View Manager Administration Guide View Manager 4.0.1 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new edition. To check for more recent editions of this document, see http://www.vmware.com/support/pubs.
View Manager Administration Guide You can find the most up-to-date technical documentation on the VMware Web site at: http://www.vmware.com/support/ The VMware Web site also provides the latest product updates. If you have comments about this documentation, submit your feedback to: docfeedback@vmware.com Copyright © 2010 VMware, Inc. All rights reserved. This product is protected by U.S. and international copyright and intellectual property laws.
Contents About This Book 9 1 Introduction 11 Overview of View Manager 11 View Manager Features 12 View Manager Components 14 System Requirements 14 View Connection Server 15 Operating System Support for Installed Components 17 Operating System Support for Web Components 18 View Agent 19 View Client / View Client with Offline Desktop 20 View Portal 23 View Composer 24 2 Installation 27 Overview of View Connection Server 28 View Connection Server Instances 28 Standard Server Installation 30 Replica Server
View Manager Administration Guide 3 View Administrator 49 Overview of View Administrator 49 Desktops and Pools View 50 Users and Groups View 53 Configuration View 55 Product Licensing and Usage 56 Servers 56 Registered Desktop Sources 61 Administrators 61 Global Settings 61 Events View 63 4 Virtual Desktop Deployment 65 Overview of Virtual Desktop Deployment 66 Desktop Sources 66 Desktop Delivery Models 67 Preparing the Guest System 68 Installing the View Agent on the Guest System 69 Using the View Agent
Contents Creating SSL Server Certificates 99 Creating an SSL Certificate 101 Validating the SSL Certificate 102 Using Existing SSL Certificates 105 Exporting from Microsoft IIS Server 105 Smart Card Authentication 106 Smart Card Hardware 106 Obtaining a Root Certificate 107 Adding a Root Certificate to Trusted Roots on Active Directory 108 Creating a Truststore 109 Enabling Smart Card Authentication on the Server 110 Verifying the Smart Card Authentication Configuration 111 Configuring a Standard or Replic
View Manager Administration Guide Creating an Oracle 9i Database and Data Source for View Composer 140 Configuring an Oracle 10g Database and Data Source for View Composer 141 Adding the View Composer Service to vCenter Server 143 vCenter Server User Permissions 144 Preparing a Parent VM 145 DHCP Lease Removal 145 Installing the View Agent on the Parent VM 146 Creating a Parent VM Snapshot 147 Deploying Linked Clone Desktops from View Manager 147 Refreshing, Recomposing, and Rebalancing Linked Clone Deskto
Contents Install View Agent on an Unmanaged Desktop Source Add and Change Desktop Sources 207 Enable or Disable a Desktop 211 Entitle Users and Groups to a Desktop 211 Add or Remove a Desktop Source 211 Change an Individual Desktop Source 212 Delete a Desktop 213 Unregister a Desktop Source 213 Uniqueness of Unique ID 214 206 10 Troubleshooting 215 Collecting View Manager Diagnostic Information 215 Using the View Manager Support Tool to Collect Diagnostic Information 216 Using the View Manager Support Sc
View Manager Administration Guide 8 VMware, Inc.
About This Book This guide describes how to install, configure, and use VMware® View™, including how to install the various software components, how to deploy servers, and how to provision desktops and control user access. This guide also describes the client software that connects users to virtual desktops running on VMware vSphere™, or to physical systems running within your network environment.
View Manager Administration Guide Technical Support and Education Resources The following sections describe the technical support resources available to you. To access the current version of this book and other books, go to http://www.vmware.com/support/pubs. Online and Telephone Support To use online support to submit technical support requests, view your product and contract information, and register your products, go to http://www.vmware.com/support.
1 Introduction 1 View Manager is a flexible and intuitive desktop management solution that enables system administrators to rapidly provision desktops and control user access. Client software connects users to virtual desktops running on VMware vSphere, or to physical systems running within your network environment.
View Manager Administration Guide Figure 1-1.
Chapter 1 Introduction Flexible deployment options—View Manager components can be deployed in a variety of configurations and to different parts of the network, which improves security, scalability, and reliability. In addition, multiple vCenter Servers are supported, and View Manager can scale horizontally to support many virtual desktops. High availability—Servers can be clustered for high availability and scalability with automatic failover.
View Manager Administration Guide View Manager Components View Manager consists of the following major components: View Connection Server—a software service that acts as a broker for client connections by authenticating and then directing incoming remote desktop user requests to the appropriate virtual desktop, physical desktop, or terminal server.
Chapter 1 Introduction View Connection Server View Connection Server is not supported on servers that have the Windows Terminal Server role installed. Remove the Windows Terminal Server role from any server on which you will be installing View Connection Server. View Connection Server runs on a 32‐bit or 64‐bit dedicated physical or virtual server with the following specifications: Pentium IV 2.
View Manager Administration Guide VMware Infrastructure 3.0.2 is supported. Both ESX and ESXi hosts are supported. vCenter is required. NOTE To use the View Composer feature, VMware vSphere 4 Update 1 or VMware Infrastructure 3.5 Update 3 or Update 4 is required. To use the Offline Desktop experimental feature, VMware Infrastructure 3.5 Update 3 or Update 4 is required. Offline Desktop is not supported with vSphere 4.
Chapter 1 Introduction Operating System Support for Installed Components Table 1‐1 describes the support offered by various types of Windows operating system to the locally installed components of View Manager. For each of these components, only 32‐bit support is offered. Any additional environmental requirements of these components are described in subsequent sections. The columns represented in this table are: View Agent—refers to the View Agent service that is installed on a View Manager desktop.
View Manager Administration Guide Table 1-1.
Chapter 1 Introduction Table 1-2. Operating System Support for Web-Based Components (32-bit) Operating System View Portal View Administrator Windows XP Professional SP1 Internet Explorer 6 SP2 Internet Explorer 7 Windows XP Professional SP2 Internet Explorer 7 Internet Explorer 8 Firefox 3.0 Windows XP Professional SP3 Firefox 3.
View Manager Administration Guide View Client / View Client with Offline Desktop You must have administrative privileges to install View Client or View Client with Offline Desktop on the client desktop. In order to redirect the USB devices attached to the client system for use on the View Manager desktop, you must enable the USB redirection feature when you install either client application. NOTE Offline Desktop is an experimental feature.
Chapter 1 Introduction MMR redirection is supported for Windows clients. USB redirection is supported. Adobe Flash bandwidth reduction is supported. Audio redirection, with dynamic audio quality adjustment for LAN and WAN, is supported.
View Manager Administration Guide Failure to do this might result in a Windows Sockets failed error message on the client. Windows 2000 does not support RDC 6.x. RDC 5.0 is supported. HP Remote Graphics Software Remote Graphics Software (RGS) is a display protocol from HP that allows users to access the desktop of a remote computer over a standard network. HP RGS version 5.2.5 is supported. Contact HP to license a copy of HP RGS software version 5.2.5 to use with View.
Chapter 1 Introduction View Client and View Client with Offline Desktop: MMR The multimedia redirection (MMR) feature delivers the multimedia stream directly to the client using a virtual channel. This enables full fidelity playback. MMR is supported by View Client and View Client with Offline Desktop on Windows XP, Windows XP Embedded, and Windows Vista client operating systems. Make sure that the MMR port is added as an exception to your firewall software. The default port is 9427.
View Manager Administration Guide USB Support In order to use the USB redirection feature with View Portal, users must first install View Client on their local system. Refer to “Installing and Running View Client and View Portal” on page 94 for more information about this. Windows 2000 does not support USB redirection. Virtual Printing View Portal does not support Virtual Printing.
Chapter 1 Introduction Table 1-3. Database Support and Requirements for View Composer Database Type Requirements Microsoft SQL Server 2000 Standard SP4 For Windows XP, apply MDAC 2.8 SP1 to the client. Microsoft SQL Server 2000 Enterprise SP4 Microsoft SQL Server 2005 Standard SP1 / SP2 Microsoft SQL Server 2005 Enterprise SP1 / SP2 Use SQL Server driver for the client. For Windows XP, apply MDAC 2.8 SP1 to the client. Use SQL native client driver for the client.
View Manager Administration Guide 26 VMware, Inc.
2 Installation 2 This chapter describes how to install and back up one or more instances of View Connection Server, and also considers the different deployment scenarios you may encounter during this operation. Before installing View Connection Server, refer to Chapter 1, “Introduction,” on page 11 to view the system requirements and hardware and device support.
View Manager Administration Guide Overview of View Connection Server View Connection Server communicates with vCenter Server to provide advanced management of virtual desktops. This includes virtual desktop creation as part of pool management and power operations, such as automatic suspend and resume.
Chapter 2 Installation Configuring Domain Filters View Manager determines which domains are accessible by traversing trust relationships, starting with the domain in which a View Connection Server instance or security server resides. For a small, well‐connected set of domains, View Manager can quickly determine a full list of domains, but the time that it takes increases as the number of domains increases or as the connectivity between the domains decreases.
View Manager Administration Guide Standard Server Installation A standard server deployment creates a single standalone View Connection Server. This server could later become the first server instance within a replicated View Connection Server group. When a standard server instance is created during View Connection Server installation, a new local View LDAP instance is also created. The schema definitions, DIT definition, ACLs, and so forth are loaded and the data is initialized.
Chapter 2 Installation In order to install a replica, there must be at least one View Connection Server instance already present on your network. Replica servers can use either a standard server or another replica server to initialize their data. Once initialized, the behavior and functionality of the replica server is identical to that of a standard server and offers identical functionality. In the event of server failure, the other servers in the replicated group will continue to operate.
View Manager Administration Guide To further enhance the high‐availability and scalability requirements of your View environment, it is recommended that you deploy a load balancing solution—this ensures that connections are distributed evenly across each available View Connection Server, and that failed or inaccessible servers are automatically excluded from the replicated group.
Chapter 2 Installation Figure 2‐2 shows a high‐availability environment comprising two load‐balanced security servers in the DMZ communicating with two instances of View Connection Server—a standard server and a replica server—inside the internal network. Figure 2-2.
View Manager Administration Guide Figure 2‐3 shows an environment where four instances of View Connection Server act as one group with the servers in the internal network dedicated to the users of that network, and the servers in the external network dedicated to users of that network. The servers on the right can be enabled for RSA SecurID authentication, so that all external network users are required to authenticate using RSA SecurID tokens.
Chapter 2 Installation Figure 2-3. DMZ Deployment with Multiple View Connection Server Instances remote View Client external network DMZ load balancing View Client View Security Servers internal network load balancing View Connection Servers Microsoft Active Directory VirtualCenter Management Server ESX hosts running Virtual Desktop virtual machines Security servers implement a subset of View Connection Server functionality, and do not need to reside in an Active Directory domain.
View Manager Administration Guide To install a security server 1 Run the following executable on the system that will host the security server, where xxx is the build number of the file: VMware-viewconnectionserver-xxx.exe The Installation wizard is displayed. Click Next. 2 Accept the license terms and click Next. 3 Accept or change the destination folder and click Next. 4 Choose Security Server.
Chapter 2 Installation If an administrator subsequently changes the port number used for RDP, the associated firewall rules for both the desktop virtual machine or unmanaged desktop source and the back‐end firewall must be similarly modified by the administrator. For more information about desktop virtual machines and unmanaged desktop sources, refer to “Desktop Sources” on page 66.
View Manager Administration Guide Initial View Manager Configuration Once you have installed one or more View Connection Server instances you must perform an initial configuration so that they are ready to carry out administrative tasks. Configuration is carried out from within View Administrator, the Web‐based administrative component of View Manager. This component is described in detail in Chapter 3, “View Administrator,” on page 49.
Chapter 2 Installation d In the vCenter Servers table, click Add and complete the details for one or more vCenter Server servers to use with View Manager. i In the Server address text box, enter the FQDN or IP address of the vCenter Server you want View Manager to communicate with. CAUTION If you enter a server using a DNS name or URL, no DNS lookup is performed to verify whether or not the server has previously been entered using its IP address.
View Manager Administration Guide f Click Administrators in the column on the left of the screen. g In the Administrators table, click Add and use the form provided to grant administrative rights to the Active Directory users who you want to be able to access to View Administrator. Once you have added all the required administrators, click OK.
Chapter 2 Installation This command creates a file called vdmconfig.ldf that contains the exported View LDAP configuration information. LDIF data is imported into View Manager using LDIFDE, a utility included with Windows Server 2003 that supports batch operations based on the LDIF file format standard. To import View Manager configuration data From the command prompt on a standard or replica View Connection Server, change to the LDAP directory and execute the following commands: cd C:\windows\adam LDIFDE
View Manager Administration Guide If your View Manager deployment is likely to use more than 800 concurrent client connections, you should increase the number of available ephemeral ports. To support a large number of concurrent client connections, you can calculate the optimal number of ephemeral ports to configure on each View Connection Server instance. To calculate the number of ephemeral ports Use the following formula.
Chapter 2 Installation 2 In the registry, locate the correct subkey and click Parameters. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters 3 Click Edit > New and add the registry entry. Value Value Value Valid Name: MaxUserPort Type: DWORD data: 1024 + Range: 5000-65534 (decimal) 4 Exit the Registry Editor. 5 Restart the Windows Server computer. Active Directory group policies can override registry entries.
View Manager Administration Guide For example, you might have 3,000 concurrent client connections, three View Connection Server instances, and 6,000 View desktop sources in your deployment. For each View Connection Server instance, the result is 11,020, as shown in Table 2‐2. Table 2-2.
Chapter 2 Installation Setting TCP Hash Table Size in the Windows Registry You can edit the Windows registry to increase the size of the TCB hash table on the Windows Server computer on which View Connection Server runs. To increase the size of the TCB hash table on Windows Server 1 2 On the Windows Server, start the Windows Registry Editor. a Select Start > Command Prompt. b At the command prompt, type regedit. In the registry, locate the correct subkey and click Parameters. HKEY_LOCAL_MACHINE\SYSTE
View Manager Administration Guide Table 2-4.
Chapter 2 Installation 2 In the registry, locate the correct subkey and click JvmOptions. HKEY_LOCAL_MACHINE\SOFTWARE\VMware, Inc.\VMware VDM\Plugins\ wsnm\tunnelService\Params 3 Click Edit > Modify. A Windows dialog box displays an entry like the following example: -Xms128m -Xmx512m -Dsimple.http.poller=simple.http.GranularPoller -Dsimple.http.connect.configurator=com.vmware.vdi.front.SimpleConfigurator 4 Edit the -Xmx parameter to have the value -Xmx1024m.
View Manager Administration Guide 48 VMware, Inc.
3 View Administrator 3 View Administrator is where you perform all of the configuration, deployment, analytical, and administrative tasks related to View Manager and desktop management. This chapter describes the features of View Administrator and the tasks you can perform.
View Manager Administration Guide Desktops and Pools View The Desktops and Pools view is displayed by default when you log in to View Administrator or when you click the Desktops and Pools button, and is where you create, deploy, administer, and monitor your virtual desktops.
Chapter 3 View Administrator Table 3-1. Desktops Pane – Tab Summary Tab Context Description Summary Desktop This tab provides an overview of all information associated with a desktop or desktop pool, including: Desktop Pool General information about the pool, such as the name, type, persistence, and current activity. vCenter Server environmental criteria, such as server name, capacity, and domain administrator.
View Manager Administration Guide Table 3-1. Desktops Pane – Tab Summary (Continued) Tab Context Description Users and Groups Desktop This tab lists all users and groups entitled to use this desktop or pool. From under the Entitlements sub‐tab, you can select and Remove Entitlement from any user listed in the table provided. Desktop Pool If the selected pool uses linked clone technology for its deployment, an additional sub‐tab—Users and Groups—is also displayed.
Chapter 3 View Administrator Table 3-1. Desktops Pane – Tab Summary (Continued) Tab Context Description Offline Sessions All This tab lists all the Offline Desktop desktops currently checked out, either globally or within the selected pool. Refer to Chapter 7, “Offline Desktop,” on page 167 for more information about this feature and the functions provided on this tab. Global Policies Global This tab lists the policies that are applied to all desktops and pools at the global level.
View Manager Administration Guide The Users and Groups view is divided into two parts: a left pane that contains an Inventory and a Search tab and a right pane that provides either global or pool‐level information about the users currently entitled. When the Inventory tab is selected, the left pane provides an alphabetic list of all the users under the top‐level Global users and group view entry. This entry is global in scope.
Chapter 3 View Administrator Table 3-2. Users Pane – Tab Summary (Continued) Tab Context Description Entitled Users and Groups Global This tab provides a complete list of all users and user groups that are entitled to use the desktops and pools managed by View Connection Server. The default domain of each user, the number of desktops or pools to which they are entitled, and any active sessions are also provided.
View Manager Administration Guide Product Licensing and Usage The Product Licensing table indicates the license status of View Manager and also if additional components such as the View Composer and Offline Desktop features are provided within the license coverage. Click Edit License to add or modify the license serial number for View Connection Server.
Chapter 3 View Administrator Security servers offer greater network security to environments that allow clients to access them from the Internet. Refer to “Security Server Installation” on page 32 for more information about this. The Security Servers table allows you to add one or more security server instances to your View Manager environment. You can Add, Edit, or Remove information about security servers present in your environment by using the links provided.
View Manager Administration Guide Table 3-3. View Server Settings Property Description External URL In order for external clients to communicate with View Connection Server, you must enter a URL that can be resolved externally. Enter a URL in the External URL field. The name must contain the protocol, address, and port number. For example: https://view.example.com:443 Refer to “Client Connections from the Internet” on page 97 for more information about this property.
Chapter 3 View Administrator Table 3-3. View Server Settings (Continued) Property Description RSA SecurID 2‐Factor Authentication The properties in this group determine if clients connecting to View Connection Server must also use RSA SecureID in order to authenticate: Enable—Determines if client authentication process requires RSA SecureID credentials. Enforce SecurID and Windows user name matching—Determines if RSA SecurID user names must match the user names stored in Active Directory.
View Manager Administration Guide Table 3-3. View Server Settings (Continued) Property Description View Manager Configuration Backup To preserve your configuration information, View Manager allows you to back up the contents of the View LDAP repository used by all View Connection Servers in your environment.
Chapter 3 View Administrator Registered Desktop Sources This section provides the number of Terminal Services sources and other sources (standalone virtual machines and physical systems) currently registered with View Connection Server. Administrators The Administrators table contains a list of all users and groups that are allowed to log in to View Administrator. All entities in this list reside within the current Active Directory domain forest.
View Manager Administration Guide Table 3-4. Global Settings Property Description Session timeout Determine how long (in minutes) users are allowed to keep sessions open after they log in to the View Connection Server. This field must contain a value, and the default is 600. Use SSL for client connections Determines if SSL is used to create a secure communication channel between View Connection Server and the client. This setting must be enabled if you are using smart card authentication.
Chapter 3 View Administrator Table 3-4. Global Settings (Continued) Property Description Direct connection for Offline Desktop operations Offline Desktop (if available) supports tunneled or non‐tunneled communications for LAN‐based data transfers. When tunneling is enabled, all traffic is routed through the View Connection Server. When tunneling is not enabled, data transfers take place directly between the online desktop host system and the offline client.
View Manager Administration Guide 64 VMware, Inc.
4 Virtual Desktop Deployment 4 Virtual desktop deployment is the task of preparing individual or multiple virtual machines for View Manager client connections. Once deployed, prepared systems can be accessed directly or act as a template from which View Manager can create an extensible pool of cloned desktops.
View Manager Administration Guide Overview of Virtual Desktop Deployment The procedure for deploying virtual desktops varies depending on whether you are creating an automated pool from a virtual machine template, an individual desktop instance, or a pool of manually‐selected virtual desktops. However, in all of these cases a base—or guest—system must first be selected and configured for use with View Manager.
Chapter 4 Virtual Desktop Deployment Unmanaged Desktop Sources— the desktop source is a machine that is not managed by a vCenter Server. This includes virtual machines running on VMware Server and virtual machines running on other virtualization platforms that support View Agent. Blade PCs, physical PCs, and Terminal Servers on which you can install View Agent are unmanaged desktop sources.
View Manager Administration Guide Terminal Server Pool – is a pool of terminal server (TS) desktop sources served by one or more terminal servers. A terminal server desktop source can deliver multiple desktops. A TS pool has the following characteristics: Pool of TS desktops served by a farm comprising of one or more terminal servers.
Chapter 4 Virtual Desktop Deployment Configure Active Directory settings. a Configure the preferred and alternate DNS servers to use your Active Directory server addresses. For example, on Windows XP, configure the DNS server settings from the properties menu: Start > Control Panel > Network Connections > LAN > Properties Internet Protocol (TCP/IP) > Properties > Use the following DNS server addresses b Join the guest system to the appropriate Active Directory domain.
View Manager Administration Guide You can also select or deselect the following features: If you want to allow users to download a copy of their virtual desktops from the View Connection Server for use on a local computer such as a laptop, install the Offline Desktop component. Offline Desktop is not supported with vSphere 4. Offline Desktop is an experimental feature. Refer to “System Requirements” on page 14 for more information about experimental features.
Chapter 4 Virtual Desktop Deployment Using the View Agent on Virtual Machines with Multiple NICs For guest systems with more than one virtual NIC, you must configure the subnet that the View Agent will use. This determines which network address the View Agent provides to the View Connection Server for client RDP connections. To configure this subnet, create the following registry string in the virtual machine on which the View Agent is installed, where n.n.n.
View Manager Administration Guide 5 Enter the Unique ID and, optionally, the Display name and Description. The unique ID is used by View Manager to identify the desktop pool and is the name that clients see when logging in. The unique ID and display name can be arbitrary but if you do not specify a display name the unique ID is used for both. If your installation has multiple VirtualCenter or vCenter Servers, see “Uniqueness of Unique ID” on page 214.
Chapter 4 Virtual Desktop Deployment Property Parameter Description Default display protocol Select the display protocol that you want View Connection Server to use when communicating with View Client. PCoIP—Provides an optimized PC experience for the delivery of images, audio, and video content for a wide range of users on the LAN or across the WAN. PCoIP is supported as the display protocol for individual desktops with virtual machines and with physical machines that contain Teradici host cards.
View Manager Administration Guide 7 From the list provided, select the virtual machine or physical machine you want to use as the individual desktop and click Next. 8 You are presented with a summary of the configuration settings for this deployment. If you are unsatisfied with any aspect of the configuration you can use the Back button to revisit any previous page. If you are satisfied with the configuration click Finish to deploy the individual desktop.
Chapter 4 Virtual Desktop Deployment To create a virtual machine template in vCenter 1 Power off the virtual machine. 2 Right‐click the previously configured guest system and select one of the following options: Clone to Template—Select this option if you want to use the selected guest system as the basis for a new template without altering the virtual machine itself.
View Manager Administration Guide 7 Enter and confirm the local administrator password in the fields provided. Click Next. 8 Select the local time zone from the drop down list. Click Next. 9 (Optional) You are presented with the opportunity to provide one or more command prompt instructions that will be executed the first time a user connects. Enter a command in the field provided and click Add. Repeat as necessary. When you have finished, click Next.
Chapter 4 Virtual Desktop Deployment 5 Enter the Unique ID and, optionally, the Display name and Description, and click Next. The unique ID is used by View Manager to identify the desktop pool and is the name that the user sees when logging in. The unique ID and display name can be arbitrary but if you do not specify a display name the unique ID is used for both. If your installation has multiple VirtualCenter or vCenter Servers, see “Uniqueness of Unique ID” on page 214.
View Manager Administration Guide Property Parameter Description Power off and delete virtual machine after first use Select if you want the virtual machine to be deleted immediately after the user logs off. (non‐persistent pools only) If necessary, a new virtual machine is cloned to maintain a specific pool size after virtual machines are deleted. Allow users to reset their desktop Select if you want to allow desktop users to reset their own desktops without administrative assistance.
Chapter 4 Virtual Desktop Deployment 7 Configure the desktop provisioning properties and click Next. Property Parameter Description Provisioning Enabled—the desktops in the pool will be immediately created upon completion of the deployment procedure or after a desktop is deleted. Disabled—the desktops in the pool will not be immediately created upon completion of the deployment procedure or after a desktop is deleted. Number of desktops Specifies the number of desktops to create in this pool.
View Manager Administration Guide Property Parameter Description Stop provisioning on error Select if you want View Manager to automatically stop provisioning new virtual machines if an error is detected during desktop creation. Advanced Settings Click to display the advanced pool configuration settings. You can enable the advanced parameters by selecting Enable Advanced Pool Settings. This will disable the Pool Size parameter.
Chapter 4 Virtual Desktop Deployment 13 Select how you would like the desktops created from the guest system to be customized. If a customization specification exists on vCenter Server you can select it from the Use this customization specification list in order to preconfigure such properties as licensing, domain attachment, and DHCP settings.
View Manager Administration Guide Deploying a Manual Desktop Pool 1 From within the View Administrator, click the Desktops and Pools button and then click the Inventory tab. In the Global desktop and pool view pane, ensure that the Desktops and Pools tab is selected and click Add. 2 You are presented with the Add Desktop wizard. From here you can configure and deploy a new linked clone desktop pool. Select Manual Desktop Pool and click Next.
Chapter 4 Virtual Desktop Deployment Property Parameter Description State Enabled—after being created, the desktop pool is automatically enabled and ready for immediate use. Disabled—after being created, the desktop pool is disabled and unavailable for use. This is an appropriate setting if you want to conduct post deployment activities such as testing or other forms of baseline maintenance.
View Manager Administration Guide Property Parameter Description Default display protocol Select the display protocol that you want View Connection Server to use when communicating with View Client. PCoIP—Provides an optimized PC experience for the delivery of images, audio, and video content for a wide range of users on the LAN or across the WAN. PCoIP is supported as the display protocol for manual desktops with virtual machines and with physical machines that contain Teradici host cards.
Chapter 4 Virtual Desktop Deployment 8 From the list provided, select the virtual machines or physical systems you want to use add to the pool. Click Next. 9 You are presented with a summary of the configuration settings for this deployment. If you are unsatisfied with any aspect of the configuration you can use the Back button to revisit any previous page. If you are satisfied with the configuration click Finish to deploy the individual desktop.
View Manager Administration Guide 7 From the table, choose the user or groups who you want to be able to use this desktop or pool and click OK. 8 You are returned to the first page of the Entitlements window, which now contains the users or groups you selected. Click OK to finish. Restricting View Desktop Access You can use the restricted entitlements feature to restrict View desktop access based on the View Connection Server instance that a user connects to.
Chapter 4 Virtual Desktop Deployment Understanding Tag Matching The restricted entitlements feature uses tag matching to determine whether a View Connection Server instance can access a particular View desktop or desktop pool. At the most basic level, tag matching determines that a View Connection Server instance with a specific tag can access a desktop or desktop pool that has the same tag.
View Manager Administration Guide Restricting a View Connection Server Instance When you assign a tag to a View Connection Server instance, users who connect to that View Connection Server can access only those View desktops and desktop pools that have a matching tag or no tags. To assign a tag to a View Connection Server instance 1 In View Administrator, select Configuration > Servers > View Servers. 2 Select the View Connection Server instance and click Edit.
Chapter 4 Virtual Desktop Deployment Searching Desktops and Entitled Users and Groups Use the Inventory tab to search for information about desktops and entitled users and groups. You can either search by using the columns in the tables that appear on the right side of the page or search by using the categories that appear on the left side of the page. To search columns in the Desktops Inventory view 1 From within the View Administrator, click the Desktops and Pools button.
View Manager Administration Guide To search categories in the Entitled Users and Groups Search view: 1 From within View Administrator, click the Users and Groups button and click the Search tab on the left side of the page. 2 In the Search for users and groups field, enter search text. 3 Select or deselect Name, Email, Display name, or Domain to search within that category. 4 Click Search. Working with Active Sessions After users connect to a desktop, active sessions are listed in the inventory.
Chapter 4 Virtual Desktop Deployment Disabling View Manager and Deleting Objects If you want to prevent users from accessing their desktops you can disable the View Connection Server to prevent clients from logging in. Currently logged in users are not affected when you disable the View Connection Server. Disabling the View Connection Server is useful if you need to take it out of service for any reason.
View Manager Administration Guide To delete a desktop pool from a View Connection Server 1 From within View Administrator, click the Desktops and Pools button. 2 In the Global desktop and pool view, select a desktop or desktop pool from the list on the right click Delete. You are given the option to remove the virtual machines from View Manager only, which means they are still visible in vCenter Server, or to delete them from disk, which means they are no longer visible in vCenter Server.
5 Client Management 5 The locally installed View Client application and the Web‐based View Portal component allow users to connect to their desktops. These applications can operate within an internal network or externally over the Internet, and their behavior can be modified in a number of ways. In addition, View Client offers a variety of user authentication models—including secure authentication—all of which must be first configured on View Connection Server.
View Manager Administration Guide “Adobe Flash Bandwidth Reduction” on page 119 “Client Computer Information” on page 121 “Using PCoIP Display Protocol” on page 124 “Using HP RGS Display Protocol” on page 124 NOTE Features differ according to which View Client you use. This guide describes primarily View Client and View Portal for Microsoft Windows.
Chapter 5 Client Management If you install View Client from the executable, Virtual Printing and USB support are offered within the application, and Start Menu entries are created. NOTE View Portal does not support USB redirection, regardless of installation path. To install View Client 1 Run the View Client executable on the system that will host the client, where xxx is the build number of the file: VMware-viewclient-xxx.exe 2 When the VMware Installation wizard appears, click Next.
View Manager Administration Guide 7 (Optional) Enter the IP address or FQDN of the server to which the client will connect and click Next. 8 Configure shortcuts for the View Client and click Next. 9 To launch View Client when installation is completed, select the check box. 10 Click Install > Finish. To start View Client 1 If View Client does not start automatically after installation, double‐click the desktop shortcut or click Start > Programs > VMware > VMware View Client.
Chapter 5 Client Management View Client Policies Certain View Client features can be controlled through policies. For information about configuring and applying policies to View Client at the global, pool, or user level refer to “Client Policies” on page 183. Client Connections from the Internet For a user to access a virtual desktop, their client system must be able to resolve the host name or IP address of the specified View Connection Server.
View Manager Administration Guide Figure 5-1. External Client Connection thirdparty load firewall balancer View firewall Security Server server1.int View Client View Connection Server server2.int VMware Infrastructure VirtualCenter ESX 1 2 Active Directory 1 https://myview.mycorp.com 2 https://server1.int external internal 1 https://server2.int 2 https://server2.
Chapter 5 Client Management Security Server External URLs The external URL of a security server cannot be defined from within View Administrator. Instead, you can use View Administrator to generate a configuration file that contains the externally resolvable security server name, port number, and protocol. This file is then placed on the security server. To generate a Security Server config.
View Manager Administration Guide By default, in View Connection Server when a client visits a secure page such as View Administrator they are presented with the self‐signed certificate provided with the application. By reading the server certificate the user can decide if the server is a trusted source, and then accept (or reject) the connection. The certificate can be signed by a Certificate Authority (CA)—a trusted third party who guarantees the identity of the certificate and its creator.
Chapter 5 Client Management You can replace the default certificate provided with View with a properly defined certificate for the service. If the certificate is signed by a trusted CA, users will not be presented with messages asking them to verify the certificate, and thin client devices will be able to connect without requiring additional configuration.
View Manager Administration Guide 4 In the Variable value field add the path to the JRE installation directory: %ProgramFiles%\VMware\VMware View\Server\jre\bin Ensure that this entry is delimited with a semicolon (;) from any other entries present in the field. 5 Click OK > OK > OK to close the Windows System Properties dialog box. To create a self-signed SSL certificate 1 From a command prompt, enter the following: keytool -genkey -keyalg "RSA" -keystore keys.
Chapter 5 Client Management To create a certificate signing request (CSR) From a command prompt, enter the following where is the keystore password: keytool -certreq -keyalg "RSA" -file certificate.csr -keystore keys.p12 -storetype pkcs12 -storepass The certificate.csr file is created in the same location.
View Manager Administration Guide 3 From a command prompt, enter the following where is the keystore password: keytool -import -keystore keys.p12 -storetype pkcs12 -storepass -keyalg "RSA" -trustcacerts -file certificate.p7 If you are using a temporary certificate you may be presented with the following message: ... is not trusted.
Chapter 5 Client Management 5 Save the file with a .P7 extension. 6 Add this certificate to your keystore, as described in “To submit the CSR and import the certificate” on page 103. Using Existing SSL Certificates Your organization may already have a valid (CA signed) SSL certificates that you want to use with View Connection Server. In order to use an SSL certificate you will require both the certificate and the private key that accompanies it.
View Manager Administration Guide The certificate is exported to the specified location. You must now carry out the procedure described in “To configure the View Connection Server to use the new certificate” on page 104. Ensure that the keypass entry in the locked.properties file corresponds to the password you used when exporting the certificate. Smart Card Authentication Some organizations require personnel to pass multiple stages of authentication before allowing them to connect to their systems.
Chapter 5 Client Management Obtaining a Root Certificate You must obtain the root certificate from the CA that signed the certificates on the smart cards presented by your users. The root certificate is obtained from one of the following sources: Microsoft IIS server running Microsoft Certificate Services. The procedure for installing Microsoft IIS, issuing certificates, and distributing them in your organization exceeds the scope of this guide.
View Manager Administration Guide 3 Under the Personal tab, select the certificate you wish to use and click View. NOTE If the user certificate is not present in the list you must first click the Import button to manually import the user certificate. Once the certificate has been imported, select it from the list and click View. 4 Under the Certification Path tab, select the certificate at the top of the tree and click View Certificate. 5 Under the Details tab click Copy to File.
Chapter 5 Client Management 5 In the left pane, expand Computer Configuration > Windows Settings > Security Settings > Public Key Policy. 6 Right‐click Trusted Root Certification Authorities and select Import. 7 Follow the instructions in the wizard to import the certificate. Click OK. 8 Close the Group Policy window. By adding the certificate to the list of trusted roots, you are ensuring that all systems in the domain have a copy of the certificate in their trusted root store.
View Manager Administration Guide Using keytool to Create a Truststore From a command prompt, enter the following: keytool -import -alias -file -keystore In this command, is a unique (case‐insensitive) name for a new entity entry in the truststore (in this case, the certificate you are about to import), is the name of the root CA certificate you previously obtained or exported, and is the name of the truststore output
Chapter 5 Client Management Verifying the Smart Card Authentication Configuration After you set up smart card authentication for the first time, or when smart card authentication is not working correctly, you should verify your configuration. To verify configuration of smart card authentication Verify that each client system has View Client, smart card middleware, a smart card with a valid certificate, and a smart card reader.
View Manager Administration Guide Check the log files in :/Documents and Settings/All Users/Application Data/VMware/VDM/logs on the View Connection Server or security server host for messages stating that smart card authentication is enabled. Configuring a Standard or Replica Server A security server that has been configured to use smart card authentication will automatically require the user to authenticate using their card and PIN during login.
Chapter 5 Client Management The smart card removal policy does not apply to users who connect to the View Connection Server instance with the Log in as current user check box selected, even if they log in to their client system with a smart card. 5 Click OK. 6 Restart the View Connection Server service. NOTE Smart card authentication replaces Windows password authentication only. If SecurID is enabled, users are required to authenticate using this mechanism also.
View Manager Administration Guide 4 Right‐click the user, and then click Properties. An attribute editing window for the user is displayed. 5 Double‐click the userPrincipalName entry from the list. In the field provided, enter the SAN value of the trusted CA certificate. 6 Click OK > OK, and close ADSI Edit. RSA SecurID Authentication View supports RSA SecurID as an additional method for user authentication.
Chapter 5 Client Management Node Secret Reset If a View Client connection with RSA SecurID displays Access Denied and the RSA Authentication Manager Log Monitor displays the error Node verification Failed, clear the node secret on View Connection Server and then do the following: 1 Run RSA Authentication Manager Host Mode. 2 Select Agent Host menu > Edit Agent Host. 3 Select the View Connection Server from the list and select OK. 4 Deselect Node Secret Created and click OK.
View Manager Administration Guide Table 5-1. View Client Command Line Options (Continued) Property Description desktopLayout Layout of the View Client window that a user sees when logging in to a View desktop. The layout choices are: fullscreen multimonitor windowLarge windowSmall This property requires the desktopName property to be supplied. desktopName Desktop name for the select desktop dialog box. Note: This is the name as you see it in the select desktop dialog box.
Chapter 5 Client Management Table 5-1. View Client Command Line Options (Continued) Property Description staycheckedout (Offline Desktop only) Backs up the data on a checked out desktop to the server, but keeps the offline desktop checked out. This property requires the desktopName property to be supplied. offlineDirectory (Offline Desktop only) Specifies the local directory path into which a new offline desktop is downloaded. This property requires the desktopName property to be supplied.
View Manager Administration Guide Virtual Printing is a plug‐and‐play solution; once a printer is installed on the local system it is automatically added to the list of available printers on the View desktop. No further configuration is required. Virtual Printing consists of a guest component (.print Client) which resides within the View Client or View Client with Offline Desktop application, and a host component (.print Engine) which is part of the View Agent service on the View desktop.
Chapter 5 Client Management 7 Click the Advanced tab. If the printer installed on the host supports these options, edit the following settings for double‐sided printing: Long edge for portrait or Short edge for landscape printing. To preview each printout on the host, enable Preview on client before printing. From this preview, you can use any printer with all its available properties. 8 Click the Adjustment tab to view the automatic print adjustment options.
View Manager Administration Guide Setting Adobe Flash Quality and Throttling You can specify a maximum allowable level of quality for Adobe Flash content that overrides any Web page settings. If Adobe Flash quality for a given Web page is higher than the maximum level allowed, quality is reduced to the specified maximum. Lower quality results in more bandwidth savings. The following Adobe Flash render‐quality modes are available: Do not control: Quality is determined by Web page settings.
Chapter 5 Client Management Overriding Bandwidth Reduction Settings in the Desktop By using the mouse cursor in the desktop, users can override Adobe Flash content display settings. To override Adobe Flash settings in the desktop 1 In Internet Explorer, browse to the relevant Adobe Flash content and start it if necessary. Depending on how Adobe Flash settings are configured, you might notice dropped frames or low playback quality. 2 Move the mouse cursor into the Adobe Flash content while it is playing.
View Manager Administration Guide Table 5-2. Client Information Available in the Desktop Client Information Windows ViewClient_Machine_ Domain Wyse Thin OS Linux Description X X The domain of the client device. ViewClient_LoggedOn_ Username X X The user name that was entered in View Client. ViewClient_LoggedOn_ Domainname X ViewClient_Type X X X The thin client name or operating system type of the client device.
Chapter 5 Client Management Table 5-2. Client Information Available in the Desktop Client Information Windows Wyse Thin OS Linux ViewClient_TZID X X X Description The Olson time zone ID. When using View Client on Windows, this information is not available in the Volatile Environment in the desktop registry or in View Agent logs. It is sent using a private channel. Note: To disable, set the Disable Time Zone Synchronization GPO to true. ViewClient_Windows_ Timezone X X X GMT standard time.
View Manager Administration Guide Using PCoIP Display Protocol PCoIP provides an optimized PC experience for the delivery of images, audio, and video content for a wide range of users on the LAN or across the WAN. PCoIP can compensate for an increase in latency or a reduction in bandwidth, to ensure that end users can remain productive regardless of network conditions.
Chapter 5 Client Management Configuring HP RGS in View Administrator Make sure that you are using direct connections to the View Connection Server (tunneling is turned off). To verify that direct connections are used 1 From within the View Administrator, click Configuration. 2 Select Servers and select the server you want to configure. 3 Click Edit. 4 In the Edit Server Settings dialog box, verify that the Direct connection to desktop check box is selected.
View Manager Administration Guide 126 VMware, Inc.
6 View Composer 6 The View Composer feature provides a versatile and highly storage‐efficient alternative to creating and managing many standalone virtual machines. This chapter provides an overview of View Composer. In addition to offering a conceptual overview of how linked clone desktops are created within vCenter Server by View Composer and managed by View Manager, the following sections describe how to prepare vCenter Server and a base virtual machine image for use in a View Composer deployment.
View Manager Administration Guide The link is indirect because the first time one or more linked clones are created, a uniquely identified copy of the Parent VM—called a replica—is also created. All the desktop clones are anchored directly to the replica and not to the Parent VM. Desktops of this type are called linked clone desktops. NOTE Replica VMs can be identified within vCenter Server by their replica- prefix followed by a unique ID.
Chapter 6 View Composer View Manager administrators can simultaneously update (or change) the operating systems of all linked clone desktops, install or update client applications, or modify the desktop hardware settings by carrying out these activities on the Parent VM and then anchoring the linked clones to a new snapshot of this configuration. This action is called desktop recomposition. NOTE Linked clones can also be anchored to a new snapshot of a completely different Parent VM.
View Manager Administration Guide Because the delta disks for each desktop will inevitably grow over time, during linked clone deployment you can define the maximum allowable size of each virtual machine, up to the original size of the Parent VM. The amount of disk space required to store the difference between the linked clone operating system data and Parent VM operating system data will typically remain far smaller than that required by a standard clone.
Chapter 6 View Composer A very aggressive level of storage overcommit results in a relatively small amount of space being reserved for delta disk expansion; however, administrators can add a lot of extra virtual machines to the datastore if they predict that the delta disks of each virtual machine will never grow to their maximum possible size.
View Manager Administration Guide Replica 2 is an exact copy of Parent VM 2. When the recomposition action is complete the desktop will be anchored to replica 2 and the operating system data modified accordingly. The operating system data of a recomposed desktop is reduced in size after recomposition, however the user data is unaffected by this event. Source Virtual Machine With VMware Infrastructure 3.
Chapter 6 View Composer Figure 6-3. Desktops Refresh parent VM base image + snapshot refresh replica 1 user data disk refreshed OS data disk user data disk bloated OS data disk It is important to occasionally refresh the attached systems in order to prevent the desktop clones growing to the size of a full virtual machine.
View Manager Administration Guide Figure 6-4. Desktop Rebalance – Before parent VM base image + snapshot replica 1 replica 2 user data disk user data disk OS data disk OS data disk user data disk OS data disk free space user data disk LUN A LUN B OS data disk Rebalancing the LUNs evenly distributes any selected (or all) virtual machines between the available logical drives. The result of this action is illustrated in Figure 6‐5. 134 VMware, Inc.
Chapter 6 View Composer Figure 6-5. Desktop Rebalance – After parent VM base image + snapshot replica 1 replica 2 OS data disk user data disk user data disk OS data disk OS data disk user data disk user data disk OS data disk free space free space LUN A LUN B A high level of storage overcommit introduces the possibility of virtual machines growing to such a level that all free space within the datastore is consumed.
View Manager Administration Guide The rebalance feature offers administrators a graceful mechanism for introducing additional storage to a datastore in order to prevent the latter outcome. In addition, prior to executing the rebalance action you may also retire old storage and make resource pool alterations, and host changes. Only desktops in the Ready, Error, or Customizing state with no schedules or pending cancellations can be rebalanced.
Chapter 6 View Composer Using QuickPrep for Linked Clone Desktop Deployment QuickPrep is a system tool executed by View Composer during linked clone desktop deployment. QuickPrep personalizes each desktop created from the Parent VM. During the initial startup of each new desktop, QuickPrep ensures that the system is given a new name (specified during the deployment process) and is joined to the appropriate domain.
View Manager Administration Guide If the vCenter Server user used by View Manager is not an administrator, you must extend their role to incorporate vCenter Server privileges required by the View Composer Service. If an available resource pool does not already exist within vCenter Server, you must create one on the ESX host or cluster in which you want to store the linked clone desktops. For details see the vCenter Server documentation.
Chapter 6 View Composer The instructions also assume that you are configuring the database on Windows Server 2003 SP2 or higher. Some steps are different if you configure the ODBC data source on a Windows XP Professional SP2 host. SQL Server Management Studio Express is available from: http://www.microsoft.com/downloadS/details.
View Manager Administration Guide 7 Ensure that the Connect to SQL Server to obtain default settings for the additional configuration options check box is selected and select one of the following options: If you are using local SQL Server, select Windows NT authentication. It is also known as “trusted authentication” and is supported only if the SQL Server is running on the vCenter Server host. If you are using remote SQL Server, select SQL Server authentication.
Chapter 6 View Composer 6 On the Database Connection Options page, select Dedicated Server Mode. 7 On the remaining configuration pages, click Next to accept the default settings. 8 On the Creation Options page, verify that Create Database is selected and click Finish. 9 Review the options on the Summary page, and click OK to create the database. The database is created. 10 Set passwords for the SYS and SYSTEM administrator accounts. Use the SYSTEM account to set up the data source connection.
View Manager Administration Guide To add a View Composer database to Oracle 10g 1 On the vCenter Server host, select Start > All Programs > Oracle‐OraDb10g_home > Configuration and Migration Tools > Database Configuration Assistant to start the Oracle Database Configuration Assistant. 2 When the Welcome page appears, click Next. 3 On the Operations page, select Create a database and click Next. 4 On the Database Templates page, select the Data Warehouse template and click Next.
Chapter 6 View Composer 5 Enter a DSN to use with View Composer, a description of the data source, and a user ID to connect to the database. NOTE You will use the DSN during View Composer installation. For the TNS Service Name, select the Global Database Name (specified in the Oracle Database Configuration Assistant) from the drop‐down menu. 6 Click Test Connection to verify the data source and click OK.
View Manager Administration Guide 7 Enter a port value or use the default and select the Create default SSL certificate radio button. Click Next. 8 Click Install to begin the installation process. Once the process is complete, click Finish. vCenter Server User Permissions If the View Manager user is not an administrator in vCenter Server you must assign a role to the vCenter Server user entry in order to confer upon it the appropriate level of authority over the objects it creates and manages.
Chapter 6 View Composer Preparing a Parent VM The Parent VM is used by linked clone desktops as the base image for each linked desktop clone. For a Parent VM to be used by View Manager in a linked clone desktop deployment, you must first install the View Agent on its operating system. Make sure that you have administrative rights to the Parent VM and that the following prerequisites are in place.
View Manager Administration Guide Installing the View Agent on the Parent VM If it is not already present, you must install the View Agent on the Parent VM to allow the View Connection Server to communicate with the desktop clones created from the base image. To install View Agent 1 Run the following executable on the guest system, where xxxxxx is the build number of the file: VMware-viewagent-xxxxxx.exe 2 When the VMware Installation wizard appears, click Next.
Chapter 6 View Composer If you want to allow users to connect using the PCoIP display protocol, install the PCoIP Server component. PCoIP provides an optimized PC experience for the delivery of images, audio, and video content for a wide range of users on the LAN or across the WAN. NOTE On Windows Vista, if you install the PCoIP Server component, the Windows group policy Disable or enable software Secure Attention Sequence is enabled and set to Services and Ease of Access applications.
View Manager Administration Guide To add or edit a vCenter Server entry in View Manager 1 From within the View Administrator, click Configuration to display the configuration view. 2 Under vCenter Servers, if you have not already done so click Add and complete the details for the vCenter Server to use with View Manager: a In the Server address text box, enter the FQDN or IP address of the VMware vCenter Server you want View Manager to communicate with.
Chapter 6 View Composer 5 Click Add to enter the required details in the Add QuickPrep Domain dialog box: Enter the fully qualified domain name of the Active Directory domain (for example, domain.com), the user name including the fully qualified domain name (for example, domain.com\admin), and the password for the specified user.
View Manager Administration Guide 5 Enter the Desktop ID and, optionally, the Desktop Display Name and Description. The desktop ID is used by View Manager to identify the desktop pool and is the name that the user sees when logging in. The desktop ID and display name can be arbitrary but if you do not specify a display name the desktop ID is used for both. NOTE You can use any alphanumeric character, including spaces, to provide an optional description.
Chapter 6 View Composer Property Parameter Description Allow users to reset their desktop Select if you want to allow desktop users to reset their own desktops without administrative assistance. Allow multiple sessions per user Select if you want to allow individual users to simultaneously connect to multiple desktops in the same pool. (non‐persistent pools only) Refresh OS disk on logoff (persistent pools only) Never—the base operating system image is never refreshed.
View Manager Administration Guide 7 Property Parameter Description Adobe Flash throttling Select the throttling level for Adobe Flash animations displayed in View Client from the drop‐down menu. Higher levels of throttling might result in lower bandwidth usage by reducing the frame rate of all Adobe Flash animations. Configure the desktop provisioning properties and click Next.
Chapter 6 View Composer Property Parameter Description Stop provisioning on error Select this check box if you want View Manager to automatically stop provisioning new virtual machines if an error is detected during desktop creation. Advanced Settings Click to display the advanced pool configuration settings. You can enable the advanced parameters by selecting the Enable Advanced Pool Settings check box. This will disable the Pool Size parameter.
View Manager Administration Guide 13 (Optional) This step applies to persistent pools only and determines how user data is stored by desktops within this pool. If you want user data to be preserved after a refresh or recomposition event, select Redirect user profile to a separate disk and specify the maximum size of the user data disk and associated drive letter. If you are using multiple datastores, you can select Use different datastores for user data disks and OS disks.
Chapter 6 View Composer NOTE The “Min Recommended”, “Storage at 50% provision”, and “Storage at 100% provision” values are only provided as guidelines. The actual requirements for the pool will vary based on client usage patterns, application workload, pool type, and so forth. Once you have configured the datastore storage criteria, click Next. 15 View Composer requires a domain user account to join linked clone desktops to the target domain.
View Manager Administration Guide Once the process is complete you can entitle users or groups to use the desktop pool by carrying out the procedure described in “Entitling a Desktop or Pool” on page 85. Refreshing, Recomposing, and Rebalancing Linked Clone Desktops You can recompose, refresh, or rebalance only those linked clone desktops that are part of a persistent pool.
Chapter 6 View Composer To refresh specific desktop sources in the pool, ensure that the Desktop Sources tab is selected in the right pane. If you want to refresh multiple desktops, select the corresponding check boxes. You do not need to do this if you want to refresh all the desktops in the pool. 4 Click Edit Image. You are presented with the Edit Image wizard. Select the Refresh option and click Next. 5 If you selected the Users and Groups tab you can now filter your user selection.
View Manager Administration Guide To recompose a linked clone desktop pool 1 From within the View Administrator, click Desktops and Pools to display the desktop page. 2 Ensure that the Inventory tab is selected in the left pane and select the desktop pool you want to recompose. 3 Select one of the following options: To recompose the entire desktop pool, ensure that the Summary tab is selected in the right pane.
Chapter 6 View Composer 7 Edit the base image used by the selected desktop pool. If you want to anchor the clones in the desktop pool to a different snapshot within the same base image, select a new snapshot from the list provided. If you want to change the current base image to that of a new Parent VM, click Change and select a new virtual machine to be the Master VM for the pool from those highlighted in the list. Click OK. Click Next.
View Manager Administration Guide 160 5 Click Rebalance. You are presented with the Rebalance wizard, which provides you with information about what will happen when you rebalance one or more desktops in the pool. Once you have read this information and are satisfied that you want to proceed click Next. 6 If you previously selected one or more virtual machines from the desktop source list you can choose to rebalance only these systems by selecting the corresponding radio button.
Chapter 6 View Composer 7 Schedule when you want the rebalance event to take place (the default is set to the current time, and therefore immediately): If you want any currently connected users to be logged off as soon as the rebalance event starts, select Force Users to log off. NOTE If you select this option, connected users will be notified prior to disconnection and given the opportunity to close their applications and log out.
View Manager Administration Guide You can download the .NET Framework and view additional information about the ASP.NET IIS registration tool from the following locations: http://www.microsoft.com/net http://msdn.microsoft.com/library/k6h9cz8h(VS.80).aspx The following procedure must be carried out before installing the View Composer service on the new system.
Chapter 6 View Composer Upgrade View Composer Database (databaseupgrade) The database upgrade command is used to upgrade a View Composer 1.0 schema to version 1.1. In addition, the command also migrates the information in the database from View Composer 1.0 to View Composer 1.1. The schema for View Composer has not changed since version 1.1.
View Manager Administration Guide If you get error code 17 when running the databaseupgrade command, or if during installation of the View Composer service you are presented with the following message: Database upgrade completed with warnings Refer to the following View Composer log file for more information before (re)executing the databaseupgrade command: C:\Documents and Settings\All Users\Application Data\VMware\View Composer\Logs\vmware-sviconfig.
Chapter 6 View Composer By default, the backup files on View Connection Server are stored in the following location: C:\Documents and Settings\All Users\Application Data\VMware\VDM\backups View Composer backup files use the following naming convention: Backup-- _.SVI For example: Backup-20090304000010-foobar_test_org.
View Manager Administration Guide Result Codes When the operation is complete, a result code is returned by the tool. The result codes are described in Table 6‐4. Table 6-4. restoredata Result Codes 166 Code Description 0 The operation ended successfully. 1 The supplied DSN could not be found. 2 Invalid database administrator credentials were provided. 3 The driver for the database is not supported. 4 An unexpected problem arose and the command failed to complete.
7 Offline Desktop 7 Offline Desktop offers mobile users the ability to check out a cloned instance of certain types of View Manager desktop onto a local system such as a laptop. Once checked out, the local copy behaves like a standalone desktop system and can be used with or without a network connection; the desktop is now considered to be “offline.” The following sections provide an overview of Offline Desktop, its purpose and implementation. NOTE Offline Desktop is an experimental feature.
View Manager Administration Guide In anticipation of this, an Offline Desktop user can use the View Client with Offline Desktop application to download a copy of their desktop virtual machine from the View Connection Server for use on a local computer—an event that also “locks” the online desktop virtual machine, preventing it from being accessed from any other location.
Chapter 7 Offline Desktop Figure 7-1. Offline Desktop – Usage Flow 1 vCenter View Connection Server VM n Internet VM 2 VM 1 VM 1 datastore (desktops in virtual machines) 2 ESX remote user vCenter View Connection Server VM n Internet VM 2 VM 1 1 VM datastore ESX remote user 3 vCenter View Connection Server VM n Internet VM 2 VM 1 VM 1 datastore ESX remote user VMware, Inc.
View Manager Administration Guide Table 7-1. Offline Desktop – Stage Description Stage Description 1 The remote user starts View Client with Offline Desktop and is presented with a list of their entitled desktops. The user selects an Offline Desktop compatible desktop and initiates a download that copies the desktop virtual machine onto their local system.
Chapter 7 Offline Desktop Once checked out, Offline Desktop uses thin provisioned virtual disks to store information on the host system. This type of disk occupies no more space than that required by the data it contains, and physical disk space is only allocated as data is written; this minimizes the storage footprint of the downloaded system.
View Manager Administration Guide Offline Desktop Policies Certain Offline Desktop features can be controlled through policy. For information about configuring and applying policies to offline desktops at the global, pool, or user level refer to “Client Policies” on page 183. Supported Desktop Types Not all types of View Manager desktop configuration support Offline Desktop. Table 7‐2 provides a matrix that describes the availability of this feature to the different desktop types. Table 7-2.
Chapter 7 Offline Desktop You cannot download a desktop to a system where the guest exceeds the capabilities of the host; the host system must be at least as capable as the guest in order to run the View Manager desktop. You cannot download a desktop if another user is currently logged in to that desktop. ESX supports two simultaneous desktop checkouts. ESXi supports five simultaneous desktop checkouts. Host CD‐ROM redirection is not supported.
View Manager Administration Guide The above applications must be uninstalled prior to installing View Client with Offline Desktop. NOTE The View Client application provides a subset of the functionality offered by View Client for Offline Desktop; however, many of the administrative tasks and connection considerations are common to both applications, including a number of startup options that can be invoked when launching the application from a command prompt.
Chapter 7 Offline Desktop 5 If you selected the Log in as current user component, you can further configure the default behavior when users log in using View Client: Select Show in connection dialog to display the Log in as current user check box in the View Client connection dialog box. When this check box is selected, the identity and credential information that the user provided when logging in to the client system is passed to the View Connection Server instance and ultimately to the View desktop.
View Manager Administration Guide 5 Enter the credentials for an entitled user, select the domain, and click Login. If you type the user name as user@domain, it is treated as a user principal name (UPN) because of the at‐sign (@), so the domain drop‐down menu dims. 6 Select a desktop from the list provided and click Connect. View Client attempts to connect to the specified desktop. After you are connected, the client window appears.
Chapter 7 Offline Desktop Table 7-3. Offline Sessions Field Description User The Active Directory ID of the user who checked out the desktop. This ID is in the form domain\username, or in the form username@domain when given as a user principal name (UPN). Desktop The persistent desktop or desktop pool display name (if one was provided when the desktop or pool was created in View Manager).
View Manager Administration Guide Removing Access In addition to the standard methods of account suspension or removal offered by Active Directory, Offline Desktop sessions can be terminated from within the administrative interface by removing user entitlement from an individual desktop or desktop pool, or by discarding the offline session.
8 Component Policies 8 A policy is a rule or set of rules defined by a system administrator that governs the behavior of an application. Within View Manager, policies can be used to establish the configuration of constituent components by controlling the logging of information, managing client access, restricting device usage, establishing security parameters for client usage, and so forth.
View Manager Administration Guide Table 8‐1 describes the different virtual machine power policy states that can be assigned to a desktop or desktop pool during deployment. Table 8-1. Power Policy Definitions Property Description Do nothing (VM remains on) Virtual machines that are powered off will be started when required and will remain on, even when not in use, until they are shut down.
Chapter 8 Component Policies Table 8-2. Power Policy Notes (Continued) Desktop Type Power Policy is Applied... Non‐Persistent manual Pool After user disconnection or logoff. Note: If the Power Off policy is applied after a disconnection, the session is discarded. If the Suspend policy is applied after a disconnection, an orphaned session could be created (the desktop is non‐persistent so there is no guarantee that the user will ever be able to return to it).
View Manager Administration Guide Power Policy Example 2 In the following pooling example—the parameters for which are provided in Table 8‐4—the maximum and minimum number of desktops are equal. Table 8-4. Pooling Example 2 Type Minimum Maximum Available Power Policy Non‐Persistent Automated Pool 5 5 2 Suspend VM Initially, 5 desktops are created: 3 suspended and 2 powered on and available.
Chapter 8 Component Policies Client Policies The properties provided under the policies tab in View Administrator are used to assert behavioral control over client components at the global, desktop pool, or desktop user level. By default, each user‐level policy inherits its setting from a pool‐level policy that, in turn, inherits its setting from a global policy. A number of general component behaviors relating to desktop sessions can be configured directly from within View Administrator.
View Manager Administration Guide The View Manager policies that relate specifically to Offline Desktop sessions are described in Table 8‐7. Table 8-7. Client Policies for Offline Desktop Property Offline Desktop Description Specifies if desktops can be checked out for local use. Available options are Allow and Deny. Pool‐ and user‐level policies may also Inherit the default setting from their parent. The default is Allow.
Chapter 8 Component Policies Similarly, if the global policy that specifies the amount of time a checked out desktop can run without successfully contacting the server is set to 10 minutes, you cannot apply a server contact policy of 30 minutes to any desktop pool. NOTE View Administrator warns you if you attempt to apply a less restrictive policy to a pool. User‐level policies override global‐ or pool‐level policies—that is, they can be more or less restrictive than either.
View Manager Administration Guide 4 In the View Policies box, click Edit Pool Policies. If you have selected an offline desktop and want to configure offline policies, click Offline Desktop Policies. The appropriate policies window is displayed. 5 Specify the Offline Desktop, User‐initiated rollback, and Max time without server contact policy settings and click OK. The pool‐level policy settings are now applied.
Chapter 8 Component Policies GPOs can be applied to View Manager components at a domain‐wide level in order to provide granular control over various areas of the View Manager environment. Once applied, GPO properties are stored in the local Windows registry of the specified component. In order to minimize the administrative overhead of creating bespoke polices, a number of component‐specific GPO templates are provided with View Connection Server that can be imported into Active Directory.
View Manager Administration Guide Computer Configuration GPO With the Computer Configuration GPO you can set policies that are applied to all systems, regardless of who connects to the desktop. Where equivalent policies exist in the User Configuration GPO, the policies contained in this group are overridden. View Agent Configuration Use the GPOs described in Table 8‐8 and Table 8‐9 to configure View Agent behavior. Table 8-8.
Chapter 8 Component Policies Table 8-9. View Agent Configuration Properties - Agent Configuration (Continued) Property Description AllowSingleSignon Determines if single sign‐on (SSO) is used to connect users to View Manager desktops. When enabled, users are only required to enter their credentials when connecting to View Client or View Portal. When disabled, users must reauthenticate when the remote connection is made.
View Manager Administration Guide Table 8-9. View Agent Configuration Properties - Agent Configuration (Continued) Property Description CommandsToRunOnReconnect A list of one or more commands that are executed when a client reconnects to a desktop that contains an active session. For more information, see “Client Computer Information” on page 121.
Chapter 8 Component Policies Table 8-11. View Client Configuration Properties: Scripting Definitions Property Description Server URL Determines the URL used by View Client during login. For example: http://view1.example.com Logon UserName Determines the user name used by View Client during login. Logon DomainName Determines the NETBIOS domain name used by View Client during login. Logon Password Determines the password used by View Client during login.
View Manager Administration Guide Table 8-12. View Client Configuration Properties - Security Settings Property Description Display option to Log in as current user Determines whether the Log in as current user check box is visible on the View Client connection dialog box. When the check box is visible, users can select or deselect it and override its default value. When the check box is hidden, users cannot override its default value.
Chapter 8 Component Policies Table 8-12. View Client Configuration Properties - Security Settings (Continued) Property Description Ignore incorrect SSL certificate common name (host name field) Determines if errors associated with incorrect server certificate common names are disabled. When the common name on the certificate does not correlate with the host name of the server that sends it, an error results. When this property is enabled, this error is ignored. This property is disabled by default.
View Manager Administration Guide View Common Configuration Use the GPOs described in Table 8‐13 and Table 8‐14 to configure properties that apply to all View Manager components. Table 8-13. View Manager Common Configuration Properties Property Description Enable extended logging Determines if trace and debug events are included in the log files. Disk threshold for log and events in MegaBytes Specifies the minimum remaining disk space threshold for logs and events.
Chapter 8 Component Policies User Configuration GPO With the User Configuration GPO you can set policies that apply to users, regardless of which desktop they connect to. These policies override any equivalent Computer Configuration Policies that may have been applied to the target desktop. View Agent Configuration Use the GPO described in Table 8‐16 to configure View Agent behavior. Table 8-16.
View Manager Administration Guide Table 8-17. View Client Configuration Properties (Continued) Property Description Always on top Determines whether the View Client window is always the topmost window. Enabling this setting prevents the Windows taskbar from obscuring a full‐screen View Client window. This setting is enabled by default.
Chapter 8 Component Policies Table 8-18. View Client Configuration Properties – Scripting Definitions (Continued) Property Description DesktopLayout Specifies the layout of the View Client window that a user sees when logging into a View desktop. (when fully scripted only) The layout choices are as follows: Full Screen Multimonitor Window - Large Window - Small This setting is available only when the DesktopName to select setting is also set.
View Manager Administration Guide Table 8-19. View Client Configuration Properties – RDP Settings (Continued) Property Description Menu and window animation Determines how menus and windows behave when clients connect to the remote computer. Themes Determines if themes are displayed when clients connect to the remote desktop. Cursor shadow Determines if a shadow is displayed under the cursor on the remote desktop.
Chapter 8 Component Policies Table 8-19. View Client Configuration Properties – RDP Settings (Continued) Property Description Redirect clipboard This setting determines if local clipboard information will be automatically redirected when clients connect to the remote desktop. Redirect supported plug and play devices Determines if local plug and play and point of sale devices are automatically redirected when clients connect to the remote desktop.
View Manager Administration Guide Table 8-19. View Client Configuration Properties – RDP Settings (Continued) Property Description Bitmap cache file size in Kb for 8bpp bitmaps Specifies the size, in KB, of the persistent bitmap cache file to use for the 8 bits per pixel high‐color setting. When this property is enabled, enter a file size in KB.
Chapter 8 Component Policies Table 8-20. View Client Configuration Properties – Security Settings Property Description Display option to Log in as current user Determines whether the Log in as current user check box is visible on the View Client connection dialog box. When the check box is visible, users can select or deselect it and override its default value. When the check box is hidden, users cannot override its default value.
View Manager Administration Guide 202 VMware, Inc.
9 Unified Access 9 Large enterprises use a mix of physical PCs, server‐based desktops, or applications that are published using terminal services, virtual desktops, and blade PCs. Users requiring access to more than one platform must use several different interfaces. Unified Access enables View Manager to provide a unified interface through which users can access their desktops being delivered by multiple back ends.
View Manager Administration Guide Prepare Multiple Back-End Machines to Access Remote Desktops A desktop source must be prepared to deliver desktop access. If desktop sources do not meet the following conditions, remote desktop delivery fails. Install View agent on the back‐end machine. For more information about installing View agents, see “Install View Agent on an Unmanaged Desktop Source” on page 206.
Chapter 9 Unified Access Table 9‐1 describes all the desktop parameters. Table 9-1. Desktop Parameters Property Parameter Description Desktop pool state Enabled – After being created, the desktop pool is enabled and ready for immediate use. Disabled – After being created, the desktop pool is disabled and unavailable for use. This is an appropriate setting if you want to conduct post deployment activities such as testing or other forms of baseline maintenance.
View Manager Administration Guide Table 9‐2 shows which parameters are applicable to each desktop type. Table 9-2.
Chapter 9 Unified Access To install VMware View Agent on an unmanaged desktop source 1 Run the View Agent executable file on the system that will host the agent, where xxx is the build number of the file: VMware-viewagent-e.x.p-xxx.exe The installation wizard opens. Click Next. 2 Accept the VMware license terms and click Next. 3 Select your custom setup options. Accept or change the destination folder and click Next.
View Manager Administration Guide 3 In the Desktop Type window, select Individual Desktop and click Next. 4 In the Desktop Source window, select Physical computers or virtual machines not managed by a vCenter Server and click Next. 5 Enter the Unique ID and the Display name and Description. The unique ID is the name that View Manager uses to identify the desktop. The desktop display name is what the user sees when logging in.
Chapter 9 Unified Access 4 In the Desktop Persistence window, specify the persistence settings for the desktops in this pool. Persistent – This desktop pool allows users to log in to the same desktop every time. Users can save documents and files on persistent desktops because they return to the same desktop. Non‐persistent – Desktops are available to users when they log in but are returned to the pool when users log off.
View Manager Administration Guide To add a terminal server pool 1 Ensure that you have the appropriate login credentials and log in to View Administrator. 2 In the Desktops tab, click Add. 3 In the Desktop Type window, select Microsoft Terminal Services Desktop Pool and click Next. 4 Enter the Unique ID, the Display name, and the Description. The unique ID is the name that View Manager uses to identify the desktop. The desktop display name is what the user sees when logging in.
Chapter 9 Unified Access Enable or Disable a Desktop You can only access desktops that are enabled. To enable or disable a desktop 1 On the Desktops tab, select a desktop and click Enable/Disable. If the desktop is currently enabled, you can disable it, and if it is currently disabled, you can enable it. 2 Select Enable Desktop or Disable Desktop as applicable, and click OK.
View Manager Administration Guide To remove a desktop source from a desktop pool 1 In the desktop pane, select a desktop pool and click the Desktop Sources tab. 2 Select desktop sources and click Remove. A confirmation message appears. 3 Click OK to remove the selected desktop source from the pool. 4 If any of the desktop sources have active sessions, indicate the action to be taken: 5 Leave active – Active sessions will remain until the user logs off.
Chapter 9 Unified Access Delete a Desktop You can delete an individual desktop or a desktop pool. To remove unmanaged desktops, you must unregister them. See “Unregister a Desktop Source.” To delete an unmanaged desktop pool 1 On the Desktops tab, select an unmanaged desktop pool or desktop and click Delete. A warning message appears that you are trying to permanently delete this desktop pool. Only the desktop pool is deleted.
View Manager Administration Guide 3 Select the desktop source to unregister and click Unregister. You can select only desktop sources that are not assigned to a desktop. A message appears to check if you want to unregister the desktop source. If you unregister a desktop source, it becomes unavailable. To make these sources available again, reinstall the View Agent in each desktop source. 4 Click OK if you want to unregister the selected desktop source.
10 Troubleshooting 10 Occasionally when using the View Manager product, administrators or users may encounter unexpected behavior. In these situations, you can obtain assistance from VMware. This chapter provides a summary of some of the high‐level steps you can take to gather application data, request assistance, and search for support information in our knowledge base.
View Manager Administration Guide Using the View Manager Support Tool to Collect Diagnostic Information The View Manager Support tool lets you generate log files and set log levels that determine if you want to generate normal, debug, or full log files for the View Connection Server. To set log levels using the View Manager Support Tool 1 On View Connection Server, click Start, click All Programs, and click VMware. 2 Select Set View Connection Server Log Levels.
Chapter 10 Troubleshooting To collect diagnostic information using the script 1 Open a command prompt and change to the View Manager program directory. The location for each View Manager component is shown below: View Connection Server— C:\Program Files\VMware\VMware View\Server\DCT View Client or View Portal— C:\Program Files\VMware\VMware View\Client\DCT View Manager desktops running View Agent— C:\Program Files\VMware\VMware View\Agent\DCT NOTE If you did not install the program in the defa
View Manager Administration Guide The svi-support script instructions are submitted from a Windows command prompt in the following form: cscript.wsf svi-support.wsf [/?] [/novclogs] [/dmpdir:] [/dmpformat:] [/nolog] [/fullbundle] [/filescount:] [/destdir:] [/logdir:] [/logformat:] [/zip:] All the parameters associated with the tool are optional, must be preceded by a forward‐slash (/), and are described in Table 10‐1. Table 10-1.
Chapter 10 Troubleshooting Updating Support Requests After you file a support request, you may receive an email request from VMware Technical Support asking for the output of the vdm-support or svi-support scripts. Reply to the email message and attach your script output file to the reply. If the output is too large to include as an attachment (10MB or more), contact VMware Technical Support with your support request number and request FTP upload instructions.
View Manager Administration Guide 220 VMware, Inc.
Appendix: The locked.properties File In addition to determining the information returned to the client in order to establish a tunnel connection, the locked.properties file can contain properties relating to server communications. These properties are described in Table A‐1. Table A-1. locked.properties—Client and Server properties Property Description clientHost The externally resolvable host name that the client is instructed to use when contacting the security server.
View Manager Administration Guide By default, the clientHost, clientPort, and clientProtocol properties default to those exhibited by the security server; the server settings themselves can be explicitly configured using the serverName, serverPort, and serverProtocol properties. If these values are explicitly set, the port and protocol values should correlate between client and server.
Glossary A Active Directory A Microsoft directory service that stores information about the network operating system and provides services. Active Directory configures and manages users and groups and enables administrators to set security policies, control resources, and deploy programs across an enterprise. active session A live connection from a View Client or View Portal user to a virtual desktop. An established connection to a virtual desktop that has not timed out.
View Manager Administration Guide desktop See “virtual desktop.” desktop virtual machine See “virtual desktop.” desktop pool A pool of virtual machines that an administrator designates for users or groups of users. See also “persistent desktop pool,” “non‐persistent desktop pool.
Glossary N non‐persistent desktop pool A desktop pool in which users are not assigned to a specific desktop. When users log off or are timed out of a desktop, their desktops are returned to the pool and made available to other users. Users cannot save data or files to their desktops when using a non‐persistent pool. P persistent desktop pool A desktop pool in which users are assigned to a specific desktop. Users log on to the same desktop every time and their data is preserved when they log off.
View Manager Administration Guide 226 VMware, Inc.
Index A active sessions disconnecting 90 rebooting 90 viewing 90 authentication using RSA SecurID 114 using smart cards 106 automated desktop pools configuring 74 creating virtual machine templates 75 customization specifications 75 deploying 76 non-persistent 74, 76 persistent 76 properties 77 automated pools defined 67 power policies 181 B back-end machines preparing to access remote desktops 204 Unified Access 203 C client connections overview 97 resolving internet 97 client policies 183 configuring a
View Manager Administration Guide power policies 179 preparing to access remote desktops 204 Unified Access 203 unmanaged, installing View Agent on 206 unregistering 213 desktops adding unmanaged individual 207 automated pool 67 checking out 176 cloning 127 connecting using View Client 96 connecting using View Portal 96 database system requirements 24 deleting 213 enabling and disabling 211 entitling users and groups to 85, 211 individual 67 manual pools 67 non-provisioned 66 Offline Desktop 167 provisione
Index linked clone desktops configuring vCenter Server 137 creating database 138 defined 128 desktop recomposition 130 disk usage 129 protecting recomposition using source virtual machines 131 rebalancing 159 recomposing 158 recomposing desktops 131 refreshing 156 storage overcommit 130 using existing database 161 linked replicas 128 M manual desktop pools configuring 81 deploying 82 manual pools 67 N non-provisioned desktops 66 O Offline Desktop installing View Client with 174 starting View Client with
View Manager Administration Guide recomposing linked clone desktops 158 linked desktop clones 132 refreshing linked clone desktops 156 Remote Desktop Connection for View Client 21 replica server installation 30 restricted entitlements 86 RSA SecurID authentication 114 S scripts svi-support 217 vdm-support 215 searching desktops 89 entitled users and groups 89 searching events 63 security server installation setting up the DMZ 32 smart card authentication 106 SSL certificates configuring new 104 creating 9
Index installing on guest systems 69 system requirements 19 with multiple NICs 71 View Agent GPO 195 View Client description 14 installing 95 installing with Offline Desktop 174 starting with Offline Desktop 175 system requirements 20 View Client Configuration GPOs 190 View Client GPOs 195 View Common Configuration GPOs 194 View Composer description 14 overview 127 support 217 View Configuration GPOs 188 View Connection Server backing up 40 description 14 disabling 91 enabling 91 instances 28 overview 28 s
View Manager Administration Guide 232 VMware, Inc.
