Administering View Cloud Pod Architecture VMware Horizon 6 Version 6.1 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new edition. To check for more recent editions of this document, see http://www.vmware.com/support/pubs.
Administering View Cloud Pod Architecture You can find the most up-to-date technical documentation on the VMware Web site at: http://www.vmware.com/support/ The VMware Web site also provides the latest product updates. If you have comments about this documentation, submit your feedback to: docfeedback@vmware.com Copyright © 2015 VMware, Inc. All rights reserved. Copyright and trademark information. VMware, Inc. 3401 Hillview Ave. Palo Alto, CA 94304 www.vmware.com 2 VMware, Inc.
Contents Administering View Cloud Pod Architecture 5 1 Introduction to Cloud Pod Architecture 7 Understanding Cloud Pod Architecture 7 Configuring and Managing a Cloud Pod Architecture Environment Cloud Pod Architecture Limitations 8 8 2 Designing a Cloud Pod Architecture Topology 9 Creating Cloud Pod Architecture Sites 9 Entitling Users and Groups in the Pod Federation 10 Finding and Allocating Desktops in the Pod Federation 10 Global Entitlement Example 12 Cloud Pod Architecture Topology Limits 12
Administering View Cloud Pod Architecture Managing Sites 43 Managing Global Entitlements 46 Managing Home Sites 52 Viewing a Cloud Pod Architecture Configuration Managing SSL Certificates 58 Index 4 54 61 VMware, Inc.
Administering View Cloud Pod Architecture Administering View Cloud Pod Architecture describes how to configure and administer a Cloud Pod ® Architecture environment in VMware Horizon 6, including how to plan a Cloud Pod Architecture topology and set up, monitor, and maintain a Cloud Pod Architecture configuration. Intended Audience This information is intended for anyone who wants to set up and maintain a Cloud Pod Architecture environment.
Administering View Cloud Pod Architecture 6 VMware, Inc.
1 Introduction to Cloud Pod Architecture The Cloud Pod Architecture feature uses standard View components to provide cross-datacenter administration, global and flexible user-to-desktop mapping, high availability desktops, and disaster recovery capabilities.
Administering View Cloud Pod Architecture Sharing Key Data in the Global Data Layer View Connection Server instances in a pod federation use the Global Data Layer to share key data. Shared data includes information about the pod federation topology, user and group entitlements, policies, and other Cloud Pod Architecture configuration information. In a Cloud Pod Architecture environment, shared data is replicated on every View Connection Server instance in a pod federation.
Designing a Cloud Pod Architecture Topology 2 Before you begin to configure the Cloud Pod Architecture feature, you must make decisions about your Cloud Pod Architecture topology. Cloud Pod Architecture topologies can vary, depending on your goals, the needs of your users, and your existing View implementation. If you are joining existing View pods to a pod federation, your Cloud Pod Architecture topology is typically based on your existing network topology.
Administering View Cloud Pod Architecture Entitling Users and Groups in the Pod Federation In a traditional View environment, you use View Administrator to create entitlements. These local entitlements entitle users and groups to a specific desktop pool on a View Connection Server instance. In a Cloud Pod Architecture environment, you create global entitlements to entitle users or groups to multiple desktops across multiple pods in the pod federation.
Chapter 2 Designing a Cloud Pod Architecture Topology For information about configuring the scope policy for a global entitlement, see “Create and Configure a Global Entitlement,” on page 17. Configuring Home Sites to Control Desktop Placement A home site is a relationship between a user or group and a Cloud Pod Architecture site. With home sites, you can ensure that a user always receives desktops from a specific site rather than receiving desktops based on the user's current location.
Administering View Cloud Pod Architecture Global Entitlement Example In this example, NYUser1 is a member of the global entitlement called My Global Pool. My Global Pool provides an entitlement to three floating desktop pools, called pool1, pool2, and pool3. pool1 and pool2 are in a pod called NY Pod in the New York datacenter and pool3 and pool4 are in a pod called LDN Pod in the London datacenter. Figure 2‑1.
Chapter 2 Designing a Cloud Pod Architecture Topology Cloud Pod Architecture Port Requirements Certain network ports must be opened on the Windows firewall for the Cloud Pod Architecture feature to work. When you install View Connection Server, the installation program can optionally configure the required firewall rules for you. These rules open the ports that are used by default.
Administering View Cloud Pod Architecture 14 VMware, Inc.
Setting Up a Cloud Pod Architecture Environment 3 Setting up a Cloud Pod Architecture environment involves initializing the Cloud Pod Architecture feature, joining pods to the pod federation, and creating global entitlements. You can optionally create sites and assign home sites.
Administering View Cloud Pod Architecture 3 When the Initialize dialog box appears, click OK to begin the initialization process. View Administrator shows the progress of the initialization process. The initialization process can take several minutes. After the Cloud Pod Architecture feature is initialized, the pod federation contains the initialized pod and a single site. The default pod federation name is Horizon Cloud Pod Federation.
Chapter 3 Setting Up a Cloud Pod Architecture Environment 5 In the Password text box, type the password for the View administrator user. 6 Click OK to join the pod to the pod federation. View Administrator shows the progress of the join operation. The default pod name is based on the host name of the View Connection Server instance. For example, if the host name is CS1, the pod name is Cluster-CS1. 7 When View Administrator prompts you to reload the client, click OK.
Administering View Cloud Pod Architecture 3 Define the global entitlement. a Type a name for the global entitlement in the Name text box. The name can contain between 1 and 64 characters. The global entitlement name appears in the list of available entitlements for the user in Horizon Client. b (Optional) Type a description of the global entitlement in the Description text box. The description can contain between 1 and 1024 characters.
Chapter 3 Setting Up a Cloud Pod Architecture Environment 4 Click Next and add users or groups to the global entitlement. a Click Add, select one or more search criteria, and click Find to filter Active Directory users or groups based on your search criteria. b Select the Active Directory user or group to add to the global entitlement and click OK. You can press the Ctrl and Shift keys to select multiple users and groups.
Administering View Cloud Pod Architecture 2 Create the site. a In View Administrator, select View Configuration > Sites and click Add. b Type a name for the site in the Name text box. The site name can contain between 1 and 64 characters. c (Optional) Type a description of the site in the Description text box. The site name can contain between 1 and 1024 characters. d 3 Click OK to create the site. Add a pod to the site. Repeat this step for each pod to add to the site.
Chapter 3 Setting Up a Cloud Pod Architecture Environment Procedure n To create a home site for a user, run the lmvutil command with the --createUserHomeSite option. You can run the command on any View Connection Server instance in the pod federation. lmvutil --createUserHomeSite --userName domain\username --siteName name [--entitlementName name] Option Description --userName Name of the user. Use the format domain\username. --siteName Name of the site to associate with the user as the home site.
Administering View Cloud Pod Architecture 3 Select the global entitlement and connect to a desktop. A desktop starts successfully. Which desktop starts depends on the individual configuration of the global entitlement, pods, and desktop pools. The Cloud Pod Architecture feature attempts to allocate a desktop from the pod to which you are connected.
Chapter 3 Setting Up a Cloud Pod Architecture Environment 6 Creating a View URL for the Example Configuration on page 25 The insurance company uses a single View URL and employs a DNS service to resolve sales.example to the nearest pod in the nearest data center. With this arrangement, sales agents do not need to remember different URLs for each pod and are always directed to the nearest data center, regardless of where they are located.
Administering View Cloud Pod Architecture Joining Pods in the Example Configuration The View administrator uses View Administrator to join Central Pod 1 and Central Pod 2 to the pod federation.
Chapter 3 Setting Up a Cloud Pod Architecture Environment The View administrator adds the Sales Agents group to the global entitlement. The Sales Agent group is defined in Active Directory and contains all sales agent users. Adding the Sales Agent group to the Agent Sales global entitlement enables sales agents to access the Sales A and Sales B desktop pools on the pods in the Eastern and Central regions.
Administering View Cloud Pod Architecture 26 VMware, Inc.
Managing a Cloud Pod Architecture Environment 4 You use View Administrator and the lmvutil command to view, modify, and maintain your Cloud Pod Architecture environment. You can also use View Administrator to monitor the health of pods in the pod federation.
Administering View Cloud Pod Architecture n To list the desktop pools in a global entitlement, in View Administrator, select Catalog > Global Entitlements, double-click the global entitlement name, and click the Local Pools tab. Only the desktop pools in the local pod appear on the Local Pools tab. If a global entitlement includes desktop pools in a remote pod, you must log in to the View Administrator user interface for a View Connection Server instance in the remote pod to see those desktop pools.
Chapter 4 Managing a Cloud Pod Architecture Environment View Pod Federation Health in View Administrator View constantly monitors the health of the pod federation by checking the health of each pod and View Connection Server instances in those pods. You can view the health of a pod federation in View Administrator. You can also view the health of a pod federation from the command line by using the vdmadmin command with the -H option.
Administering View Cloud Pod Architecture The search results include the names of the user, machine, pool, pod, brokering pod ID, site, and global entitlements associated with each session. The session start time, duration, and state also appear in the search results. NOTE The brokering pod ID is not immediately populated for new sessions in the search results. This ID usually appears in View Adminstrator between two and three minutes after a session begins.
Chapter 4 Managing a Cloud Pod Architecture Environment Modifying Global Entitlements You can add and remove desktop pools, users, and groups from global entitlements. You can also delete global entitlements and modify global entitlement attributes and policies. Add a Desktop Pool to a Global Entitlement You can use View Administrator to add a desktop pool to an existing global entitlement. You can add a particular desktop pool to only one global entitlement.
Administering View Cloud Pod Architecture Add a User or Group to a Global Entitlement You can use View Administrator to add a user or group to an existing global entitlement. You can also use the lmvutil command to add a user or group to a global entitlement. See “Adding a User or Group to a Global Entitlement,” on page 51. Prerequisites Create the user or group to add to the global entitlement.
Chapter 4 Managing a Cloud Pod Architecture Environment 3 Select the global entitlement and click Edit. 4 To modify the name or description of the global entitlement, type a new name or description in the Name or Description text box in the General pane. The name can contain between 1 and 64 characters. The description can contain between 1 and 1024 characters. 5 6 To modify a global entitlement policy, select or deselect the policy in the Policy pane.
Administering View Cloud Pod Architecture Remove a Home Site Association You can use the lmvutil command to remove the association between a user or group and a home site. You can also remove the association between a home site and a global entitlement for a specified user or group. Prerequisites Become familiar with the lmvutil command authentication options and requirements and verify that you have sufficient privileges to run the lmvutil command. See “lmvutil Command Authentication,” on page 38.
Chapter 4 Managing a Cloud Pod Architecture Environment You can also use the lmvutil command to remove a pod from the pod federation. See “Removing a Pod From a Pod Federation,” on page 42. Procedure 1 Log in to the View Administrator user interface for any View Connection Server instance in the pod that you want to remove from the pod federation. 2 In View Administrator, select Cloud Pod Architecture and click Unjoin in the Pod Federation pane. 3 Click OK to begin the unjoin operation.
Administering View Cloud Pod Architecture 36 VMware, Inc.
lmvutil Command Reference 5 You use the lmvutil command-line interface to configure and manage a Cloud Pod Architecture implementation. NOTE You can use the vdmutil command-line interface to perform the same operations as lmvutil.
Administering View Cloud Pod Architecture lmvutil Command Authentication To use the lmvutil command to configure and manage a Cloud Pod Architecture environment, you must run the command as a user who has the Administrators role. You can use View Administrator to assign the Administrators role to a user. See the View Administration document. The lmvutil command includes options to specify the user name, domain, and password to use for authentication. Table 5‑1.
Chapter 5 lmvutil Command Reference Table 5‑2. lmvutil Command Options (Continued) Option Description --addPoolAssociation Associates a desktop pool with a global entitlement. See “Adding a Desktop Pool to a Global Entitlement,” on page 49. --addUserEntitlement Associates a user with a global entitlement. See “Adding a User or Group to a Global Entitlement,” on page 51 --assignPodToSite Assigns a pod to a site. See “Assigning a Pod to a Site,” on page 44.
Administering View Cloud Pod Architecture Table 5‑2. lmvutil Command Options (Continued) Option Description --listUserAssignments Lists the dedicated desktop pod assignments for a user and global entitlement combination. See “Listing User Assignments,” on page 57. --removePoolAssociation Removes the association between a desktop pool and a global entitlement. See “Removing a Desktop Pool From a Global Entitlement,” on page 50. --resolveUserHomeSite Shows the effective home site for a user.
Chapter 5 lmvutil Command Reference Example lmvutil --authAs adminEast --authDomain domainEast --authPassword "*" --initialize Disabling the Cloud Pod Architecture Feature You can use the lmvutil command with the --uninitialize option to disable the Cloud Pod Architecture feature. Syntax lmvutil --uninitialize Usage Notes You must use the lmvutil command with the --unjoin option to remove any other pods in the pod federation before you run this command.
Administering View Cloud Pod Architecture This command returns an error message if you provide invalid credentials, the specified View Connection Server instance does not exist, a pod federation does not exist on the specified server, or the command cannot complete the operation. Options You must specify several options when you join a pod to a pod federation. Table 5‑3.
Chapter 5 lmvutil Command Reference Changing a Pod Name or Description You can use the lmvutil command with the --updatePod option to update or modify the name or description of a pod. Syntax lmvutil --updatePod --podName podname [--newPodName podname] [--description text] Usage Notes This command returns an error message if the Cloud Pod Architecture feature is not initialized or if the command cannot find or update the pod.
Administering View Cloud Pod Architecture Creating a Site You can use the lmvutil command with the --createSite option to create a site in a Cloud Pod Architecture topology. Syntax lmvutil --createSite --siteName sitename [--description text] Usage Notes The lmvutil command returns an error message if the Cloud Pod Architecture feature is not initialized, the specified site already exists, or the command cannot create the site. Options You can specify these options when you create a site. Table 5‑5.
Chapter 5 lmvutil Command Reference Example lmvutil --authAs adminEast --authDomain domainEast --authPassword "*" --assignPodToSite --podName "East Pod 1" --siteName "Eastern Region" Changing a Site Name or Description You can use the lmvutil command with the --editSite option to edit the name or description of a site.
Administering View Cloud Pod Architecture Managing Global Entitlements You can use lmvutil command options to create, modify, and list global entitlements in a Cloud Pod Architecture environment. Global entitlements link users to desktops, regardless of where the desktops are located in the pod federation. They also determine how the Cloud Pod Architecture feature allocates desktops to those users.
Chapter 5 lmvutil Command Reference Options You can specify these options when you create a global entitlement. Table 5‑8. Options for Creating Global Entitlements Option Description --entitlementName Name of the global entitlement. The name can contain between 1 and 64 characters. The global entitlement name appears in the list of available entitlements for the user in Horizon Client. --scope Scope of the global entitlement. Valid values are as follows: n ANY.
Administering View Cloud Pod Architecture Modifying a Global Entitlement You can use the lmvutil command with the --updateGlobalEntitlement option to modify the scope, description, and other attributes of a global entitlement.
Chapter 5 lmvutil Command Reference Table 5‑9. Options for Modifying Global Entitlements (Continued) Option Description --disableMultipleSessionAutoClean (Optional) Disables the --multipleSessionAutoClean option function if the --multipleSessionAutoClean option was previously specified for the global entitlement. --requireHomeSite (Optional) Causes the global entitlement to be available only if the user has a home site. This option is applicable only when the --fromHome option is also specified.
Administering View Cloud Pod Architecture Repeat this command for each desktop pool to become part of the global entitlement. You can add a particular desktop pool to only one global entitlement. This command returns an error message if the Cloud Pod Architecture feature is not initialized, the specified entitlement does not exist, the desktop pool is already associated with the specified entitlement, the desktop pool does not exist, or the command cannot add the desktop pool to the global entitlement.
Chapter 5 lmvutil Command Reference Adding a User or Group to a Global Entitlement You can use the lmvutil command with the --addUserEntitlement or --addGroupEntitlement option to add a user or group to a global entitlement. Syntax lmvutil --addUserEntitlement --userName domain\username --entitlementName name lmvutil --addGroupEntitlement --groupName domain\groupname --entitlementName name Usage Notes Repeat the lmvutil command for each user or group to add to the global entitlement.
Administering View Cloud Pod Architecture Table 5‑13. Options for Removing a User or Group From a Global Entitlement Option Description --userName Name of a user to remove from the global entitlement. Use the format domain\username. --groupName Name of a group to remove from the global entitlement. Use the format domain\groupname. --entitlementName Name of the global entitlement from which to remove the user or group.
Chapter 5 lmvutil Command Reference Table 5‑14. Options for Creating a Home Site for a User or Group Option Description --userName Name of a user to associate with the home site. Use the format domain\username. --groupName Name of a group to associate with the home site. Use the format domain\groupname. --siteName Name of the site to associate with the user or group as the home site. --entitlementName (Optional) Name of a global entitlement to associate with the home site.
Administering View Cloud Pod Architecture Example lmvutil --authAs adminEast --authDomain domainEast --authPassword "*" --deleteUserHomeSite -userName domainEast\adminEast lmvutil --authAs adminEast --authDomain domainEast --authPassword "*" --deleteGroupHomeSite --groupName domainEast\adminEastGroup Viewing a Cloud Pod Architecture Configuration You can use lmvutil command options to list information about a Cloud Pod Architecture configuration.
Chapter 5 lmvutil Command Reference Example lmvutil --authAs adminEast --authDomain domainEast --authPassword "*" --listGlobalEntitlements Listing the Desktop Pools in a Global Entitlement You can use the lmvutil command with the --listAssociatedPools option to list the desktop pools that are associated with a specific global entitlement.
Administering View Cloud Pod Architecture Example lmvutil --authAs adminEast --authDomain domainEast --authPassword "*" --listEntitlements --userName example\adminEast Listing the Home Sites for a User or Group You can use the lmvutil command with the --showUserHomeSites or --showGroupHomeSites option to list all the configured home sites for a specific user or group. Syntax lmvutil --showUserHomeSites --userName domain\username [--entitlementName name] lmvutil --showGroupHomeSites --groupName domain\gro
Chapter 5 lmvutil Command Reference Options You must specify these options when you list the effective home site for a user. Table 5‑18. Options for Listing the Effective Home Site for a User Option Description --entitlementName Name of a global entitlement. This option enables you to determine the effective home site for a user and global entitlement combination, which might be different from the home site that is configured for the user. --userName Name of the user whose home site you want to list.
Administering View Cloud Pod Architecture Listing the Pods or Sites in a Cloud Pod Architecture Topology You can use the lmvutil command with the --listPods or --listSites option to view the pods or sites in your Cloud Pod Architecture topology. Syntax lmvutil --listPods lmvutil --listSites Usage Notes These commands return an error message if the Cloud Pod Architecture feature is not initialized or if the command cannot list the pods or sites.
Chapter 5 lmvutil Command Reference Usage Notes The lmvutil command returns an error message if the Cloud Pod Architecture feature is not initialized or if the command cannot create the certificate. Example LMVUtil --authAs adminEast --authDomain domainEast --authPassword "*" --createPendingCertificate Activating a Pending Certificate You can use the lmvutil command with the --activatePendingCertificate option to activate a pending certificate.
Administering View Cloud Pod Architecture 60 VMware, Inc.
Index A allocating desktops 10 architectural overview of Cloud Pod Architecture 7 C configuration tasks 15 viewing 27, 54 D desktop sessions 29 E example of a basic configuration 22 G global entitlements adding desktop pools 31, 49 adding users and groups 32, 51 creating 17, 24, 46 deleting 33, 49 introduction 10 listing 54 listing desktop pools 55 listing users and groups 55 managing 46 modifying 31, 48 modifying attributes and policies 32 removing desktop pools 31, 50 removing users and groups 32, 51
Administering View Cloud Pod Architecture U uninitializing 35 unitializing 41 V View URL 25 VIPA communication channel 8 62 VMware, Inc.
