additional desktops up to a limit of 20 are created so that the availability level can be maintained Once the maximum number is reached the desktops of the first 2 users to disconnect remain powered on in order to maintain the availability threshold The desktop of each subsequent user to disconnect is suspended as per policy VMware Inc 181 View Manager Administration Guide 182 Power Policy Example 2 In the following pooling example the parameters for which are provided in Table 8 4 the maximum and minimum number of desktops are equal Table 8 4 Pooling Example 2 Type Minimum Maximum Available Power Policy Non Persistent Automated Pool 5 5 2 Suspend VM Initially 5 desktops are created 3 suspended and 2 powered on and available If a fourth system in this pool is suspended no additional d
77. ain in which the user account is located The usual form of UPN is user domain For a user to connect using smart card authentication their account in Active Directory must have a valid UPN associated with their userPrincipalName property The UPN for each user who requires smart card authentication must be set to the subject alternative name SAN contained within the root certificate of the trusted CA You can locate this information by viewing the certificate properties as described in Exporting a Root Certificate from a User Certificate on page 107 NOTE You need to provide this information only if the certificate was issued from a domain other than the one in which the user presently resides A characteristic of exporting a certificate from a server in the user s current domain is that the user s UPN and root certificate SAN will correlate The most straightforward way of adding this information to Active Directory is to use the ADSI Edit utility provided with the Windows Support Tools software collection If it is not already present on your Active Directory server you can download and install Windows Support Tools from the following location http www microsoft com downloads details aspx FamilyID 96a3501 1 fd83 419d 93 9b 9a772ea2df90 To set the UPN to the SAN on Active Directory 1 On the Active Directory server click Start gt All Programs gt Windows Support Tools to open a command prompt at the Support Tools dire
78. aintenance tasks that are taking place with the pool The view provides information about the scheduled task start time any errors that may have been encountered during task progress and if the task has been paused If one or more tasks are in progress you can select individual entries from the table provided and click Cancel Task to terminate the task m Pause Task to suspend the task m Resume Task to resume the task if it was previously suspended this is indicated by the Halted column Policies Desktop This tab lists the policies that are applied to the selected Desktop Pool desktop or desktop pool Any user level policies that have been applied are also listed in this view Users and Groups View The Users and Groups view is displayed when you click the Users and Groups button and is where you can monitor the desktop assignments and active sessions of entitled View Manager users From here you can examine information about users and associated user groups view desktops to which they are assigned and any sessions that are active and evaluate user entitlements at the global level NOTE Compared to the Desktops and Pools view there are few functions available within this area however you can disconnect or logoff active sessions reset virtual machines and roll back offline desktops if available from this view on a per user basis VMware Inc 53 View Manager Administration Guide 54 The Users and Gr
79. al server pool 1 Ensure that you have the appropriate login credentials and log in to View Administrator In the Desktops tab click Add In the Desktop Type window select Microsoft Terminal Services Desktop Pool and click Next Enter the Unique ID the Display name and the Description The unique ID is the name that View Manager uses to identify the desktop The desktop display name is what the user sees when logging in The unique ID and display name can be arbitrary but if you do not specify a display name the unique ID is used for both If your installation has multiple VirtualCenter or vCenter Servers see Uniqueness of Unique ID on page 214 NOTE You can use any alphanumeric character including spaces to provide an optional description The description can be up to 1024 characters and is only visible from the View administrator interface After you provide the desktop identification details click Next Specify the desktop parameters and click Next For more information on the parameters that are applicable to terminal server pools see Table 9 2 Mapping Desktop Parameters to Desktop Types on page 206 Click Next In the table on the Desktop Sources page select the terminal services sources to include in the desktop pool and click Next All registered desktop sources that are running a supported guest operating system and that another terminal server pool is not using appear in the table For m
80. alancer name To add the Java keytool to the system path 1 Press the Windows key Break to display the Windows System Properties dialog box 2 Under the Advanced tab click Environment Variables 3 In the System variables group select PATH and then click Edit VMware Inc 101 View Manager Administration Guide 5 In the Variable value field add the path to the JRE installation directory ProgramFiles VMware VMware View Server jre bin Ensure that this entry is delimited with a semicolon from any other entries present in the field Click OK gt OK gt OK to close the Windows System Properties dialog box To create a self signed SSL certificate 1 From a command prompt enter the following keytool genkey keyalg RSA keystore keys p12 storetype pkcs12 validity 360 You are prompted to enter a password for the keystore and then to provide information about yourself and your organization When you are asked to enter your first and last name enter the FQDN of the View Connection Server instance you want to secure Enter your department organization location state and country The latter must be in the form of a two letter country code You are shown a summary of the data you have entered and are asked if you want to proceed Enter yes if you are satisfied that the details are correct You are prompted for a key password which is the password specifically for this certificate as opposed to any other cer
81. alling View Client with Offline Desktop NOTE The View Client application provides a subset of the functionality offered by View Client for Offline Desktop however many of the administrative tasks and connection considerations are common to both applications including a number of startup options that can be invoked when launching the application from a command prompt Refer to Chapter 5 Client Management on page 93 for more information about this Before downloading an automated pool desktop for the first time users must connect to this desktop using any View Manager client This will ensure that a local profile is created on that desktop that can be used to authenticate offline sessions in environments that have no network availability It will also ensure that the desktop is correctly associated with the user in View Manager This step is optional although recommended for individual desktops NOTE In environments where a network connection is available the user session will always be authenticated by View Connection Server To install View Client with Offline Desktop 1 Run the View Client with Offline Desktop executable on the system that will host the client where xxx is the build number of the file VMware viewcLientwithoffline xxx exe 2 When the VMware Installation wizard appears click Next 3 Accept the VMware license terms and click Next 4 Choose your custom setup options m Ifyou do not want users t
82. an insecure external network Services that exist within this space are exposed to both networks and provide an entry point for external users to access applications that reside within the secure environment View Connection Server security servers are installed in the DMZ in order to add an additional layer of network protection they ensure that only authenticated users can connect to the internal network from external locations by providing a single point of access Because the inbound communications from DMZ services can be strictly controlled through firewall policy the risk of the internal network being compromised is greatly reduced NOTE In LAN based deployments no security servers are required as users can connect directly with any View Connection Server from within their internal network VMware Inc Chapter 2 Installation Figure 2 2 shows a high availability environment comprising two load balanced security servers in the DMZ communicating with two instances of View Connection Server a standard server and a replica server inside the internal network Figure 2 2 Multiple Security Servers remote View Client DMZ View Security Servers View Connection Servers VirtualCenter Management Server Microsoft Active Directory ESX hosts running L Virtual Desktop virtual machines When remote users connect via a security server they must successfully authenticate before they can access
83. anaged desk top source 206 View Agent on guest systems 69 View Client 95 View Client with Offline Desktop 174 J Java keytool 101 L LDAP replication 30 113 VMware Inc linked clone desktops configuring vCenter Server 137 creating database 138 defined 128 desktop recomposition 130 disk usage 129 protecting recomposition using source virtual machines 131 rebalancing 159 recomposing 158 recomposing desktops 131 refreshing 156 storage overcommit 130 using existing database 161 linked replicas 128 manual desktop pools configuring 81 deploying 82 manual pools 67 N non provisioned desktops 66 O Offline Desktop installing View Client with 174 starting View Client with 175 supported guests 22 Offline Desktops description 14 licensing 170 overview 167 status 176 storage communications and security 170 support for tunneled and non tun neled VMware Inc Index communications 171 supported desktop types 172 vCenter Server access 170 operating system support web components 18 Windows components 17 P Parent VM replica deskop 128 policies client 183 client configuring and applying 184 Computer Configuration GPO 188 defined 179 Group Policy on Windows NT 186 power policy in automated pools 181 User Configuration GPOs 195 View Agent GPO 195 View Client Configuration GPO 190 View Client GPOs 195 View Common Configuration GPO 194 View Configuration GPOs 188 View Server
84. ane that contains a status table for all the offline sessions currently known to the server The column entries in this table are described in Table 7 3 VMware Inc Chapter 7 Offline Desktop Table 7 3 Offline Sessions Field Description User The Active Directory ID of the user who checked out the desktop This ID is in the form domain usernane or in the form username domain when given as a user principal name UPN Desktop The persistent desktop or desktop pool display name if one was provided when the desktop or pool was created in View Manager Status The current checkout status which can be one of the following m Checking out data is being downloaded to the client system or has been paused during transfer m Checked out an offline desktop exists on the client system and the online equivalent is locked m Checking in data is being uploaded from the client system either in the form of a backup or as a full check in or has been paused during transfer Check out Time The time at which the last check out was initiated by the client Offline Duration The overall time of offline usage known to the View Connection Server since the desktop was checked out Last Server Contact The last time View Client with Offline Desktop made contact with View Connection Server When a connection can be established the server is contacted every 5 minutes Last Backup The last time the offline desktop was backed up to
85. anel VM naming pattern By default a prefix is used to identify all desktops in a pool as part of the same group The prefix can be up to 13 characters in length and a numeric suffix is appended to this entry in order to distinguish each desktop from others in the same pool You can override this behavior by entering a name that contains a token representing the pool number the token can appear anywhere in the name For example amber n desktop After deployment n is replaced with the pool number of the desktop Fixed length tokens can be entered using the n fixed construction For example amber n fixed 3 After deployment n fixed 3 is replaced with a fixed length pool number for each the desktop amber 001 amber 002 amber 003 and so forth A 15 character limit applies to names that contain a token but only to the replaced form where the token length is fixed For example my view system n fixed 1 Where the token length is not fixed a buffer of 1 is applied to the token so the maximum replaced length is 14 characters For example a view system n VMware Inc 10 11 12 VMware Inc Chapter 6 View Composer Property Parameter Description Stop provisioning onerror Select this check box if you want View Manager to automatically stop provisioning new virtual machines if an error is detected during desktop creation Advanced Settings Click to display the advanced poo
86. any virtual desktops With appropriate firewall rules on both sides of the DMZ this type of deployment is suitable for accessing virtual desktops from Internet located client devices Multiple security servers can be connected to each standard or replica View Connection Server A DMZ deployment can be combined with a standard deployment to offer access for internal users and external users VMware Inc 33 View Manager Administration Guide Figure 2 3 shows an environment where four instances of View Connection Server act as one group with the servers in the internal network dedicated to the users of that network and the servers in the external network dedicated to users of that network The servers on the right can be enabled for RSA SecurID authentication so that all external network users are required to authenticate using RSA SecurID tokens Depending on your particular server configuration load balancing might be required You will require either a hardware or software load balancing solution if you have more than one security server NOTE View Connection Server does not provide load balancing functionality but works with standard third party load balancing solutions 34 VMware Inc Chapter 2 Installation Figure 2 3 DMZ Deployment with Multiple View Connection Server Instances remote View Client external network load balancing View Client 4 View Security Servers load balancing View
87. application By reading the server certificate the user can decide if the server is a trusted source and then accept or reject the connection The certificate can be signed by a Certificate Authority CA a trusted third party who guarantees the identity of the certificate and its creator To create your own certificate for View Connection Server do one of the following m Create a self signed certificate for your system using the keytool utility provided with the Java Runtime Environment JRE instance that accompanies View Connection Server Self signed certificates are user generated certificates that have not been officially registered with any trusted CA and are therefore not guaranteed to be authentic m Create a certificate and then send a certificate signing request CSR that contains your certificate details to a CA After conducting some checks on the company or individual making the application the CA signs the request and encrypts it with their private key The valid certificate is returned and is then inserted into a keystore on View Connection Server NOTE It is strongly recommended that you continue to use the default certificate provided with View Connection Server until you are ready to create your own certificate and get it signed by a CA Clients connecting to View Connection Server are presented with your certificate If the certificate is self signed but accepted by the user or signed by a CA that is trusted b
88. are If you plan to have ESX ESXi 3 5 hosts in the cluster do not select this check box Click Next Select a resource pool in which to run the virtual machines used by this desktop and click Next 153 View Manager Administration Guide 154 13 Optional This step applies to persistent pools only and determines how user data is stored by desktops within this pool m If you want user data to be preserved after a refresh or recomposition event select Redirect user profile to a separate disk and specify the maximum size of the user data disk and associated drive letter If you are using multiple datastores you can select Use different datastores for user data disks and OS disks Then you can choose which datastores are used for which type of data during datastore selection in Step 14 V CAUTION Do not select a letter that corresponds to a drive that is already present on the Parent VM 14 m Ifyou do not want user data to be preserved after a refresh or recomposition event select Store user profile on the same disk as the OS User data is retained until one of these events is performed by the administrator or executed automatically by policy Once you have configured the user data storage criteria click Next Select one or more datastores on which to store the desktop pool If you do not have sufficient space available you must add free space by selecting an additional datastore NOTE For clusters only sh
89. are Inc Chapter 4 Virtual Desktop Deployment 5 Enter the Unique ID and optionally the Display name and Description and click Next The unique ID is used by View Manager to identify the desktop pool and is the name that the user sees when logging in The unique ID and display name can be arbitrary but if you do not specify a display name the unique ID is used for both If your installation has multiple VirtualCenter or vCenter Servers see Uniqueness of Unique ID on page 214 You can use any alphanumeric character including spaces to provide an optional description The description can be up to 1024 characters in length and is only visible from within View Administrator 6 Configure the desktop properties and click Next V CAUTION If you are using a Windows Vista virtual machine you must set the power policy to Ensure VM is always powered on Property Parameter Description State Enabled after being created the desktop pool is automatically enabled and ready for immediate use Disabled after being created the desktop pool is disabled and unavailable for use This is an appropriate setting if you want to conduct post deployment activities such as testing or other forms of baseline maintenance When VM is not in use Do nothing VM remains on Virtual machines that are powered off will be started when required and will remain on even when not in use until they are shut down Always on ensure VM is al
90. are Inc 219 View Manager Administration Guide 220 VMware Inc Appendix The locked properties File In addition to determining the information returned to the client in order to establish a tunnel connection the locked properties file can contain properties relating to server communications These properties are described in Table A 1 Table A 1 locked properties Client and Server properties Property clientHost Description The externally resolvable host name that the client is instructed to use when contacting the security server If not specified this is set to the value specified by serverName or the system default clientPort The port that the client is instructed to use when contacting the security server If not specified this is set to the value specified by serverPort or the system default clientProtocol The protocol that the client is instructed to use when contacting the security server this can be http or https If not specified this is set to the value specified by serverProtocol or the system default serverName The unique identity of the security server serverPort The port that the security server listens on Default is 80 serverProtocolL The protocol that the security server uses this can be either http or https Default is http VMware Inc 221 View Manager Administration Guide By default the clientHost clientPort and clientProtocol pro
91. ared datastores are supported every host in the cluster must be connected to the datastore to be shown If you are creating a persistent pool and you selected Use different datastores for user data disks and OS disks in Step 13 you can click the down arrow in the Use For column to specify how the storage space for the corresponding datastore is used You can select OS Data or User Data NOTE You must allocate sufficient space for both the operating system and user data in order to proceed The Storage Overcommit column entry determines how aggressively the system assigns new virtual machines to the free space available on a datastore As the level increases less space will be reserved for individual virtual machine growth but more virtual machines will fit on the datastore Click the entry to modify the aggression level for each datastore VMware Inc Chapter 6 View Composer NOTE The Min Recommended Storage at 50 provision and Storage at 100 provision values are only provided as guidelines The actual requirements for the pool will vary based on client usage patterns application workload pool type and so forth Once you have configured the datastore storage criteria click Next 15 View Composer requires a domain user account to join linked clone desktops to the target domain Select the domain name and user name entry from the QuickPrep domain drop down menu You specify these credentials when
92. at another desktop or desktop pool is not using appear in the table For more information about registering desktop sources see Install View Agent on an Unmanaged Desktop Source on page 206 Review the information in Ready to Complete and click Finish to accept it or Back to make corrections Click Finish The desktop is added and appears in the main Desktops page To add an unmanaged manual pool 1 Ensure that you have the appropriate login credentials and log in to View Administrator On the Desktops tab click Add In the Desktop Type window select Manual Desktop Pool and click Next VMware Inc 10 VMware Inc Chapter 9 Unified Access In the Desktop Persistence window specify the persistence settings for the desktops in this pool Persistent This desktop pool allows users to log in to the same desktop every time Users can save documents and files on persistent desktops because they return to the same desktop Non persistent Desktops are available to users when they log in but are returned to the pool when users log off Users log in to a different desktop each time and cannot save documents or files on the desktop In the Desktop Pool Source window choose Physical computers or virtual machines not managed by a vCenter Server and click Next Enter the Unique ID the Display name and Description The unique ID is the name that View Manager uses to identify the desktop The desktop display
93. at have been scheduled or that are currently running against the selected virtual machines View Composer desktops only Active Sessions All This tab lists all the desktop sessions currently active either globally or within the selected pool The user name start time duration and virtual machine address for each connected user are shown You can select user entries from the table provided and click Disconnect session to disconnect the user from the desktop this action does not log the user off and their session will be preserved once they log back in providing the Automatic logoff after disconnect setting specified during desktop deployment has not been exceeded m Logoff session to log the user off and disconnect them from the current session m Reset virtual machine to disconnect any currently connected users and restart the system VMware Inc Chapter 3 View Administrator Table 3 1 Desktops Pane Tab Summary Continued Tab Context Description Offline Sessions All This tab lists all the Offline Desktop desktops currently checked out either globally or within the selected pool Refer to Chapter 7 Offline Desktop on page 167 for more information about this feature and the functions provided on this tab Global Policies Global This tab lists the policies that are applied to all desktops and pools at the global level Tasks Desktop Pool This tabs contains details of any provisioning or m
94. ata disk user data disk bloated OS data disk It is important to occasionally refresh the attached systems in order to prevent the desktop clones growing to the size of a full virtual machine If all the anchored virtual machines are left to grow unchecked then all free space remaining on the datastore could be rapidly consumed particularly if the storage overcommit level is particularly aggressive Desktop Rebalance A logical drive is a structure created on a subsystem for data storage that is defined over a set of drives called an array Logical drives often referred to as LUNs Logical Unit Number and represent the identifier a host uses to access the logical drive are the logical segmentation of arrays If administrators are creating large pools of desktops and are using multiple LUNs there is a possibility that the space is not being used efficiently if the initial sizing was inaccurate Figure 6 4 shows a number of virtual desktops distributed unevenly over two LUNs VMware Inc 133 View Manager Administration Guide Figure 6 4 Desktop Rebalance Before parent VM base image snapshot replica 1 replica 2 E gt user data disk user data disk OS data disk OS data disk user data disk free space OS data disk user data disk OS data disk eel Rebalancing the LUNs evenly distributes any selected or all virtual machines between the available logical drives The result of this action is
95. ation Desktop Pool associated with a desktop or desktop pool including General information about the pool such as the name type persistence and current activity vCenter Server environmental criteria such as server name capacity and domain administrator Desktop settings such as minimum maximum and available number of desktops power policy and so forth From this tab you can click m Edit to modify desktop or desktop pool deployment settings You can select the page with the settings you want to modify in the left navigation pane of the wizard If you make a change that requires that you modify settings on other pages an information icon appears next to those pages in the navigation pane m Entitle to add or remove user entitlements to or from the desktop or desktop pool m Enable Disable to enable or disable desktop or desktop pool availability and provisioning Desktops Global This tab lists all the desktops or desktops pools currently available within View Manager From this tab you can click Add to deploy a new desktop or pool In addition you can select existing desktop or desktop pool entries from the table provided and click m Edit to modify desktop or desktop pool deployment settings You can select the page with the settings you want to modify in the left navigation pane of the wizard If you make a change that requires that you modify settings on other pages an information icon appears next to thos
96. ation view do the following a Click Product Licensing and Usage in the column on the left of the screen b Inthe Product Licensing table click Edit License and enter the View Manager license key in the field provided Click OK c Click Servers in the column on the left of the screen VMware Inc VMware Inc Chapter 2 Installation In the vCenter Servers table click Add and complete the details for one or more vCenter Server servers to use with View Manager i In the Server address text box enter the FODN or IP address of the vCenter Server you want View Manager to communicate with CAUTION Ifyou enter a server using a DNS name or URL no DNS lookup is performed to verify whether or not the server has previously been entered using its IP address A conflict will arise if a vCenter Server is added with both its DNS name and its IP address ii iii iv vi vii viii ix Enter the user name of a vCenter Server user in the User name text box If you want to select a vCenter Server user who is not an administrator but has the requisite level of authority ensure that their role meets the criteria described in vCenter Server Permissions for View Manager Users on page 37 Enter the password that corresponds to the user name entered above in the Password text box Optional Enter a description for this vCenter Server in the Description text box If you will be connecting to the vCenter Server throug
97. ause the first time one or more linked clones are created a uniquely identified copy of the Parent VM called a replica is also created All the desktop clones are anchored directly to the replica and not to the Parent VM Desktops of this type are called linked clone desktops NOTE Replica VMs can be identified within vCenter Server by their replica prefix followed by a unique ID In vSphere Client 4 replica VMs are only visible in the Hosts and Clusters Inventory view In VMware Infrastructure Client 3 5 replica VMs are also visible in the Virtual Machines and Templates Inventory view The Parent VM can be updated or replaced without directly affecting the linked clone desktops and can therefore can be viewed as a standalone virtual machine This set of relationships is illustrated in Figure 6 1 NOTE Ifa replica is deleted the desktops anchored to the replica will cease to work so replicas are treated as protected entities within vCenter Server Figure 6 1 Parent VM Linked Replica and Desktop Clones parent VM can be Pa a different datastore base image snapshot clone 1 S 9 replica J Jo sa OS data disk user data disk OS data disk user data disk Because all the linked clone desktops in this environment are connected to a common source View Composer permits the centralized management of desktops while maintaining a seamless user experience Tasks such as resetting each system to its d
98. backups of View Connection Server including View Composer database data Automatic backup frequency Select a backup interval from one of the following m Every Hour Backups are taken every hour on the hour m Every 6 Hours Backups are taken at midnight 6am midday and at 6pm m Every 12 Hours Backups are taken at midnight and noon m Every Day Backups are taken every day at midnight m Every 2 Days Backups are taken at midnight on Saturday Monday Wednesday and Friday m Every Week Backups are taken weekly on Saturday at midnight m Every 2 Weeks Backups are taken every other week on Saturday at midnight m Never Backups are never taken and must be initiated manually m Max number of backups Indicates the number of previous backup files that can be stored on View Connection Server at any given time When the level is reached the oldest backup file in the backup folder is deleted each time a new backup file is created This figure must be an integer greater than 0 This setting also applies to backup files that are created manually using the Backup Now link in the View Servers table m Folder Location Location of backup files By default C Documents and Settings All Users Application Data VMware VDM backups This location also holds backup files that are created manually using the Backup Now link in the View Servers table 60 VMware Inc Chapter 3 View Administrator Registered Desktop Sources
99. c backups of View LDAP and View Composer database data Using the restoredata command the backup files that relate to your View Composer deployment can then be imported into the SQL database that stores linked clone information in order to restore your View environment to an earlier state NOTE Refer to View Servers on page 57 for information on how to manually or automatically create backup files VMware Inc Chapter 6 View Composer By default the backup files on View Connection Server are stored in the following location C Documents and Settings All Users Application Data VMware VDM backups View Composer backup files use the following naming convention Backup lt Year gt lt Month gt lt Day gt lt Count gt lt vCenter Server Name gt _ lt Domain Name gt SVI For example Backup 20090304000010 foobar_test_org SVI Use Case Use this command when you want to replicate or restore View Composer database data after a system failure or if you want to revert your View Composer deployment to an earlier state Usage Before you can import backup data you must first shut down the View Composer service running on the vCenter Server Restart the service once you have successfully executed the command SviConfig restoredata command instructions are issued from a Windows command prompt in the following form sviconfig operation restoredata DsnName lt target database source name DSN gt Username
100. ce Pack 2 or higher m Windows XP Professional Service Pack 2 or higher NOTE You cannot use the View Composer feature of View Manager to deploy desktops that run Windows Vista Ultimate Edition or Windows XP Professional SP1 Database Requirements A SQL database resident on or available to the vCenter Server is also required to store View Composer data NOTE If one is already present on the vCenter Server View Composer can use the existing database for example the Microsoft SQL Server 2005 Express instance provided with vCenter Server by default The database types supported and the requirements for each supported database are shown in Table 1 3 VMware Inc Chapter 1 Introduction Table 1 3 Database Support and Requirements for View Composer Database Type Microsoft SQL Server 2000 Standard SP4 Requirements For Windows XP apply MDAC 2 8 SP1 to the Microsoft SQL Server 2000 Enterprise SP4 client Use SQL Server driver for the client Microsoft SQL Server 2005 Standard SP1 SP2 For Windows XP apply MDAC 2 8 SP1 to the Microsoft SQL Server 2005 Enterprise SP1 SP2 client Use SQL native client driver for the client Microsoft SQL Server 2005 Express Microsoft SQL Server 2005 Standard Edition 64bit SP2 N A Microsoft SQL Server 2005 Enterprise Edition 64bit SP2 Oracle 9i release 2 Standard 9 2 0 8 Oracle 9i release 2 Enterprise 9 2 0 8 Oracle
101. click the user in the Users folder and select Properties The UPN appears in the User logon name fields on the Account tab 111 View Manager Administration Guide 112 Check the log files in lt drive gt Documents and Settings A1L1 Users Application Data VMware VDM logs on the View Connection Server or security server host for messages stating that smart card authentication is enabled Configuring a Standard or Replica Server A security server that has been configured to use smart card authentication will automatically require the user to authenticate using their card and PIN during login Standard and replica servers can be configured to accommodate several different smart card authentication scenarios To set the smart card authentication setting on a standard or replica server 1 2 From within the View Administrator click the Configuration button Under View Servers select a View Connection Server entry and click Edit From the Smart card authentication drop down menu select one of the following Not allowed Smart card authentication is disabled Optional Users may use smart card authentication to connect but password authentication is also permitted Failure to authenticate using a smart card authentication will require that password authentication is used instead Required Users may only connect using smart card authentication When smart card authentication is required authentication fails for users who
102. ct Start gt Settings gt Control Panel gt Internet Options gt Content gt Certificates gt Personal to verify that certificates are available for smart card authentication When a user inserts a smart card into the smart card reader Windows copies certificates from the smart card to the user s computer so that View Client can use them In the Locked properties file on the View Connection Server or security server host verify that the useCertAuth property is set to true and is spelled correctly The locked properties file is located in this folder lt Install_Directory gt VMware VMware View Server ssLgateway conf If you configured smart card authentication on a View Connection Server instance check the smart card authentication setting in View Administrator a Under View Servers select the View Connection Server instance and click Edit b Verify that Smart card authentication is set to either Optional or Required You must restart the View Connection Server service for changes to smart card settings to take effect If the domain a smart card user resides in is different than the domain your root certificate was issued from verify that the user s user principal name UPN is set to the subject alternative name SAN contained in the root certificate of the trusted Certificate Authority CA a Onyour Active Directory server select Start gt Administrative Tools gt Active Directory Users and Computers b Right
103. ction MMR is enabled on the client MMR is a Microsoft DirectShow filter that forwards multimedia data from specific codecs on the remote system directly through a TCP socket to the client The data is then decoded directly on the client where it is played Administrators can disable MMR if the client has insufficient resources to handle local multimedia decoding Note MMR will not work correctly if the View client video display hardware does not have overlay support MMR policy does not apply to Offline Desktop sessions Table 8 18 View Client Configuration Properties Scripting Definitions Property Server URL Description Determines the URL used by View Client during login For example http view1 example com Logon UserName Determines the user name used by View Client during login Logon DomainName Determines the NETBIOS domain name used by View Client during login Logon Password Determines the password used by View Client during login Caution this password is stored in plain text by Active Directory DesktopName to select Determines the default desktop used by View Client during login VMware Inc Chapter 8 Component Policies Table 8 18 View Client Configuration Properties Scripting Definitions Continued Property DesktopLayout when fully scripted only Description Specifies the layout of the View Client window that a user sees when logging into a View
104. ctionality By using a security server as an intermediary connection layer View Manager ensures that only authenticated users can attempt a connection to your internal network VMware Inc Chapter 3 View Administrator Security servers offer greater network security to environments that allow clients to access them from the Internet Refer to Security Server Installation on page 32 for more information about this The Security Servers table allows you to add one or more security server instances to your View Manager environment You can Add Edit or Remove information about security servers present in your environment by using the links provided The Create Configuration File link is used to expedite the creation of configuration files that allow the security servers to correctly route client requests received from the Internet Refer to Client Connections from the Internet on page 97 for more information about external connections and To generate a Security Server config properties file from the Configuration view on page 99 for more information about this feature View Servers The View Servers table allows you to enable or disable the current View Connection Server indicated by a check mark and any replica instances of View Connection Server known to the this server Select a server entry from the table provided and click m Enable to allow users to connect to their clients using this server m Disable to refu
105. ctory location 2 Enter adsiedit msc to start the ADSI Edit application 3 In the left pane expand the domain in which the user you want to edit is located and expand CN Users VMware Inc 113 View Manager Administration Guide Right click the user and then click Properties An attribute editing window for the user is displayed Double click the userPrincipalName entry from the list In the field provided enter the SAN value of the trusted CA certificate Click OK gt OK and close ADSI Edit RSA SecurlD Authentication View supports RSA SecurID as an additional method for user authentication RSA SecurID provides strong two factor authentication when users access virtual desktops in addition to the authentication provided when using Active Directory credentials 114 If you are using RSA SecurID you must first enable it by editing your View Connection Server settings After you install the RSA SecurID software on your server or servers you can edit RSA settings in the View Administrator user interface To enable or edit RSA SecurlD 1 2 From within the View Administrator click the Configuration button Under View Servers select a View Connection Server entry and click Edit Under the RSA SecurID 2 Factor Authentication heading configure the desired RSA settings m Enable Enables RSA SecurID authentication for end users accessing virtual desktops m Enforce SecurID and Windows user name matching SecurI
106. cts should use telephone support for the fastest response on priority 1 issues Go to http www vmware com support phone_support Support Offerings To find out how VMware support offerings can help meet your business needs go to http www vmware com support services VMware Professional Services VMware Education Services courses offer extensive hands on labs case study examples and course materials designed to be used as on the job reference tools Courses are available onsite in the classroom and live online For onsite pilot programs and implementation best practices VMware Consulting Services provides offerings to help you assess plan build and manage your virtual environment To access information about education classes certification programs and consulting services go to http www vmware com services 10 VMware Inc Introduction View Manager is a flexible and intuitive desktop management solution that enables system administrators to rapidly provision desktops and control user access Client software connects users to virtual desktops running on VMware vSphere or to physical systems running within your network environment This chapter provides a brief overview of the features offered by View Manager and describes the system requirements for installing and running the software components associated with this application This chapter discusses the following topics m Overview of View Manager on page 11 m
107. d VMwareViewComposerReplicaFolder in VirtualCenter Server NOTE VMware vSphere 4 optimizes cloning so it does not have to create the source virtual machine When a recomposition event takes place the source virtual machine is the first desktop to be recomposed against a new snapshot View Composer removes the existing linked clone desktop pool from the VirtualCenter Server and then copies the source virtual machine as many times as necessary in order to replace it This method of pool generation optimizes the recomposition process and is typically much faster than individually recomposing each linked clone desktop in the pool Desktop Refresh A desktop refresh is similar to a desktop recomposition but without any change to the base image This action is carried out in order to restore the system data for a desktop pool to a baseline state and thereby reduce the size of the operating system data of each attached clone NOTE Desktop refresh does not apply to the thinly provisioned disks that contain user data A desktop refresh can be carried out either on demand as a timed event or when the operating system data reaches a specified size Figure 6 3 illustrates the effect of this action note that the user data disk remains unaffected by this event VMware Inc Chapter 6 View Composer Figure 6 3 Desktops Refresh parent VM ps base image snapshot gt S refresh replica 1 S N user disk OS d
108. d balancing components have been configured correctly in your network environment this request reaches the server Upon authentication the FQDN of View Connection Server is returned to the client The second connection the tunnel connection which is SSL encrypted by default is attempted using the FQDN However the connection fails if the FQDN cannot be resolved by the external View Client An example sequence of external and internal client interactions with the server is shown in Figure 5 1 VMware Inc 97 View Manager Administration Guide Figure 5 1 External Client Connection third party load 3 firewall balancer siew firewall View i N ware See Connection Server nirastructure View server1 int server2 int Client VirtualCenter 1 https myview mycorp com f i 2 httpo f server1 int 1 https server2 int 7 2 https server2 int external lt internal This scenario can be addressed by configuring View Connection Server to return an external URL instead of its own FQDN for the second connection channel The process of setting the external URL is not the same for all types of servers For standard or replica servers you can set the URL from within View Administrator For a security server you must create or edit a properties file that contains the inbound connection details and save it in a directory located under the security server installation path CAUTION For security servers you must use the method
109. d the Summary or Desktop Sources tab you can now filter your desktop source selection Select All virtual machines if you want to execute a global refresh against all desktops in the pool m Ifyou specified one or more individual assigned desktops from the Desktop Sources tab you can select The following virtual machines if you want the refresh to apply only to specific systems within the selected group Click Next Schedule when you want the refresh event to take place the default is set to the current time and therefore immediately m If you want any currently connected users to be logged off as soon as the refresh event starts select Force Users to log off NOTE If you select this option connected users will be notified prior to disconnection and given the opportunity to close their applications and log out The notification message can be accessed from within the Global Settings section of the configuration page m Ifyou want the system to wait until a user has disconnected before initiating a refresh of their desktop select Wait for users to log off The Ready to Complete page is displayed This page provides a summary of the refresh task including when the task is scheduled to start and how many virtual machines will be affected If you are satisfied that the information displayed on this page is correct click Finish to start the refresh 157 View Manager Administration Guide 158 To recompose a linked cl
110. d to be offline The following sections provide an overview of Offline Desktop its purpose and implementation NOTE Offline Desktop is an experimental feature Refer to System Requirements on page 14 for more information about experimental features Offline Desktop is not supported with vSphere 4 This chapter discusses the following topics m Overview of Offline Desktop on page 167 m Installing and Running View Client with Offline Desktop on page 173 m Offline Desktop Status on page 176 NOTE For information about usage policies that relate specifically to offline client sessions refer to Client Policies on page 183 Overview of Offline Desktop Offline Desktop addresses the challenge of continuous access that is implicit in any online desktop solution through circumstance or choice users occasionally find themselves in environments where network availability is extremely limited or completely absent VMware Inc 167 View Manager Administration Guide 168 In anticipation of this an Offline Desktop user can use the View Client with Offline Desktop application to download a copy of their desktop virtual machine from the View Connection Server for use on a local computer an event that also locks the online desktop virtual machine preventing it from being accessed from any other location NOTE While a lock is in place vCenter Server operations such as powering on t
111. d within the license coverage Click Edit License to add or modify the license serial number for View Connection Server The Usage table indicates the usage information for currently active desktops including offline desktops if the View Manager license coverage includes Offline Desktop m Update the information displayed in the Usage table by clicking Refresh m Reset the counter that tallies the highest number of concurrent connections by clicking Reset highest Servers The tables in this section describe the relationship between View Connection Server and all other replica and security servers present in your environment It also provides information about the vCenter Servers used by View Connection Server to manage its virtual machines vCenter Server and security server relationships are established manually and you can use each table to add or remove a server from the list The relationships between View servers in a replicated group are defined during the installation process and are detected automatically vCenter Servers The vCenter Servers table lists the vCenter Server servers available for the View Connection Server to use You can click Add Edit or Remove to modify the connection criteria The procedure for adding a server to this table is described in Initial View Manager Configuration on page 38 Security Servers Security servers operate within a DMZ and run a subset of the full View Connection Server fun
112. desktop Click OK to return to the Desktops tab Add or Remove a Desktop Source You can add or remove desktop sources from desktop pools To add a desktop source to a desktop pool 1 2 3 VMware Inc In the desktop pane select a desktop pool and click on the Desktop Sources tab Click Add to add a desktop source to the pool Select the desktop sources to include in the pool and click OK You return to the main page which lists all of the desktop sources in the pool 211 View Manager Administration Guide To remove a desktop source from a desktop pool 1 2 In the desktop pane select a desktop pool and click the Desktop Sources tab Select desktop sources and click Remove A confirmation message appears Click OK to remove the selected desktop source from the pool If any of the desktop sources have active sessions indicate the action to be taken m Leave active Active sessions will remain until the user logs off The View Connection Server does not track these sessions m Terminate Terminates all active sessions immediately You return to the main page and the desktop sources that you removed are no longer listed Change an Individual Desktop Source You cannot add or remove desktop sources in the case of an individual desktop But you can change or reset the desktop source This section is applicable only to Individual Desktops and not to desktop pools To change an individual desktop source 1
113. desktop The layout choices are as follows m Full Screen m Multimonitor m Window Large m Window Small This setting is available only when the DesktopName to select setting is also set Suppress error messages when fully scripted only Determines if error messages are displayed during login If the login fails on account of incorrect login information being entered the user is not notified and the View Client wswc exe process will continue to run in the background Disable 3rd party Terminal Services plugins When this property is set to true no checking takes place for third party Terminal Services plug ins installed as normal RDP plug ins This setting does not affect View specific plug ins such as USB redirection If this policy is not configured the detection and use of third party plug ins is enabled by default Table 8 19 View Client Configuration Properties RDP Settings Property Color Depth Description Determines the color depth of the remote desktop When this property is enabled the available settings are 8 15 16 24 32 Note For 24 bit Windows XP systems ensure that the following Computer Configuration GPO property is set to Enabled and 24 bit Computer Configuration gt Administrative Templates gt Windows Components gt Terminal Services gt Limit Maximum Color Depth Desktop Background Determines if the desktop background is displayed when clients connect to t
114. desktop is synchronized with that of the connected client When enabled this property will only apply if the Disable Time Zone Synchronization property of the View Agent Configuration policy is not disabled This property is disabled by default Enable the shade Determines if the shade menu bar at the top of the View Client window is enabled This property is enabled by default Pin the Shade Determines if the pin on the shade at the top of the View Client window is enabled in order to prevent auto hiding of the menu bar Note this property has no effect if the shade is disabled This property is enabled by default VMware Inc 195 View Manager Administration Guide 196 Table 8 17 View Client Configuration Properties Continued Property Always on top Description Determines whether the View Client window is always the topmost window Enabling this setting prevents the Windows taskbar from obscuring a full screen View Client window This setting is enabled by default Don t check monitor alignment on spanning By default the client desktop will not span multiple monitors if the screens do not form an exact rectangle when in combination that is identical heights if positioned left and right monitors or identical widths if positioned top and bottom This property overrides this rule and is disabled by default Enable multi media acceleration Specifies if multimedia redire
115. ditional desktops takes place every time a new user is assigned until the maximum desktop threshold is reached VMware Inc Chapter 8 Component Policies Client Policies The properties provided under the policies tab in View Administrator are used to assert behavioral control over client components at the global desktop pool or desktop user level By default each user level policy inherits its setting from a pool level policy that in turn inherits its setting from a global policy A number of general component behaviors relating to desktop sessions can be configured directly from within View Administrator These policies can apply to both View Client and View Client with Offline Desktop and are described in Table 8 6 Table 8 6 Client Policies Property Description USB Access Specifies if desktops can use USB devices connected to the client system Administrators can prevent use of external devices as a security measure Available options are Allow and Deny Pool and user level policies may also Inherit the default setting from their parent The default is Al Low MMR Specifies if multimedia redirection MMR is enabled on the client MMR is a Microsoft DirectShow filter that forwards multimedia data from specific codecs on the remote system directly through a TCP socket to the client The data is then decoded directly on the client where it is played Administrators can disable MMR if the client has insufficient resources t
116. e You must power off and then power on existing virtual machines for this setting to take effect Resolution of each monitor If you are using PColIP select the pixel dimensions of the highest resolution monitor Note You must power off and then power on existing virtual machines for this setting to take effect Adobe Flash quality Select the quality level of Adobe Flash animations displayed in View Client from the drop down menu Lower quality levels might result in faster display refresh due to lower bandwidth usage 151 View Manager Administration Guide 152 Property Parameter Description Adobe Flash throttling Select the throttling level for Adobe Flash animations displayed in View Client from the drop down menu Higher levels of throttling might result in lower bandwidth usage by reducing the frame rate of all Adobe Flash animations Configure the desktop provisioning properties and click Next Property Parameter Description Provisioning Enabled the desktops in the pool will be immediately created upon completion of the deployment procedure or after a desktop is deleted Disabled the desktops in the pool will not be immediately created upon completion of the deployment procedure or after a desktop is deleted Number of desktops Specifies the number of desktops to create in this pool This setting is disabled if you select the Enable Advanced Pool Settings check box in the Advanced Settings p
117. e created the desktop is non persistent so there is no guarantee that the user will ever be able to return to it Ensure that Automatic logoff after disconnect is set to Immediately in order to prevent either scenario Persistent Manual Pool vCenter After user disconnection or logoff This policy only Server Managed VMs applies to unassigned desktops 180 VMware Inc Chapter 8 Component Policies Table 8 2 Power Policy Notes Continued Desktop Type Power Policy is Applied Non Persistent manual Pool After user disconnection or logoff Note If the Power Off policy is applied after a disconnection the session is discarded If the Suspend policy is applied after a disconnection an orphaned session could be created the desktop is non persistent so there is no guarantee that the user will ever be able to return to it Ensure that Automatic logoff after disconnect is set to Immediately in order to prevent either scenario Physical Systems Terminal N A Services Desktop Pool Power Policy in Automated Pools In an automated pool power policy is acquiescent to the rules regarding desktop availability An available desktop is one that is active does not contain a user session is not assigned to a user and has an active View Agent service that confirms its availability to View Connection Server based upon the preceding criteria Power Policy Example 1 If a particular number of desktops are required to be avail
118. e desktop pool and return to the main page Unregister a Desktop Source All desktop sources that the vCenter Server manages are registered when you install the View Agent For more information about installing View Agents see Install View Agent on an Unmanaged Desktop Source on page 206 You can unregister only unmanaged desktop sources To unregister an unmanaged desktop source 1 Click on the Configuration tab The Registered Desktop Sources section displays the number of registered terminal sources and other unmanaged virtual machines 2 Select the type of desktop source and click View VMware Inc 213 View Manager Administration Guide 3 Select the desktop source to unregister and click Unregister You can select only desktop sources that are not assigned to a desktop A message appears to check if you want to unregister the desktop source If you unregister a desktop source it becomes unavailable To make these sources available again reinstall the View Agent in each desktop source 4 Click OK if you want to unregister the selected desktop source The desktop sources are unregistered and are no longer available Uniqueness of Unique ID If multiple VirtualCenter or vCenter Servers are running in your environment make sure that another VirtualCenter or vCenter Server is not using the same unique ID By default a unique ID is randomly generated but you can edit it For details about editing unique ID values see t
119. e ensuring that all systems in the domain have a copy of the certificate in their trusted root store To add the third party root CA to the NTAuth store in Active Directory From the command prompt on the Active Directory server enter the following certutil dspublish f lt certificate gt NTAuthCA In this command lt certificate gt is the path to the third party root CA certificate By publishing the certificate to the Enterprise NTAuth store you are confirming that the CA is trusted to issue certificates of this type Creating a Truststore A truststore is a keystore that is used by View when making decisions about which clients to trust In order for View Connection Server to authenticate smart card users and connect them to their desktops the root certificate for all trusted users must first be added to the server truststore A truststore can be created by using the keytool utility provided with the Java Runtime Environment JRE instance that accompanies View Connection Server To add the JRE utilities to your command path 1 Press the Windows key Break to display the Windows System Properties dialog box 2 Under the Advanced tab click on Environment Variables 3 In the System variables group select PATH and then click Edit 4 Inthe Variable value field add the path to the JRE installation directory ProgramFiles VMware VMware View Server jre bin Ensure that this entry is delimited with a semicolon from any other en
120. e pages in the navigation pane m Entitle to add or remove user entitlements to or from the desktop or desktop pool Delete to remove the desktop or desktop pool Enable Disable to enable or disable desktop or desktop pool availability and provisioning VMware Inc 51 View Manager Administration Guide 52 Table 3 1 Desktops Pane Tab Summary Continued Tab Context Users and Groups Desktop Desktop Pool Description This tab lists all users and groups entitled to use this desktop or pool From under the Entitlements sub tab you can select and Remove Entitlement from any user listed in the table provided If the selected pool uses linked clone technology for its deployment an additional sub tab Users and Groups is also displayed Desktop Sources Desktop Desktop Pool This tab lists all the individual virtual systems available in the selected pool From this tab you can select existing desktop or desktop pool entries from the table provided and click m Remove to remove individual or multiple virtual machines either from View Manager or from vCenter Server and View Manager m Reset to reset selected desktop this action disconnects any currently connected users and restarts the system m Rebalance to redistribute the virtual machines on the datastore to ensure that space is being used optimally between logical drives View Composer desktops only m Cancel Task to terminate any tasks th
121. e the entire pool select All virtual machines Click Next 160 VMware Inc Chapter 6 View Composer 7 Schedule when you want the rebalance event to take place the default is set to the current time and therefore immediately m If you want any currently connected users to be logged off as soon as the rebalance event starts select Force Users to log off NOTE If you select this option connected users will be notified prior to disconnection and given the opportunity to close their applications and log out The notification message can be accessed from within the Global Settings section of the configuration view in View Administrator m Ifyou want the system to wait until a user has disconnected before initiating a rebalancing of their desktop select Wait for users to log off Click Next 8 The Ready to Complete page is displayed This page provides a summary of the rebalance task including when the task is scheduled to start and how many virtual machines will be affected If you are satisfied that the information displayed on this page is correct click Finish to start the rebalance Using an Existing View Composer Database When selecting the ODBC data source during the installation of the View Composer service you can use an existing database that already contains View Composer data However in order to make this data source compatible with a new instance of the View Composer service you must first transfer the RSA k
122. ectly trusted domains are enumerated and connection to remote domain controllers does not take place Note In environments with complex domain relationships such as those that use multiple forest structures with trust between domains in their forests this process can take a few minutes to complete VMware Inc User Configuration GPO Chapter 8 Component Policies With the User Configuration GPO you can set policies that apply to users regardless of which desktop they connect to These policies override any equivalent Computer Configuration Policies that may have been applied to the target desktop View Agent Configuration Use the GPO described in Table 8 16 to configure View Agent behavior Table 8 16 View Agent Configuration Properties Agent Configuration Property Disable Time Zone Synchronization Description Determines if the time zone of the View desktop is synchronized with that of the View client When enabled this property will only apply if the Disable time zone forwarding property of the View Client Configuration policy is not disabled This property is disabled by default View Client Configuration Use the GPOs described in Table 8 17 Table 8 18 Table 8 19 and Table 8 20 to configure View Client and View Client with Offline Desktop behavior Table 8 17 View Client Configuration Properties Property Disable time zone forwarding Description Determines if the time zone of the View
123. ed or logged off VMware Inc 179 View Manager Administration Guide Table 8 1 describes the different virtual machine power policy states that can be assigned to a desktop or desktop pool during deployment Table 8 1 Power Policy Definitions Property Description Do nothing VM remains on Virtual machines that are powered off will be started when required and will remain on even when not in use until they are shut down Always on ensure VM is always All virtual machines in the pool remain powered on powered on even when they are not in use If they are shut down they will immediately restart Suspend VM All virtual machines in the pool enter a suspended state when not in use Power off VM All virtual machines in the pool shut down after user logoff but not after user disconnection Table 8 2 describes the circumstances under which the power policy is applied Table 8 2 Power Policy Notes Desktop Type Power Policy is Applied Individual Desktop vCenter After user disconnection or logoff Server Managed VM Persistent Automated Pool When not in use or after user disconnection or logoff This policy only applies to unassigned desktops Non Persistent Automated Pool When not in use or after user disconnection or logoff Note If the Power Off policy is applied after a disconnection the session is discarded If the Suspend policy is applied after a disconnection an orphaned session could b
124. efault configuration balancing storage installing software and applying service packs are greatly accelerated by this type of deployment VMware Inc Chapter 6 View Composer View Manager administrators can simultaneously update or change the operating systems of all linked clone desktops install or update client applications or modify the desktop hardware settings by carrying out these activities on the Parent VM and then anchoring the linked clones to anew snapshot of this configuration This action is called desktop recomposition NOTE Linked clones can also be anchored to a new snapshot of a completely different Parent VM Administrators can also return the operating system data of each linked clone desktop which may have expanded through ongoing usage to its original state that of the Parent VM by carrying out an action called desktop refresh In Figure 6 1 the desktop user data is configured to reside on a separate disk so it remains unaffected by desktop recomposition or desktop refresh actions In this way system modification is decoupled from user data storage View Administrator delivers a high level overview of what actions are being carried out Policies can control what actions are executed and at what time in order to minimize disruption to the user base Connected users can be notified with custom messages if an update that will affect their session is about to take place Linked Clone Desktop Disk Usage
125. efault is vmware desktopcomposer zip Specifies the utility used to archive the support information If no value is specified the default built in tool is used VMware Inc Chapter 10 Troubleshooting Updating Support Requests After you file a support request you may receive an email request from VMware Technical Support asking for the output of the vdm support or svi support scripts Reply to the email message and attach your script output file to the reply If the output is too large to include as an attachment 10MB or more contact VMware Technical Support with your support request number and request FTP upload instructions You can also update your support request and attach the file at the support Web site To update your support request 1 Visit the Support page at the VMware Web site and log in 2 Click Support Request History and find the applicable support request number 3 Update the support request and attach your vdm support or svi support script output Further Troubleshooting Information The following URLs for VMware Knowledge Base KB articles contain troubleshooting information for View Manager The Knowledge Base is continually updated with new troubleshooting information m Troubleshooting end user connection issues http www vmware com info id 342 m Troubleshooting pooling issues http www vmware com info id 343 m Troubleshooting USB issues http www vmware com info id 346 VMw
126. em that runs inside a virtual machine H high availability A system design approach that ensures a degree of operational continuity L load balancing A technique used for distributing processes across servers so that the traffic load is spread more evenly and servers do not become overloaded 224 VMware Inc Glossary N non persistent desktop pool A desktop pool in which users are not assigned to a specific desktop When users log off or are timed out of a desktop their desktops are returned to the pool and made available to other users Users cannot save data or files to their desktops when using a non persistent pool P persistent desktop pool A desktop pool in which users are assigned to a specific desktop Users log on to the same desktop every time and their data is preserved when they log off Users can save data and files to their desktops when using a persistent pool R RDP remote desktop protocol A multichannel protocol that allows a user to connect to a computer remotely RSA SecurID A product from RSA that provides strong two factor authentication using a password and an authenticator S security server A View Connection Server deployment that adds a layer of security between the Internet and the internal network T thin client A device that allows a user to access virtual desktops but requires little memory or disk drive space Application software data and CPU power resides on a network computer and not on t
127. ema to version 1 1 In addition the command also migrates the information in the database from View Composer 1 0 to View Composer 1 1 The schema for View Composer has not changed since version 1 1 Use Case During installation of the View Composer service on a vCenter Server where an older version of the service is already installed users are offered the opportunity to upgrade the service manually If a schema upgrade is required they must use SviConfig to upgrade the schema and migrate their existing data Usage Before you can upgrade the View Composer database you must first shut down the View Composer service running on the vCenter Server Restart the service once you have successfully executed the command SviConfig databaseupgrade command instructions are issued from a Windows command prompt in the following form sviconfig operation databaseupgrade DsnName lt target database source name DSN gt Username lt database administrator username gt Password lt database administrator password gt For example sviconfig operation databaseupgrade dsnname LinkedClone username Admin password Pass Result Output A successful operation results in the following output Establishing database connection Database connection established successfully Upgrading database Load data from SVI_VC_CONFIG_ENTRY table Update SVI_DEPLOYMENT_GROUP table Update SVI_REPLICA table Update SVI_SIM_CLONE table S
128. ended as soon as the client detects that entitlement has been withdrawn Upon suspension the user is presented with an error that informs them that the desktop is no longer allowed to run offline If no communication can be established with the offline client the user is notified that their access has been removed the next time they attempt to access their desktop in the presence of a network connection Rolling Back a Desktop You can also remove client access to their offline desktop by rolling back their offline session Once a rollback event has been initiated the offline client if it can be contacted is notified that the user is no longer allowed to log in to their checked out desktop m Ifa checked out desktop is rolled back while the user is logged in the current session is terminated as soon as View Client with Offline Desktop receives notification m Ifthe user is not logged in subsequent attempts to connect will be redirected to the online desktop In order to continue working offline the user must now check out the desktop from the server To roll back an offline desktop session select the desktop from the list provided in the table under the Offline Sessions tab and click Rollback If the client policy allows it users can also roll back a desktop from within View Client or View Portal desktop by right clicking on the offline desktop entry and clicking Rollback from the context menu Only the user who checked out
129. ent activities such as testing or other forms of baseline maintenance When VM is notin use Do nothing VM remains on Virtual machines that are powered off will be started when required and will remain on even when not in use until they are shut down Always on ensure VM is always powered on All virtual machines in the pool remain powered on even when they are not in use If they are shut down they will immediately restart Suspend VM AIl virtual machines in the pool enter a suspended state when not in use Power off VM All virtual machines in the pool shut down when not in use Automatic logoff after Immediately users are logged off as soon as they disconnect disconnect Never users are never logged off After the time after which users are logged off when they disconnect Enter the duration in minutes Power off and delete Select if you want the virtual machine to be deleted virtual machine after immediately after the user logs off first use If necessary a new virtual machine is cloned to maintain a non persistent pools specific pool size after virtual machines are deleted only VMware Inc Property Allow users to reset their desktop Chapter 6 View Composer Parameter Description Select if you want to allow desktop users to reset their own desktops without administrative assistance Allow multiple sessions per user non persistent pools only Select if you want to allow
130. entication information to log in to their virtual desktops If you want to enable users to print to any printer available to their client systems without first installing additional drivers on their virtual desktops install the Virtual Printing component See Virtual Printing on page 117 VMware Inc Chapter 6 View Composer m Ifyou want to allow users to connect using the PCoIP display protocol install the PCoIP Server component PCoIP provides an optimized PC experience for the delivery of images audio and video content for a wide range of users on the LAN or across the WAN NOTE On Windows Vista if you install the PCoIP Server component the Windows group policy Disable or enable software Secure Attention Sequence is enabled and set to Services and Ease of Access applications If you change this setting single sign on will not work correctly 5 Accept or change the destination folder and click Next 6 Click Install to begin the installation process 7 After the process is complete click Finish Creating a Parent VM Snapshot Once View Agent has been installed on the base image you must use vCenter Server to take a snapshot of the system in its powered down state This snapshot will be used as the baseline configuration for the first set of linked clone desktops anchored to the Parent VM NOTE The Parent VM must be completely shut down before you take the snapshot Deploying Linked Clone Desktops from Vie
131. er Server from a View Connection Server 91 View Portal description 14 View Server Configuration GPOs 194 viewing events 63 views Configuration 55 Desktops and Pools 50 Events 63 virtual machine templates cloning to templates 75 converting to templates 75 virtual machine templates for automated desktop pools 74 WwW web components 18 231 View Manager Administration Guide 232 VMware Inc
132. er from the table provided and click m Disconnect session to disconnect the user from the desktop this action does not log the user or group off and their session will be preserved once they log back in providing the Automatic logoff after disconnect setting specified during desktop deployment has been not been exceeded m Logoff session to log the user off and disconnect them from the current session m Reset virtual machine to disconnect the currently connected user and restart the system Offline Sessions All This tab lists all the Offline Desktop desktops currently checked out either globally or to the selected user Refer to Chapter 7 Offline Desktop on page 167 for more information about this feature and the functions provided on this tab Configuration View The Configuration view is displayed when you click the Configuration button This view contains multiple sections that allow you to analyze desktop usage configure licensing connections authentication criteria and so forth Each section is listed in the pane on the left side of the screen Click an entry in the list to display the configuration information associated with that section VMware Inc 55 View Manager Administration Guide 56 Product Licensing and Usage The Product Licensing table indicates the license status of View Manager and also if additional components such as the View Composer and Offline Desktop features are provide
133. erver instances in replicated group 3 5 clients servers 10 number of ephemeral ports on each 5 3 000 3 10 5 010 View Connection Server Use the Worksheet to Calculate Ephemeral Ports and TCB Hash Table on page 45 to fill in values for your deployment You can edit the Windows registry to increase the maximum number of ephemeral ports on the Windows Server computer on which View Connection Server runs As a prerequisite calculate the number of ephemeral ports to configure as shown in Table 2 1 To increase the number of ephemeral ports 1 On the Windows Server start the Windows Registry Editor a Select Start gt Command Prompt b At the command prompt type regedit 42 VMware Inc Chapter 2 Installation 2 Inthe registry locate the correct subkey and click Parameters HKEY_LOCAL_MACHINE SYSTEM CurrentControlSet Services Tcpip Parameters 3 Click Edit gt New and add the registry entry Value Name MaxUserPort Value Type DWORD Value data 1024 lt calculated number of ephemeral ports gt Valid Range 5000 65534 decimal 4 Exit the Registry Editor 5 Restart the Windows Server computer Active Directory group policies can override registry entries When possible use a group policy to set the number of ephemeral ports on View Connection Server Increasing the Size of the TCB Hash Table The transmission control block TCB holds information about TCP connections that are made between
134. es from the context menu You are presented with the print properties window associated with the selected printer 3 Select the ThinPrint Device Setup tab 4 Using the slider select an option for print data compression m Noimages Only text is printed m Extreme Images are compressed with maximum possible compression rate without regard to image quality m Maximum lImages are compressed with good quality Optimal Images are compressed with optimal quality m Normal Lossless image compression is used Select or deselect the duplex and Show tray selection check boxes as required 5 Select the General tab and click Printing Preferences 6 Edit the page and color settings the default values are acquired from the host printer 118 VMware Inc Chapter 5 Client Management 7 Click the Advanced tab If the printer installed on the host supports these options edit the following settings for double sided printing Long edge for portrait or Short edge for landscape printing To preview each printout on the host enable Preview on client before printing From this preview you can use any printer with all its available properties 8 Click the Adjustment tab to view the automatic print adjustment options VMware recommends that you retain the default settings 9 Click Apply or OK Click OK to close the print properties window Virtual Printing and USB Printing In the View environment virtual printers and redirected USB
135. esktop is created as the maximum number has already been reached Instead one of the existing system is resumed Power Policy Example 3 Persistent automated pools behave slightly differently Although a desktop may be powered on it may also be assigned to a user and is therefore not considered to be available Table 8 5 contains example parameters for a pool of this type Table 8 5 Pooling Example 3 Type Minimum Maximum Available Power Policy Persistent Automated Pool 3 5 2 Always on ensure VM is always powered on In this example 3 desktops are created and powered on If the desktops are then manually powered off in vCenter Server they will all immediately power on again as per policy Once a user connects to a desktop it becomes permanently assigned to them after they disconnect it is no longer available to any other user If the assigned desktop is shut down from within vCenter Server it remains powered down the power policy no longer applies although the reconnection of its assigned View Manager user will automatically power on the desktop once more At this time there are still a sufficient number of unassigned desktops remaining in the pool for the availability criteria to be met However when another user connects a second desktop becomes assigned Now the number of available desktops has fallen below the threshold level so a new desktop is created and powered on In the above scenario the creation of ad
136. esktop mapping however only one active user on a desktop at a time m Not provisioned automatically m Supports both persistent and non persistent access modes m Administrator entitles entire pool to users or user groups Automated Pool is a pool that contains one or more dynamically generated desktops that are automatically created and customized by View Manager from a vCenter Server virtual machine template and have the following characteristics m Multiple users to multiple desktop mapping however only one active user on a desktop at a time m Provisioned automatically m Administrator specifies a template and a customization specification which is used to provision desktop sources m Supports both persistent and non persistent access modes m Administrator entitles entire pool to users or user groups VMware Inc 67 View Manager Administration Guide Terminal Server Pool is a pool of terminal server TS desktop sources served by one or more terminal servers A terminal server desktop source can deliver multiple desktops A TS pool has the following characteristics Pool of TS desktops served by a farm comprising of one or more terminal servers Least session count based load balancing View Manager load balances connection requests across terminal servers in a pool by choosing the pool that has the least number of active sessions on it Administrator entitles entire pool to users or user groups Administra
137. evisit any previous page m If you are satisfied with the configuration click Finish to deploy the automated desktop pool Once the deployment has been initiated you can monitor the progress of the automated desktop pool by selecting either the Desktops or Desktop Sources tabs in the Global desktop and pool view pane Manual Desktop Pools Manual desktop pools are pools of virtual machines that are manually constructed by the View Manager administrator Desktop pools of this type can be either VMware Inc Persistent Users are allocated a dedicated desktop that retains all of their documents applications and settings between sessions The desktop is statically assigned the first time the user connects and is then used for all subsequent sessions Non persistent Users are connected to a different desktop from the pool each time they connect and there is no persistence of environmental or user data between sessions 81 View Manager Administration Guide 82 Deploying a Manual Desktop Pool 1 From within the View Administrator click the Desktops and Pools button and then click the Inventory tab In the Global desktop and pool view pane ensure that the Desktops and Pools tab is selected and click Add You are presented with the Add Desktop wizard From here you can configure and deploy a new linked clone desktop pool Select Manual Desktop Pool and click Next Select the type of desktop pool you want to create a
138. ew Administrator click Desktops and Pools to display the desktop page 2 Ensure that the Inventory tab is selected in the left pane and select the persistent desktop pool you want to refresh 3 Select one of the following options m To refresh the entire desktop pool ensure that the Summary tab is selected in the right pane m To refresh the desktops assigned to specific users in the desktop pool ensure that the Users and Groups tab is selected in the right pane If you want to refresh the desktop of one or more assigned users select the corresponding check boxes You do not need to do this if you want to refresh the desktops of all assigned users VMware Inc VMware Inc Chapter 6 View Composer m To refresh specific desktop sources in the pool ensure that the Desktop Sources tab is selected in the right pane If you want to refresh multiple desktops select the corresponding check boxes You do not need to do this if you want to refresh all the desktops in the pool Click Edit Image You are presented with the Edit Image wizard Select the Refresh option and click Next If you selected the Users and Groups tab you can now filter your user selection Select All users if you want to execute a global refresh against all assigned users in the desktop pool If you selected one or more users you can select The following users if you want the refresh to apply only to specific users within the selected group m Ifyou selecte
139. ew Manager components Table 8 13 View Manager Common Configuration Properties Property Enable extended logging Description Determines if trace and debug events are included in the log files Disk threshold for log and events in MegaBytes Specifies the minimum remaining disk space threshold for logs and events If no value is specified a default of 200 applies When this value is reached event logging stops Table 8 14 View Manager Common Configuration Log Configuration Property Number of days to keep logs Description Specifies the number of days for which log files are retained on the system If no value is set the default applies and log files are only kept for 7 days View Server Configuration Use the GPOs described in Table 8 15 to configure settings that can apply to View Connection Server Table 8 15 View Manager Server Configuration Properties Property Recursive enumeration of trusted domains Description Determines if every domain trusted by the domain in which the server resides is enumerated In order to establish a complete chain of trust the domains trusted by each trusted domain are also enumerated and the process continues recursively until all trusted domains are discovered This information is passed to View Connection Server in order to ensure that all trusted domains are available to the client on login This property is enabled by default When disabled only dir
140. example if the global server contact policy for all checked out desktops is 10 minutes and the pool level equivalent is 5 minutes you can assign a server contact policy of 30 minutes to any user in that pool To configure and assign global policy settings 1 From View Administrator click the Desktops and Pools button to display the Global desktop and pool view and then click the Inventory tab In the Inventory pane ensure that the top level Desktops entry is selected 2 Inthe Desktops pane click the Global Policies tab You are presented with the global policies page 3 Inthe View Policies box or Offline Desktop Policies box click Edit The appropriate policies window is displayed NOTE Power policies set for offline desktops do not take effect until the offline desktops are checked back in 4 Specify the policy settings and click OK The global policy settings are now applied To configure and assign pool level policy settings 1 From View Administrator click the Desktops and Pools button to display the Global desktop and pool view and then click the Inventory tab 2 Inthe Inventory pane select the desktop pool entry ij that corresponds to the pool you want to apply the policy to 3 In the Desktops pane click the Policies tab You are presented with the policies page for this desktop pool VMware Inc 185 View Manager Administration Guide In the View Policies box click Edit Pool Policies I
141. ey container created by the original View Composer service to the new host system NOTE RSA key pairs are created by the View Composer service in order to encrypt and decrypt the sensitive authentication information that is stored inside the View Composer database The ASP NET IIS registration tool provided with the Microsoft NET Framework allows you to conduct multiple configuration operations including migrating key container content between different systems To carry out the following procedure you must have the NET Framework installed on the system that contains or previously contained the instance of View Composer that was associated with the database you want to use You must also install the NET framework on the system on which you want to install the new instance VMware Inc 161 View Manager Administration Guide You can download the NET Framework and view additional information about the ASP NET IIS registration tool from the following locations m http www microsoft com net m http msdn microsoft com library k6h9cz8h VS 80 aspx The following procedure must be carried out before installing the View Composer service on the new system To migrate an RSA key container between systems 1 Export the RSA keys associated with the earlier instance of the View Composer from their local key container by entering the following from a command prompt on the source system aspnet_regiis px SviKeyContainer keys
142. f you have selected an offline desktop and want to configure offline policies click Offline Desktop Policies The appropriate policies window is displayed Specify the Offline Desktop User initiated rollback and Max time without server contact policy settings and click OK The pool level policy settings are now applied To configure and assign user level policy settings 1 From View Administrator click the Desktops and Pools button to display the Global desktop and pool view and then click the Inventory tab In the Inventory pane select the desktop pool entry Gp that corresponds to the pool you want to apply the policy to In the Desktops pane click the Policies tab You are presented with the policies page for this desktop pool In the Policy Overrides box click Add User The Policy Override window is displayed Click Add and enter the name or description of the user or users you want to assign the policy to and click Find Now NOTE If you want to view a list of all users in the domain leave the Name and Description fields blank Select one or more users from the list and click OK to return to the Policy Override window Select the user or users you want to assign a new policy to and click Next Specify the policy settings and click OK The user level policy settings are now applied Group Policy Objects 186 Group Policy is a feature of the Microsoft Windows NT family of operating systems that pr
143. fer to Client Policies on page 183 Client Connections from the Internet For a user to access a virtual desktop their client system must be able to resolve the host name or IP address of the specified View Connection Server Initially and by default View Connection Server can only be contacted by tunnel clients that reside within the same network and are therefore able to locate the requested server Many organizations require that users can connect from an external location by using a globally resolvable domain or subdomain name or IP address or by reassigning specific ports on an existing address in order to route client requests to the appropriate location typically the security server For example m https view example com 443 m https view example com 443 m https example com 1234 However some additional configuration within View Connection Server is required for addresses like these to work Setting an External URL for View Connection Server When you use Microsoft RDP as the display protocol View Client attempts to create two separate TCP connections between itself and View Connection Server The first connection handles user operations such as authentication desktop selection and so forth The second connection is instantiated after logon and provides a tunnel for carrying RDP data The first connection is made using the URL or IP address entered by the user into the client Providing the firewall and loa
144. first add the Java keytool utility to your command path so that you can execute it from any location using the command prompt Once this is done you can create a self signed SSL certificate using the keytool utility To obtain a validated certificate that has been signed by a trusted third party you must first submit a certificate signing request CSR to the CA Once you have received a trusted certificate from the CA you can import it into the keystore for the View Connection Server and then configure View Connection Server to use it NOTE You may already have an SSL certificate that you want to use with View Connection Server Refer to Using Existing SSL Certificates on page 105 for more information on how to do this Creating an SSL Certificate Deciding what name to bind to a certificate is an important consideration A certificate binds the name of the service to a cryptographic key pair and in doing so assumes ownership of the service and keys Once the certificate is signed the client can trust the server and its cryptographic key because the CA independently determined that the organization that is claiming ownership requested the key The most important part of the certificate is the common name CN attribute Use the FQDN that the client computer uses to connect to the View Connection Server In a single server environment the name is typically the name of the server If load balancing is being used use the load b
145. for both VMware Inc Chapter 6 View Composer On the Database Connection Options page select Dedicated Server Mode On the remaining configuration pages click Next to accept the default settings On the Creation Options page verify that Create Database is selected and click Finish o Oo N BD Review the options on the Summary page and click OK to create the database The database is created 10 Set passwords for the SYS and SYSTEM administrator accounts Use the SYSTEM account to set up the data source connection To add an ODBC data source 1 On the vCenter Server host select Start gt Administrative Tools gt Data Source ODBC The Microsoft ODBC Data Source Administrator wizard is displayed 2 Select the System DSN tab 3 Click Add and select the appropriate Oracle driver from the list for example Oracle in OraHome92 4 Click Finish The Oracle ODBC Driver Configuration dialog box is displayed 5 Enter a DSN to use with View Composer a description of the data source and a user ID to connect to the database NOTE You will use the DSN during View Composer installation For the TNS Service Name select the Global Database Name specified in the Oracle Database Configuration Assistant from the drop down menu 6 Click Test Connection to verify the data source and click OK Configuring an Oracle 10g Database and Data Source for View Composer The following instructions describe how to add a new View
146. h a secure channel SSL make sure Connect using SSL is selected This is the default setting Enter the TCP port number in the Port text box The default is 443 Optional If you click the Advanced button you can also configure the following settings Maximum number of concurrent provisioning operations This is the maximum number of virtual machines that will be simultaneously created by View Manager in vCenter Server at any given time Maximum number of concurrent power operations This is the maximum number of concurrent power operations startup shutdown suspend and so forth that will take place on View Manager managed virtual machines in vCenter Server at any given time Click OK to store the vCenter Server settings 39 View Manager Administration Guide f Click Administrators in the column on the left of the screen g Inthe Administrators table click Add and use the form provided to grant administrative rights to the Active Directory users who you want to be able to access to View Administrator Once you have added all the required administrators click OK View Connection Server Backup 40 To preserve or migrate your configuration information View Manager allows you to export and import the contents of the View LDAP repository from any standard or replica View Connection Server View LDAP data is exported and imported in LDAP data interchange format LDIF a draft Internet standard for a file format tha
147. hat take operations place between the Offline Desktop client and View Connection Server are encrypted Disable Single Sign On for Determines if single sign on is enabled for Offline Desktop Offline Desktop operations When disabled users must manually log in to their desktop to start their Windows sessions Display a pre login message Determines if View Client and View Portal users see a disclaimer or login message with information or instructions entered by the administrator in the field provided Display a warning before Determines if desktop users are logged off as a result of a forced logoff scheduled or immediate update event such as a desktop refresh In the fields provided enter the notification message to be shown and the amount of time after it is displayed that the user is logged off Events View Use the Events view to examine events generated by the actions taking place within the View Connection Server You can enter text in the Contains field and search by type of message the time of the message or the message text itself You can also determine the number of days of messages to display You can use the information on the Events page for diagnosing problems or viewing activity on the server To search events 1 Click the arrow after Messages contains and select the columns to search Messages Time Type 2 From the list choose the number of days of messages to show in the Events table and click Done
148. he online desktop taking snapshots editing the virtual machine settings and so forth are disabled Once downloaded Offline desktops behave in the same way as their online equivalents yet can take advantage of local resources latency is minimized and performance is enhanced The presence of a downloaded virtual machine has no effect on the existing operating system of the client system which users can continue to utilize if they wish A consistent user experience is ensured through use of View Client with Offline Desktop for both online and offline sessions In addition users can disconnect from their offline desktop and then log in again without connecting to the View Connection Server Once network access is restored or when the user is ready the checked out virtual machine can be m Backed up the online system is updated with all new data and configurations but the offline desktop remains checked out on the local system and the online lock remains in place m Rolled back the offline desktop is discarded and the online lock is released Future client connections will be directed to the online system until the desktop is checked out again m Checked in the offline desktop is uploaded to the online host and the online lock released Future client connections will be directed to the online system until the desktop is checked out again NOTE Users cannot access their offline desktop while the above actions are taking place
149. he VMware Infrastructure or vSphere documentation 214 VMware Inc Troubleshooting Occasionally when using the View Manager product administrators or users may encounter unexpected behavior In these situations you can obtain assistance from VMware This chapter provides a summary of some of the high level steps you can take to gather application data request assistance and search for support information in our knowledge base This chapter discusses these topics m Collecting View Manager Diagnostic Information on page 215 m Updating Support Requests on page 219 m Further Troubleshooting Information on page 219 Collecting View Manager Diagnostic Information Diagnostic information helps VMware Technical Support diagnose and resolve issues View Manager includes a script called vdm support that collects information for use by VMware Technical Support Send the file generated by the script with your support request On the View Connection Server you can run the script manually or by using the support tool in the Start menu For View Client or on View Manager desktops running View Agent you must run the script manually VMware Inc 215 View Manager Administration Guide Using the View Manager Support Tool to Collect Diagnostic Information The View Manager Support tool lets you generate log files and set log levels that determine if you want to generate normal debug or full log files for the View Connec
150. he client device V virtual desktop A desktop operating system that runs on a virtual machine A virtual desktop is indistinguishable from any other computer running the same operating system VMware Inc 225 View Manager Administration Guide 226 VMware Inc Index A active sessions disconnecting 90 rebooting 90 viewing 90 authentication using RSA SecurlD 114 using smart cards 106 automated desktop pools configuring 74 creating virtual machine templates 75 customization specifications 75 deploying 76 non persistent 74 76 persistent 76 properties 77 automated pools defined 67 power policies 181 B back end machines preparing to access remote desktops 204 Unified Access 203 Cc client connections overview 97 resolving internet 97 client policies 183 configuring and applying 184 VMware Inc communications 171 Computer Configuration GPO 188 Configuration view 55 configuring automated pools 74 Configuration view 55 individual desktops 71 initial server using View Administrator 38 manual desktop pools 81 D databases creating for linked clone desktops 138 system requirements for linked clone desktops 24 using existing for linked clone desktops 161 deleting View Manager objects 91 deploying automated desktop pools 76 linked clone desktops 147 manual desktop pools 82 preparing guest systems 68 Desktop and Pools view 50 desktop parameters for Unified Access 204 desktop
151. he remote desktop Show contents of window while dragging Determines if folder contents are displayed when users drag a folder to a new location VMware Inc 197 View Manager Administration Guide 198 Table 8 19 View Client Configuration Properties RDP Settings Continued Property Menu and window animation Description Determines how menus and windows behave when clients connect to the remote computer Themes Determines if themes are displayed when clients connect to the remote desktop Cursor shadow Determines if a shadow is displayed under the cursor on the remote desktop Font smoothing Windows Vista or later Determines if anti aliasing is applied to the fonts on the remote desktop Desktop composition Windows Vista or later Determines if desktop composition is enabled on the remote desktop When desktop composition is enabled individual windows no longer draw directly to the screen or primary display device as they did in previous versions of Microsoft Windows Instead their drawing is redirected to off screen surfaces in video memory which are then rendered into a desktop image and presented on the display Audio redirection Determines how audio information is channelled when played on the remote desktop When this property is enabled the available settings are m Disable Audio no audio m Play in VM needed for VoIP USB support audio plays within t
152. he remote desktop requires a shared USB audio device to provide sound on the client m Redirect to client audio is redirected to the client This is the default mode This property only applies to RDP audio audio that is redirected via MMR will play in the client Redirect drives Determines if local disk drives are automatically redirected when clients connect to the remote computer Redirect printers Determines if local printers are automatically redirected when clients connect to the remote desktop Redirect serial ports Determines if local COM ports are automatically redirected when clients connect to the remote desktop Redirect smart cards Determines if local smart cards are automatically redirected when clients connect to the remote desktop VMware Inc Chapter 8 Component Policies Table 8 19 View Client Configuration Properties RDP Settings Continued Property Redirect clipboard Description This setting determines if local clipboard information will be automatically redirected when clients connect to the remote desktop Redirect supported plug and play devices Determines if local plug and play and point of sale devices are automatically redirected when clients connect to the remote desktop This is not the same as the redirection managed by the USB Redirection component of View Agent Bitmap caching Determines if remote bitmaps are cached on the local computer
153. iew Client application The entries in this column are the operating systems capable of installing and running this application m Offline Desktop refers to the View Client for Offline Desktop application The entries in this column are the operating systems capable of installing and running this application For a list of the View Manager desktops that can be downloaded and used in an offline context refer to View Client with Offline Desktop Supported Guests on page 22 m View Composer refers to the View Composer service that runs on the vCenter Server host system The entries in this column are the operating systems capable of running this service NOTE The requirements for View Connection Server are not included in this table refer to View Connection Server on page 15 for detailed information about this component VMware Inc 17 View Manager Administration Guide Table 1 1 Operating System Support 32 bit for Installed Components 18 Offline Operating System View Agent View Client Desktop Virtual Physical Windows 2000 Professional SP4 Yes Windows XP Professional SP2 Yes Yes Yes Yes Windows XP Professional SP3 Yes Yes Yes Yes Windows XP Home SP2 Yes Windows XP Home SP3 Yes Windows XPe Yes Windows Vista Home SP2 Yes Windows Vista Business SP1 Yes Yes Yes Windows Vista Enterprise SP1 Yes Yes Windows Vista Business SP2 Yes Yes Yes Windows Vista Enterprise SP2 Yes Yes Ye
154. ified Access 203 adding and changing desktop source 207 desktop parameters 204 installing View Agent on an unman aged desktop source 206 preparing desktop sources to access remote desktops 204 unmanaged desktops 67 User Configuration GPOs 195 V vCenter Server adding the View Composer service 143 configuring to create linked clone desktops 137 View administrator role 37 View permissions 37 vdm support script 215 View Administrator description 14 Inventory page 50 overview 49 View Agent description 14 VMware Inc installing on guest systems 69 system requirements 19 with multiple NICs 71 View Agent GPO 195 View Client description 14 installing 95 installing with Offline Desktop 174 starting with Offline Desktop 175 system requirements 20 View Client Configuration GPOs 190 View Client GPOs 195 View Common Configuration GPOs 194 View Composer description 14 overview 127 support 217 View Configuration GPOs 188 View Connection Server backing up 40 description 14 disabling 91 enabling 91 instances 28 overview 28 system requirements 15 View LDAP 29 View Manager collecting diagnostic information 215 216 components 14 deleting desktops 92 deleting objects 91 disabling 91 support script 216 system requirements 14 troubleshooting 215 View Composer 24 View Portal 23 VMware Inc Index View Manager configuration data exporting 40 importing 41 View Manager objects removing a vCent
155. in controller You must use a static IP address for the host system V CAUTION Do not install View Connection Server on a platform that performs any other functions or roles for example do not use the same system to host vCenter Server 28 The domain user account used to install View Connection Server must have administrator privileges on that server The View Connection Server administrator must also possess administrative credentials for vCenter Server The server can be installed as a either a standard replica or security server the instance type is selected during the installation process NOTE In order to add users in an Active Directory domain other than the one in which you have installed a standard or replica View Connection Server you must establish a two way trust relationship between their domain and the one in which the View Connection Server is located VMware Inc Chapter 2 Installation Configuring Domain Filters View Manager determines which domains are accessible by traversing trust relationships starting with the domain in which a View Connection Server instance or security server resides For a small well connected set of domains View Manager can quickly determine a full list of domains but the time that it takes increases as the number of domains increases or as the connectivity between the domains decreases The list might also include domains that you would prefer not to offer to end users
156. in the hierarchy it is best practice to use the parent certificate the one that actually signed the user certificate as your root certificate Adding a Root Certificate to Trusted Roots on Active Directory This section describes how to import the third party root CA certificates into both Active Directory and the Enterprise NTAuth store The procedures described below are only required if you are using a third party CA to issue smart card logon or domain controller certificates they are not required in environments where the Windows Domain Controller acts as the Root CA To add the third party root CA to the trusted roots in an Active Directory Group Policy object 1 Click Start gt All Programs gt Administrative Tools gt Active Directory Users and Computers 2 Inthe left pane locate the domain in which the policy you want to edit is applied 3 Right click the domain and then click Properties 4 Under the Group Policy tab click the Default Domain Policy Group Policy object and then click Edit A new window is displayed VMware Inc Chapter 5 Client Management 5 Inthe left pane expand Computer Configuration gt Windows Settings gt Security Settings gt Public Key Policy 6 Right click Trusted Root Certification Authorities and select Import 7 Follow the instructions in the wizard to import the certificate Click OK 8 Close the Group Policy window By adding the certificate to the list of trusted roots you ar
157. inistration Guide Offline Desktop Policies Certain Offline Desktop features can be controlled through policy For information about configuring and applying policies to offline desktops at the global pool or user level refer to Client Policies on page 183 Supported Desktop Types Not all types of View Manager desktop configuration support Offline Desktop Table 7 2 provides a matrix that describes the availability of this feature to the different desktop types Table 7 2 Offline Desktop Supported Desktops Type Persistence Desktop Configuration Offline Desktop Individual Non Persistent Virtual machines managed by Yes Desktop vCenter Server Virtual machines not managed by No vCenter Server Physical systems Automated Persistent Non linked clone Yes Desktop Pool reg Linked clone No Non Persistent All Manual Desktop Persistent Virtual machines managed by Yes Pool vCenter Server Virtual machines not managed by No vCenter Server Physical systems Non Persistent All Microsoft N A N A Terminal Services Desktop Pool Additional Considerations When using Offline Desktop you must be aware of the following considerations m View Client with Offline Desktop cannot be run on a virtual machine m View Client with Offline Desktop does not support the use of smart cards 172 VMware Inc Chapter 7 Offline Desktop You cannot download a desktop to a system where the guest exceeds the ca
158. instance and make this data source visible to all other components running on the host system These instructions assume that Microsoft SQL Server 2005 is installed on the vCenter Server host or in your network environment and that you use SQL Server Management Studio Express to create and administer the data source If the database resides on the same system as vCenter Server you can use the Integrated Windows Authentication security model You cannot use this method of authentication if the database resides on a remote system VMware Inc Chapter 6 View Composer The instructions also assume that you are configuring the database on Windows Server 2003 SP2 or higher Some steps are different if you configure the ODBC data source on a Windows XP Professional SP2 host SQL Server Management Studio Express is available from http www microsoft com downloadS details aspx familyid C243 A5AE 4BD1 4E3D 94B8 5 AOF62BF7796 To add a View Composer database to SQL Server 2005 1 4 On the vCenter Server host system select Start gt All Programs gt Microsoft SQL Server 2005 gt SQL Server Management Studio Express and connect to the existing SQL Server instance for Virtual Infrastructure Management In the Object Explorer pane right click the Databases entry and select New Database You are presented with the New Database dialog Enter a name for example ViewComposer in the Database name field and click OK Your database is added
159. ion to Log inas Determines whether the Log in as current user check box current user is visible on the View Client connection dialog box When the check box is visible users can select or deselect it and override its default value When the check box is hidden users cannot override its default value You can specify the default value for the Log in as current user check box by using the policy setting Default value of the Log in as current user checkbox This setting is enabled by default Default value of the Log Specifies the default value of the Log in as current user in as current user check box on the View Client connection dialog box checkbox When the check box is selected the identity and credential information that the user provided when logging in to the client system is passed to the View Connection Server instance and ultimately to the View desktop When the check box is deselected users must provide identity and credential information multiple times before they can access a View desktop The default value specified by this setting is overridden in the following circumstances m If the user previously ran View Client from the command line and specified a different value for the check box that value is used instead of the default value m If the user previously ran View Client and selected a different value for the check box on the View Client connection dialog box that value is used instead of the default value
160. irtual Printing The Virtual Printing ThinPrint feature of View allows View Client and View Client with Offline Desktop users to transparently use local or network printers from within their remote systems yet removes the requirement for installing proprietary printer drivers on each View desktop NOTE View Portal does not support Virtual Printing VMware Inc 117 View Manager Administration Guide Virtual Printing is a plug and play solution once a printer is installed on the local system it is automatically added to the list of available printers on the View desktop No further configuration is required Virtual Printing consists of a guest component print Client which resides within the View Client or View Client with Offline Desktop application and a host component print Engine which is part of the View Agent service on the View desktop Print jobs are sent by print Engine to print Client over an RDP connection NOTE Onan offline desktop print Engine uses a named pipe Com1 to pass print data to print Client Where a user has administrative privileges printer drivers can still be installed on the View desktop this action does not interfere with the Virtual Printing component To configure a virtual printer instance on the View desktop 1 Click Start gt Settings gt Printers and Faxes The Printers and Faxes window is displayed 2 Right click any of the locally available printers and select Properti
161. ive Directory m Inorder to apply customization specifications to standard non linked clone desktop pools Microsoft Sysprep tools must be installed on your vCenter Server RSA Authentication Manager View Connection Server has been certified with version 6 1 and 7 1 of RSA Authentication Manager Other versions of RSA Authentication Manager that are compatible with version 6 1 are also supported 16 VMware Inc Chapter 1 Introduction Operating System Support for Installed Components Table 1 1 describes the support offered by various types of Windows operating system to the locally installed components of View Manager For each of these components only 32 bit support is offered Any additional environmental requirements of these components are described in subsequent sections The columns represented in this table are m View Agent refers to the View Agent service that is installed on a View Manager desktop The entries in this column are the operating systems that can be managed by View Manager The column is divided into two sub columns m Virtual refers to the virtual systems supported as guests These systems could reside within VMware vSphere where they are provisioned and managed or could exist as standalone systems within another VMware application such as VMware Server m Physical refers to the physical systems supported as alternate multiple back ends including terminal servers m View Client refers to the V
162. l configuration settings You can enable the advanced parameters by selecting the Enable Advanced Pool Settings check box This will disable the Pool Size parameter Number of desktops minimum the minimum number of desktops that must be provisioned for this pool Number of desktops maximum the maximum number of desktops that can be provisioned for this pool Number of desktops available The number of virtual machines that must be unassigned and available for use at any given time This figure cannot exceed the maximum number of desktops available to the pool overall Select the Parent VM to be used as the base image for the deployment You are only presented with virtual machines that contain one or more snapshots that were taken when the virtual machine was powered down Click Next Select the snapshot you previously created on the Parent VM while in its inactive state and click Next Select where you want the folder for this desktop pool to reside within vCenter Server and click Next Select a host or a cluster on which to run the virtual machines used by this desktop NOTE Only clusters of 8 hosts or fewer are supported and shown The Use vSphere mode for View Composer check box becomes available if you select a cluster that contains ESX ESXi 4 hosts only The new vSphere mode is more reliable than in previous releases and supports up to date hardware configurations but vSphere 4 requires 64 bit x86_64 hardw
163. length is fixed For example my view system n fixed 1 Where the token length is not fixed a buffer of 1 is applied to the token so the maximum replaced length is 14 characters For example a view system n VMware Inc 79 View Manager Administration Guide 80 10 11 12 Property Parameter Description Stop provisioning onerror Select if you want View Manager to automatically stop provisioning new virtual machines if an error is detected during desktop creation Advanced Settings Click to display the advanced pool configuration settings You can enable the advanced parameters by selecting Enable Advanced Pool Settings This will disable the Pool Size parameter Minimum number of virtual machines the minimum number of desktops that must be provisioned for this pool Maximum number of virtual machines the maximum number of desktops that can be provisioned for this pool Number of available virtual machines The number of virtual machines that must be unassigned and available for use at any given time This figure cannot exceed the maximum number of desktops available to the pool overall Select the template to be used as the base image for the deployment You are only presented with templates that contain a desktop operating system supported by View Manager Click Next Select where you want the folder for this desktop pool to reside within vCenter Server and click Next Select a host or a clu
164. lient during login For example http view1 example com Logon UserName Determines the user name used by View Client during login Logon DomainName Determines the NETBIOS domain name used by View Client during login Logon Password Determines the password used by View Client during login Warning this password is stored in plain text by Active Directory DesktopName to select Determines the default desktop used by View Client during login DesktopLayout when fully scripted only Specifies the layout of the View Client window that a user sees when logging in to a View desktop The layout choices are as follows m Full Screen m Multimonitor m Window Large m Window Small This setting is available only when the DesktopName to select setting is also set Suppress error messages when fully scripted only Determines if error messages are displayed during login Note This property is only applied when the login process is fully scripted that is when all the requisite login information has been pre populated beforehand through policy Note If the login fails on account of incorrect login information being entered the user is not notified and the View Client wswc exe process will continue to run in the background VMware Inc 191 View Manager Administration Guide Table 8 12 View Client Configuration Properties Security Settings Property Display option to
165. lt database administrator username gt Password lt database administrator password gt BackupFilePath lt path to View Composer backup file gt For example sviconfig operation restoredata dsnname LinkedClone username Admin password Pass backupfilepath C Program Files VMware VMware View Composer Backup 20090304000010 foobar_test_org SVI VMware Inc 165 View Manager Administration Guide Result Codes When the operation is complete a result code is returned by the tool The result codes are described in Table 6 4 Table 6 4 restoredata Result Codes Code Description 0 The operation ended successfully 1 The supplied DSN could not be found 2 Invalid database administrator credentials were provided 3 The driver for the database is not supported 4 An unexpected problem arose and the command failed to complete 14 Another application is using the View Composer service Shut down the service before executing the command 15 A problem arose during the restore process the details of which are provided as part of the on screen log output 166 VMware Inc Offline Desktop Offline Desktop offers mobile users the ability to check out a cloned instance of certain types of View Manager desktop onto a local system such as a laptop Once checked out the local copy behaves like a standalone desktop system and can be used with or without a network connection the desktop is now considere
166. me the user connects Non persistent Desktops in this type of pool are allocated dynamically when the user logs in and are returned to the pool when the user disconnects Select the vCenter Server that will be used by this desktop and ensure that Use linked clone technology to create desktops in this pool is selected Click Next 149 View Manager Administration Guide 150 Enter the Desktop ID and optionally the Desktop Display Name and Description The desktop ID is used by View Manager to identify the desktop pool and is the name that the user sees when logging in The desktop ID and display name can be arbitrary but if you do not specify a display name the desktop ID is used for both NOTE You can use any alphanumeric character including spaces to provide an optional description The description can be up to 1024 characters and is only visible from within View Administrator Once you have provided the desktop identification details click Next Configure the desktop properties and click Next CAUTION If you are using a Windows Vista virtual machine you must set the power policy to Ensure VM is always powered on Property Parameter Description State Enabled after being created the desktop pool is automatically enabled and ready for immediate use Disabled after being created the desktop pool is disabled and unavailable for use This is an appropriate setting if you want to conduct post deploym
167. ments This chapter discusses the following topics m Overview of View Connection Server on page 28 m Standard Server Installation on page 30 m Replica Server Installation on page 30 m Security Server Installation on page 32 m vCenter Server Permissions for View Manager Users on page 37 m Initial View Manager Configuration on page 38 m View Connection Server Backup on page 40 m Optimizing Your Installation on page 41 VMware Inc 27 View Manager Administration Guide Overview of View Connection Server View Connection Server communicates with vCenter Server to provide advanced management of virtual desktops This includes virtual desktop creation as part of pool management and power operations such as automatic suspend and resume View Connection Server performs the following functions m User authentication m User desktop entitlements with View LDAP m Virtual desktop session management m Coordination of the secure connection establishment virtual desktop connection and single sign on m Administration server used by View Administrator Web client m Virtual desktop pool management View Connection Server Instances View Connection Server is installed on a Microsoft Windows Server system that is located on either a physical or virtual server dedicated to brokering View Manager connections The host system must be joined to an Active Directory domain but must not be a doma
168. mization specification in the fields provided Click Next Enter the Name and Organization you would like associated with the desktops created in the automated pool in the fields provided Click Next to continue Select one of the following m Use the virtual machine name if you want the desktops in the pool to derive their name from the name assigned to each desktop virtual machine during deployment from View Manager This is the recommended option m Use a specific name if you want each desktop to derive their name from a predefined label If you choose this option it is recommended that you also select Append a numeric value to ensure uniqueness Click Next Enter the license number for the View Manager desktop operating system in the Product ID field and specify if this is a single or multiple seat license Click Next 75 View Manager Administration Guide 76 10 11 12 Enter and confirm the local administrator password in the fields provided Click Next Select the local time zone from the drop down list Click Next Optional You are presented with the opportunity to provide one or more command prompt instructions that will be executed the first time a user connects Enter a command in the field provided and click Add Repeat as necessary When you have finished click Next Specify the type of settings you would like to use for your network interface The recommended selection is Typical settings Click Next
169. mmunications click Server Certificate You are presented with the Web Server Certificate wizard Click Next Select Export the current certificate to a pfx file Click Next Specify a filename for the file you want to export Click Next Enter and confirm a password that will be used to encrypt the information you want to export Click Next You are shown a summary of the certificate you are about to export Ensure that the information is correct and that you have selected the correct certificate and click Next gt Finish 105 View Manager Administration Guide The certificate is exported to the specified location You must now carry out the procedure described in To configure the View Connection Server to use the new certificate on page 104 Ensure that the keypass entry in the locked properties file corresponds to the password you used when exporting the certificate Smart Card Authentication Some organizations require personnel to pass multiple stages of authentication before allowing them to connect to their systems View provides support for high security environments by offering smart card authentication of client sessions Smart card authentication works by presenting a trusted set of client credentials a user certificate to View Connection Server A user certificate is an encrypted set of authentication credentials that includes the digital signature of the trusted root Certificate Authority CA that issued the ce
170. mple to display the full list of commands enter the following C Program Files VMware VMware View Client bin wswc To launch View Client in fully scripted mode that is with all connection user and desktop criteria provided enter the following C Program Files VMware VMware View Client bin wswc serverURL lt server gt userName lt username gt password lt password gt domainName lt domain gt desktopName lt desktop gt Table 5 1 describes the command line options you can use when you launch View Client Table 5 1 View Client Command Line Options Property Description file lt xxx gt Text file with additional command line parameters See View Client Configuration File on page 117 noninteractive Used to suppress error message boxes in fully scripted startup languageId lt xxx gt Provides localization support for different languages in View Client If a resource library is available you can specify the Windows language ID to use For US English enter 0x409 VMware Inc 115 View Manager Administration Guide 116 Table 5 1 View Client Command Line Options Continued Property desktopLayout lt xxx gt Description Layout of the View Client window that a user sees when logging in to a View desktop The layout choices are m fullscreen m multimonitor m windowLarge m windowSmall This property requires the desktopName property to be supplied desktopName lt
171. n Logoff Session and Reset Virtual Machine options become available Option Description Disconnect Session The user is disconnected but their session remains active Logoff Session The user is disconnected and their session is logged off Reset Virtual Machine The desktop is shutdown and restarted without a graceful logoff and disconnection Select the appropriate option and click OK in the confirmation window VMware Inc Chapter 4 Virtual Desktop Deployment Disabling View Manager and Deleting Objects If you want to prevent users from accessing their desktops you can disable the View Connection Server to prevent clients from logging in Currently logged in users are not affected when you disable the View Connection Server Disabling the View Connection Server is useful if you need to take it out of service for any reason When a View Connection Server is disabled end users who attempt to log in see a message stating that the connection failed and that View Connection Server is currently disabled To enable or disable a View Connection Server instance 1 Click the Configuration button 2 Select the View Connection Server from the list of servers and click Enable or Disable Disabling a View Connection Server does not affect the current active desktop sessions nor will it prevent new desktop sessions from being established Deleting View Manager Objects Delete View Manager objects vCenter Server connections Vie
172. n broker A server that allows connections between remote users and virtual desktops and provides authentication and session management The View Connection Server is a type of connection broker D datastore Virtual representations of combinations of underlying physical storage resources in the datacenter A datastore is the storage location for example a physical disk a RAID or a SAN for virtual machine files VMware Inc 223 View Manager Administration Guide desktop See virtual desktop desktop virtual machine See virtual desktop desktop pool A pool of virtual machines that an administrator designates for users or groups of users See also persistent desktop pool non persistent desktop pool DMZ demilitarized zone A logical or physical subnetwork that connects internal servers to a larger untrusted network usually the Internet and provides an additional layer of security and gives administrators more control over who can access network resources DNS Domain Name System An Internet data query service that translates host names into IP addresses Also called Domain Name Server or Domain Name Service F FQDN fully qualified domain name The name of a host including both the host name and the domain name For example the FQDN of a host named esx1 in the domain vmware com is esx1 vmware com G guest See guest operating system guest operating system An operating syst
173. n only use up to approximately 1 5GB of memory per process You can edit the Windows registry to increase the JVM heap size on Windows Server computers on which View Connection Server is installed With a 1GB JVM heap size View Connection Server can support approximately 1 500 concurrent View desktop sessions y CAUTION Do not allocate a JVM heap size greater than 1 5GB If you do the View Connection Server service fails to start You must increase the JVM heap size each time that you install or upgrade the View Connection Server software To increase the JVM heap size on Windows Server computers 1 On the Windows Server computer start the Windows Registry Editor a Select Start gt Command Prompt b At the command prompt type regedit 46 VMware Inc Chapter 2 Installation 2 Inthe registry locate the correct subkey and click JvmOptions HKEY_LOCAL_MACHINE SOFTWARE VMware Inc VMware VDM Plugins wsnm tunneLService Params 3 Click Edit gt Modify A Windows dialog box displays an entry like the following example Xms128m Xmx512m Dsimple http poller simple http GranularPoller Dsimple http connect configurator com vmware vdi front SimpleConfigurator 4 Edit the Xmx parameter to have the value Xmx1024m The dialog box displays the following entry Xms128m Xmx1024m Dsimple http poller simple http GranularPoller Dsimple http connect configurator com vmware vdi front SimpleConfigurator 5 Click
174. n the system that will host the agent where xxx is the build number of the file VMware viewagent e x p xxx exe The installation wizard opens Click Next Accept the VMware license terms and click Next Select your custom setup options Accept or change the destination folder and click Next In the Register with View Connection Server window specify a server name or IP address The IP address can be a standard or replica View connection server instance Provide your administrator log in credentials to register this machine with the View connection server and click Next You can log in as the current user If you select this option the Username and Password fields are disabled You can specify administrator credentials Specify the user name and password of the View connection server s administrator Your installation choices appear Click Next to confirm and continue with the installation Click Install to begin the installation process After the process is complete click Finish The unmanaged desktop source is now ready for use Add and Change Desktop Sources Perform an end to end configuration on desktop sources to ensure that installation and configuration issues can be easily resolved This section refers to both individual desktops and desktop pools To add an unmanaged individual desktop 1 2 VMware Inc Ensure that you have the appropriate login credentials and log in to View Administrator
175. nager Administration Guide You can also select or deselect the following features If you want to allow users to download a copy of their virtual desktops from the View Connection Server for use on a local computer such as a laptop install the Offline Desktop component Offline Desktop is not supported with vSphere 4 Offline Desktop is an experimental feature Refer to System Requirements on page 14 for more information about experimental features If virtual desktop users need to access locally connected USB devices with their virtual desktops install the USB Redirection component NOTE Windows 2000 does not support USB redirection If you want to enable single sign on SSO install the View Secure Authentication component If enabled when users log in to View Client they are not prompted to re enter their authentication information to log in to their virtual desktops If you want to enable users to print to any printer available to their client systems without first installing additional drivers on their virtual desktops install the Virtual Printing component See Virtual Printing on page 117 If you want to allow users to connect using the PCoIP display protocol install the PCoIP Server component PCoIP provides an optimized PC experience for the delivery of images audio and video content for a wide range of users on the LAN or across the WAN NOTE On Windows Vista if you install the PCoIP Server comp
176. nd click Next Pool Type Description Persistent Desktops in this type of pool are allocated statically in order to ensure that users connect to the same system each time they log in Desktop assignment takes place the first time the user connects Non persistent Desktops in this type of pool are allocated dynamically when the user logs in and are returned to the pool when the user disconnects Specify the source type of the guest system by selecting either vCenter virtual machine or Other sources Click Next From the list provided select the vCenter Server server that will be used by this desktop Click Next Enter the Unique ID and optionally the Display name and Description The unique ID is used by View Manager to identify the desktop pool and is the name that the user sees when logging in The unique ID and display name can be arbitrary but if you do not specify a display name the unique ID is used for both If your installation has multiple VirtualCenter or vCenter Servers see Uniqueness of Unique ID on page 214 NOTE You can use any alphanumeric character including spaces to provide an optional description The description can be up to 1024 characters in length and is only visible from within View Administrator Once you have provided the desktop identification details click Next Configure the desktop properties and click Next V CAUTION If you are using a Windows Vista virtual machine you mu
177. ndard Edition with SP2 m Windows Server 2003 Standard Edition with SP2 m Windows Server 2003 R2 Enterprise Edition with SP2 m Windows Server 2003 Enterprise Edition with SP2 Prerequisites View Connection Server has the following prerequisites m A valid license key for View Manager The following types of license are available m View Manager m View Manager with View Composer m View Manager with View Composer and Offline Desktop m VMware virtualization environment m VMware vSphere 4 Update 1 Update 1 is required m VMware Infrastructure 3 5 Update 3 or Update 4 is recommended Update 5 is not supported VMware Inc 15 View Manager Administration Guide m VMware Infrastructure 3 0 2 is supported m Both ESX and ESXi hosts are supported m vCenter is required NOTE To use the View Composer feature VMware vSphere 4 Update 1 or VMware Infrastructure 3 5 Update 3 or Update 4 is required To use the Offline Desktop experimental feature VMware Infrastructure 3 5 Update 3 or Update 4 is required Offline Desktop is not supported with vSphere 4 Host operating systems for standard or replica View Connection Server instances are joined to an Active Directory domain The following versions of Active Directory are supported m Windows 2000 Active Directory m Windows 2003 Active Directory m Windows 2008 Active Directory NOTE View Connection Server does not make nor require any schema or configuration updates to Act
178. ng to take effect Resolution of each monitor If you are using PCoIP select the pixel dimensions of the highest resolution monitor Note You must power off and then power on existing virtual machines for this setting to take effect Adobe Flash quality Select the quality level of Adobe Flash animations displayed in View Client from the drop down menu Lower quality levels might result in faster display refresh due to lower bandwidth usage Adobe Flash throttling Select the throttling level for Adobe Flash animations displayed in View Client from the drop down menu Higher levels of throttling might result in lower bandwidth usage by reducing the frame rate of all Adobe Flash animations NOTE Properties for offline desktops do not take effect until the desktops are checked back in 84 VMware Inc Chapter 4 Virtual Desktop Deployment From the list provided select the virtual machines or physical systems you want to use add to the pool Click Next You are presented with a summary of the configuration settings for this deployment m Ifyou are unsatisfied with any aspect of the configuration you can use the Back button to revisit any previous page m Ifyou are satisfied with the configuration click Finish to deploy the individual desktop Once the deployment has been initiated you can monitor the progress of the manual desktop pool by selecting either the Desktops and Pools or Desktop Sources tabs in
179. nnection Server to use when communicating with View Client PCoIP Provides an optimized PC experience for the delivery of images audio and video content for a wide range of users on the LAN or across the WAN Microsoft RDP A multi channel protocol that allows a user to connect to a computer running Microsoft RDC Allow users to override the default protocol Select if you want to allow users to override the default display protocol from within View Client Max number of monitors If you are using PCoIP select the maximum number of monitors on which users can display the desktop Note You must power off and then power on existing virtual machines for this setting to take effect Resolution of each monitor If you are using PCoIP select the pixel dimensions of the highest resolution monitor Note You must power off and then power on existing virtual machines for this setting to take effect Adobe Flash quality Select the quality level of Adobe Flash animations displayed in View Client from the drop down menu Lower quality levels might result in faster display refresh due to lower bandwidth usage Adobe Flash throttling Select the throttling level for Adobe Flash animations displayed in View Client from the drop down menu Higher levels of throttling might result in lower bandwidth usage by reducing the frame rate of all Adobe Flash animations VMware Inc Chapter 4 Virtual Desktop Deployment 7
180. nneled connection Smart card authentication The drop down menu associated with this property provides the following options Not allowed Smart card authentication is disabled Optional Users may use smart card authentication to connect but password authentication is also permitted Failure to authenticate using smart card authentication will require that password authentication is used instead m Required Users may only connect using smart card authentication To configure the smart card removal policy if it is allowed m Select the Disconnect user sessions on smart card removal check box if you want users to be disconnected from the View Connection Server instance when they remove their smart cards Users must then reauthenticate to gain access to their View desktops m Deselect this check box to allow users to remain connected to the View Connection Server instance when they remove their smart cards Users can start new View desktop sessions without reauthenticating The smart card removal policy does not apply to users who connect to the View Connection Server instance with the Log on as current user check box selected even if they log in to their client system with a smart card You must restart the View Connection Server service for changes to smart card settings to take effect Currently logged in users are not affected by changes to smart card settings See Smart Card Authentication on page 106 for m
181. ny alphanumeric character including spaces to provide an optional description The description can be up to 1024 characters in length and is only visible from within View Administrator Once you have provided the desktop identification details click Next Configure the desktop properties and click Next Property Parameter Description State Enabled after being created the desktop pool is automatically enabled and ready for immediate use Disabled after being created the desktop pool is disabled and unavailable for use This is an appropriate setting if you want to conduct post deployment activities such as testing or other forms of baseline maintenance When VM is notin use Do nothing VM remains on Virtual machines that are powered off will be started when required and will remain on even when not in use until they are shut down Always on ensure VM is always powered on All virtual machines in the pool remain powered on even when they are not in use If they are shut down they will immediately restart Suspend VM AIl virtual machines in the pool enter a suspended state when not in use Power off VM AII virtual machines in the pool shut down when not in use Power policy is described in more detail in Power Policy on page 179 Automatic logoff after This option is only displayed when you have selected a virtual disconnect machine as the guest system Immediately users are logged off as so
182. o handle local multimedia decoding Available options are Allow and Deny Pool and user level policies may also Inherit their default settings from their parent Note MMR will not work correctly if the client video display hardware does not have overlay support MMR policy does not apply to Offline Desktop sessions The default is Al Low VMware Inc 183 View Manager Administration Guide 184 The View Manager policies that relate specifically to Offline Desktop sessions are described in Table 8 7 Table 8 7 Client Policies for Offline Desktop Property Offline Desktop Description Specifies if desktops can be checked out for local use Available options are Allow and Deny Pool and user level policies may also Inherit the default setting from their parent The default is Al Low User initiated Rollback Specifies if users are allowed to discard their offline desktop in order to revert to using the online version When this action is carried out the lock on the online desktop is released and the offline desktop is abandoned the local folder that contains the offline desktop data can then be manually removed and deleted if necessary Available options are Allow and Deny Pool and user level policies may also Inherit their default settings from their parent The default is Al Low Max time without server contact Specifies the amount of time an Offline Desktop desktop can run without succes
183. o access locally connected USB devices through their desktops deselect the USB Redirection component m If you want to require all users to provide identity and credential information to log in to a View Connection Server and again to access a View desktop deselect the Log in as current user component NOTE Windows XP Home Windows Vista Home Basic Windows Vista Home Premium and Windows 2000 do not support the Log in as current user feature m You must install the View Client with Offline Desktop component to use Offline Desktop features 174 VMware Inc 10 Chapter 7 Offline Desktop If you selected the Log in as current user component you can further configure the default behavior when users log in using View Client m Select Show in connection dialog to display the Log in as current user check box in the View Client connection dialog box When this check box is selected the identity and credential information that the user provided when logging in to the client system is passed to the View Connection Server instance and ultimately to the View desktop m Select Set default option to login as current user to have the Log in as current user check box selected by default in the View Client connection dialog box Click Next Accept the default destination folder or click Change to use a different destination folder and click Next Optional Enter the default IP address or FQDN of the server to which the client will
184. ol on page 124 NOTE Features differ according to which View Client you use This guide describes primarily View Client and View Portal for Microsoft Windows The following types of clients are not covered in detail in this guide m View Portal for Linux experimental and View Portal for Mac OS X experimental m View Client for Linux available only through certified partners m Various third party clients available only through certified partners m View Open Client which supports the VMware partner certification program View Open Client is not an official View client and is not supported as such Installing and Running View Client and View Portal 94 This section describes how to install the components required to use View Client and View Portal You must be logged in as an administrator on the client system to carry out either of these tasks The functionality offered by View Client and View Portal is derived from a common set of locally installed base components Users who have already installed View Client will be invited to install an additional ActiveX control on their browsers when they use View Portal for the first time Similarly View Portal users who do not have View Client installed will be prompted to allow the browser to automatically install the required View Client components the first time they connect online An expedient way of installing the View Client application is to visit the View Portal page
185. omain for example domain com the user name including the fully qualified domain name for example domain com admin and the password for the specified user NOTE The credentials provided must represent a domain account created by your Active Directory administrator that has permission to add and remove computer objects in a specified Active Directory container See Using QuickPrep for Linked Clone Desktop Deployment on page 137 The settings you enter are not validated by View Composer The added domains and associated user credentials are used by View Composer to join linked clones to a domain Click Add gt OK The View Composer user is added to the QuickPrep domains list Click OK to close the vCenter Server settings window To configure and deploy a new linked clone desktop pool 1 VMware Inc From within the View Administrator click the Desktops button and then click the Inventory tab In the Desktops pane ensure that the Desktops tab is selected and click Add You are presented with the Add Desktop wizard From here you can configure and deploy a new linked clone desktop pool Select Automated Desktop Pool and click Next Select the type of desktop pool you want to create and click Next Pool Type Description Persistent Desktops in this type of pool are allocated statically in order to ensure that users connect to the same system each time they log in Desktop assignment takes place the first ti
186. omponent you can further configure the default behavior when users log in using View Client m Select Show in connection dialog to display the Log in as current user check box in the View Client connection dialog box When this check box is selected the identity and credential information that the user provided when logging in to the client system is passed to the View Connection Server instance and ultimately to the View desktop Select Set default option to login as current user to have the Log in as current user check box selected by default in the View Client connection dialog box Click Next Accept the default destination folder or click Change to use a different destination folder and click Next 95 View Manager Administration Guide 96 10 Optional Enter the IP address or FQDN of the server to which the client will connect and click Next Configure shortcuts for the View Client and click Next To launch View Client when installation is completed select the check box Click Install gt Finish To start View Client 1 If View Client does not start automatically after installation double click the desktop shortcut or click Start gt Programs gt VMware gt VMware View Client In the Connection Server drop down menu enter the host name or IP address of a View Connection Server Optional If the Log in as current user check box is displayed you can select this check box to use the credentials that yo
187. omputer to View Agent when a user connects to a View desktop enable the CommandsToRunOnConnect group policy setting and add the command ViewClient_IP_Address to the setting s list of commands See Group Policy Objects on page 186 for more information Table 5 2 lists the information sent to the guest machine agent for each client type Third party certified clients can also provide client information Table 5 2 Client Information Available in the Desktop Wyse Client Information Windows ThinOS_ Linux Description ViewClient_IP_Address x X x The IP address of the client device ViewClient_MAC_Address x x x The MAC address of the client device ViewClient_Machine_Name x x x The machine name of the client device VMware Inc 121 View Manager Administration Guide Table 5 2 Client Information Available in the Desktop Client Information Windows Wyse ThinOS Linux Description ViewCLient_Machine_ x x The domain of the client device Domain ViewCLient_LoggedOn_ x x The user name that was entered in Username View Client ViewCLient_LoggedOn_ x The domain that was entered in View Domainname Client ViewClient_Type X X X The thin client name or operating system type of the client device ViewClient_Broker_DNS_ x X x The DNS name of the View Name Connection Server ViewCLlient_Broker_URL The View Connection Server URL ViewClient_Broker_ The tunnel status of the View Tunneled Connection Ser
188. on While working locally users can backup their data to the server at any time 3 When the user checks the virtual machine back in to the server the online data is updated and the server lock is released Subsequent View Client with Offline Desktop connections will be directed to the online desktop until the virtual machine is checked out once more Offline Desktop Licensing and vCenter Server Access The availability of the Offline Desktop feature is determined by your View Connection Server license type In order to use the administrative and client components associated with Offline Desktop your license must include this feature as part of its coverage NOTE You can examine your Offline Desktop license status by referring to the License section in the Configuration view of View Administrator Desktops can only be checked out from vCenter Server if the vCenter Server user specified in View Manager is an administrator Ensure that the vCenter Server user has administrative rights before attempting to use Offline Desktop NOTE You can examine the vCenter Server user or users currently assigned to View Manager by referring to the vCenter Servers box in the Configuration view of View Administrator Storage Communications and Security The time taken for an initial desktop check out will be longer than subsequent check in and check out actions as an entire virtual machine clone must first be downloaded onto the clien
189. on as they disconnect Never users are never logged off After the time after which users are logged off when they disconnect Enter the duration in minutes in the field provided Allow users to reset Select if you want to allow desktop users to reset their own their desktop desktops without administrative assistance VMware Inc Property Default display protocol Chapter 4 Virtual Desktop Deployment Parameter Description Select the display protocol that you want View Connection Server to use when communicating with View Client PCoIP Provides an optimized PC experience for the delivery of images audio and video content for a wide range of users on the LAN or across the WAN PCoIP is supported as the display protocol for individual desktops with virtual machines and with physical machines that contain Teradici host cards Microsoft RDP A multi channel protocol that allows a user to connect to a computer running Microsoft RDC HP RGS See Using HP RGS Display Protocol on page 124 HP RGS is supported as the display protocol for HP Blade PCs HP Workstations and HP Blade Workstations but not for virtual machines Allow users to override the default protocol Select if you want to allow users to override the default display protocol setting from within View Client Max number of monitors If you are using PCoIP select the maximum number of monitors on which users can display the desk
190. on desktops immediately before they are powered off You can provide the path to each type of script which must reside on the Parent VM during the final stage of the initial linked clone desktop deployment QuickPrep is responsible for ensuring that these scripts are executed during either scenario Preparing vCenter Server for View Composer Before carrying out a linked clone desktop deployment you must configure the VMware vCenter Server to prepare it for creating replicas and linked clone desktops from a Parent VM using the View Composer service m The View Composer service must be installed locally on the vCenter Server m You can deploy a linked clone desktop pool on a cluster that contains ESX ESXi 4 hosts mixed with ESX ESXi 3 5 hosts until you set vSphere mode m Your Active Directory administrator must create a user with the requisite level of authority to be used by the View Composer service to create linked clone desktops and add them to your domain See Using QuickPrep for Linked Clone Desktop Deployment on page 137 VMware Inc 137 View Manager Administration Guide 138 If the vCenter Server user used by View Manager is not an administrator you must extend their role to incorporate vCenter Server privileges required by the View Composer Service If an available resource pool does not already exist within vCenter Server you must create one on the ESX host or cluster in which you want to store the linked clone de
191. on the replica server is initialized from an existing View Connection Server During replica installation an agreement is established that ensures every View Connection Server in the replicated group shares the same configuration data Whenever a change is made to View LDAP data on one system the updated information is automatically proliferated across every other replica server within the group NOTE This replication functionality is provided by LDAP which uses the same replication technology as Active Directory VMware Inc Chapter 2 Installation In order to install a replica there must be at least one View Connection Server instance already present on your network Replica servers can use either a standard server or another replica server to initialize their data Once initialized the behavior and functionality of the replica server is identical to that of a standard server and offers identical functionality In the event of server failure the other servers in the replicated group will continue to operate If the failed server resumes activity its configuration data is automatically updated to reflect any changes that may have taken place during the outage Figure 2 1 shows two instances of View Connection Server operating as a replicated group Figure 2 1 Multiple Replica Servers View Client network ECE EIEL View Connection Servers VirtualCenter Management Server Microsoft Active Directo
192. one desktop pool 1 From within the View Administrator click Desktops and Pools to display the desktop page Ensure that the Inventory tab is selected in the left pane and select the desktop pool you want to recompose Select one of the following options m Torecompose the entire desktop pool ensure that the Summary tab is selected in the right pane m To recompose the desktops assigned to specific users in the desktop pool ensure that the Users and Groups tab is selected in the right pane If you want to recompose the desktop of one or more assigned users select the corresponding check boxes You do not need to do this if you want to recompose the desktops of all assigned users m To recompose specific desktop sources in the pool ensure that the Desktop Sources tab is selected in the right pane If you want to recompose multiple desktops select the corresponding check boxes You do not need to do this if you want to recompose all the desktops in the pool Click Edit Image You are presented with the Edit Image wizard Select the Recompose option and click Next If you selected the Users and Groups tab you can now filter your user selection Select All users if you want to execute a global recomposition against all assigned users in the desktop pool If you selected one or more users you can select The following users if you want the recomposition to apply only to specific users within the selected group m Ifyou selec
193. onent the Windows group policy Disable or enable software Secure Attention Sequence is enabled and set to Services and Ease of Access applications If you change this setting single sign on will not work correctly 5 Accept or change the destination folder and click Next 6 Click Install to begin the installation process 7 After the process is complete click Finish 70 VMware Inc Chapter 4 Virtual Desktop Deployment Using the View Agent on Virtual Machines with Multiple NICs For guest systems with more than one virtual NIC you must configure the subnet that the View Agent will use This determines which network address the View Agent provides to the View Connection Server for client RDP connections To configure this subnet create the following registry string in the virtual machine on which the View Agent is installed where n n n n is the TCP IP subnet and m is the number of bits in the subnet mask HKLM Software VMware Inc VMware VDM Node Manager subnet n n n n m CREG_SZ Individual Desktops Individual desktops are single virtual machines that contain View Agent and can be accessed remotely by View Manager clients Users entitled to use this type of desktop will always access the same system each time they connect Individual desktops are appropriate for users who require a single unique dedicated desktop or for hosting a costly application with a single host license that needs to be accessed by multiple use
194. ools tagged as Internal because they log in through the View Connection Server tagged as External Similarly you can use restricted entitlements to control desktop access based on the user authentication method that you configure for a particular View Connection Server instance For example you can make certain desktops available only to users who have authenticated with a smart card The restricted entitlements feature only enforces tag matching You must design your network topology to force certain clients to connect through a particular View Connection Server instance VMware Inc Chapter 4 Virtual Desktop Deployment Understanding Tag Matching The restricted entitlements feature uses tag matching to determine whether a View Connection Server instance can access a particular View desktop or desktop pool At the most basic level tag matching determines that a View Connection Server instance with a specific tag can access a desktop or desktop pool that has the same tag The absence of tag assignments can also affect whether a View Connection Server instance can access a desktop or desktop pool For example View Connection Server instances that do not have any tags can only access desktops and desktop pools that also do not have any tags Table 4 1 shows how the restricted entitlement feature determines when a View Connection Server can access a desktop or desktop pool Table 4 1 Tag Matching Rules View Connection Se
195. op After you are connected the client window appears Users can determine if a desktop is eligible for checkout by right clicking it in the list provided by View Client with Offline Desktop to display its context menu If the desktop can be used offline the Check out option is displayed NOTE Only the user who checks out the desktop can access it even if the desktop is entitled to a group Checking Out a Desktop When users check out a desktop for the first time they are given the opportunity to specify where the downloaded virtual machine should reside on their local system After the check out begins the download progress is provided by an on screen indicator NOTE Users can pause or cancel the check in or check out process whenever data is being moved between the online and offline context by right clicking the entry to display its context menu Once the data has been downloaded user access is directed to the offline desktop until it is checked back in NOTE Users cannot use their offline desktop if they manually move the virtual machine data on their system to an alternate location or onto a different system Offline Desktop Status 176 You can examine all current offline sessions at the global or desktop pool level by clicking the Desktops and Pools button and then selecting the Offline Sessions tab either for all desktops or for a specific pool in View Administrator This view presents you with a p
196. op Pools 81 Deploying a Manual Desktop Pool 82 Entitling a Desktop or Pool 85 Restricting View Desktop Access 86 Searching Desktops and Entitled Users and Groups 89 Working with Active Sessions 90 Disabling View Manager and Deleting Objects 91 Deleting View Manager Objects 91 5 Client Management 93 Installing and Running View Client and View Portal 94 View Client Policies 97 Client Connections from the Internet 97 Setting an External URL for View Connection Server 97 Security Server External URLs 99 4 VMware Inc Contents Creating SSL Server Certificates 99 Creating an SSL Certificate 101 Validating the SSL Certificate 102 Using Existing SSL Certificates 105 Exporting from Microsoft IIS Server 105 Smart Card Authentication 106 Smart Card Hardware 106 Obtaining a Root Certificate 107 Adding a Root Certificate to Trusted Roots on Active Directory 108 Creating a Truststore 109 Enabling Smart Card Authentication on the Server 110 Verifying the Smart Card Authentication Configuration 111 Configuring a Standard or Replica Server 112 Configuring User Profiles 113 RSA SecurID Authentication 114 Node Secret Reset 115 View Client Command Line Options 115 View Client Configuration File 117 Virtual Printing 117 Virtual Printing and USB Printing 119 Adobe Flash Bandwidth Reduction 119 Setting Adobe Flash Quality and Throttling 120 Overriding Bandwidth Reduction Settings in the Desktop 121 Client Computer Information 121 Using PCoIP Display
197. or the purpose of client smart card authentication To add smart card authentication to View Connection Server 1 Copy the truststore file you previously created lt truststore_filename gt to the following location on View Connection Server C Program Files VMware VMware View Server ssLgateway conf 2 Create a text file called locked properties that contains the following entries trustKeyfile lt truststore filename gt trustStoretype JKS useCertAuth true The value for trustKeyfile must correspond to that of lt truststore filename gt You must restart the View Connection Server service for these changes to take effect NOTE Once a standard or replica View Connection Server has been configured you will be prompted to choose a certificate when logging in to View Portal or to View Administrator on that server VMware Inc Chapter 5 Client Management Verifying the Smart Card Authentication Configuration After you set up smart card authentication for the first time or when smart card authentication is not working correctly you should verify your configuration To verify configuration of smart card authentication VMware Inc Verify that each client system has View Client smart card middleware a smart card with a valid certificate and a smart card reader See the documentation provided by your smart card vendor for information on configuring smart card software and hardware On each client system sele
198. ore information about the Smart Card authentication feature VMware Inc Chapter 3 View Administrator Table 3 3 View Server Settings Continued Property Description RSA SecurID 2 Factor The properties in this group determine if clients connecting to Authentication View Connection Server must also use RSA SecureID in order to authenticate m Enable Determines if client authentication process requires RSA SecureID credentials m Enforce SecurID and Windows user name matching Determines if RSA SecurID user names must match the user names stored in Active Directory Clear node secret Clear the node secret on View Agent m Upload RSA authentication agent configuration file sdconf rec Click the Browse button to select and upload the sdconf rec file exported from RSA Authentication Manager for this server Refer to RSA SecurID Authentication on page 114 for more information about this feature and also to the supporting documentation for partners provided by RSA at http www rsa com rsasecured VMware Inc 59 View Manager Administration Guide Table 3 3 View Server Settings Continued Property Description View Manager To preserve your configuration information View Manager Configuration Backup allows you to back up the contents of the View LDAP repository used by all View Connection Servers in your environment The properties in this property group determine the scheduling criteria for automated
199. ore information about registering desktop sources see Install View Agent on an Unmanaged Desktop Source on page 206 Review the information in Ready to Complete and click Finish to accept it or Back to make corrections Click Finish The desktop is added and appears in the main Desktops page VMware Inc Chapter 9 Unified Access Enable or Disable a Desktop You can only access desktops that are enabled To enable or disable a desktop 1 2 On the Desktops tab select a desktop and click Enable Disable If the desktop is currently enabled you can disable it and if it is currently disabled you can enable it Select Enable Desktop or Disable Desktop as applicable and click OK Entitle Users and Groups to a Desktop After desktops or desktop pools are added you must entitle them so that they are accessible to users and groups A desktop can be assigned to multiple users or multiple user groups To entitle users and groups 1 2 3 On the Desktops tab select a desktop or desktop pool and click Entitle In the Entitlement window click Add to add users or groups Specify the search criteria to retrieve a list of users or groups and click Find Now A list of users or groups or both are displayed Select the users or groups to entitle to use this desktop source and click OK The users or groups appear in the Entitlement window Select the users or groups and click Remove to stop them from accessing the
200. ormation is passed to View Connection Server in order to ensure that all trusted domains are available to the client on login This property is enabled by default When disabled only directly trusted domains are enumerated and connection to remote domain controllers does not take place Note In environments with complex domain relationships such as those that use multiple forest structures with trust between domains in their forests this process can take a few minutes to complete Table 8 9 View Agent Configuration Properties Agent Configuration Property AllowDirectRDP Description Determines if non View clients can connect directly to desktops using RDP When disabled the agent will only permit View Manager managed connections via View Client or View Portal If the View Secure Authentication component was not provided when View Agent was installed on a desktop this policy has no effect on that desktop This property is enabled by default 188 VMware Inc Chapter 8 Component Policies Table 8 9 View Agent Configuration Properties Agent Configuration Continued Property AllLowSingleSignon Description Determines if single sign on SSO is used to connect users to View Manager desktops When enabled users are only required to enter their credentials when connecting to View Client or View Portal When disabled users must reauthenticate when the remote connection is made This property requires
201. oups Inventory view 1 2 VMware Inc From within View Administrator click the Users and Groups button In the Global user and group view field on the right side of the page click the Entitled Users and Groups Active Sessions tab or if available Offline Sessions Click the down arrow to the left of the search field and select the check boxes for the appropriate columns Click Done Enter search text and click Find 89 View Manager Administration Guide To search categories in the Entitled Users and Groups Search view 1 From within View Administrator click the Users and Groups button and click the Search tab on the left side of the page In the Search for users and groups field enter search text Select or deselect Name Email Display name or Domain to search within that category Click Search Working with Active Sessions After users connect to a desktop active sessions are listed in the inventory You can view active sessions on the Inventory page To view disconnect or restart active sessions 1 90 From within View Administrator click the Desktops and Pools button and click the Inventory tab on the left side of the page In Global desktop and pool view click Active Sessions From this view you can view the user desktop ID DNS name start time duration and session state connected or disconnected for each active session Click anywhere in an active session The Disconnect Sessio
202. oups view is divided into two parts a left pane that contains an Inventory and a Search tab and a right pane that provides either global or pool level information about the users currently entitled When the Inventory tab is selected the left pane provides an alphabetic list of all the users under the top level Global users and group view entry This entry is global in scope When selected it changes the context of the right pane to cover all the users available For example when this entry is selected the Active Sessions tab in the right pane lists all the active sessions for all View Manager users If any users or groups are present they are listed beneath the Global users and group view entry Selecting an individual user or group entry changes the context of the right pane to provide information specifically about that user or group For example when an entry in this list is selected the Active Sessions sub tab in the right pane lists all the active sessions for that user or for any user in the group The tabs in the right pane are described in Table 3 2 Tab visibility is indicated by the entry or entries in the Context column of this table m User the tab is visible when an individual user is selected m User Group the tab is visible when a desktop pool entry is selected m Global the tab is visible when the Global users and group view entry is selected m All the tab is visible in all of the above contexts Table 3 2
203. ources m Microsoft IIS server running Microsoft Certificate Services The procedure for installing Microsoft IIS issuing certificates and distributing them in your organization exceeds the scope of this guide Refer to the following Web resources to learn more about these tasks m How to Install IIS on Windows Server 2003 http technet microsoft com library aa998483 aspx m Managing Microsoft Certificate Services http technet microsoft com library bb727098 aspx m The public root certificate of a trusted third party CA This is the more likely source in environments with a pre existing smart card infrastructure and a standardized approach to smart card distribution and authentication for example governmental or military establishments Once you have determined the correct certificate to be used the signing chain will list a series of signing authorities Usually the best certificate to select is the intermediate authority immediately above the user certificate Check that this is not used to sign other certificates on the card Exporting a Root Certificate from a User Certificate If you do not have the root certificate of the CA but have been provided with a CA signed user certificate or a smart card that contains one you can export the root certificate from this information if the root certificate is trusted by your system NOTE If you have been provided with a smart card that contains a user certificate insert the smar
204. ovides centralized management and configuration of computers and remote users in an Active Directory environment Policy properties are contained within entities called Group Policy Objects GPOs and can be configured by using the Group Policy editor features provided by Active Directory VMware Inc Chapter 8 Component Policies GPOs can be applied to View Manager components at a domain wide level in order to provide granular control over various areas of the View Manager environment Once applied GPO properties are stored in the local Windows registry of the specified component In order to minimize the administrative overhead of creating bespoke polices a number of component specific GPO templates are provided with View Connection Server that can be imported into Active Directory The template files that accompany View Manager are described below m vdm_agent adm contains properties relating to the authentication and environmental components of a client desktop controlled by View Agent m vdm_client adm contains properties relating to the configuration parameters of View Client NOTE Clients connecting from outside the View Connection Server domain are unaffected by any GPOs applied to the View Client component m vdm_server adm contains properties relating to View Connection Server m vdm_common adm contains properties relating to all components of View Manager The GPO template files are stored in the following location C
205. pabilities of the host the host system must be at least as capable as the guest in order to run the View Manager desktop You cannot download a desktop if another user is currently logged in to that desktop ESX supports two simultaneous desktop checkouts ESXi supports five simultaneous desktop checkouts Host CD ROM redirection is not supported When a desktop is checked out NAT is used for network communications The MAC address of the offline system remains the same as its online equivalent As with RDP you can copy and paste text between host and guest systems However you cannot copy and paste system objects such as folders and files between systems Local drives are automatically mounted on the guest system Once a desktop is checked out on a client system any changes made within View Administrator to the desktop or desktop pool settings will only be applied after the desktop has been checked in again Installing and Running View Client with Offline Desktop In order to access an offline desktop users must first download a copy of the online virtual machine to their local system using the View Client with Offline Desktop application You cannot install View Client with Offline Desktop on any system that has the following applications installed VMware Inc VMware Workstation VMware ACE VMware Player VMware Server 173 View Manager Administration Guide The above applications must be uninstalled prior to inst
206. perties default to those exhibited by the security server the server settings themselves can be explicitly configured using the serverName serverPort and serverProtocol properties If these values are explicitly set the port and protocol values should correlate between client and server One scenario where you may need to specify different port and protocol settings is where an intermediary SSL accelerator exists between the client and security server In an arrangement such as this the cLientPort and clientProtocol could be set to 443 and https but the back end communications between the accelerator and the server could take place over http using port 80 222 VMware Inc Glossary A Active Directory A Microsoft directory service that stores information about the network operating system and provides services Active Directory configures and manages users and groups and enables administrators to set security policies control resources and deploy programs across an enterprise active session A live connection from a View Client or View Portal user to a virtual desktop An established connection to a virtual desktop that has not timed out administrator user interface The Web based administrator user interface used to perform configuration and management tasks in View Manager Also known as the View Administrator B broker Also known as a connection broker The View Connection Server is a type of connection broker Cc connectio
207. r 2 Installation This command creates a file called vdmconfig 1df that contains the exported View LDAP configuration information LDIF data is imported into View Manager using LDIFDE a utility included with Windows Server 2003 that supports batch operations based on the LDIF file format standard To import View Manager configuration data From the command prompt on a standard or replica View Connection Server change to the LDAP directory and execute the following commands cd C windows adam LDIFDE i f vdmconfig 1ldf s 127 0 0 1 z This command imports a file called vdmconfig Ldf that contains previously exported View LDAP configuration data NOTE The default LDIFDE in C Windows System32 does not include the required z parameter Optimizing Your Installation To support a large deployment of View Manager desktops you can optimize the Windows Server computers on which you install View Connection Server On each computer you can optimize the ephemeral ports TCB hash table size Java Virtual Machine settings and Windows page file size For hardware and memory requirements for View Connection Server see System Requirements on page 14 Ephemeral Ports View Manager uses ephemeral ports to establish TCP connections between View Connection Server and the View desktops that it administers To support a large View desktop deployment you can increase the number of available ephemeral ports An ephemeral port is
208. r manages the connections between users and their virtual desktops When users connect to View Manager the virtual desktops they are authorized to access are displayed m Smart pooling capabilities A range of persistent and non persistent pooling capabilities simplifies the provisioning and management of centralized desktops 12 VMware Inc VMware Inc Chapter 1 Introduction Flexible deployment options View Manager components can be deployed in a variety of configurations and to different parts of the network which improves security scalability and reliability In addition multiple vCenter Servers are supported and View Manager can scale horizontally to support many virtual desktops High availability Servers can be clustered for high availability and scalability with automatic failover These servers can also leverage industry standard load balancing solutions Integration with Microsoft Active Directory Connection to Active Directory allows you to locate user and user group accounts and use authentication features in order to control which users can access virtual desktops Seamless integration with VMware vSphere Works with VMware vCenter Server to provide advanced virtual desktop management capabilities such as automatic suspend and resume which reduces the memory and processing power required to host virtual desktops By leveraging the capabilities of VMware vSphere desktops can run even when server
209. r user from within vCenter Server NOTE Administrative users in vCenter Server have all the requisite permissions enabled by default Assign the View Manager administrator the role of administrator for a datacenter or cluster where pools will be created so that they can make the required changes To create the View Manager role for a vCenter Server user 1 From vSphere Client click Administration gt Roles 2 Click Add Role to display the Add Role dialog box 3 Enter a unique name for the new role View Administrator for example 4 Inthe list of Privileges expand Folder and select Create Folder and Delete Folder 5 Expand Virtual Machine and perform the following steps a Expand Inventory and select Create and select Remove b Expand Interaction and click Power On Power Off Suspend and Reset c Expand Configuration and select Add new disk Add or Remove Device Modify Device Settings and Advanced d Expand Provisioning and select Customize Deploy Template and Read Customization Specifications 6 Expand Resource and select Assign Virtual Machine to Resource Pool 7 Click OK The new role appears in the list of roles VMware Inc 37 View Manager Administration Guide Initial View Manager Configuration 38 Once you have installed one or more View Connection Server instances you must perform an initial configuration so that they are ready to carry out administrative tasks Configuration is carried out from within
210. reated the desktop pool is disabled and unavailable for use This is an appropriate setting if you want to conduct post deployment activities such as testing or other forms of baseline maintenance Virtual machine power policy Do nothing VM remains on Virtual machines that are powered off are started when required and remain on even when not in use until they are shut down Ensure VM is always powered on All virtual machines in the pool remain powered on even when they are not in use If they are shut down they immediately restart Suspend All virtual machines in the pool enter a suspended state when not in use Power off All virtual machines in the pool shut down when not in use Automatic logoff after disconnect Immediately Users are logged off as soon as they disconnect Never Users are never logged off After The time after which users are logged off when they disconnect Enter the duration in minutes Power off and delete virtual machine after first use Delete the virtual machine immediately after the user logs off If necessary a new virtual machine is cloned to maintain a specific pool size after virtual machines are deleted Allow users to reset their desktop Allow desktop users to reset their own desktops without administrative assistance Allow multiple sessions per user Allow individual users to simultaneously connect to multiple desktops in the same pool
211. red for Windows users who access their desktops using View Portal on Internet Explorer 6 or higher Before connecting to a Windows desktop using the View Portal on a Linux system you must install rdesktop 1 5 0 You can download rdesktop from the following location http www rdesktop org After you download rdesktop follow the instructions in the readme file Operating System Support View Portal is an experimental feature on Mac OS X and Linux operating systems See System Requirements on page 14 for more information about experimental features VMware Inc 23 View Manager Administration Guide 24 USB Support In order to use the USB redirection feature with View Portal users must first install View Client on their local system Refer to Installing and Running View Client and View Portal on page 94 for more information about this Windows 2000 does not support USB redirection Virtual Printing View Portal does not support Virtual Printing View Composer The View Composer feature requires a VMware virtualization environment m VMware vSphere 4 Update 1 m VMware Infrastructure 3 5 Update 3 or Update 4 VMware Infrastructure 3 5 Update 5 is not supported You can deploy a linked clone desktop pool on a cluster that contains ESX ESXi 4 hosts mixed with ESX ESXi 3 5 hosts until you set vSphere mode The View Composer feature is supported on the following 32 bit platforms m Windows Server 2003 Servi
212. rottling mode from the Adobe Flash throttling drop down menu 4 Click Finish The settings you configured now appear in Desktop Pool Settings pane NOTE Adobe Flash bandwidth reduction settings do not take effect until View Client reconnects with the desktop VMware Inc Chapter 5 Client Management Overriding Bandwidth Reduction Settings in the Desktop By using the mouse cursor in the desktop users can override Adobe Flash content display settings To override Adobe Flash settings in the desktop 1 In Internet Explorer browse to the relevant Adobe Flash content and start it if necessary Depending on how Adobe Flash settings are configured you might notice dropped frames or low playback quality 2 Move the mouse cursor into the Adobe Flash content while it is playing Display quality is improved as long as the cursor remains inside the Adobe Flash content 3 To retain the increase in quality double click inside the Adobe Flash content Client Computer Information You can configure the View Agent CommandsToRunOnConnect and CommandsToRunOnReconnect group policy settings to pass client computer information to View Agent when users connect and reconnect to View desktops View Agent writes this information to the registry in the View desktop With third party tools you can write custom scripts that use this information to map local printers to client computers For example to pass the IP address of the client c
213. rs at different times Individual desktops are not permanently assigned and can be entitled to and accessed by multiple users Therefore their usage model is identical to that of a physical system that is shared by multiple accredited users Deploying an Individual Desktop 1 From within the View Administrator interface click the Desktops and Pools button and then click the Inventory tab In the Desktops pane ensure that the Desktops and Pools tab is selected and click Add 2 You are presented with the Add Desktop wizard From here you can configure and deploy a new linked clone desktop pool Select Individual Desktop and click Next 3 Specify the source type of the guest system by selecting either vCenter virtual machine or Other sources Click Next 4 This step is only displayed if you have selected a virtual machine as the guest system From the list provided select the vCenter Server that will be used by this desktop Click Next VMware Inc 71 View Manager Administration Guide 72 Enter the Unique ID and optionally the Display name and Description The unique ID is used by View Manager to identify the desktop pool and is the name that clients see when logging in The unique ID and display name can be arbitrary but if you do not specify a display name the unique ID is used for both If your installation has multiple VirtualCenter or vCenter Servers see Uniqueness of Unique ID on page 214 NOTE You can use a
214. rted Desktop Types 172 Additional Considerations 172 Installing and Running View Client with Offline Desktop 173 Checking Out a Desktop 176 Offline Desktop Status 176 Client Connection 177 8 Component Policies 179 Power Policy 179 Power Policy in Automated Pools 181 Client Policies 183 Configuring and Applying Client Policies 184 Group Policy Objects 186 Application of Group Policies 187 Computer Configuration GPO 188 User ConfigurationGPO 195 9 Unified Access 203 Prepare Multiple Back End Machines to Access Remote Desktops 204 Desktop Parameters 204 6 VMware Inc Contents Install View Agent on an Unmanaged Desktop Source 206 Add and Change Desktop Sources 207 Enable or Disable a Desktop 211 Entitle Users and Groups toa Desktop 211 Add or Remove a Desktop Source 211 Change an Individual Desktop Source 212 Delete a Desktop 213 Unregister a Desktop Source 213 Uniqueness of Unique ID 214 10 Troubleshooting 215 Collecting View Manager Diagnostic Information 215 Using the View Manager Support Tool to Collect Diagnostic Information 216 Using the View Manager Support Script to Collect Diagnostic Information 216 View Composer Support 217 Updating Support Requests 219 Further Troubleshooting Information 219 Appendix The locked properties File 221 Glossary 223 Index 227 VMware Inc 7 View Manager Administration Guide 8 VMware Inc About This Book This guide describes how to install configure and use VMware
215. rtificate The user certificate is stored on the smart card and can only be retrieved and passed to the server after the user has verified their ownership by entering a personal identification number PIN Certificates are then authenticated by using a public key to verify the included digital signature the expected digital signature is contained in a trusted CA certificate that is stored on View Connection Server This following sections describe how to configure and enable this feature on View Connection Server NOTE Smart card authentication is only supported by View Client it is not supported by View Administrator View Portal or by offline desktop instances accessed through View Client with Offline Desktop Smart Card Hardware Each client system using smart card authentication will require View Client and a Windows compatible smart card reader to be installed In order to recognize and use the smart card hardware product specific application drivers must be installed on both the client systems and remote desktops Smart card profiles can vary between vendors refer to the documentation that accompanies the smart card reader for more information about how to do this 106 VMware Inc Chapter 5 Client Management Obtaining a Root Certificate You must obtain the root certificate from the CA that signed the certificates on the smart cards presented by your users The root certificate is obtained from one of the following s
216. rver Desktop Desktop Pool Access Permitted No tags No tags Yes No tags One or more tags No One or more tags No tags Yes One or more tags One or more tags Only when tags match Considerations and Limitations A single View Connection Server instance desktop or desktop pool can have multiple tags Multiple View Connection Server instances desktops and desktop pools can have the same tag Desktops and desktop pools that do not have any tags can be accessed by any View Connection Server instance View Connection Server instances that do not have any tags can only access desktops and desktop pools that also do not have any tags If you use a security server you must configure restricted entitlements on the View Connection Server instance the security server is paired with You cannot configure restricted entitlements on a security server You cannot modify or remove a tag from a View Connection Server instance if that tag is still assigned to a desktop or desktop pool and no other View Connection Server instances have a matching tag Restricted entitlements take precedence over other desktop entitlements For example even if a user is entitled to a particular desktop the user will not be able to access that desktop if the desktop s tag does not match the tag assigned to the View Connection Server instance that the user connected to VMware Inc 87 View Manager Administration Guide 88 Restricting a View Connection Server Ins
217. ry ESX hosts running Virtual Desktop virtual machines VMware Inc 31 View Manager Administration Guide To further enhance the high availability and scalability requirements of your View environment it is recommended that you deploy a load balancing solution this ensures that connections are distributed evenly across each available View Connection Server and that failed or inaccessible servers are automatically excluded from the replicated group NOTE View Connection Server does not provide load balancing functionality but works with standard third party load balancing solutions To install a replica server 1 Run the following executable on the system that will host the View Connection Server where xxx is the build number of the file VMware viewconnectionserver xxx exe The VMware Installation wizard is displayed Click Next Accept the VMware license terms and click Next Accept or change the destination folder and click Next Choose the Replica deployment option a F WwW N Enter the host name or IP address of the existing View Connection Server that you want to replicate If the target system is not part of the same domain as the main server you will require local administrative rights on the target server to do this 6 Click Next gt Install gt Finish Security Server Installation 32 A demilitarized zone DMZ is a semi protected sub network that exists between a secure internal network and
218. s Windows Vista Ultimate SP1 Yes Yes Yes Windows Vista Ultimate SP2 Yes Yes Yes Windows 7 Tech Preview Tech Preview Tech Preview Windows Server 2003 R2 Yes Yes Enterprise Terminal Server WindowsServer 2003 Enterprise Yes Yes Terminal Server SP2 Refer to System Requirements on page 14 for more information about tech preview features Also refer to the release notes for more information about Windows 7 support Operating System Support for Web Components Table 1 2 describes the support offered by various types of operating system to the Web based components of View Manager with the specific browser and additional software requirements also provided Any additional environmental requirements of the Web based components are described in subsequent sections VMware Inc Chapter 1 Introduction Table 1 2 Operating System Support for Web Based Components 32 bit Operating System View Portal View Administrator Windows XP Professional SP1 Internet Explorer6SP2 Internet Explorer 7 Windows XP Professional SP2 Internet Explorer 7 Internet Explorer 8 Firefox 3 0 Windows XP Professional SP3 Firefox 3 5 Windows XP Home SP2 Windows XP Home SP3 Windows Vista Home Internet Explorer 7 Windows Vista Home Premium Windows Vista Business Windows Vista Business SP1 Windows Vista Ultimate Windows Vista Ultimate SP1 RHEL 5 0 Update 1 experimental Firefox 2 0 3 0
219. s associated with the tool are optional must be preceded by a forward slash and are described in Table 10 1 Table 10 1 svi support Parameters Parameter Description Displays the parameters used with the support script novclogs vCenter Server contains diagnostic scripts that collect server and database related information from the vCenter Server application logs Specify this option if you want to disable the collection of information from the vCenter Server logs dmpdir The absolute path of the directory from which to gather the View Composer logs Default is ALLUSERSPROFILE AppLlication Data VMware View Composer Logs dmpformat The prefix that will be used to filter the dmp files Default is vmware svi nolog Disables the logging of events logged by the system event log fullbundle Generate full bundle containing extended data This procedure can take up to 10 minutes and is omitted by default filescount Maximum number of files to gather from each folder location Default is 50 destdir The absolute path of the directory under which the log data will be saved The default is the Windows desktop directory of the current user If specified ensure the directory permissions secure the log data logdir The path of the directory from which to gather logs Default is ALLUSERSPROFILE Application Data VMware View Composer Logs logformat The prefix that will be used to filter the log files D
220. s greater than the physical size of the datastore that the clones would use if each clone were a full desktop Table 6 1 shows the storage overcommit levels you can set Table 6 1 Storage Overcommit Levels Option Storage Overcommit Level None Storage is not overcommitted Conservative 4 times the size of the datastore This is the default level Moderate 7 times the size of the datastore Aggressive 15 times the size of the datastore VMware Inc Chapter 6 View Composer A very aggressive level of storage overcommit results in a relatively small amount of space being reserved for delta disk expansion however administrators can add a lot of extra virtual machines to the datastore if they predict that the delta disks of each virtual machine will never grow to their maximum possible size While a high overcommit level may be optimal for creating a large number of virtual machines a desktop pool of this type also demands more attention from the administrator in order to ensure that the remaining disk space is not completely consumed by virtual machine expansion This condition can be prevented by periodically refreshing or rebalancing the desktop pool and reducing the size of the operating system data to its baseline level To address different levels of throughput on each datastore you can vary storage overcommit levels between different types of datastores for example NAS versus SAN Storage overcommit applies onl
221. s not supported with NLA VMware Inc 199 View Manager Administration Guide Table 8 19 View Client Configuration Properties RDP Settings Continued Property Description Bitmap cache file size in Kb Specifies the size in KB of the persistent bitmap cache file for 8bpp bitmaps to use for the 8 bits per pixel high color setting When this property is enabled enter a file size in KB Bitmap cache file size in Mb Specifies the size in MB of the persistent bitmap cache for 8bpp bitmaps file to use for the 8 bits per pixel high color setting When this property is enabled enter a file size in MB Bitmap cache file size in Mb Specifies the size in MB of the persistent bitmap cache for 16bpp bitmaps file to use for the 16 bits per pixel high color setting When this property is enabled enter a file size in MB Bitmap cache file size in Mb Specifies the size in MB of the persistent bitmap cache for 24bpp bitmaps file to use for the 24 bits per pixel high color setting When this property is enabled enter a file size in MB Bitmap cache file size in Mb Specifies the size in MB of the persistent bitmap cache for 32bpp bitmaps file to use for the 32 bits per pixel high color setting When this property is enabled enter a file size in MB 200 VMware Inc Chapter 8 Component Policies Table 8 20 View Client Configuration Properties Security Settings Property Description Display opt
222. s you can perform This chapter discusses the following topics m Overview of View Administrator on page 49 m Desktops and Pools View on page 50 m Users and Groups View on page 53 m Configuration View on page 55 m Events View on page 63 Overview of View Administrator The Desktops and Pools Users and Groups Configuration j and Events buttons are displayed at the top of the administrative interface These buttons allow you to navigate to the different feature areas to perform various tasks The following sections describe the views associated with each button and the features they contain VMware Inc 49 View Manager Administration Guide Desktops and Pools View The Desktops and Pools view is displayed by default when you log in to View Administrator or when you click the Desktops and Pools button and is where you create deploy administer and monitor your virtual desktops From here you can examine information about desktops or desktop pools and their associated users individual desktop sources any sessions that are active any tasks that are scheduled and desktop usage policies at the global pool or user level The Desktops and Pools view is divided into two parts a left pane that contains an Inventory and a Search tab and a right hand pane that provides either global or pool level information about the desktops currently available When the Inventory tab is selec
223. se future client connections to this server Existing client connections are not affected by this action m Edit to display the View Server Settings window where you can modify various communication and authentication properties These properties are described in Table 3 3 m Backup Now to initiate an immediate server backup for all View Connection Servers NOTE The View Manager Configuration Backup properties group in View Server Settings allows you to configure the automated backup schedule for View Connection Server data See Table 3 3 View Server Settings on page 58 Refer to View Connection Server Backup on page 40 and Restore View Composer Database restoredata on page 164 for information on how to import View LDAP data and View Composer data VMware Inc 57 View Manager Administration Guide 58 Table 3 3 View Server Settings Property External URL Description In order for external clients to communicate with View Connection Server you must enter a URL that can be resolved externally Enter a URL in the External URL field The name must contain the protocol address and port number For example https view example com 443 Refer to Client Connections from the Internet on page 97 for more information about this property Direct connection to desktop Select this check box if you want client connections brokered by this View Connection Server server to use a direct non tu
224. server settings from the properties menu Start gt Control Panel gt Network Connections gt LAN gt Properties Internet Protocol TCP IP gt Properties gt Use the following DNS server addresses b Join the guest system to the appropriate Active Directory domain If the guest system has more than one virtual NIC you must configure the subnet that View Agent will use For additional information see Using the View Agent on Virtual Machines with Multiple NICs on page 71 Configure the firewall to allow Remote Desktop connections Make sure that you have administrative rights to the guest system Optional Configure user customization scripts Optional Follow the performance optimization guidelines described in the Windows XP Deployment Guide Installing the View Agent on the Guest System You must install the View Agent on the guest system to enable the View Connection Server to communicate with virtual desktops To install View Agent 1 VMware Inc Run the following executable on the guest system where xxxxxx is the build number of the file VMware viewagent xxxxxx exe When the VMware Installation wizard appears click Next Accept the VMware license terms and click Next Select your custom setup options You must install the View Composer Agent if you want to deploy linked clone desktops Refer to Chapter 6 View Composer on page 127 for further information about this feature 69 View Ma
225. sfully contacting the View Connection Server for policy updates When this time is reached a warning is displayed to the user and the offline desktop is suspended The available options for pool and user level policies are Inherit where the default setting is inherited from the parent and Set When Set is selected you can then enter the lifetime of the cache in Days Hours or Minutes in the field provided This policy can be modified at the global level in the same way and starts with a default of 7 days Configuring and Applying Client Policies Where the new pool level policy is more restrictive a pool level policy can be configured to override the equivalent global policy For example if the global policy for desktop check out is Allow you can set the equivalent pool level policy to Deny The reverse is not true If the global policy for desktop check out is Deny you cannot apply the equivalent pool level policy to Allow VMware Inc Chapter 8 Component Policies Similarly if the global policy that specifies the amount of time a checked out desktop can run without successfully contacting the server is set to 10 minutes you cannot apply a server contact policy of 30 minutes to any desktop pool NOTE View Administrator warns you if you attempt to apply a less restrictive policy to a pool User level policies override global or pool level policies that is they can be more or less restrictive than either For
226. sktop created from the Parent VM During the initial startup of each new desktop QuickPrep ensures that the system is given a new name specified during the deployment process and is joined to the appropriate domain QuickPrep is also used to mount the new volume that will contain the user profile information These steps require the linked clones to be restarted twice In addition a new computer account corresponding to each desktop is created by QuickPrep on the Active Directory domain controller These events also take place after a desktop refresh You must create a domain user account in Active Directory to be used by the View Composer service View Composer requires this account to join linked clone desktops to the domain You specify the domain user account when you configure View Composer for vCenter Server and when you configure and deploy linked clone desktop pools Add the Create Computer Objects and Delete Computer Objects permissions to the domain user account in Active Directory These permissions allow the user to add and remove computer objects in a specified Active Directory container You should create a domain user account specifically for View Composer You can use an existing domain user account but it is better to use a unique account After a desktop is created refreshed or recomposed a user defined customization script can be run on each resynchronized desktop to carry out additional operations A script can also be run
227. sktops For details see the vCenter Server documentation If a View Composer database does not already exist within your network environment you must create a database and data source name DSN to store View Composer data If a View Composer database already exists in your environment see Using an Existing View Composer Database on page 161 for supplementary information about how to use this data source NOTE If a database instance does not reside on the vCenter Server or elsewhere within your network environment you must install one The View Composer service installer does not include a database See Table 1 3 Database Support and Requirements for View Composer on page 25 for information about supported databases Depending on the type of database you are using follow the instructions in one of the following sections m To configure a SQL Server database follow the instructions in Creating a SQL Server Database and Data Source for View Composer on page 138 m To configure an Oracle 9i database follow the instructions in Creating an Oracle 9i Database and Data Source for View Composer on page 140 m To configure an Oracle 10g database follow the instructions in Configuring an Oracle 10g Database and Data Source for View Composer on page 141 Creating a SQL Server Database and Data Source for View Composer This section describes how to add a new View Composer database to an existing SQL Server
228. st set the power policy to Ensure VM is always powered on VMware Inc Property State Chapter 4 Virtual Desktop Deployment Parameter Description Enabled after being created the desktop pool is automatically enabled and ready for immediate use Disabled after being created the desktop pool is disabled and unavailable for use This is an appropriate setting if you want to conduct post deployment activities such as testing or other forms of baseline maintenance When VM is not in use virtual machine guests only Do nothing VM remains on Virtual machines that are powered off will be started when required and will remain on even when not in use until they are shut down Always on ensure VM is always powered on All virtual machines in the pool remain powered on even when they are not in use If they are shut down they will immediately restart Suspend VM AIl virtual machines in the pool enter a suspended state when not in use Power off VM AIl virtual machines in the pool shut down when not in use Power policy is described in more detail in Power Policy on page 179 Automatic logoff after disconnect Immediately users are logged off as soon as they disconnect Never users are never logged off After the time after which users are logged off when they disconnect Enter the duration in minutes in the field provided Allow users to reset their desktop Select if
229. stall the View Composer service on the vCenter Server and configure it to use a data source that is dedicated to the storage of linked clones To install the View Composer service 1 VMware Inc Run the View Composer service installation program where xxx is the build number of the executable file VMware viewcomposer xxx exe Accept the VMware license terms and click Next Accept or change the destination folder path and click Next In the Datasource Name field enter the name you provided in the Microsoft ODBC Data Source Administrator wizard for your database in the previous example VMware View Composer Enter a domain administrator user name and password in the fields provided and click Next Select the Create a new RSA key container radio button An RSA key pair is created in order to encrypt and decrypt the Active Directory authentication information that will be stored inside the View Composer database Click Next 143 View Manager Administration Guide 7 Entera port value or use the default and select the Create default SSL certificate radio button Click Next 8 Click Install to begin the installation process Once the process is complete click Finish vCenter Server User Permissions If the View Manager user is not an administrator in vCenter Server you must assign a role to the vCenter Server user entry in order to confer upon it the appropriate level of authority over the objects it creates and manages
230. stalled on all guest virtual machines physical systems or terminal servers in order to allow them to be managed by View Manager The agent provides features such as connection monitoring Virtual Printing USB support and single sign on View Client a locally installed software application that communicates with View Connection Server in order to allow users to connect to their desktops View Client with Offline Desktop experimental a version of View Client that is extended to support the Offline Desktop feature which allows users to download virtual machines and use them on their local systems View Portal a Web based version of View Client supported by multiple operating systems and browsers View Administrator a Web application that allows View Manager administrators to configure View Connection Server deploy and manage desktops control user authentication initiate and examine system events and carry out analytical activities View Composer a software service that is installed on the vCenter Server to allow View Manager to rapidly deploy multiple linked clone desktops from a single centralized base image System Requirements 14 The following sections describe the hardware and software requirements for the major components provided as part of View Manager NOTE VMware includes certain experimental and tech preview features in some of our product releases These features are there for you to test and
231. ster on which to run the virtual machines used by this desktop and click Next NOTE Only clusters of 8 hosts or fewer are supported and shown Select a resource pool in which to run the virtual machines used by this desktop and click Next Select one or more datastores on which to store the desktop pool If you do not have sufficient space available you must add free space by selecting an additional datastore NOTE For clusters only shared datastores are supported and shown Once you have configured the datastore storage criteria click Next VMware Inc 13 14 Chapter 4 Virtual Desktop Deployment Select how you would like the desktops created from the guest system to be customized If a customization specification exists on vCenter Server you can select it from the Use this customization specification list in order to preconfigure such properties as licensing domain attachment and DHCP settings If you want to manually configure the desktop or desktops in this pool after they have been provisioned or if no customization specification is detected select None Customization will be done manually Optionally select Do not power on virtual machines after creation if you want the virtual machine to remain powered off Click Next You are presented with a summary of the configuration settings for this deployment m Ifyou are unsatisfied with any aspect of the configuration you can use the Back button to r
232. t and then modify any of the entries described in Table 3 4 VMware Inc 61 View Manager Administration Guide 62 Table 3 4 Global Settings Property Session timeout Description Determine how long in minutes users are allowed to keep sessions open after they log in to the View Connection Server This field must contain a value and the default is 600 Use SSL for client connections Determines if SSL is used to create a secure communication channel between View Connection Server and the client This setting must be enabled if you are using smart card authentication Reauthenticate Secure VPN connections after network interruption Determines if tunnel client user credentials must be reauthenticated after a network interruption This setting has no effect when direct connection is being used Message security mode Determines if signing and verification of the JMS messages passed between View Manager 3 x and 4 x components takes place If any component in your View environment predates View Manager 3 0 signing and verification is not possible m Disabled Message security mode is disabled m Mixed Message security mode is enabled but not enforced This mode can be used to detect components in your environment that predate View Manager 3 0 as the log files generated by View Connection Server will contain references to these components m Enabled Message security mode is fully enabled Components
233. t can be used to perform batch operations against directories that conform to the LDAP standard After you complete the initial configuration of your single server or replicated group regularly take backups of your View Manager data Do not rely on replica servers to act as your backup mechanism as any data lost from one instance will be lost from all members of the replicated group when the data is harmonized To schedule regular automatic backups of your View LDAP and View Composer data use the View Manager Configuration Backup feature provided in View Administrator This feature is described in Table 3 3 View Server Settings on page 58 Alternatively you can use the vdmexport exe to manually export View LDAP data as described in this section NOTE If you have multiple instances of View Connection Server operating in a replicated group you only need to export the data from one server as all replica servers contain the same configuration data LDIF data can be exported from View Manager using the vdmexport exe tool that accompanies each standard and replica View Connection Server The path to the executable file is C Program Files VMware VMware View Server bin vdmexport exe To export View Manager configuration data From the command prompt on a standard or replica View Connection Server execute the following command as a user with administrator privileges vdmexport gt vdmconfig Ldf VMware Inc Chapte
234. t card into the reader In many cases this will automatically add the user certificate to your personal store If this does not happen you must use the software that accompanies the reader to export the user certificate to a file which you can then import into Internet Explorer during the following procedure To export a root certificate from a user certificate 1 Start Internet Explorer and click Tools gt Internet Options 2 Under the Content tab click Certificates VMware Inc 107 View Manager Administration Guide 108 3 Under the Personal tab select the certificate you wish to use and click View NOTE If the user certificate is not present in the list you must first click the Import button to manually import the user certificate Once the certificate has been imported select it from the list and click View 4 Under the Certification Path tab select the certificate at the top of the tree and click View Certificate 5 Under the Details tab click Copy to File You are presented with the Certificate Export Wizard 6 Click Next gt Next and enter a name and location for the file you want to export 7 Click Next The file is saved as a root certificate in the location specified Trust Hierarchies A user certificate may be signed as part of a trust hierarchy the signing certificate may itself be signed by another higher level certificate While it is permitted to use any signing certificate from anywhere with
235. t system Thereafter incremental changes are communicated between the server and the client as differences between the two systems and this involves the transfer of a much smaller volume of data VMware Inc Chapter 7 Offline Desktop Once checked out Offline Desktop uses thin provisioned virtual disks to store information on the host system This type of disk occupies no more space than that required by the data it contains and physical disk space is only allocated as data is written this minimizes the storage footprint of the downloaded system If a network connection is present on the client system the desktop that has been checked out will continue to communicate with View Connection Server in order to obtain usage data provide policy updates and ensure that locally cached authentication criteria is current Contact is attempted every 5 minutes In the absence of a network connection the desktop will fall back on locally cached information in order to authenticate the user during login The data on each offline system is encrypted and has a lifetime controlled through policy if the client loses contact with the View Connection Server the maximum time without server contact is the period in which the user can continue to use the desktop before they are refused access this countdown is reset once the connection is re established Prior to disconnection the user is notified that the offline desktop lifetime is about to expire
236. tance When you assign a tag to a View Connection Server instance users who connect to that View Connection Server can access only those View desktops and desktop pools that have a matching tag or no tags To assign a tag to a View Connection Server instance 1 2 3 In View Administrator select Configuration gt Servers gt View Servers Select the View Connection Server instance and click Edit Type one or more tags in the Tags field Separate multiple tags with a comma or semicolon Click OK to save your changes Restricting a View Desktop or Desktop Pool When you assign a tag to a View desktop or desktop pool only users who connect to a View Connection Server instance that has a matching tag can access that desktop or desktop pool You can assign a tag when you add or edit a desktop or desktop pool To assign a tag to a View desktop or desktop pool 1 In View Administrator select Desktops and Pools gt Inventory gt Global desktop and pool view gt Desktops and Pools m To assign a tag to a new desktop or desktop pool click Add m To assign a tag to an existing desktop or desktop pool select the desktop or desktop pool and click Edit In the Desktop Pool Settings dialog box select the Connection server restrictions drop down menu m Click None to make the desktop or desktop pool accessible to any View Connection Server instance m Click With tags and select one or more View Connection Server tags to make
237. ted the left pane provides an alphabetic list of all the desktops or pools under the top level Global desktop and pool view entry 4 This entry is global in scope When selected it changes the context of the right pane to cover all the desktops available For example when this entry is selected the Active Sessions tab in the right pane lists all the active sessions for all View Manager desktops If any desktops or desktop pools are present they are listed beneath the Global desktop and pool view entry Selecting an individual desktop G or desktop pool entry G changes the context of the right pane to provide information specifically about that desktop or pool For example when an entry in this list is selected the Active Sessions sub tab in the right pane lists all the active sessions for the desktops in that pool The tabs in the right pane are described in Table 3 1 Tab visibility is indicated by the entry or entries in the Context column of this table m Desktop the tab is visible when an individual desktop is selected m Desktop Pool the tab is visible when a desktop pool entry Ep is selected m Global the tab is visible when the Global desktop and pool view entry is selected m All the tab is visible in all of the above contexts 50 VMware Inc Chapter 3 View Administrator Table 3 1 Desktops Pane Tab Summary Tab Context Description Summary Desktop This tab provides an overview of all inform
238. ted the Summary or Desktop Sources tab you can now filter your desktop source selection Select All virtual machines if you want to execute a global recomposition against all desktops in the pool m If you specified one or more individual assigned desktops from the Desktop Sources tab you can select The following virtual machines if you want the recomposition to apply only to specific systems within the selected group Click Next VMware Inc Chapter 6 View Composer Edit the base image used by the selected desktop pool m Ifyou want to anchor the clones in the desktop pool to a different snapshot within the same base image select a new snapshot from the list provided m Ifyou want to change the current base image to that of a new Parent VM click Change and select a new virtual machine to be the Master VM for the pool from those highlighted in the list Click OK Click Next Schedule when you want the recomposition event to take place the default is set to the current time and therefore immediately m If you want any currently connected users to be logged off as soon as the recompose event starts select Force Users to log off NOTE If you select this option connected users will be notified prior to disconnection and given the opportunity to close their applications and log out The notification message can be accessed from within the Global Settings section of the configuration page m Ifyou want the system to wait
239. ter a server using a DNS name or URL no DNS lookup is performed to verify whether or not the server has previously been entered using its IP address A conflict will arise if a vCenter Server is added with both its DNS name and its IP address b Enter the name of a vCenter Server user in the User name text box c Enter the password that corresponds to the user entered above in the Password text box d Optional Enter a description for this vCenter Server in the Description text box e Ifyou will be connecting to the vCenter Server through a secure channel SSL then make sure that Connect using SSL is selected This is the default setting f Enter the TCP port number in the Port text box The default is 443 If the required vCenter Server is already present select the entry and click Edit The vCenter Server settings list is displayed Click the Check for View Composer Compatibility button to check that the View Composer service is running on the vCenter Server If the check is successful the View Composer Settings property group is displayed Ensure that the Enable View Composer check box is selected and that the port number corresponds to the port specified during the installation of the View Composer service on the vCenter Server host VMware Inc 7 Chapter 6 View Composer Click Add to enter the required details in the Add QuickPrep Domain dialog box Enter the fully qualified domain name of the Active Directory d
240. that the Secure Authentication component of View Agent is installed on the desktop and is enabled by default ConnectionTicketTimeout Specifies the time in seconds that the View connection ticket is valid View clients use a connection ticket for verification and single sign on purposes when connecting to View Agent A connection ticket is valid for a limited amount of time for security reasons When a user connects to a View desktop authentication must take place within the connection ticket time out period or the session times out If this property is not configured the default time out period is 900 seconds CredentialFilterExceptions Specifies the executable files that are not allowed to load the agent CredentialFilter Filenames must not include a path or suffix Use a semicolon to separate multiple filenames Connect Using DNS Name Determines if the View Connection Server uses the DNS name of the machine to connect to rather than its IP address This is often used in a NAT Firewall situation when the View Client or View Connection Server cannot use the virtual desktop IP address directly This property is disabled by default Disable Time Zone Synchronization Determines if the time zone of the View Manager desktop is synchronized with that of the connected client When enabled this property will only apply if the Disable time zone forwarding property of the View Client Configuration policy is not set to
241. the default directory substitute the appropriate drive letter and path 2 Run the support script cscript vdm support vbs When the script finishes it informs you of the output filename and location 3 File a support request on the Support page of the VMware Web site View Composer Support The svi support script provided with View Manager offers component specific support for View Composer by collecting configuration and logging data This information is gathered in order to help VMware customer support diagnose any issues that may arise while using this feature The svi support script must be run with cscript exe a command line version of the Windows Script Host that provides command line options for setting script properties Microsoft TechNet provides detailed guidance on how to use cscript exe http technet microsoft com library bb490887 aspx The svi support script is located on the vCenter Server in the same directory as the View Composer service C Program Files VMware VMware View Composer VMware Inc 217 View Manager Administration Guide 218 The svi support script instructions are submitted from a Windows command prompt in the following form cscript wsf svi support wsf novclogs dmpdir lt value gt dmpformat lt value gt nolog fullbundle filescount lt vaLue gt destdir lt vaLlue gt logdir lt value gt logformat lt value gt zip lt vaLue gt All the parameter
242. the desktop or desktop pool accessible only to View Connection Server instances that have those specific tags or no tags You can press Ctrl Shift to select multiple tags Click Done to save your changes VMware Inc Chapter 4 Virtual Desktop Deployment Searching Desktops and Entitled Users and Groups Use the Inventory tab to search for information about desktops and entitled users and groups You can either search by using the columns in the tables that appear on the right side of the page or search by using the categories that appear on the left side of the page To search columns in the Desktops Inventory view 1 2 4 5 From within the View Administrator click the Desktops and Pools button In the Desktops field on the right side of the page click the Desktops and Pools Desktop Sources or Active Sessions tab Click the down arrow to the left of the search field and select the check boxes for the appropriate columns Click Done Enter search text and click Go To search categories in the Desktops Search view 1 4 From within View Administrator click the Desktops and Pools button and click the Search tab on the left side of the page In the Search for desktops and pools field enter search text Select or deselect Display Name Desktop ID Type User or Virtual Center name Desktop source or Persistence to search within that category Click Search To search columns in the Entitled Users and Gr
243. tificates stored in the same keystore file The keys p12 file is created in the current directory It is advisable to back up the keys p12 file after the certificate is imported into it in case you need to rebuild the configuration for the server at some point Validating the SSL Certificate Self signed certificates while adequate for data encryption between server and client do not provide any reliable information about the location of View Connection Server or the corporate entity responsible for its administration Where it is important for your clients to be able to determine the origin and integrity of the data they receive it is recommended that you obtain a CA authenticated certificate for your site 102 VMware Inc Chapter 5 Client Management To create a certificate signing request CSR From a command prompt enter the following where lt secret gt is the keystore password keytool certreq keyalg RSA file certificate csr keystore keys p12 storetype pkcs12 storepass lt secret gt The certificate csr file is created in the same location The contents of the file should resemble a slightly longer version of the following example MIIBuDCCASECAQAweDELMAkGA1UEBhMCROIxXEDAOBgNV BAgTB1Vua25vd24xEDAOBgNVBAcTB1Vua25vd24xFDAS BgNVBAoTC1ZNd2FyZSBJ bmMuMRMwEQYDVQQLEwp2bXdh XU8 2jEUL5DocLDLnygsUD2g7cUMYdz HeECAWEAAGAA AeHnsPs7a1Q0JH60ZvdU To submit the CSR and import the certificate 1 Send the CSR file to
244. tion Server To set log levels using the View Manager Support Tool 1 On View Connection Server click Start click All Programs and click VMware 2 Select Set View Connection Server Log Levels 3 In the Choice field type 1 for normal 2 for debug 3 for full or O to reset log settings to the default values Press Enter The default log level is debug To generate log files using the View Manager Support Tool 1 On View Connection Server click Start click All Programs and click VMware 2 Select Generate View Connection Server Log Bundle The support tool creates a folder called vdm sdct containing the generated log files and places it on the desktop of View Connection Server Using the View Manager Support Script to Collect Diagnostic Information Use View Manager Support Script to generate log files for View Connection Server View Client and View Portal and View Manager desktops running View Agent 216 VMware Inc Chapter 10 Troubleshooting To collect diagnostic information using the script 1 Open a command prompt and change to the View Manager program directory The location for each View Manager component is shown below m View Connection Server C Program Files VMware VMware View Server DCT m View Client or View Portal C Program Files VMware VMware View CLlient DCT m View Manager desktops running View Agent C Program Files VMware VMware View Agent DCT NOTE If you did not install the program in
245. to all the virtual machines NOTE In order to rebalance the desktops it is necessary for View Manager to automatically refresh their operating systems against their current base image and return the system data to its baseline state user data is unaffected if it resides on a separate user data disk Persistent and Non Persistent Desktops Both persistent and non persistent desktop configurations are supported by View Composer In persistent configurations dedicated disks a system disk for operating system data and a user disk for user data can be used to keep the operating system and user data separate This ensures that even if the operating system is recomposed or refreshed the user data remains unaffected In non persistent configurations the user data is transient so the operating system data and user data are stored on the system disk In this configuration user data is not protected if the system is recomposed or refreshed NOTE Persistent desktops can be set to refresh automatically when the user logs off This can help minimize the space requirements of the pool Similarly non persistent pools can be set to delete after first use which reduces the number of inactive desktops in the pool overall 136 VMware Inc Chapter 6 View Composer Using QuickPrep for Linked Clone Desktop Deployment QuickPrep is a system tool executed by View Composer during linked clone desktop deployment QuickPrep personalizes each de
246. top Note You must power off and then power on existing virtual machines for this setting to take effect Resolution of each monitor If you are using PCoIP select the pixel dimensions of the highest resolution monitor Note You must power off and then power on existing virtual machines for this setting to take effect Adobe Flash quality Select the quality level of Adobe Flash animations displayed in View Client from the drop down menu Lower quality levels might result in faster display refresh due to lower bandwidth usage Adobe Flash throttling Select the throttling level for Adobe Flash animations displayed in View Client from the drop down menu Higher levels of throttling might result in lower bandwidth usage by reducing the frame rate of all Adobe Flash animations NOTE Properties set for offline desktops do not take effect until the desktops are checked back in y CAUTION If you are using a Windows Vista virtual machine you must set the power policy to Ensure VM is always powered on VMware Inc 73 View Manager Administration Guide 7 From the list provided select the virtual machine or physical machine you want to use as the individual desktop and click Next 8 You are presented with a summary of the configuration settings for this deployment m Ifyou are unsatisfied with any aspect of the configuration you can use the Back button to revisit any previous page m Ifyou are
247. tors should deploy a roaming profile solution to enable user settings and personalization to be propagated to the currently accessed desktop NOTE Only the RDP display protocol is supported for Terminal Server Desktop Pools Preparing the Guest System 68 The guest system of the virtual machine which you create in vCenter provides the basis for virtual desktop deployment The virtual machine must adhere to the requirements described in System Requirements on page 14 To prepare a guest system for deployment perform the following tasks Install the guest operating system as described in the VMware vSphere documentation If you are installing Windows XP as your guest operating system review the additional instructions and guidelines in the Windows XP Deployment Guide at http www vmware com files pdf resources vmware view xp deployment guide pdf Install the latest version of VMware Tools provided with VMware vSphere Install Microsoft service packs and Windows updates Install antivirus software Install other applications such as Windows Media Player if you are using MMR Install any required smart card such as Common Access Card drivers Configure network proxy settings VMware Inc Chapter 4 Virtual Desktop Deployment Configure Active Directory settings a Configure the preferred and alternate DNS servers to use your Active Directory server addresses For example on Windows XP configure the DNS
248. trator m vCenter Server that manages the virtual machines You can use only vCenter Servers that are known to the View Manager server m Individual desktop Select the virtual machine and add it as a desktop source m Desktop pool Select multiple virtual machines and add them as desktop sources m If the virtual machine is already assigned to another desktop an error appears You must remove the desktop from the previously assigned desktop pool or individual desktop VMware Inc Chapter 4 Virtual Desktop Deployment Unmanaged Desktop Sources the desktop source is a machine that is not managed by a vCenter Server This includes virtual machines running on VMware Server and virtual machines running on other virtualization platforms that support View Agent Blade PCs physical PCs and Terminal Servers on which you can install View Agent are unmanaged desktop sources Desktop Delivery Models Unified Access supports different desktop delivery models which characterize the way a desktop is created entitled delivered and used The desktop delivery models supported by View Manager are Individual Desktop is a desktop that allows a single pre existing back end source with the following characteristics m Entitled to many users or user groups however only one active user at a time m Not provisioned automatically Manual Pool is a pool of desktop sources with the following characteristics m Multiple users to multiple d
249. tries present in the field 5 Click OK gt OK gt OK to close the Windows System Properties dialog box VMware Inc 109 View Manager Administration Guide 110 Using keytool to Create a Truststore From a command prompt enter the following keytool import alias lt alias gt file lt certificate gt keystore lt truststore_fiLename gt In this command lt alias gt is a unique case insensitive name for anew entity entry in the truststore in this case the certificate you are about to import lt certificate gt is the name of the root CA certificate you previously obtained or exported and lt truststore filename gt is the name of the truststore output file NOTE You may be asked to create a password for the keystore this is not required for future procedures but you should remember it if you want to add additional certificates to the truststore at a later date Enabling Smart Card Authentication on the Server All types of View Connection Server support smart card authentication but it is recommended that only security servers are configured to allow smart card access If you add smart card support to standard or replica servers you will be prompted to select a certificate every time you connect to View Administrator on those systems NOTE In environments where not all users will authenticate using a smart card it is also recommended that you configure a new or an additional security server specifically f
250. u can define the maximum allowable size of each virtual machine up to the original size of the Parent VM The amount of disk space required to store the difference between the linked clone operating system data and Parent VM operating system data will typically remain far smaller than that required by a standard clone If the size of the delta disk gets too large it can be returned to its baseline state by carrying out a desktop refresh Thin Provisioning Operating system data disks and user data disks use a process called thin provisioning in order to minimize storage costs Disks that employ this process occupy no more space than that required by the data it contains and this reduces the amount of physical disk capacity initially required when a desktop is created NOTE Thinly provisioned disks do not reduce in size if data is removed Storage Overcommit When the datastore for a new linked clone desktop pool is assigned administrators can control how aggressively the system assigns new virtual machines to the free space available on the datastore by modifying the storage overcommit property When the storage overcommit level is low the majority of free space is used as buffer in which the delta disks for each clone can expand As the overcommit level increases less space is reserved for individual delta disk growth but more virtual machines fit on the datastore The storage overcommit level calculates the amount of storage that i
251. u specified when you logged in to this system to log in to the View Connection Server and the View desktop If you do not select Log in as current user you have to provide credentials to log in multiple times before you can access a View desktop If you select Log in as current user and you are authorized to log in to the View Connection Server you are not prompted to enter login credentials in Step 5 Click Connect Enter the credentials for an entitled user select the domain and click Login If you type the user name as user domain it is treated as a user principal name UPN because of the at sign so the domain drop down menu dims Select a desktop from the list provided and click Connect View Client attempts to connect to the specified desktop After you are connected the client window appears To connect to desktops using View Portal 1 Open a browser supported by View Portal and enter the URL of a standard or replica View Connection Server or Security Server instance Enter an entitled user name and password select the correct domain from the drop down menu and click Login When the Access Status is Ready click Options gt Connect next to the desktop you want to use VMware Inc Chapter 5 Client Management View Client Policies Certain View Client features can be controlled through policies For information about configuring and applying policies to View Client at the global pool or user level re
252. until a user has disconnected before initiating a recomposition of their desktop select Wait for users to log off The Ready to Complete page is displayed This page provides a summary of the recompose task including which snapshot will be used when the task is scheduled to start and how many virtual machines will be affected If you are satisfied that the information displayed on this page is correct click Finish to start the recomposition To rebalance a linked clone desktop pool 1 VMware Inc From within View Administrator click Desktops and Pools to display the desktop page Ensure that the Inventory tab is selected in the left pane and select the desktop pool you want to rebalance In the right pane select the Desktop Sources tab Select one or more desktops from the desktop source list provided You do not have to select any desktops if you intend to rebalance the entire pool 159 View Manager Administration Guide 5 Click Rebalance You are presented with the Rebalance wizard which provides you with information about what will happen when you rebalance one or more desktops in the pool Once you have read this information and are satisfied that you want to proceed click Next 6 Ifyou previously selected one or more virtual machines from the desktop source list you can choose to rebalance only these systems by selecting the corresponding radio button If you did not select any virtual machines or want to rebalanc
253. ver This value is either true or false ViewClient_Broker_ x x If the View Connection Server tunnel TunneL_URL status is true the URL of the tunnel ViewClient_Broker_ x X x The remote IP address of the client Remote_IP_Address ViewCLient_TimeOffset_ X X X The time offset from GMT expressed GMT as HH MM When using View Client on Windows this information is not available in the Volatile Environment in the desktop registry or in View Agent logs It is sent using a private channel Note To disable set the Disable Time Zone Synchronization GPO to true 122 VMware Inc Chapter 5 Client Management Table 5 2 Client Information Available in the Desktop Wyse Client Information Windows ThinOS_ Linux Description ViewClient_TZID x X X The Olson time zone ID When using View Client on Windows this information is not available in the Volatile Environment in the desktop registry or in View Agent logs It is sent using a private channel Note To disable set the Disable Time Zone Synchronization GPO to true ViewCLlient_Windows_ x X x GMT standard time Timezone When using View Client on Windows this information is not available in the Volatile Environment in the desktop registry or in View Agent logs It is sent using a private channel Note To disable set the Disable Time Zone Synchronization GPO to true NOTE The full set of client information is sent only when the desktop is launched using
254. viConfig finished successfully Database is upgraded successfully VMware Inc 163 View Manager Administration Guide If you get error code 17 when running the databaseupgrade command or if during installation of the View Composer service you are presented with the following message Database upgrade completed with warnings Refer to the following View Composer log file for more information before re executing the databaseupgrade command C Documents and Settings All Users Application Data VMware View Composer Logs vmware sviconfig Log Result Codes When the operation is complete a result code is returned by the tool The result codes are described in Table 6 3 Table 6 3 databaseupgrade Result Codes Code Description 0 The operation ended successfully 1 The supplied DSN could not be found 2 Invalid database administrator credentials were provided 3 The driver for the database is not supported 4 An unexpected problem arose and the command failed to complete 14 Another application is using the View Composer service Shut down the service before executing the command 15 A problem arose during the restore process the details of which are provided as part of the on screen log output 17 Unable to upgrade database data 18 Unable to connect to the database server Restore View Composer Database restoredata 164 View Connection Server can be set to create manual or automati
255. video Security servers support only TCP m Smart cards are not supported VMware Inc Chapter 1 Introduction m MMR redirection is supported for Windows clients m USB redirection is supported m Adobe Flash bandwidth reduction is supported m Audio redirection with dynamic audio quality adjustment for LAN and WAN is supported m Recommended guest operating system settings include the following m 768MG RAM or more m Single CPU m Client hardware requirements include the following m 800Mhz or higher processor speed m x86 based processor with SSE2 extensions m See the VMware View Architecture Planning Guide for information about RAM sizing for specific monitor configurations m You can use up to four monitors and adjust the resolution for each monitor separately with a resolution of up to 1920x1200 per display Pivot display and autofit are supported m 32 bit color is supported for virtual displays m ClearType fonts are supported m You can copy and paste text between the local system and the desktop but you cannot copy and paste system objects such as folders and files between systems RDP Microsoft Remote Desktop Connection RDC 6 x is recommended for systems running Windows XP and Windows XPe Windows Vista comes with RDC 6 x installed You must have at least RDC 6 0 installed to have multiple monitor support RDC 6 1 can be downloaded from the following location http microsoft com downloads details asp
256. vocation problems Determines if errors associated with a revoked server certificate are ignored This error occurs when the certificate sent by the server has been revoked Ignore incorrect usage problems Determines if errors associated with incorrect usage of a server certificate are ignored This error occurs when the certificate sent by the server intended for some purpose other than verifying the identity of the sender and encrypting server communications Enable Single Sign On for smart card authentication Determines whether single sign on is enabled for smart card authentication When single sign on is enabled View Client stores the encrypted smart card PIN in temporary memory before submitting it to View Connection Server When single sign on is disabled the View Client does not display a custom PIN dialog Enable jump list integration Determines whether a jump list appears in the View Client icon on the taskbar of Windows 7 and later systems The jump list lets users connect to recent View Connection Server instances and View desktops If View Client is shared you might not want users to see the names of recent desktops You can disable the jump list by disabling this setting This setting is disabled by default VMware Inc 193 View Manager Administration Guide 194 View Common Configuration Use the GPOs described in Table 8 13 and Table 8 14 to configure properties that apply to all Vi
257. w which now contains the users or groups you selected Click OK to finish Restricting View Desktop Access You can use the restricted entitlements feature to restrict View desktop access based on the View Connection Server instance that a user connects to With restricted entitlements you assign one or more tags to a View Connection Server instance Then when configuring a desktop or desktop pool you select the tags of the View Connection Server instances that you want to be able to access the desktop or desktop pool When users log in through a tagged View Connection Server instance they can access only those desktops and desktop pools that have at least one matching tag or no tags For example your deployment might include two View Connection Server instances The first instance supports your internal users The second instance is paired with a security server and supports your external users To prevent external users from accessing certain desktops you could set up restricted entitlements as follows m Assign the tag Internal to the View Connection Server instance that supports your internal users m Assign the tag External to the View Connection Server instance that is paired with the security server and supports your external users m Assign the Internal tag to the desktops and desktop pools that should be accessible only to internal users In this example external users cannot see the desktops and desktop p
258. w Connection Server connections and desktops by using the administrator user interface To remove a vCenter Server connection from a View Connection Server 1 From within View Administrator click the Configuration button 2 In vCenter Servers select the VirtualCenter or vCenter Server that you want to remove and click Remove If desktops are using this vCenter Server an error message tells you that you must first delete the desktops using this vCenter Server before you can delete the vCenter Server If no desktops are using this vCenter Server a warning message tells you that you can no longer access virtual machines managed by this vCenter Server 3 Click OK The vCenter Server entry is deleted VMware Inc 91 View Manager Administration Guide To delete a desktop pool from a View Connection Server 1 From within View Administrator click the Desktops and Pools button 2 Inthe Global desktop and pool view select a desktop or desktop pool from the list on the right click Delete You are given the option to remove the virtual machines from View Manager only which means they are still visible in vCenter Server or to delete them from disk which means they are no longer visible in vCenter Server If the desktop has active sessions you are given the option to disconnect the users which means users lose their connected desktops or to leave the users connected which means users do not lose their connected desktops 92 VM
259. w Manager View Manager can only deploy linked clone desktops if it is able to communicate with a properly configured vCenter Server host that is running the View Composer service In addition your Active Directory forest must have a fully qualified domain name for example example com you cannot use View Composer in environments where the domain controller has an unqualified name Before you attempt to create a new linked clone desktop pool you must first ensure that View Manager is able to contact vCenter Server and that the View Composer service has started Once a connection has been established you will be able to deploy a new linked clone desktop pool V CAUTION Do not modify the Parent VM for example convert it to a template from within vCenter Server before or during the deployment process the View Composer service has a requirement that the Parent VM remains in a static and unaltered state during this operation VMware Inc 147 View Manager Administration Guide To add or edit a vCenter Server entry in View Manager 1 148 From within the View Administrator click Configuration to display the configuration view Under vCenter Servers if you have not already done so click Add and complete the details for the vCenter Server to use with View Manager a In the Server address text box enter the FQDN or IP address of the VMware vCenter Server you want View Manager to communicate with y CAUTION Ifyou en
260. w the options on the Confirmation page and click OK to create the database The database is created Click Finish To add an ODBC data source 1 142 On the vCenter Server host select Start gt Administrative Tools gt Data Source ODBC The Microsoft ODBC Data Source Administrator wizard is displayed Select the System DSN tab Click Add and select the appropriate Oracle driver from the list for example Oracle in OraDb10g_home Click Finish The Oracle ODBC Driver Configuration dialog box is displayed VMware Inc Chapter 6 View Composer Enter a DSN to use with View Composer a description of the data source and a user ID to connect to the database NOTE You will use the DSN during View Composer installation For the TNS Service Name select the Global Database Name specified in the Oracle Database Configuration Assistant from the drop down menu Click Test Connection to verify the data source and click OK Adding the View Composer Service to vCenter Server View Composer is used by View Manager to create and deploy linked clone desktops from vCenter Server During the installation of the service you are offered the opportunity to specify which port the service should use to communicate with View Connection Server If Windows firewall is running on the vCenter Server host you must add this port to the exception list or deactivate the local firewall service The following procedure describes how to in
261. ware Inc Client Management The locally installed View Client application and the Web based View Portal component allow users to connect to their desktops These applications can operate within an internal network or externally over the Internet and their behavior can be modified in a number of ways In addition View Client offers a variety of user authentication models including secure authentication all of which must be first configured on View Connection Server NOTE Users who want to use the experimental Offline Desktop feature of View must use the View Client with Offline Desktop which allows both local offline and remote desktop access See Chapter 7 Offline Desktop on page 167 for more information about this feature This chapter discusses the following topics m Installing and Running View Client and View Portal on page 94 m Client Connections from the Internet on page 97 m Creating SSL Server Certificates on page 99 m Using Existing SSL Certificates on page 105 m Smart Card Authentication on page 106 m RSA SecurID Authentication on page 114 m View Client Command Line Options on page 115 m Virtual Printing on page 117 VMware Inc 93 View Manager Administration Guide m Adobe Flash Bandwidth Reduction on page 119 m Client Computer Information on page 121 m Using PCoIP Display Protocol on page 124 m Using HP RGS Display Protoc
262. ways powered on All virtual machines in the pool remain powered on even when they are not in use If they are shut down they will immediately restart Suspend VM AII virtual machines in the pool enter a suspended state when not in use Power off VM AII virtual machines in the pool shut down when not in use Power policy is described in more detail in Power Policy on page 179 Automatic logoff after Immediately users are logged off as soon as they disconnect disconnect Never users are never logged off After the time after which users are logged off when they disconnect Enter the duration in minutes in the field provided VMware Inc 77 View Manager Administration Guide Property Power off and delete virtual machine after first use non persistent pools only Parameter Description Select if you want the virtual machine to be deleted immediately after the user logs off If necessary a new virtual machine is cloned to maintain a specific pool size after virtual machines are deleted Allow users to reset their desktop Select if you want to allow desktop users to reset their own desktops without administrative assistance Allow multiple sessions per user non persistent pools only Select if you want to allow individual users to simultaneously connect to multiple desktops in the same pool Default display protocol Select the display protocol that you want View Co
263. x familyid 6E1 EC93D BDBD 4983 92F7 4 79E088570AD For Windows XP desktop virtual machines make sure you have RDP patches referenced by the following Microsoft Knowledge Base KB articles http support microsoft com kb 323497 http support microsoft com kb 884020 VMware Inc 21 View Manager Administration Guide 22 Failure to do this might result ina Windows Sockets failed error message on the client Windows 2000 does not support RDC 6 x RDC 5 0 is supported HP Remote Graphics Software Remote Graphics Software RGS is a display protocol from HP that allows users to access the desktop of a remote computer over a standard network HP RGS version 5 2 5 is supported Contact HP to license a copy of HP RGS software version 5 2 5 to use with View VMware does not bundle or license HP RGS with View Key features and restrictions include the following m View Client for Windows supports connections to desktops using HP RGS when connecting to HP Blade PCs HP Workstations and HP Blade Workstations m Connections to virtual machines are not supported m Vista desktops are not supported m Only direct connections are supported Tunnel connections are not supported m Smart cards are not supported m Multiple monitors are not supported m View Portal does not support RGS connections m Linux thin clients do not support RGS connections Product Compatibility View Client View Client with Offline Desktop and View Agent
264. xxx gt Desktop name for the select desktop dialog box Note This is the name as you see it in the select desktop dialog box desktopProtocol lt xxx gt Display protocol name for the select desktop dialog box Note This is the name as you see it in the select desktop dialog box LogInAsCurrentUser lt XXX gt Same behavior as if you select Log in as current user lt xxx gt in the desktop dialog box When specified the identity and credential information that the user provided when logging in to the client system is passed to the View Connection Server instance and ultimately to the View desktop serverURL lt xxx gt The URL for View Connection Server userName lt xxx gt The user name used by View Client during login password lt xxx gt The password used by View Client during login domainName lt xxx gt The domain name used by View Client during login rollback Offline Desktop only Unlocks the online version of a checked out desktop and discards the offline session This property requires the desktopName property to be supplied checkout Offline Desktop only Checks out the specified desktop and locks the online equivalent This property requires the desktopName property to be supplied checkin Offline Desktop only Checks in the specified desktop and unlocks the online equivalent This property requires the desktopName property to be supplied
265. y the client browser the client uses the public key contained within the certificate to encrypt the data it sends to View Connection Server Typically the certificate for the CA itself is embedded in the browser or is located in a trusted database that is accessible by the client NOTE Certificates are only required for standard replica or security servers that receive direct connections from their clients If you are using a security server as your client facing system only this server will require a certificate After accepting the certificate the client responds by sending a secret key which is encrypted with the server s public key This key is used to encrypt traffic between the client and the View Connection Server instance or security server By default View Connection Server includes a self signed SSL certificate that clients can use to create secure sessions when they connect This certificate is not trusted by clients and does not have the correct name for the service but it does allow connectivity VMware Inc Chapter 5 Client Management You can replace the default certificate provided with View with a properly defined certificate for the service If the certificate is signed by a trusted CA users will not be presented with messages asking them to verify the certificate and thin client devices will be able to connect without requiring additional configuration To create and install your own certificate you must
266. y to delta disks It does not apply to user disks or standard non linked clones Desktop Recomposition In Figure 6 2 a desktop clone is linked to replica 1 which itself is a copy of Parent VM 1 A recomposition action is initiated when the administrator selects a different snapshot in the same Parent VM or different Parent VM as in this example In either case a new replica is provisioned Figure 6 2 Desktop Recomposition parent VM 1 parent VM 2 base image snapshot ee 8 recompose replica 1 p replica 2 new base image y after recomposition refreshed eet user data disk OS data disk user data disk bloated OS data disk VMware Inc 131 View Manager Administration Guide 132 Replica 2 is an exact copy of Parent VM 2 When the recomposition action is complete the desktop will be anchored to replica 2 and the operating system data modified accordingly The operating system data of arecomposed desktop is reduced in size after recomposition however the user data is unaffected by this event Source Virtual Machine With VMware Infrastructure 3 5 recomposition is expedited by an additional protected linked clone desktop in VirtualCenter Server called a source virtual machine This source virtual machine is created alongside the replica when a linked clone desktop pool is first deployed With VMware Infrastructure 3 5 the source virtual machine is located with the replica inside a folder calle
267. you add or edit your vCenter Server settings in the procedure To add or edit a vCenter Server entry in View Manager on page 148 NOTE The credentials provided must represent a domain account created by your Active Directory administrator that has permission to add and remove computer objects in a specified Active Directory container See Using QuickPrep for Linked Clone Desktop Deployment on page 137 The settings you enter are not validated by View Composer If you want a script to run on the desktops before they are powered off enter the path to a script on the Parent VM in the Power off script field If you want a script to run on desktops after they are created recomposed or refreshed enter the path to a script on the Parent VM in the Post Synchronization script field Enter the Active Directory container relative distinguished name for example CN Computers NOTE The settings you enter are not validated by View Composer Click Next 16 You are presented with a summary of the configuration settings for this deployment m Ifyou are unsatisfied with any aspect of the configuration you can use the Back button to revisit any previous page m If you are satisfied with the configuration click Finish to deploy the linked clone desktop pool Once the deployment has been initiated you can monitor the progress of the provisioned desktop pool or the individual desktops by selecting either the Desktops or
268. you want to allow desktop users to reset their own desktops without administrative assistance Allow multiple sessions per user non persistent pools only Select if you want to allow individual users to simultaneously connect to multiple desktops in the same pool 83 View Manager Administration Guide Property Default display protocol Parameter Description Select the display protocol that you want View Connection Server to use when communicating with View Client PCoIP Provides an optimized PC experience for the delivery of images audio and video content for a wide range of users on the LAN or across the WAN PColIP is supported as the display protocol for manual desktops with virtual machines and with physical machines that contain Teradici host cards Microsoft RDP A multi channel protocol that allows a user to connect to a computer running Microsoft RDC HP RGS See Using HP RGS Display Protocol on page 124 HP RGS is supported as the display protocol for HP Blade PCs HP Workstations and HP Blade Workstations but not for virtual machines Allow users to override the default protocol Select if you want to allow users to override the default display protocol from within View Client Max number of monitors If you are using PCoIP select the maximum number of monitors on which users can display the desktop Note You must power off and then power on existing virtual machines for this setti
269. your deployment For each View Connection Server instance the result is 11 020 as shown in Table 2 2 Table 2 2 Example Calculating Size of TCB Hash Table on View Connection Server Configuration Parameter Sample Values Projected number of concurrent client connections 3 000 Number of View Connection Server instances 3 Number of View desktop sources 6 000 5 clients servers desktops 20 number of TCB 5 3 000 3 6 000 20 11 020 hash table rows on each server Use the Worksheet to Calculate Ephemeral Ports and TCB Hash Table on page 45 to fill in values for your deployment To calculate the size of the TCB hash table for Security Servers Use the following formula number of hash table rows 5 clients security servers 10 Where clients projected number of concurrent client connections security servers number of security servers For example you might have 3 000 concurrent client connections in your deployment For each security server the result is 7 510 as shown in Table 2 3 Table 2 3 Example Calculating Size of TCB Hash Table on Security Server Configuration Parameter Sample Values Projected number of concurrent client connections 3 000 Number of security servers 2 5 clients security servers 10 number of TCB hash 5 3 000 2 10 7 510 table rows on each security server Use the Worksheet to Calculate Ephemeral Ports and TCB Hash Table
Download Pdf Manuals
Related Search