Administration Guide View Manager 3.0.
View Manager Administration Guide Administration Guide Item: EN-000083-01 You can find the most up-to-date technical documentation on the VMware Web site at: http://www.vmware.com/support/ The VMware Web site also provides the latest product updates. If you have comments about this documentation, submit your feedback to: docfeedback@vmware.com © 2008–2009 VMware, Inc. All rights reserved. This product is protected by U.S. and international copyright and intellectual property laws.
Contents About This Book 9 1 Introduction 11 Overview of View Manager 11 View Manager Features 12 View Manager Components 14 System Requirements 14 View Connection Server 15 Supported Operating Systems 15 Prerequisites 15 RSA Authentication Manager 16 Operating System Support for Installed Components 16 Operating System Support for Web Components 18 View Agent 18 View Composer 18 Volume Licensing and Windows Vista Ultimate 19 View Client / View Client with Offline Desktop 19 Remote Desktop Connection 19
View Manager Administration Guide 2 Installation 23 Overview of View Connection Server 24 View Connection Server Instances 24 View LDAP 25 Preparing for Installation 25 Standard Server Installation 26 Replica Server Installation 27 Security Server Installation 29 Firewall Configuration 32 External URL 34 Offline Desktop 35 RDP 35 VirtualCenter Permissions for View Manager Users 36 Initial View Manager Configuration 36 View Connection Server Backup 38 3 View Administrator 41 Overview of View Administrator
Contents Searching Desktops and Entitled Users and Groups 65 Working with Active Sessions 67 Disabling View Manager and Deleting Objects 67 Deleting View Manager Objects 68 5 Client Management 69 View Client and View Portal 70 View Client Policies 71 Client Connections from the Internet 71 Overview of Client Connections 72 Generating locked.properties Automatically 74 Configuring locked.
View Manager Administration Guide Persistent and Non‐Persistent Desktops 101 QuickPrep 102 Preparing VirtualCenter for View Composer 102 Adding the View Composer Service to VirtualCenter 103 Domain User for View Composer 103 VirtualCenter User Permissions 104 Local System Administrator 104 Creating a Database and DSN for Linked Clone Desktops 104 Preparing a Parent VM 106 DHCP Lease Removal 107 Installing the View Agent on the Parent VM 107 Creating a Parent VM Snapshot 108 Deploying Linked Clone Desktops
Contents Group Policy Objects 142 Application of Group Policies 143 Computer Configuration GPO 143 View Agent Configuration 144 View Client Configuration 145 View Common Configuration 147 View Server Configuration 148 User Configuration GPO 148 View Agent Configuration 148 View Client Configuration 149 9 Unified Access 155 Prepare Multiple Back‐End Machines to Access Remote Desktops 156 Desktop Parameters 156 Install View Agent on an Unmanaged Desktop Source 158 Add and Change Desktop Sources 159 Enable o
View Manager Administration Guide 8 VMware, Inc.
About This Book This guide describes how to install, configure, and use VMware® View Manager, including how to install the various software components, how to deploy servers, and how to configure and connect to virtual desktops. It also describes how to set up load balancing and security, supported operating systems, and thin client devices.
View Manager Administration Guide Technical Support and Education Resources The following sections describe the technical support resources available to you. To access the current version of this book and other books, go to http://www.vmware.com/support/pubs. Online and Telephone Support To use online support to submit technical support requests, view your product and contract information, and register your products, go to http://www.vmware.com/support.
1 Introduction 1 View Manager 3.0.1 is a flexible and intuitive desktop management solution that enables system administrators to rapidly provision desktops and control user access. Client software connects users to virtual desktops running on VMware Virtual Infrastructure, or to physical systems running within your network environment.
View Manager Administration Guide Figure 1-1.
Chapter 1 Introduction Flexible deployment options—View Manager components can be deployed in a variety of configurations and to different parts of the network, which improves security, scalability, and reliability. In addition, multiple VirtualCenter servers are supported, and View Manager can scale horizontally to support many virtual desktops. High availability—Servers can be clustered for high availability and scalability with automatic failover.
View Manager Administration Guide View Manager Components View Manager consists of the following major components: View Connection Server—a software service that acts as a broker for client connections by authenticating and then directing incoming remote desktop user requests to the appropriate virtual desktop, physical desktop, or terminal server.
Chapter 1 Introduction View Connection Server View Connection Server is not supported on servers that have the Windows Terminal Server role installed. Remove the Windows Terminal Server role from any server on which you will be installing View Connection Server. View Connection Server runs on a 32‐bit or 64‐bit dedicated physical or virtual server with the following specifications: Pentium IV 2.
View Manager Administration Guide Host operating systems for standard or replica View Connection Server instances are joined to an Active Directory domain. The following versions of Active Directory are supported: Windows 2000 Active Directory Windows 2003 Active Directory NOTE View Connection Server does not make nor require any schema or configuration updates to Active Directory.
Chapter 1 Introduction Offline Desktop—refers to the View Client for Offline Desktop application. The entries in this column are the operating systems capable of installing and running this application. For a list of the View Manager desktops that can be downloaded and used in an offline context, refer to “View Client with Offline Desktop: Supported Guests” on page 20. View Composer—refers to the View Composer service that runs on the VirtualCenter host system.
View Manager Administration Guide Operating System Support for Web Components Table 1‐2 describes the support offered by various types of operating system to the Web‐based components of View Manager, with the specific browser and additional software requirements also provided. Any additional environmental requirements of the Web‐based components are described in subsequent sections. Table 1-2.
Chapter 1 Introduction Volume Licensing and Windows Vista Ultimate Windows Vista Ultimate is not designed for broad enterprise deployment and therefore does not support volume licensing—in order to deploy desktop clones that use Windows Vista Ultimate, you must first contact Microsoft in order to determine your licensing obligations. View Client / View Client with Offline Desktop You must have administrative privileges to install View Client or View Client with Offline Desktop on the client desktop.
View Manager Administration Guide View Client with Offline Desktop: Supported Guests The following 32‐bit operating systems can be downloaded and used by View Client with Offline Desktop: Windows XP Professional SP2 Windows XP Professional SP3 View Client and View Client with Offline Desktop: MMR The multimedia redirection (MMR) feature redirects certain multimedia codecs running on the remote desktop to the local client for rendering of full‐motion video and audio.
Chapter 1 Introduction Mac Operating System Support View Portal is an experimental feature on Mac OS. Please refer to “System Requirements” on page 14 for more information about experimental features. USB Support In order to use the USB redirection feature with View Portal, users must first install View Client on their local system. Refer to “View Client and View Portal” on page 70 for more information about this. NOTE Windows 2000 does not support USB redirection.
View Manager Administration Guide Table 1-3. SQL Server Requirements Database Type Microsoft SQL Server 2000 Standard Microsoft SQL Server 2000 Enterprise Microsoft SQL Server 2005 Enterprise Requirements SP4 For Windows XP, apply MDAC 2.8 SP1 to the client Use SQL Server driver for the client SP1 or SP2 For Windows XP, apply MDAC 2.8 SP1 to the client Use SQL native client driver for the client Microsoft SQL Server 2005 Express SP2 For Windows XP, apply MDAC 2.
2 Installation 2 This chapter describes how to install and backup one or more instances of View Connection Server, and also considers the different deployment scenarios you may encounter during this operation. Before installing View Connection Server, refer to Chapter 1, “Introduction,” on page 11 to view the system requirements and hardware and device support.
View Manager Administration Guide Overview of View Connection Server View Connection Server communicates with VirtualCenter in order to provide advanced management of virtual desktops. This includes virtual desktop creation as part of pool management and power operations, such as automatic suspend and resume.
Chapter 2 Installation View LDAP View LDAP is an embedded Lightweight Directory Access Protocol directory that serves as the data repository for all View Manager configuration information, and uses Microsoft Active Directory Application Mode (ADAM) as its data store. ADAM is provided as part of the View Connection Server installation.
View Manager Administration Guide To increase the maximum number of ephemeral ports on Windows 2003 Server 1 Start the Windows Registry Editor by entering regedit from a command prompt. 2 Locate the following subkey in the registry, and then click Parameters: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters 3 On the Edit menu, click New, and then add the following registry entry: Value Name: MaxUserPort Value Type: DWORD Value data: 65534 Valid Range: 5000-65534 (decimal) Default:
Chapter 2 Installation Replica Server Installation Replica servers are additional View Connection Server instances that are installed in order to provide high‐availability and load balancing. When a replica server is installed, a local ADAM instance is also created and the View LDAP data on the replica server is initialized from an existing View Connection Server.
View Manager Administration Guide Figure 2-1.
Chapter 2 Installation To install a replica server 1 Run the following executable on the system that will host the View Connection Server, where xxx is the build number of the file: VMware-viewconnectionserver-xxx.exe The VMware Installation wizard is displayed. Click Next. 2 Accept the VMware license terms, and click Next. 3 Accept or change the destination folder, and click Next. 4 Choose the Replica deployment option.
View Manager Administration Guide Figure 2-2. Multiple Security Servers remote View Client external network DMZ load balancing View Security Servers View Connection Servers Microsoft Active Directory VirtualCenter Management Server ESX hosts running Virtual Desktop virtual machines When remote users connect via a security server, they must successfully authenticate before they can access any virtual desktops.
Chapter 2 Installation Depending on your particular server configuration, load balancing might be required. You will require either a hardware or software load‐balancing solution if you have more than one security server. NOTE View Connection Server does not provide load‐balancing functionality but works with standard third‐party load‐balancing solutions. Figure 2-3.
View Manager Administration Guide Security servers implement a subset of View Connection Server functionality, and do not need to reside in an Active Directory domain. In addition, security servers do not contain a View LDAP configuration repository and do not access any other authentication repositories, such as Active Directory or RSA Authentication Manager.
Chapter 2 Installation The recommended security configuration for a DMZ‐based security server deployment is the dual firewall. In this configuration, an external network facing “front‐end” firewall protects both the DMZ and the internal network, and a “back‐end” firewall between the DMZ and the internal network provides a second tier of security.
View Manager Administration Guide To allow external client devices to connect to a security server within the DMZ, the front‐end firewall must allow inbound traffic on TCP ports 80 and 443. To allow the security server to communicate with each standard or replica server that resides within the internal network, the back‐end firewall must allow inbound traffic on TCP port 8009 for AJP13‐forwarded Web traffic, TCP port 4001 for Java Message Service (JMS) traffic, and TCP port 3389 for RDP traffic.
Chapter 2 Installation Offline Desktop If you intend to use the Offline Desktop feature, you must also ensure that port 902 is similarly accessible on your ESX / ESXi server; this port is used to establish the TCP connection through which the offline desktop data is downloaded and uploaded. Refer to Chapter 7, “Offline Desktop,” on page 123 for more information about this component.
View Manager Administration Guide VirtualCenter Permissions for View Manager Users To use VirtualCenter with View Manager, administrators must have permission to carry out certain operations in VirtualCenter. These permissions are granted by creating and assigning VirtualCenter roles to a View Manager user from within VirtualCenter. NOTE Administrative users in VirtualCenter have all the requisite permissions enabled by default.
Chapter 2 Installation To perform an initial configuration 1 Open a browser supported by View Administrator, and enter the following URL where is the hostname or IP address of a standard or replica View Connection Server instance: https:///admin NOTE View Administrator is accessed through a secure (SSL) connection.
View Manager Administration Guide Enter the username of a VirtualCenter user or administrator in the User name text box. If you want to select a VirtualCenter user who is not an administrator but has the requisite level of authority, ensure that their role meets the criteria described in “VirtualCenter Permissions for View Manager Users” on page 36. Enter the password that corresponds to the username entered above in the Password text box.
Chapter 2 Installation Once you have completed the initial configuration of your server or replicated group, it is strongly recommended that you regularly take backups of your View Manager data using the utilities described in this section. Do not rely on replica servers to act as your backup mechanism as any data lost from one instance will be lost from all members of the replicated group when the data is harmonized.
View Manager Administration Guide 40 VMware, Inc.
3 View Administrator 3 View Administrator is where you perform all of the configuration, deployment, analytical, and administrative tasks related to View Manager and desktop management. The purpose of this chapter is to give you a brief overview of the different types of view available within View Administrator and describe the features they contain. This chapter also discusses the various desktop sources and the different desktop delivery models that can be delivered.
View Manager Administration Guide Desktops and Pools View The Desktops view is displayed when you log in to the administrative interface or when you click the Desktops and Pools button and is where you create, deploy, administer, and monitor your virtual desktops.
Chapter 3 View Administrator Table 3-1. Desktops Pane – Tab Summary Tab Context Description Summary Desktop or Pool This tab provides an overview of all information associated with a desktop or desktop pool, including: General information about the pool, such as the name, type, persistence, and current activity. VirtualCenter environmental criteria, such as server name, capacity, and domain administrator.
View Manager Administration Guide Table 3-1. Desktops Pane – Tab Summary (Continued) Tab Context Description Desktop Sources Desktop or Pool This tab lists all the individual virtual systems available in the selected pool.
Chapter 3 View Administrator Configuration View The Configuration view is displayed when you click the Configuration ( ) button. This view contains multiple sections that allow you to analyze desktop usage, configure licensing, connections, authentication criteria and so forth. Each section is described in Table 3‐2: Table 3-2.
View Manager Administration Guide Table 3-2. Configuration View Overview (Continued) Section Description Global Settings This section provides information about the global product configuration parameters that apply to all areas of the product. To change a setting, click Edit and then modify any of the following entries: Session timeout—Determine how long (in minutes) users are allowed to keep sessions open after they log in to the View Connection Server.
Chapter 3 View Administrator Table 3-2. Configuration View Overview (Continued) Section Description Global Settings (Continued) Display a pre‐login message—if selected, Client and Web Access users see a disclaimer or login message with information or instructions entered by the administrator in the field provided. Display a warning before forced logoff—Determines if desktop users are logged off as a result of a scheduled or immediate update event (such as a desktop refresh).
View Manager Administration Guide To search events 1 Click the arrow after Contains and select the columns to search (Messages, Time, Type). 2 From the list, choose the number of days of messages to show in the Events table and click Done. 3 Enter search text in the text box and click Go. Search results appear in the Events table. Click (more) at the end of each message to display more details about the event. 48 VMware, Inc.
4 Virtual Desktop Deployment 4 Virtual desktop deployment is the task of preparing individual or multiple virtual machines for View Manager client connections. Once deployed, prepared systems can be accessed directly or act as a template from which View Manager can create an extensible pool of cloned desktops.
View Manager Administration Guide Overview of Virtual Desktop Deployment The procedure for deploying virtual desktops varies depending on whether you are creating an automated pool from a virtual machine template, an individual desktop instance, or a pool of manually‐selected virtual desktops. However, in all of these cases a base—or guest—system must first be selected and configured for use with View Manager.
Chapter 4 Virtual Desktop Deployment Unmanaged Desktop Sources— the desktop source is a machine that is not managed by a VirtualCenter server. This includes virtual machines running on VMware Server and virtual machines running on other virtualization platforms that support View Agent. Blade PCs, physical PCs and Terminal Servers on which you can install View Agent are unmanaged desktop sources.
View Manager Administration Guide Terminal Server Pool – is a pool of terminal server (TS) desktop sources served by one or more terminal servers. A terminal server desktop source can deliver multiple desktops. A TS pool has the following characteristics: Pool of TS desktops served by a farm comprising of one or more terminal servers.
Chapter 4 Virtual Desktop Deployment To install View Manager Agent 1 Run the View Agent executable on the system that will host the agent, where xxx is the build number of the file: VMware-viewagent-xxx.exe The installation wizard opens. Click Next. 2 Accept the VMware license terms and click Next. 3 Choose your custom setup options. You must install the View Manager Composer Agent if you want to deploy linked clone desktops.
View Manager Administration Guide To configure this subnet, create the following registry string in the virtual machine on which the View Agent is installed, where n.n.n.n is the TCP/IP subnet and m is the number of bits in the subnet mask: HKEY_LOCAL_MACHINE\Software\VMware, Inc.\VMware VDM\Node Manager\subnet = n.n.n.n/m (REG_SZ) Individual Desktops Individual desktops are single virtual machines that contain View Agent and can be accessed remotely by View Manager clients.
Chapter 4 Virtual Desktop Deployment 6 Configure the desktop properties and click Next. CAUTION If you are using Windows Vista as your Parent VM, you must set the power policy to Ensure VM is always powered on. Property Parameter Description State Enabled—after being created, the desktop is automatically enabled and ready for immediate use. Disabled—after being created, the desktop is disabled and unavailable for use.
View Manager Administration Guide Once the deployment has been initiated you can monitor the progress of the individual desktop by selecting either the Desktops and Pools or Desktop Sources tabs in the Global desktop and pool view pane. Automated Desktop Pools Automated desktop pools contain one or more dynamically generated desktops that are automatically created and customized by View Manager from a VirtualCenter virtual machine template.
Chapter 4 Virtual Desktop Deployment Customization Specifications Customization specifications are optional, but they can greatly expedite automated desktop pool deployments by providing configuration information for such general properties as licensing, domain attachment, and DHCP settings. To create a customization specification 1 In VirtualCenter, click Edit > Customization Specifications. 2 Click New to create a new Customization Specification.
View Manager Administration Guide 11 Specify how the desktops derived from this template will participate in your network. If you want to automatically add deployed desktops to a domain, select Windows Server Domain and enter the appropriate name in the field provided. In the username, password, and password confirmation fields, enter the credentials for a user who has the requisite level of permission to add a systems to this domain.
Chapter 4 Virtual Desktop Deployment 6 Configure the desktop properties and click Next. CAUTION If you are using Windows Vista as your Parent VM, you must set the power policy to Ensure VM is always powered on. Property Parameter Description State Enabled—after being created, the desktop pool is automatically enabled and ready for immediate use. Disabled—after being created, the desktop pool is disabled and unavailable for use.
View Manager Administration Guide 7 Configure the desktop provisioning properties and click Next. Property Parameter Description Provisioning Enabled—the desktops in the pool will be immediately created upon completion of the deployment procedure or after a desktop is deleted. Disabled—the desktops in the pool will not be immediately created upon completion of the deployment procedure or after a desktop is deleted. Number of desktops Specifies the number of desktops to create in this pool.
Chapter 4 Virtual Desktop Deployment Property Parameter Description Stop provisioning on error Select this check box if you want View Manager to automatically stop provisioning new virtual machines if an error is detected during desktop creation. Advanced Settings Click to display the advanced pool configuration settings. You can enable the advanced parameters by selecting the Enable Advanced Pool Settings check box. This will disable the Pool Size parameter.
View Manager Administration Guide 13 Select how you would like the desktops created from the guest system to be customized. If a customization specification exists on VirtualCenter you can select it from the Use this customization specification list in order to preconfigure such properties as licensing, domain attachment, and DHCP settings.
Chapter 4 Virtual Desktop Deployment Deploying a Manual Desktop Pool 1 From within the View Administrator, click the Desktops and Pools button and then click the Inventory tab. In the Global desktop and pool view pane, ensure that the Desktops and Pools tab is selected and click Add. 2 You are presented with the Add Desktop wizard. From here you can configure and deploy a new linked clone desktop pool. Select Manual Desktop Pool and click Next.
View Manager Administration Guide Property Parameter Description State Enabled—after being created, the desktop pool is automatically enabled and ready for immediate use. Disabled—after being created, the desktop pool is disabled and unavailable for use. This is an appropriate setting if you want to conduct post deployment activities such as testing or other forms of baseline maintenance.
Chapter 4 Virtual Desktop Deployment Entitling a Desktop or Pool Once a desktop or desktop pool has been created, you can entitle Active Directory users or groups to access it. To entitle a desktop to an Active Directory user or group 1 From within View Administrator, click the Desktops and Pools button and then click the Global desktop and pool view entry under the Inventory tab. Choose the desktop or pool you want to entitle from the Global desktop and pool view pane. 2 Click Entitlements.
View Manager Administration Guide 3 Click the arrow the left of the search field select the checkboxes for the appropriate columns. 4 Click Done. 5 Enter search text and click Go. To search categories in the Desktops Search view 1 From within View Administrator, click the Desktops and Pools button and click the Search tab on the left side of the page. 2 In the Search for desktops and pools field, enter search text.
Chapter 4 Virtual Desktop Deployment Working with Active Sessions After users connect to a desktop, active sessions are listed in the inventory. You can view active sessions on the Inventory page. To view, disconnect, or restart active sessions 1 From within View Administrator, click the Desktops and Pools button and click the Inventory tab on the left side of the page. 2 In Global desktop and pool view, click Active Sessions.
View Manager Administration Guide Deleting View Manager Objects Delete View Manager objects (VirtualCenter connections, View Connection Server connections, and desktops) by using the administrator user interface. To remove a VirtualCenter server connection from a View Connection Server 1 From within View Administrator, click the Configuration button. 2 In VirtualCenter Servers, select the VirtualCenter server you want to remove and click Remove.
5 Client Management 5 The locally installed View Client application and the Web‐based View Portal component allow View Manager users to connect to their desktops. These applications can operate within an internal network or externally over the Internet, and their behavior can be modified in a number of ways. In addition, View Client offers a variety of user authentication models—including secure authentication—all of which must be first configured on View Connection Server.
View Manager Administration Guide View Client and View Portal This section describes how to install the components required to use View Client and View Portal. You must be logged in as an administrator on the client system in order to carry out either of these tasks. The functionality offered by View Client and View Portal is derived from the same set of locally installed base components.
Chapter 5 Client Management 4 (Optional) Enter the IP address or FQDN of the server to which the client will connect and click Next. 5 Configure shortcuts for the View Client and then click Next > Install > Finish. To start View Client 1 If View Client does not start automatically after installation, click Start > Programs > VMware > View Manager Client. 2 In the Connection Server drop‐down menu, enter the host name or IP address of a View Connection Server and click Connect.
View Manager Administration Guide Many organizations require that users can connect from an external location by using a globally resolvable domain or subdomain name or IP address, or by reassigning specific ports on an existing address, in order to route client requests to the appropriate location (typically, the security server). For example: https://view-example.com:443 https://view.example.com:443 https://example.
Chapter 5 Client Management This scenario can be addressed by configuring View Connection Server to return an external URL instead of its own FQDN for the second connection channel. The process of setting the external URL is not the same for all types of server. For standard or replica servers you can set the URL from within View Administrator.
View Manager Administration Guide Generating locked.properties Automatically If you have already associated a security server with your standard server or replicated group you can generate the locked.properties configuration file automatically from View Administrator on any standard or replica server. To generate a Security Server locked.properties file from the Configuration view 1 From within the View Administrator on a standard or replica server, click the Configuration ( ) button.
Chapter 5 Client Management Table 5-1. locked.properties—Client and Server properties Property Description clientHost The externally resolvable hostname that the client is instructed to use when contacting the security server. If not specified, this is set to the value specified by serverName or the system default. clientPort The port that the client is instructed to use when contacting the security server. If not specified, this is set to the value specified by serverPort or the system default.
View Manager Administration Guide By default, in View Connection Server when a client visits a secure page such as View Administrator they are presented with the self‐signed certificate provided with the application. By reading the server certificate the user can decide if the server is a trusted source, and then accept (or reject) the connection. The certificate can be signed by a Certificate Authority (CA)—a trusted third party who guarantees the identity of the certificate and its creator.
Chapter 5 Client Management To create and install your own certificate you must first add the Java keytool utility to your command path so that you can execute it from any location using the command prompt. Once this is done you can create a self‐signed SSL certificate using the keytool utility. To obtain a validated certificate that has been signed by a trusted certificate authority you must first submit a certificate signing request (CSR) to a the CA in order to receive a trusted certificate.
View Manager Administration Guide To create a self-signed SSL certificate 1 From a command prompt, enter the following: keytool -genkey -keyalg "RSA" -keystore keys.p12 -storetype pkcs12 -validity 360 2 You are prompted to enter a password for the keystore and then to provide information about yourself and your organization. When you are asked to enter your first and last name, enter the FQDN of the View Connection Server instance you want to secure.
Chapter 5 Client Management The certificate.csr file is created in the same location.
View Manager Administration Guide i7coVx71/lCBOlFmx66NyKlZK5mObgvd2dlnsAP+nnStyhVHFIpKy3nsDO4JqrIg EhCsdpikSpbtdo18jUubV6z1kQ71CrRQtbi/WtdqxQEEtgZCJO2lPoIWMQA= -----END PKCS7----3 From a command prompt, enter the following where is the keystore password: keytool -import -keystore keys.p12 -storetype pkcs12 -storepass -keyalg "RSA" -trustcacerts -file certificate.p7 If you are using a temporary certificate you may be presented with the following message: ... is not trusted.
Chapter 5 Client Management Using Existing SSL Certificates You organization may already have a valid (CA signed) SSL certificates that you want to use with View Connection Server. In order to use an SSL certificate you will require both the certificate and the private key that accompanies it. Exporting from Microsoft IIS Server In order to use an existing Microsoft IIS SSL server certificate, you must first export it from the IIS application server that hosts the Web site, or sites, that use it.
View Manager Administration Guide Smart Card Authentication Some organizations require personnel to pass multiple stages of authentication before allowing them to connect to their systems. View Manager provides support for high‐security environments by offering smart card authentication of client sessions. Smart card authentication works by presenting a trusted set of client credentials—a user certificate—to View Connection Server.
Chapter 5 Client Management Obtaining a Root Certificate You must obtain the root certificate from the CA that signed the certificates on the smart cards presented by your users. The root certificate is obtained from one of the following sources: Microsoft IIS server running Microsoft Certificate Services. The procedure for installing Microsoft IIS, issuing certificates, and distributing them in your organization exceeds the scope of this guide.
View Manager Administration Guide 3 Under the Personal tab, select the certificate you wish to use and click View. NOTE If the user certificate is not present in the list you must first click the Import button to manually import the user certificate. Once the certificate has been imported, select it from the list and click View. 4 Under the Certification Path tab, select the certificate at the top of the tree and click View Certificate. 5 Under the Details tab click Copy to File.
Chapter 5 Client Management 5 In the left pane, expand Computer Configuration > Windows Settings > Security Settings > Public Key Policy 6 Right‐click Trusted Root Certification Authorities and select Import. 7 Follow the instructions in the wizard to import the certificate. Click OK. 8 Close the Group Policy window. By adding the certificate to the list of trusted roots, you are ensuring that all systems in the domain have a copy of the certificate in their trusted root store.
View Manager Administration Guide Using keytool to Create a Truststore From a command prompt, enter the following where is a unique (case‐insensitive) name for a new entity entry in the truststore (in this case, the certificate you are about to import), is the name of the root CA certificate you previously obtained or exported, and is the name of the truststore output file: keytool -import -alias -file -keystore NOTE Yo
Chapter 5 Client Management Configuring a Standard or Replica Server A security server that has been configured to use smart card authentication will automatically require the user to authenticate using their card and PIN during login. Standard and replica servers can be configured to accommodate several different smart card authentication scenarios.
View Manager Administration Guide 3 Right‐click the user, and then click Properties. An attribute editing window for the user is displayed. 4 Double‐click the user userPrincipalName entry from the list. In the field provided, enter the SAN value of the trusted CA certificate. 5 Click OK > OK, and close ADAM ADSI Edit. RSA SecurID Authentication View Manager supports RSA SecurID as an additional method for user authentication.
Chapter 5 Client Management View Client Command Line Options View Client has a number of startup options that can be invoked when launching the application from a command prompt. Options are preceded by a hyphen (-) or a forward slash (/), are case‐insensitive, and can be abbreviated down to their shortest unique form. For example, to display the full list of commands enter the following: "C:\Program Files\VMware\View Manager\Client\bin\wswc" /? To launch View Client in fully scripted mode—that is, with al
View Manager Administration Guide Table 5-2. View Client Command Line Options (Continued) Property Description rollback (Offline Desktop only) Unlocks the online version of a checked out desktop and discards the offline session. This property requires the desktopName property to be supplied. checkout (Offline Desktop only) Checks out the specified desktop, and locks the online equivalent. This property requires the desktopName property to be supplied.
Chapter 5 Client Management Virtual Printing consists of a guest component (.print Client) which resides within the View Client or View Client with Offline Desktop application, and a host component (.print Engine) which is part of the View Agent service on the View Manager desktop. Jobs are sent by .print Engine to .print Client over an RDP connection. NOTE On an offline desktop, .print Engine uses a named pipe (Com1:) to pass print data to .print Client.
View Manager Administration Guide 7 Click the Advanced tab. If the printer installed on the host supports these options, edit the following settings for double‐sided printing: Long edge for portrait or Short edge for landscape printing. To preview each printout on the host, enable Preview on client before printing. From this preview, you can use any printer with all its available properties. 92 8 Click the Adjustment tab to view the automatic print adjustment options.
6 View Composer 6 The View Composer feature provides a versatile and highly storage‐efficient alternative to creating and managing many standalone virtual machines. This chapter provides an overview of View Composer functionality of View Manager.
View Manager Administration Guide The link is indirect because the first time one or more desktop clones are created, a uniquely identified copy of the Parent VM—called a replica—is also created. All the desktop clones are anchored directly to the replica and not to the Parent VM. Desktops of this type are called linked clone desktops. The Parent VM can be updated or replaced without directly affecting the linked clone desktops and can therefore can be viewed as a standalone virtual machine.
Chapter 6 View Composer Administrators can also return the operating system data of each linked clone desktop—which may have expanded through ongoing usage—to its original state (that of the Parent VM) by carrying out an action called desktop refresh. NOTE Linked clones can also be anchored to a new snapshot of a completely different Parent VM. View Administrator delivers a high‐level overview of what actions are being carried out.
View Manager Administration Guide Thin provisioned disks (thin disks) are used by the linked clones to store user data, and are not linked to the Parent VM. This type of disk occupies no more space than that required by the data it contains but does not reduce in size if data is removed. These disks are not affected by recomposition or refresh events.
Chapter 6 View Composer Figure 6-2. Desktop Recomposition parent VM 1 parent VM 2 base image + snapshot base image + snapshot recompose replica 1 user data disk replica 2— new base image after recomposition refreshed OS data disk user data disk bloated OS data disk Replica 2 is an exact copy of Parent VM 2. When the recomposition action is complete the desktop will be anchored to replica 2 and the operating system data modified accordingly.
View Manager Administration Guide Desktop Refresh A desktop refresh is similar to a desktop recomposition but without any change to the base image. This action is carried out in order to restore the system data for a desktop pool to a baseline state and thereby reduce the size of the operating system data of each attached clone. A desktop refresh can be carried out either on demand, as a timed event, or when the operating system data reaches a specified size.
Chapter 6 View Composer If administrators are creating large pools of desktops and are using multiple LUNs, there is a possibility that the space is not being used efficiently if the initial sizing was inaccurate. Figure 6‐4 shows a number of virtual desktops, distributed unevenly over two LUNs. Figure 6-4.
View Manager Administration Guide Rebalancing the LUNs evenly distributes any selected (or all) virtual machines between the available logical drives. This result of this action is illustrated in Figure 6‐5. Figure 6-5. Desktop Rebalance – After parent VM base image + snapshot replica 1 replica 2 OS data disk user data disk user data disk OS data disk OS data disk user data disk user data disk OS data disk free space free space LUN A 100 LUN B VMware, Inc.
Chapter 6 View Composer A high level of storage overcommit introduces the possibility of virtual machines growing to such a level that all free space within the datastore is consumed. When the volume of space being used by the virtual machines on the datastore reaches: 95%—A log entry is generated that states the datastore is short on free space. 99%—Every virtual machine resident within the datastore is suspended.
View Manager Administration Guide QuickPrep QuickPrep is a system tool executed by View Composer during a linked clone desktop deployment that is responsible for personalizing each desktop created from the Parent VM. During the initial startup of each new desktop, QuickPrep ensures that the system is given a new name (specified during the deployment process) and joined to the appropriate domain, and for mounting the new volume that will contain the user profile information.
Chapter 6 View Composer Adding the View Composer Service to VirtualCenter View Composer is used by View Manager to create and deploy linked clone desktops from VirtualCenter. During the installation of the service you are offered the opportunity to specify which port the service should use to communicate with View Connection Server. If Windows firewall is running on the VirtualCenter system you must add this port to the exception list or deactivate the local firewall service.
View Manager Administration Guide VirtualCenter User Permissions If the View Manager user is not an administrator in VirtualCenter you must assign a role to the VirtualCenter user entry in order to confer upon it the appropriate level of authority over the objects it creates and manages. In addition to the standard privileges described in “VirtualCenter Permissions for View Manager Users” on page 36, the View Composer service requires that you enable some additional privileges, described in Table 6‐1.
Chapter 6 View Composer NOTE If a SQL server does not reside on the VirtualCenter host system or elsewhere within your environment you must install one as the View Composer service installer does not include a database. These instructions assume that Microsoft SQL Server 2005 is installed locally on the VirtualCenter host, and that SQL Server Management Studio Express will be used to create and administer the datasource.
View Manager Administration Guide 6 Ensure that the Connect to SQL Server to obtain default settings for the additional configuration options checkbox is selected and select one of the following options: If you are using local SQL Server, select Windows NT authentication. It is also known as “trusted authentication” and is supported only if the SQL Server is running on the same system as the VirtualCenter Server. If you are using remote SQL Server, select SQL Server authentication.
Chapter 6 View Composer System disk contains a single volume (multiple virtual disks are supported). CAUTION Do not attempt to deploy clones from a Parent VM that contains more than one volume as the result of disk partitioning. Multiple partitions are not supported by the View Composer service. The View Agent service is installed and is running.
View Manager Administration Guide 3 Choose your custom setup options. You must install the View Manager Composer Agent, however you may also select or deselect the following features: Install the View Secure Authentication component if you want to install the Graphical Identification and Authentication (GINA) dynamic‐link library.
Chapter 6 View Composer Before you attempt to create a new linked clone desktop pool you must first ensure that View Manager is able to contact VirtualCenter and that the View Composer service has started. Once a connection has been established you will be able to deploy a new linked clone desktop pool.
View Manager Administration Guide 4 Click Add and enter the required details into the Add Domain Administrators window. NOTE This is where you enter the credentials of the user—created by your Active Directory administrator—who can add systems to the domain, as described in “Preparing VirtualCenter for View Composer” on page 102. Enter the VirtualCenter user information in the form domain\username, where domain is the fully qualified domain name of the Active Directory domain. For example: example.com\adm
Chapter 6 View Composer 5 Enter the Desktop ID and, optionally, the Desktop Display Name and Description. The desktop ID is used by View Manager to identify the desktop pool and is the name that the user sees when logging in. The desktop ID and display name can be arbitrary but if you do not specify a display name the desktop ID is used for both. NOTE You can use any alphanumeric character, including spaces, to provide an optional description.
View Manager Administration Guide Property Parameter Description Refresh OS disk on logoff (persistent pools only) Never—the base operating system image is never refreshed. Always—the base operating system image is refreshed every time the user logs off. Every—the base operating system image is refreshed on a recurring basis at a specified time. Enter a positive number of days in the field provided.
Chapter 6 View Composer Table 6-2. Add Desktop: Desktop Provisioning Settings (Continued) Property Parameter Description VM naming pattern By default, a prefix is used to identify all desktops in a pool as part of the same group. The prefix can be up to 13 characters in length and a numeric suffix is appended to this entry in order to distinguish each desktop from others in the same pool.
View Manager Administration Guide 8 Select the Parent VM to be used as the base image for the deployment. You are only be presented with virtual machines that contain one or more snapshots that were taken when the virtual machine was powered down. Click Next. 9 Select the snapshot you previously created on the Parent VM while in its inactive state and click Next. 10 Select where you want the folder for this desktop pool to reside within VirtualCenter and click Next.
Chapter 6 View Composer If you are creating a persistent pool where more than one datastore is available you can click the fields in the Use For column and specify how the storage space for the corresponding datastore should be used. By default, both OS Data and User Data are selected for each datastore. NOTE You must allocate sufficient space for both the operating system and user data in order to proceed.
View Manager Administration Guide Refreshing, Recomposing, and Rebalancing Linked Clone Desktops You can only recompose, refresh, or rebalance linked clone desktops that are part of a persistent pool. If you want to change the Parent VM of a non‐persistent linked clone desktop pool you must modify the pool directly by using the pool deployment wizard. The deployment wizard can be invoked by clicking Edit on the summary page for the non‐persistent pool.
Chapter 6 View Composer 4 Click Edit Image. You are presented with the Edit Image wizard. Select the Refresh option and click Next. 5 If you selected the Users and Groups tab you can now filter your user selection. Select All users if you want to execute a global refresh against all assigned users in the desktop pool. If you selected one or more users you can select The following users if you want the refresh to apply only to specific users within the selected group.
View Manager Administration Guide 3 Select one of the following options: To recompose the entire desktop pool, ensure that the Summary tab is selected in the right‐hand pane. To recompose the desktops assigned to specific users in the desktop pool, ensure that the Users and Groups tab is selected in the right‐hand pane. If you want to recompose the desktop of one or more assigned users, select the corresponding check boxes.
Chapter 6 View Composer 8 Edit the base image used by the selected desktop pool. If you want to anchor the clones in the desktop pool to a different snapshot within the same base image, select a new snapshot from the list provided. If you want to change the current base image to that of a new Parent VM, click Change and select a new virtual machine to be the Master VM for the pool from those highlighted in the list. Click OK. Click Next.
View Manager Administration Guide 6 If you previously selected one or more virtual machines from the desktop source list you can choose to rebalance only these systems by selecting the corresponding radio button. If you did not select any virtual machines, or want to rebalance the entire pool, select All virtual machines. Click Next.
Chapter 6 View Composer You can download the .NET Framework and view additional information about the ASP.NET IIS registration tool from the following locations: http://www.microsoft.com/net http://msdn.microsoft.com/library/k6h9cz8h(VS.80).aspx The following procedure must be carried out before installing the View Composer service on the new system.
View Manager Administration Guide 122 VMware, Inc.
7 Offline Desktop 7 Offline Desktop offers mobile users the ability to check out a cloned instance of certain types of View Manager desktop onto a local system such as a laptop. Once checked out, the local copy behaves like a standalone desktop system and can be used with or without a network connection; the desktop is now considered to be “offline.” The following sections provide an overview of Offline Desktop, its purpose and implementation. NOTE Offline Desktop is an experimental feature.
View Manager Administration Guide In anticipation of this, an Offline Desktop user can use the View Client with Offline Desktop application to download a copy of their desktop virtual machine from the View Connection Server for use on a local computer—an event that also “locks” the online desktop virtual machine, preventing it from being accessed from any other location.
Chapter 7 Offline Desktop Figure 7-1. Offline Desktop – Usage Flow 1 vCenter View Connection Server VM n Internet VM 2 VM 1 VM 1 datastore (desktops in virtual machines) 2 ESX remote user vCenter View Connection Server VM n Internet VM 2 VM 1 1 VM datastore ESX remote user 3 vCenter View Connection Server VM n Internet VM 2 VM 1 VM 1 datastore ESX remote user VMware, Inc.
View Manager Administration Guide Table 7-1. Offline Desktop – Stage Description Stage Description 1 The remote user starts View Client with Offline Desktop and is presented with a list of their entitled desktops. The user selects an Offline Desktop compatible desktop and initiates a download that copies the desktop virtual machine onto their local system. 2 Once the virtual machine is downloaded, the user can log into Windows and use their desktop locally, even in the absence of a network connection.
Chapter 7 Offline Desktop Once checked out, Offline Desktop uses thin provisioned virtual disks to store information on the host system. This type of disk occupies no more space than that required by the data it contains, and physical disk space is only allocated as data is written; this minimizes the storage footprint of the downloaded system.
View Manager Administration Guide Offline Desktop Policies Certain Offline Desktop features can be controlled through policy. For information about configuring and applying policies to offline desktops at the global, pool, or user level refer to “Client Policies” on page 139. Supported Desktop Types Not all types of View Manager desktop configuration support Offline Desktop. Table 7‐2 provides a matrix that describes the availability of this feature to the different desktop types. Table 7-2.
Chapter 7 Offline Desktop You cannot download a desktop to a system where the guest exceeds the capabilities of the host; the host system must be at least as capable as the guest in order to run the View Manager desktop. You cannot download a desktop if another user is currently logged in to that desktop. ESX supports two simultaneous desktop checkouts. ESXi supports five simultaneous desktop checkouts. Host CD‐ROM redirection is not supported.
View Manager Administration Guide Before downloading an automated pool desktop for the first time, users must connect to this desktop using any View Manager client. This will ensure that a local profile is created on that desktop that can be used to authenticate offline sessions in environments that have no network availability. It will also ensure that the desktop is correctly associated with the user in View Manager. This step is optional (although recommended) for individual desktops.
Chapter 7 Offline Desktop 4 Choose a desktop from the list provided and click Connect. 5 View Client with Offline Desktop will attempt to connect to the specified desktop. Upon connection, the client window is displayed. Users can determine if a desktop is eligible for checkout by right‐clicking it in the list provided by View Client with Offline Desktop to display its context menu. If the desktop can be used offline, the Check out option is displayed.
View Manager Administration Guide Table 7-3. Offline Sessions Field Description User The Active Directory ID of the user who checked out the desktop—this is in the form domain\username. Desktop The persistent desktop or desktop pool display name (if one was provided when the desktop or pool was created in View Manager).
Chapter 7 Offline Desktop Removing Access In addition to the standard methods of account suspension or removal offered by Active Directory, Offline Desktop sessions can be terminated from within the administrative interface by removing user entitlement from an individual desktop or desktop pool, or by discarding the offline session.
View Manager Administration Guide 134 VMware, Inc.
8 Component Policies 8 A policy is a rule or set of rules defined by a system administrator that governs the behavior of an application. Within View Manager, policies can be used to establish the configuration of constituent components by controlling the logging of information, managing client access, restricting device usage, establishing security parameters for client usage, and so forth.
View Manager Administration Guide Table 8‐1 describes the different virtual machine power policy states that can be assigned to a desktop or desktop pool during deployment. Table 8-1. Power Policy Definitions Property Description Do nothing (VM remains on) Virtual machines that are powered off will be started when required and will remain on, even when not in use, until they are shut down. Ensure VM is always powered on All virtual machines in the pool remain powered on, even when they are not in use.
Chapter 8 Component Policies Table 8-2. Power Policy Notes (Continued) Desktop Type Power Policy is Applied... Non‐Persistent manual Pool After user disconnection or logoff. Note: If the Power Off policy is applied after a disconnection, the session is discarded. If the Suspend policy is applied after a disconnection, an orphaned session could be created (the desktop is non‐persistent so there is no guarantee that the user will ever be able to return to it).
View Manager Administration Guide Power Policy Example 2 In the following pooling example—the parameters for which are provided in Table 8‐4—the maximum and minimum number of desktops are equal. Table 8-4. Pooling Example 2 Type Minimum Maximum Available Power Policy Non‐Persistent Automated Pool 5 5 2 Suspend Initially, 5 desktops are created: 3 suspended and 2 powered on and available.
Chapter 8 Component Policies Client Policies The properties provided under the policies tab in View Administrator are used to assert behavioral control over client components at the global, desktop pool, or desktop user level. By default, each user‐level policy inherits its setting from a pool‐level policy that, in turn, inherits its setting from a global policy. A number of general component behaviors relating to desktop sessions can be configured directly from within View Administrator.
View Manager Administration Guide The View Manager policies that relate specifically to Offline Desktop sessions are described in Table 8‐7. Table 8-7. Client Policies for Offline Desktop Property Description Offline Desktop Specifies if desktops can be checked out for local use. Available options are Allow and Deny. Pool‐ and user‐level policies may also Inherit the default setting from their parent. The default is Allow.
Chapter 8 Component Policies Similarly, if the global policy that specifies the amount of time a checked out desktop can run without successfully contacting the server is set to 10 minutes, you cannot apply a server contact policy of 30 minutes to any desktop pool. NOTE View Administrator warns you if you attempt to apply a less restrictive policy to a pool. User‐level policies override global‐ or pool‐level policies—that is, they can be more or less restrictive than either.
View Manager Administration Guide To configure and assign user-level policy settings 1 From View Administrator, click the Desktops and Pools button ( ) to display the Global desktop and pool view and then click the Inventory tab. 2 In the Inventory pane, select the desktop pool entry ( pool you want to apply the policy to. 3 In the Desktops pane, click the Policies tab. You are presented with the policies page for this desktop pool. 4 In the Policy Overrides box, click Add User.
Chapter 8 Component Policies In order to minimize the administrative overhead of creating bespoke polices, a number of component‐specific GPO templates are provided with View Connection Server that can be imported into Active Directory. The template files that accompany View Manager are described below: vdm_agent.adm contains properties relating to the authentication and environmental components of a client desktop controlled by View Agent vdm_client.
View Manager Administration Guide View Agent Configuration Use the GPOs described in Table 8‐8 and Table 8‐9 to configure View Agent behavior. Table 8-8. View Agent Configuration Properties Property Description Recursive enumeration of trusted domains Determines if every domain trusted by the domain in which the agent resides is enumerated.
Chapter 8 Component Policies Table 8-9. View Agent Configuration Properties - Agent Configuration (Continued) Property Description Connect Using DNS Name Determines if the View Connection Server uses the DNS name of the machine to connect to, rather than its IP address. This is often used in a NAT/Firewall situation when the View Client or View Connection Server cannot use the virtual desktop IP address directly. This property is disabled by default.
View Manager Administration Guide Table 8-11. View Client Configuration Properties: Scripting Definitions Property Description Server URL Determines the URL used by View Client during login. For example: http://view1.example.com Logon UserName Determines the username used by View Client during login. Logon DomainName Determines the NETBIOS domain name used by View Client during login. Logon Password Determines the password used by View Client during login.
Chapter 8 Component Policies Table 8-12. View Client Configuration Properties - Security Settings Property Description Ignore incorrect SSL certificate common name (host name field) Determines if errors associated with incorrect server certificate common names are disabled. When the common name on the certificate does not correlate with the hostname of the server that sends it, an error results. When this property is enabled, this error is ignored. This property is disabled by default.
View Manager Administration Guide Table 8-14. View Manager Common Configuration - Log Configuration Property Description Number of days to keep logs Specifies the number of days for which log files are retained on the system. If no value is set, the default applies and log files will only be kept for 7 days. View Server Configuration Use the following GPOs to configure settings that can apply to all View Connection Server: Table 8-15.
Chapter 8 Component Policies Table 8-16. View Agent Configuration Properties - Agent Configuration Property Description Disable Time Zone Synchronization Determines if the time zone of the View desktop is synchronized with that of the View client. When enabled, this property will only apply if the Disable time zone forwarding property of the View Client Configuration policy is not disabled. This property is disabled by default.
View Manager Administration Guide Table 8-17. View Client Configuration Properties (Continued) Property Description Don’t check monitor alignment on spanning By default, the client desktop will not span multiple monitors if the screens do not form an exact rectangle when in combination (that is, identical heights if positioned left and right monitors, or identical widths if positioned top and bottom). This property overrides this rule and is disabled by default.
Chapter 8 Component Policies Table 8-18. View Client Configuration Properties – Scripting Definitions (Continued) Property Description DesktopLayout (when fully scripted only) Determines the display state of the View Client window when the desktop is launched.
View Manager Administration Guide Table 8-19. View Client Configuration Properties – RDP Settings (Continued) Property Description Themes Determines if themes are displayed when clients connect to the remote desktop. Cursor shadow Determines if a shadow is displayed under the cursor on the remote desktop. Font smoothing (Windows Vista or later) Determines if anti‐aliasing is applied to the fonts on the remote desktop.
Chapter 8 Component Policies Table 8-19. View Client Configuration Properties – RDP Settings (Continued) Property Description Redirect supported plug and play devices Determines if local plug and play and point of sale devices are automatically redirected when clients connect to the remote desktop. This is not the same as the redirection managed by the USB Redirection component of View Agent. Bitmap caching Determines if remote bitmaps are cached on the local computer.
View Manager Administration Guide 154 VMware, Inc.
9 Unified Access 9 Large enterprises use a mix of physical PCs, server‐based desktops, or applications that are published using terminal services, virtual desktops, and blade PCs. Users requiring access to more than one platform must use several different interfaces. Unified Access enables View Manager to provide a unified interface through which users can access their desktops being delivered by multiple back ends.
View Manager Administration Guide Prepare Multiple Back-End Machines to Access Remote Desktops A desktop source must be prepared to deliver desktop access. If desktop sources do not meet the following conditions, remote desktop delivery fails. Install View agent on the back‐end machine. For more information about installing View agents, see “Install View Agent on an Unmanaged Desktop Source” on page 158.
Chapter 9 Unified Access Table 9-1. Desktop Parameters Property Parameter Description Desktop pool state Enabled – After being created, the desktop pool is enabled and ready for immediate use. Disabled – After being created, the desktop pool is disabled and unavailable for use. This is an appropriate setting if you want to conduct post deployment activities such as testing or other forms of baseline maintenance.
View Manager Administration Guide Table 9‐2 shows which parameters are applicable to each desktop type. Table 9-2.
Chapter 9 Unified Access To install VMware View Agent on an unmanaged desktop source 1 Run the View Agent executable file on the system that will host the agent, where xxx is the build number of the file: VMware-viewagent-e.x.p-xxx.exe The installation wizard opens. Click Next. 2 Accept the VMware license terms and click Next. 3 Select your custom setup options. Accept or change the destination folder and click Next.
View Manager Administration Guide 3 In the Desktop Type window, select Individual Desktop and click Next. 4 In the Desktop Source window, select Physical computers or virtual machines not managed by a VirtualCenter server and click Next. 5 Enter the Unique ID and the Display name and Description. The unique ID is the name that View Manager uses to identify the desktop. The desktop display name is what the user sees when logging in.
Chapter 9 Unified Access 4 In the Desktop Persistence window, specify the persistence settings for the desktops in this pool. Persistent – This desktop pool allows users to log in to the same desktop every time. Users can save documents and files on persistent desktops because they return to the same desktop. Non‐persistent – Desktops are available to users when they log in but are returned to the pool when users log off.
View Manager Administration Guide To add a terminal server pool 1 Ensure that you have the appropriate login credentials and log in to View Administrator. 2 In the Desktops tab, click Add. 3 In the Desktop Type window, select Microsoft Terminal Services Desktop Pool and click Next. 4 Enter the Unique ID, the Display name, and the Description. The unique ID is the name that View Manager uses to identify the desktop. The desktop display name is what the user sees when logging in.
Chapter 9 Unified Access Enable or Disable a Desktop You can only access desktops that are enabled. To enable or disable a desktop 1 On the Desktops tab, select a desktop and click Enable/Disable. If the desktop is currently enabled, you can disable it, and if it is currently disabled, you can enable it. 2 Select Enable Desktop or Disable Desktop as applicable, and click OK.
View Manager Administration Guide To remove a desktop source from a desktop pool 1 In the desktop pane, select a desktop pool and click the Desktop Sources tab. 2 Select desktop sources and click Remove. A confirmation message appears. 3 Click OK to remove the selected desktop source from the pool. 4 If any of the desktop sources have active sessions, indicate the action to be taken: 5 Leave active – Active sessions will remain until the user logs off.
Chapter 9 Unified Access Delete a Desktop You can delete an individual desktop or a desktop pool. To remove unmanaged desktops, you must unregister them. See “Unregister a Desktop Source.” To delete an unmanaged desktop pool 1 On the Desktops tab, select an unmanaged desktop pool or desktop and click Delete. A warning message appears that you are trying to permanently delete this desktop pool. Only the desktop pool is deleted.
View Manager Administration Guide 3 Select the desktop source to unregister and click Unregister. You can select only desktop sources that are not assigned to a desktop. A message appears to check if you want to unregister the desktop source. If you unregister a desktop source, it becomes unavailable. To make these sources available again, reinstall the View Agent should in each desktop source. 4 Click OK if you want to unregister the selected desktop source.
10 Troubleshooting 10 Occasionally when using the View Manager product, administrators or users may encounter unexpected behavior. In these situations, you can obtain assistance from VMware. This chapter provides a summary of some of the high‐level steps you can take to gather application data, request assistance, and search for support information in our knowledge base.
View Manager Administration Guide Using the View Manager Support Tool to Collect Diagnostic Information The View Manager Support tool lets you generate log files and set log levels that determine if you want to generate normal, debug, or full log files for the View Connection Server. To set log levels using the View Manager Support Tool 1 On View Connection Server, click Start, click All Programs, and click VMware. 2 Select Set View Connection Server Log Levels.
Chapter 10 Troubleshooting 2 Run the support script: cscript vdm-support.vbs When the script finishes, it informs you of the output filename and location. 3 File a support request on the Support page of the VMware Web site: https://www.vmware.com/support/login.do View Composer Support The svi-support script provided with View Manager offers component‐specific support for View Composer by collecting configuration and logging data.
View Manager Administration Guide Table 10-1. svi-support – Parameters (Continued) Parameter Description dmpdir The absolute path of the directory from which to gather the View Composer logs. Default is: %ALLUSERSPROFILE%\Application Data\VMware\View Composer\Logs dmpformat The prefix that will be used to filter the dmp files. Default is vmware-svi- nolog Disables the logging of events logged buy the system eventlog. fullbundle Generate full bundle containing extended data.
Chapter 10 Troubleshooting Further Troubleshooting Information The following URLs for VMware Knowledge Base (KB) articles contain troubleshooting information for View Manager. The KB articles are continually updated with new troubleshooting information. Top‐level Knowledge Base search page: http://kb.vmware.com/selfservice/microsites/microsite.do Troubleshooting end user connection issues: http://www.vmware.com/info?id=342 Troubleshooting pooling issues: http://www.vmware.
View Manager Administration Guide 172 VMware, Inc.
Glossary A Active Directory A Microsoft directory service that stores information about the network operating system and provides services. Active Directory configures and manages users and groups and enables administrators to set security policies, control resources, and deploy programs across an enterprise. ADAM (Active Directory Application Mode) An LDAP implementation based on Active Directory. active session A live connection from a client or Web Access user to a virtual desktop.
View Manager Administration Guide D datastore Virtual representations of combinations of underlying physical storage resources in the datacenter. A datastore is the storage location (for example, a physical disk, a RAID, or a SAN) for virtual machine files. desktop See “virtual desktop.” desktop virtual machine See “virtual desktop.” desktop pool A pool of virtual machines that an administrator designates for users or groups of users. See also “persistent desktop pool,” “non‐persistent desktop pool.
Glossary N non‐persistent desktop pool A desktop pool in which users are not assigned to a specific desktop. When users log off or are timed out of a desktop, their desktops are returned to the pool and made available to other users. Users cannot save data or files to their desktops when using a non‐persistent pool. P persistent desktop pool A desktop pool in which users are assigned to a specific desktop. Users log on to the same desktop every time and their data is preserved when they log off.
View Manager Administration Guide 176 VMware, Inc.
Index A active sessions disconnecting 67 rebooting 67 viewing 67 ADAM replication 27, 87 authentication using RSA SecurID 88 using smart cards 82 automated desktop pools configuring 56 creating virtual machine templates 56 customization specifications 57 deploying 58 non-persistent 56, 58 persistent 56, 58 properties 59 automated pools defined 51 power policies 137 B back-end machines preparing to access remote desktops 156 Unified Access 155 C client connections overview 72 resolving internet 71 VMware
View Manager Administration Guide desktop sources adding and changing 159 adding and removing 163 changing an individual 164 power policies 135 preparing to access remote desktops 156 Unified Access 155 unmanaged, installing View Agent on 158 unregistering 165 desktops adding unmanaged individual 159 automated pool 51 checking out 131 cloning 93 connecting using View Client 71 connecting using View Portal 71 database system requirements 21 deleting 165 enabling and disabling 163 entitling 65 entitling user
Index View Agent on an unmanaged desktop source 158 View Agent on guest systems 52 View Client 70 View Client with Offline Desktop 130 J Java keytool 77 L linked clone desktops configuring VirtualCenter 102 creating database 104 defined 94 desktop recomposition 96 disk usage 95 protecting recomposition using source virtual machines 96 rebalancing 119 recomposing 117 recomposing desktops 96 refreshing 116 storage overcommit 96 using existing database 120 linked replicas 94 locked.
View Manager Administration Guide View Configuration GPOs 144 View Server Configuration GPOs 148 power policies in automated pools 137 of desktop sources 135 product compatibility requirements 19 provisioned desktops 50 Q QuickPrep tool to personalize desktops 102 R rebalancing desktops 98 rebalancing linked clone desktops 119 rebooting active sessions 67 recomposing linked clone desktops 117 linked desktop clones 97 refreshing linked clone desktops 116 Remote Desktop Connection for View Client 19 replic
Index U Unified Access 155 adding and changing desktop source 159 desktop parameters 156 installing View Agent on an unmanaged desktop source 158 preparing desktop sources to access remote desktops 156 unmanaged desktops 51 User Configuration GPOs 148 V vdm-support script 167 View Administrator description 14 Inventory page 42 overview 41 View Agent description 14 installing on guest systems 52 system requirements 18 with multiple NICs 53 View Agent GPO 148 View Client description 14 installing 70 install
View Manager Administration Guide virtual machine templates cloning to templates 56 converting to templates 56 virtual machine templates, for automated desktop pools 56 VirtualCenter adding the View Composer service 103 configuring to create linked clone desktops 102 View administrator role 36 View permissions 36 W web components 18 182 VMware, Inc.
