Administering View Cloud Pod Architecture VMware Horizon 6 Version 6.2 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new edition. To check for more recent editions of this document, see http://www.vmware.com/support/pubs.
Administering View Cloud Pod Architecture You can find the most up-to-date technical documentation on the VMware Web site at: http://www.vmware.com/support/ The VMware Web site also provides the latest product updates. If you have comments about this documentation, submit your feedback to: docfeedback@vmware.com Copyright © 2015 VMware, Inc. All rights reserved. Copyright and trademark information. VMware, Inc. 3401 Hillview Ave. Palo Alto, CA 94304 www.vmware.com 2 VMware, Inc.
Contents Administering View Cloud Pod Architecture 5 1 Introduction to Cloud Pod Architecture 7 Understanding Cloud Pod Architecture 7 Configuring and Managing a Cloud Pod Architecture Environment Cloud Pod Architecture Limitations 8 8 2 Designing a Cloud Pod Architecture Topology 9 Creating Cloud Pod Architecture Sites 9 Entitling Users and Groups in the Pod Federation 10 Finding and Allocating Desktops and Applications in the Pod Federation Global Entitlement Example 12 Cloud Pod Architecture Topol
Administering View Cloud Pod Architecture Managing Sites 43 Managing Global Entitlements 46 Managing Home Sites 53 Viewing a Cloud Pod Architecture Configuration Managing SSL Certificates 60 Index 4 55 63 VMware, Inc.
Administering View Cloud Pod Architecture Administering View Cloud Pod Architecture describes how to configure and administer a Cloud Pod ® Architecture environment in VMware Horizon 6, including how to plan a Cloud Pod Architecture topology and set up, monitor, and maintain a Cloud Pod Architecture configuration. Intended Audience This information is intended for anyone who wants to set up and maintain a Cloud Pod Architecture environment.
Administering View Cloud Pod Architecture 6 VMware, Inc.
1 Introduction to Cloud Pod Architecture The Cloud Pod Architecture feature uses standard View components to provide cross-datacenter administration, global and flexible user-to-desktop mapping, high availability desktops, and disaster recovery capabilities.
Administering View Cloud Pod Architecture Sharing Key Data in the Global Data Layer View Connection Server instances in a pod federation use the Global Data Layer to share key data. Shared data includes information about the pod federation topology, user and group entitlements, policies, and other Cloud Pod Architecture configuration information. In a Cloud Pod Architecture environment, shared data is replicated on every View Connection Server instance in a pod federation.
Designing a Cloud Pod Architecture Topology 2 Before you begin to configure the Cloud Pod Architecture feature, you must make decisions about your Cloud Pod Architecture topology. Cloud Pod Architecture topologies can vary, depending on your goals, the needs of your users, and your existing View implementation. If you are joining existing View pods to a pod federation, your Cloud Pod Architecture topology is typically based on your existing network topology.
Administering View Cloud Pod Architecture Entitling Users and Groups in the Pod Federation In a traditional View environment, you use View Administrator to create entitlements. These local entitlements entitle users and groups to a specific desktop or application pool on a View Connection Server instance. In a Cloud Pod Architecture environment, you create global entitlements to entitle users or groups to multiple desktops and applications across multiple pods in the pod federation.
Chapter 2 Designing a Cloud Pod Architecture Topology Understanding the Scope Policy When you create a global desktop entitlement or global application entitlement, you must specify its scope policy. The scope policy determines the scope of the search when View looks for desktops or applications to satisfy a request from the global entitlement.
Administering View Cloud Pod Architecture Global Entitlement Example In this example, NYUser1 is a member of the global desktop entitlement called My Global Pool. My Global Pool provides an entitlement to three floating desktop pools, called pool1, pool2, and pool3. pool1 and pool2 are in a pod called NY Pod in the New York datacenter and pool3 and pool4 are in a pod called LDN Pod in the London datacenter. Figure 2‑1.
Chapter 2 Designing a Cloud Pod Architecture Topology Cloud Pod Architecture Port Requirements Certain network ports must be opened on the Windows firewall for the Cloud Pod Architecture feature to work. When you install View Connection Server, the installation program can optionally configure the required firewall rules for you. These rules open the ports that are used by default.
Administering View Cloud Pod Architecture 14 VMware, Inc.
Setting Up a Cloud Pod Architecture Environment 3 Setting up a Cloud Pod Architecture environment involves initializing the Cloud Pod Architecture feature, joining pods to the pod federation, and creating global entitlements. You must create and configure at least one global entitlement to use the Cloud Pod Architecture feature. You can optionally create sites and assign home sites.
Administering View Cloud Pod Architecture After the Cloud Pod Architecture feature is initialized, the pod federation contains the initialized pod and a single site. The default pod federation name is Horizon Cloud Pod Federation. The default pod name is based on the host name of the View Connection Server instance. For example, if the host name is CS1, the pod name is Cluster-CS1. The default site name is Default First Site. 4 When View Administrator prompts you to reload the client, click OK.
Chapter 3 Setting Up a Cloud Pod Architecture Environment 7 When View Administrator prompts you to reload the client, click OK. After the View Administrator user interface is refreshed, Global Entitlements appears under Catalog and Sites appears under View Configuration in the View Administrator Inventory panel. 8 (Optional) To change the default name of the pod, select View Configuration > Sites, select the pod, click Edit, type the new name in the Name text box, and click OK.
Administering View Cloud Pod Architecture 4 Configure the global entitlement. a Type a name for the global entitlement in the Name text box. The name can contain between 1 and 64 characters. This is the name that appears in the list of available desktops and applications in Horizon Client for an entitled user. b (Optional) Type a description of the global entitlement in the Description text box. The description can contain between 1 and 1024 characters.
Chapter 3 Setting Up a Cloud Pod Architecture Environment g If you are configuring a global desktop entitlement, select the default display protocol for desktops in the global destkop entitlement and specify whether to allow users to override the default display protocol. h If you are configuring a global desktop entitlement, select whether to allow users to reset desktops in the global desktop entitlement.
Administering View Cloud Pod Architecture Create and Configure a Site If your Cloud Pod Architecture topology contains multiple pods, you might want to group those pods into different sites. The Cloud Pod Architecture feature treats pods in the same site equally. Prerequisites n Decide whether your Cloud Pod Architecture topology should include sites. See “Creating Cloud Pod Architecture Sites,” on page 9. n Initialize the Cloud Pod Architecture feature.
Chapter 3 Setting Up a Cloud Pod Architecture Environment n Become familiar with the lmvutil command authentication options and requirements and verify that you have sufficient privileges to run the lmvutil command. See “lmvutil Command Authentication,” on page 38. Procedure n To create a home site for a user, run the lmvutil command with the --createUserHomeSite option. You can run the command on any View Connection Server instance in the pod federation. lmvutil --createUserHomeSite --userName domain\u
Administering View Cloud Pod Architecture 2 Connect to any View Connection Server instance in the pod federation by using the credentials of a user in one of your new global entitlements. After you connect to the View Connection Server instance, the global entitlement name appears in the list of available desktops and applications. 3 Select the global entitlement and connect to a desktop or application. The desktop or application starts successfully.
Chapter 3 Setting Up a Cloud Pod Architecture Environment 5 Creating Global Desktop Entitlements in the Example Configuration on page 24 The View administrator uses View Administrator to create a single global desktop entitlement that entitles all sales agents to all desktops in the sales agent desktop pools across all pods in the pod federation. 6 Creating a View URL for the Example Configuration on page 25 The insurance company uses a single View URL and employs a DNS service to resolve sales.
Administering View Cloud Pod Architecture Joining Pods in the Example Configuration The View administrator uses View Administrator to join Central Pod 1 and Central Pod 2 to the pod federation.
Chapter 3 Setting Up a Cloud Pod Architecture Environment The View administrator adds the Sales Agents group to the global desktop entitlement. The Sales Agent group is defined in Active Directory and contains all sales agent users. Adding the Sales Agent group to the Agent Sales global desktop entitlement enables sales agents to access the Sales A and Sales B desktop pools on the pods in the Eastern and Central regions.
Administering View Cloud Pod Architecture 26 VMware, Inc.
Managing a Cloud Pod Architecture Environment 4 You use View Administrator and the lmvutil command to view, modify, and maintain your Cloud Pod Architecture environment. You can also use View Administrator to monitor the health of pods in the pod federation.
Administering View Cloud Pod Architecture n To list the desktop or application pools in a global entitlement, in View Administrator, select Catalog > Global Entitlements, double-click the global entitlement name, and click the Local Pools tab. Only the pools in the local pod appear on the Local Pools tab.
Chapter 4 Managing a Cloud Pod Architecture Environment View Pod Federation Health in View Administrator View constantly monitors the health of the pod federation by checking the health of each pod and View Connection Server instances in those pods. You can view the health of a pod federation in View Administrator. You can also view the health of a pod federation from the command line by using the vdmadmin command with the -H option.
Administering View Cloud Pod Architecture The search results include the user, type of session (desktop or application), machine, pool or farm, pod, brokering pod ID, site, and global entitlements associated with each session. The session start time, duration, and state also appear in the search results. NOTE The brokering pod ID is not immediately populated for new sessions in the search results. This ID usually appears in View Adminstrator between two and three minutes after a session begins.
Chapter 4 Managing a Cloud Pod Architecture Environment Modifying Global Entitlements You can add and remove desktop pools, users, and groups from global entitlements. You can also delete global entitlements and modify global entitlement attributes and policies. Add a Pool to a Global Entitlement You can use View Administrator to add a desktop pool to an existing global desktop entitlement, or add an application pool to an existing global application entitlement.
Administering View Cloud Pod Architecture 2 In View Administrator, select Catalog > Global Entitlements and double-click the global entitlement. 3 On the Users and Groups tab, click Add. 4 Click Add, select one or more search criteria, and click Find to filter Active Directory users or groups based on your search criteria 5 Select the Active Directory user or group to add to the global entitlement and click OK. You can press the Ctrl and Shift keys to select multiple users and groups.
Chapter 4 Managing a Cloud Pod Architecture Environment 5 6 To modify a global entitlement policy, select or deselect the policy in the Policy pane. Policy Description Scope Specifies where to look for desktops or applications that satisfy a desktop or application request from the global entitlement. You can select only one scope policy. n All sites - View looks for desktops or applications on any pod in the pod federation.
Administering View Cloud Pod Architecture 4 Click OK in the confirmation dialog box. Remove a Home Site Association You can use the lmvutil command to remove the association between a user or group and a home site. You can also remove the association between a home site and a global entitlement for a specified user or group. Prerequisites Become familiar with the lmvutil command authentication options and requirements and verify that you have sufficient privileges to run the lmvutil command.
Chapter 4 Managing a Cloud Pod Architecture Environment Remove a Pod From the Pod Federation You can use View Administrator to remove a pod that was previously joined to the pod federation. You might want to remove a pod from the pod federation if it is being recommissioned for another purpose or if it was wrongly configured. To remove the last pod in the pod federation, you unitialize the Cloud Pod Architecture feature. See “Uninitialize the Cloud Pod Architecture Feature,” on page 35.
Administering View Cloud Pod Architecture 36 VMware, Inc.
lmvutil Command Reference 5 You use the lmvutil command-line interface to configure and manage a Cloud Pod Architecture implementation. NOTE You can use the vdmutil command-line interface to perform the same operations as lmvutil.
Administering View Cloud Pod Architecture lmvutil Command Authentication To use the lmvutil command to configure and manage a Cloud Pod Architecture environment, you must run the command as a user who has the Administrators role. You can use View Administrator to assign the Administrators role to a user. See the View Administration document. The lmvutil command includes options to specify the user name, domain, and password to use for authentication. Table 5‑1.
Chapter 5 lmvutil Command Reference Table 5‑2. lmvutil Command Options (Continued) Option Description --addPoolAssociation Associates a desktop pool with a global desktop entitlement or an application pool with a global application entitlement. See “Adding a Pool to a Global Entitlement,” on page 50. --addUserEntitlement Associates a user with a global entitlement. See “Adding a User or Group to a Global Entitlement,” on page 52 --assignPodToSite Assigns a pod to a site.
Administering View Cloud Pod Architecture Table 5‑2. lmvutil Command Options (Continued) Option Description --listPods Lists the pods in a Cloud Pod Architecture topology. See “Listing the Pods or Sites in a Cloud Pod Architecture Topology,” on page 59. --listSites Lists the sites in a Cloud Pod Architecture topology. See “Listing the Pods or Sites in a Cloud Pod Architecture Topology,” on page 59.
Chapter 5 lmvutil Command Reference Usage Notes Run this command only once, on one View Connection Server instance in the pod. You can run the command on any View Connection Server instance in the pod. You do not need to run this command for additional pods. All other pods join the initialized pod. This command returns an error message if the Cloud Pod Architecture feature is already initialized or if the command cannot complete the operation.
Administering View Cloud Pod Architecture Joining a Pod to the Pod Federation Use the lmvutil command with the --join option to join a pod to the pod federation. Syntax lmvutil --join joinServer serveraddress --userName domain\username --password password Usage Notes You must run this command on each pod that you want to join to the pod federation. You can run the command on any View Connection Server instance in a pod.
Chapter 5 lmvutil Command Reference These commands return an error message if the Cloud Pod Architecture feature is not initialized, the pod is not joined to a pod federation, or if the commands cannot perform specified operations. Options When you use the --ejectPod option, you use the --pod option to identify the pod to remove from the pod federation.
Administering View Cloud Pod Architecture n Changing a Site Name or Description on page 45 Use the lmvutil command with the --editSite option to edit the name or description of a site. n Deleting a Site on page 45 Use the lmvutil command with the --deleteSite option to delete a site. Creating a Site Use the lmvutil command with the --createSite option to create a site in a Cloud Pod Architecture topology.
Chapter 5 lmvutil Command Reference Table 5‑6. Options for Assigning a Pod to a Site Option Description --podName Name of the pod to assign to the site. --siteName Name of the site. You can use the lmvutil command with the --listPods option to list the names of the pods in a Cloud Pod Architecture topology. See “Listing the Pods or Sites in a Cloud Pod Architecture Topology,” on page 59.
Administering View Cloud Pod Architecture Options You use the --sitename option to specify the name of the site to delete. Example lmvutil --authAs adminEast --authDomain domainEast --authPassword "*" --deleteSite --sitename "Eastern Region" Managing Global Entitlements You can use lmvutil command options to create, modify, and list global desktop entitlements and global application entitlements in a Cloud Pod Architecture environment.
Chapter 5 lmvutil Command Reference Syntax lmvutil --createGlobalEntitlement --entitlementName name --scope scope {--isDedicated | --isFloating} [--description text] [--disabled] [--fromHome] [--multipleSessionAutoClean] [--requireHomeSite] [--defaultProtocol value] [--htmlAccess] lmvutil --createGlobalApplicationEntitlement --entitlementName name --scope scope [--description text] [--disabled] [--fromHome] [--multipleSessionAutoClean] [--requireHomeSite] [--htmlAccess] Usage Notes You can use these comma
Administering View Cloud Pod Architecture Table 5‑8. Options for Creating Global Entitlements (Continued) Option Description --multipleSessionAutoClean (Optional) Logs off extra user sessions for the same entitlement. Multiple sessions can occur when a pod that contains a session goes offline, the user logs in again and starts another session, and the problem pod comes back online with the original session. When multiple sessions occur, Horizon Client prompts the user to select a session.
Chapter 5 lmvutil Command Reference Options You can specify these options when you modify a global entitlement. Some options apply only to global desktop entitlements or only to global application entitlements. Table 5‑9. Options for Modifying Global Entitlements Option Description --entitlementName Name of the global entitlement to modify. --scope Scope of the global entitlement. Valid values are as follows: n ANY. View looks for resources on any pod in the pod federation. n SITE.
Administering View Cloud Pod Architecture Table 5‑9. Options for Modifying Global Entitlements (Continued) Option Description --appVersion (Optional) Version of the application. Applies only to global application entitlements. --appPublisher (Optional) Publisher of the application. Applies only to global application entitlements. --appPath (Optional) Full pathname of the application, for example, C:\Program Files\app1.exe. Applies only to global application entitlements.
Chapter 5 lmvutil Command Reference Usage Notes You must use this command on a View Connection Server instance in the pod that contains the pool. For example, if pod1 contains a desktop pool to associate with a global desktop entitlement, you must run the command on a View Connection Server instance that resides in pod1. Repeat this command for each pool to become part of the global entitlement. You can add a particular pool to only one global entitlement.
Administering View Cloud Pod Architecture Table 5‑11. Options for Removing a Pool from a Global Entitlement Option Description --entitlementName Name of the global entitlement. --poolID ID of the pool to remove from the global entitlement. The pool ID must match the pool name as it appears on the pod.
Chapter 5 lmvutil Command Reference Removing a User or Group From a Global Entitlement To remove a user from a global entitlement, use the lmvutil command with the --removeUserEntitlement option. To remove a group from a global entitlement, use the lmvutil command with the --removeGroupEntitlement option. Syntax lmvutil --removeUserEntitlement --userName domain\username --entitlementName name lmvutil --removeGroupEntitlement --groupName domain\groupname --entitlementName name Usage Notes These commands r
Administering View Cloud Pod Architecture Configuring a Home Site To create a home site for a user, use the lmvutil command with the --createUserHomeSite option. To create a home site for a group, use the lmvutil command with the --createGroupHomeSite option. You can also use these options to associate a home site with a global desktop entitlement or global application entitlement. Syntax lmvutil --createUserHomeSite --userName domain\username --siteName name [--entitlementName name] lmvutil --createGroup
Chapter 5 lmvutil Command Reference Deleting a Home Site To remove the association between a user and a home site, use the lmvutil command with the --deleteUserHomeSite option. To remove the association between a group and a home site, use the lmvutil command with the --deleteGroupHomeSite option. Syntax lmvutil --deleteUserHomeSite --userName domain\username [--entitlementName name] lmvutil --deleteGroupHomeSite --groupName domain\groupname [--entitlementName name] Usage Notes These commands return an e
Administering View Cloud Pod Architecture n Listing the Home Sites for a User or Group on page 57 To list all the configured home sites for a specific user, use the lmvutil command with the --showUserHomeSites option. To list all the configured home sites for a specific group, use the lmvutil command with the --showGroupHomeSites option.
Chapter 5 lmvutil Command Reference Options You use the --entitlementName option to specify the name of the global entitlement for which to list the associated desktop or application pools.
Administering View Cloud Pod Architecture Usage Notes These commands return an error message if the Cloud Pod Architecture feature is not initialized or if the specified user, group, or global entitlement does not exist. Options You can specify these options when you list the home sites for a user or group. Table 5‑17. Options for Listing the Home Sites for a User or Group Option Description --userName Name of a user. Use the format domain\username. --groupName Name of a group. Use the format domain\
Chapter 5 lmvutil Command Reference Listing Dedicated Desktop Pool Assignments Use the lmvutil command with the --listUserAssignments option to to list the dedicated desktop pool assignments for a user and global entitlement combination. Syntax lmvutil --listUserAssignments {--userName domain\username | --entitlementName name | --podName name | --siteName name} Usage Notes The data produced by this command is managed internally by the Cloud Pod Architecture brokering software.
Administering View Cloud Pod Architecture Example lmvutil --authAs adminEast --authDomain domainEast --authPassword "*" --listPods lmvutil --authAs adminEast --authDomain domainEast --authPassword "*" --listSites Managing SSL Certificates You can use lmvutil command options to create and activate pending SSL certificates in a Cloud Pod Architecture environment. The Cloud Pod Architecture feature uses signed certificates for bidirectional SSL to protect and validate the VIPA communication channel.
Chapter 5 lmvutil Command Reference Usage Notes You must use the lmvutil command with the --createPendingCertificate option to create a pending certificate before you can use this command. Wait for the Global Data Layer replication process to distribute the certificate to all View Connection Server instances before you activate the pending certificate.
Administering View Cloud Pod Architecture 62 VMware, Inc.
Index A I allocating desktops 10 architectural overview of Cloud Pod Architecture 7 initializing 15, 23, 40 intended audience 5 introduction 7 C L configuration tasks 15 viewing 27, 55 D desktop sessions 29 E limitations 8 lmvutil command authenticating 38 command options 38 introduction 37 output 38 syntax 37 example of a basic configuration 22 M G management interfaces 27 global entitlements adding desktop pools 31 adding pools 50 adding users and groups 31, 52 creating 17, 24, 46 deleting
Administering View Cloud Pod Architecture limits 12 viewing 59 U uninitializing 35 unitializing 41 V View URL 25 VIPA communication channel 8 64 VMware, Inc.