View Manager Administration Guide View Manager 3.
View Manager Administration Guide View Manager Administration Guide Item: EN-000184-00 You can find the most up-to-date technical documentation on the VMware Web site at: http://www.vmware.com/support/ The VMware Web site also provides the latest product updates. If you have comments about this documentation, submit your feedback to: docfeedback@vmware.com © 2009 VMware, Inc. All rights reserved. This product is protected by U.S. and international copyright and intellectual property laws.
Contents About This Book 9 1 Introduction 11 Overview of View Manager 11 View Manager Features 12 View Manager Components 14 System Requirements 14 View Connection Server 15 Supported Operating Systems 15 Prerequisites 15 RSA Authentication Manager 16 Operating System Support for Installed Components 16 Operating System Support for Web Components 18 View Agent 18 View Composer 18 Volume Licensing and Windows Vista Ultimate 19 View Client / View Client with Offline Desktop 19 Microsoft Remote Desktop Conn
View Manager Administration Guide 2 Installation 25 Overview of View Connection Server 26 View Connection Server Instances 26 View LDAP 27 Standard Server Installation 27 Replica Server Installation 28 Security Server Installation 30 Firewall Configuration 33 External URL 36 Offline Desktop 36 RDP 36 VirtualCenter Permissions for View Manager Users 37 Initial View Manager Configuration 38 View Connection Server Backup 40 Optimizing Your Installation 41 Optimization Calculation 41 Ephemeral Ports 41 TCB Has
Contents 4 Virtual Desktop Deployment 63 Overview of Virtual Desktop Deployment 64 Desktop Sources 64 Desktop Delivery Models 65 Preparing the Guest System 66 Installing the View Agent on the Guest System 66 Using the View Agent on Virtual Machines with Multiple NICs 67 Individual Desktops 68 Deploying an Individual Desktop 68 Automated Desktop Pools 71 Virtual Machine Templates 71 Customization Specifications 72 Deploying an Automated Desktop Pool 73 Manual Desktop Pools 78 Deploying a Manual Desktop Pool
View Manager Administration Guide Configuring a Standard or Replica Server 102 Configuring User Profiles 102 RSA SecurID Authentication 103 Node Secret Reset 104 View Client Command Line Options 104 View Client Configuration File 106 Virtual Printing 107 Virtual Printing and USB Printing 108 Adobe Flash Bandwidth Reduction 108 Setting Adobe Flash Quality and Throttling 109 Overriding Bandwidth Reduction Settings in the Desktop 110 Client Device Information 110 Enabling HP RGS Display Protocol 112 Installin
Contents Using an Existing View Composer Database 147 Using the SviConfig Tool for View Composer 149 Upgrade View Composer Database (databaseupgrade) Use Case 149 Usage 149 Result Output 150 Result Codes 150 Restore View Composer Database (restoredata) 151 Use Case 151 Usage 151 Result Output 152 Result Codes 153 149 7 Offline Desktop 155 Overview of Offline Desktop 155 Offline Desktop Licensing and VirtualCenter Access 158 Storage, Communications, and Security 158 Tunneled Communications and SSL 159 Off
View Manager Administration Guide View Agent Configuration 176 View Client Configuration 178 View Common Configuration 180 View Server Configuration 181 User Configuration GPO 181 View Agent Configuration 181 View Client Configuration 182 9 Unified Access 187 Prepare Multiple Back‐End Machines to Access Remote Desktops 188 Desktop Parameters 188 Install View Agent on an Unmanaged Desktop Source 190 Add and Change Desktop Sources 191 Enable or Disable a Desktop 195 Entitle Users and Groups to a Desktop 195
About This Book This guide describes how to install, configure, and use VMware® View Manager, including how to install the various software components, how to deploy servers, and how to provision desktops and control user access. This guide also describes the client software that connects users to virtual desktops running on VMware Virtual Infrastructure, or to physical systems running within your network environment.
View Manager Administration Guide Technical Support and Education Resources The following sections describe the technical support resources available to you. To access the current version of this book and other books, go to http://www.vmware.com/support/pubs. Online and Telephone Support To use online support to submit technical support requests, view your product and contract information, and register your products, go to http://www.vmware.com/support.
1 Introduction 1 View Manager 3.1 is a flexible and intuitive desktop management solution that enables system administrators to rapidly provision desktops and control user access. Client software connects users to virtual desktops running on VMware Virtual Infrastructure, or to physical systems running within your network environment.
View Manager Administration Guide Figure 1-1.
Chapter 1 Introduction Flexible deployment options—View Manager components can be deployed in a variety of configurations and to different parts of the network, which improves security, scalability, and reliability. In addition, multiple VirtualCenter servers are supported, and View Manager can scale horizontally to support many virtual desktops. High availability—Servers can be clustered for high availability and scalability with automatic failover.
View Manager Administration Guide View Manager Components View Manager consists of the following major components: View Connection Server—a software service that acts as a broker for client connections by authenticating and then directing incoming remote desktop user requests to the appropriate virtual desktop, physical desktop, or terminal server.
Chapter 1 Introduction View Connection Server View Connection Server is not supported on servers that have the Windows Terminal Server role installed. Remove the Windows Terminal Server role from any server on which you will be installing View Connection Server. View Connection Server runs on a 32‐bit or 64‐bit dedicated physical or virtual server with the following specifications: Pentium IV 2.
View Manager Administration Guide Host operating systems for standard or replica View Connection Server instances are joined to an Active Directory domain. The following versions of Active Directory are supported: Windows 2000 Active Directory Windows 2003 Active Directory NOTE View Connection Server does not make nor require any schema or configuration updates to Active Directory.
Chapter 1 Introduction Offline Desktop—refers to the View Client for Offline Desktop application. The entries in this column are the operating systems capable of installing and running this application. For a list of the View Manager desktops that can be downloaded and used in an offline context, refer to “View Client with Offline Desktop: Supported Guests” on page 20. View Composer—refers to the View Composer service that runs on the VirtualCenter host system.
View Manager Administration Guide Operating System Support for Web Components Table 1‐2 describes the support offered by various types of operating system to the Web‐based components of View Manager, with the specific browser and additional software requirements also provided. Any additional environmental requirements of the Web‐based components are described in subsequent sections. Table 1-2.
Chapter 1 Introduction Volume Licensing and Windows Vista Ultimate Windows Vista Ultimate is not designed for broad enterprise deployment and therefore does not support volume licensing—in order to deploy desktop clones that use Windows Vista Ultimate, you must first contact Microsoft in order to determine your licensing obligations. View Client / View Client with Offline Desktop You must have administrative privileges to install View Client or View Client with Offline Desktop on the client desktop.
View Manager Administration Guide You cannot install View Client with Offline Desktop on any system that has the following applications installed: VMware ACE VMware Player VMware Server VMware Workstation The above applications must be uninstalled prior to installing View Client with Offline Desktop.
Chapter 1 Introduction The recommended application to use with these files is Windows Media Player 10—this application supports MMR and should be installed on both the client and View Manager desktop. NOTE MMR will not work correctly if the View Client video display hardware does not have overlay support. View Portal ActiveX controls are required for Windows users who access their desktops using View Portal on Internet Explorer 6 or higher.
View Manager Administration Guide View Composer VMware Infrastructure 3.5 update 3 or update 4 is required to use the View Composer feature, and is supported on the following 32‐bit platforms: Windows Server 2003 Service Pack 1 Windows XP Professional Service Pack 2 NOTE You cannot use the View Composer feature of View Manager to deploy desktops that run Windows Vista Ultimate Edition or Windows XP Professional SP1.
Chapter 1 Introduction Table 1-3. Database Support and Requirements for View Composer (Continued) Database Type Requirements Oracle 10g Standard Release 1 (10.1.0.3.0) N/A Oracle 10g Enterprise Release 1 (10.1.0.3.0) Oracle 10g Standard Release 2 (10.1.0.3.0) Oracle 10g Enterprise Release 2 (10.1.0.3.0) Oracle 10g Enterprise Edition, Release 2 (10.2.0.3.0) 64‐bit VMware, Inc. First apply patch 10.2.0.3.0 to the client, then apply patch 5699495 to the client.
View Manager Administration Guide 24 VMware, Inc.
2 Installation 2 This chapter describes how to install and back up one or more instances of View Connection Server, and also considers the different deployment scenarios you may encounter during this operation. Before installing View Connection Server, refer to Chapter 1, “Introduction,” on page 11 to view the system requirements and hardware and device support.
View Manager Administration Guide Overview of View Connection Server View Connection Server communicates with VirtualCenter in order to provide advanced management of virtual desktops. This includes virtual desktop creation as part of pool management and power operations, such as automatic suspend and resume.
Chapter 2 Installation View LDAP View LDAP is an embedded Lightweight Directory Access Protocol directory that serves as the data repository for all View Manager configuration information. View LDAP is provided as part of the View Connection Server installation.
View Manager Administration Guide To install a standard server 1 Run the following executable on the system that will host the View Connection Server, where xxx is the build number of the file: VMware-viewconnectionserver-xxx.exe The VMware Installation wizard is displayed. Click Next. 2 Accept the VMware license terms and click Next. 3 Accept or change the destination folder and click Next. 4 Choose the Standard deployment option. 5 Click Next > Install > Finish.
Chapter 2 Installation Figure 2-1.
View Manager Administration Guide To install a replica server 1 Run the following executable on the system that will host the View Connection Server, where xxx is the build number of the file: VMware-viewconnectionserver-xxx.exe The VMware Installation wizard is displayed. Click Next. 2 Accept the VMware license terms, and click Next. 3 Accept or change the destination folder, and click Next. 4 Choose the Replica deployment option.
Chapter 2 Installation Figure 2-2. Multiple Security Servers remote View Client external network DMZ load balancing View Security Servers View Connection Servers Microsoft Active Directory VirtualCenter Management Server ESX hosts running Virtual Desktop virtual machines When remote users connect via a security server, they must successfully authenticate before they can access any virtual desktops.
View Manager Administration Guide Depending on your particular server configuration, load balancing might be required. You will require either a hardware or software load‐balancing solution if you have more than one security server. NOTE View Connection Server does not provide load‐balancing functionality but works with standard third‐party load‐balancing solutions. Figure 2-3.
Chapter 2 Installation Security servers implement a subset of View Connection Server functionality, and do not need to reside in an Active Directory domain. In addition, security servers do not contain a View LDAP configuration repository and do not access any other authentication repositories, such as Active Directory or RSA Authentication Manager.
View Manager Administration Guide The recommended security configuration for a DMZ‐based security server deployment is the dual firewall. In this configuration, an external network facing “front‐end” firewall protects both the DMZ and the internal network, and a “back‐end” firewall between the DMZ and the internal network provides a second tier of security.
Chapter 2 Installation To allow external client devices to connect to a security server within the DMZ, the front‐end firewall must allow inbound traffic on TCP ports 80 and 443. To allow the security server to communicate with each standard or replica server that resides within the internal network, the back‐end firewall must allow inbound traffic on TCP port 8009 for AJP13‐forwarded Web traffic and TCP port 4001 for Java Message Service (JMS) traffic.
View Manager Administration Guide External URL By default, the FQDN of the host is required by View Client in order to establish a connection with View Connection Server. This information will not be available to clients who attempt to contact the server from outside your network environment. Refer to “Client Connections from the Internet” on page 88 for information on how to add an external URL to a security server to make it accessible from the Internet.
Chapter 2 Installation 5 Each security server is paired with a View Connection Server and forwards all traffic to that server. Enter the FQDN of the standard or replica server with which the security server is to communicate. 6 Click Next > Install > Finish. VirtualCenter Permissions for View Manager Users To use VirtualCenter with View Manager, administrators must have permission to carry out certain operations in VirtualCenter.
View Manager Administration Guide Initial View Manager Configuration Once you have installed one or more View Connection Server instances you must perform an initial configuration so that they are ready to carry out administrative tasks. Configuration is carried out from within View Administrator, the Web‐based administrative component of View Manager. This component is described in detail in Chapter 3, “View Administrator,” on page 47.
Chapter 2 Installation d In the VirtualCenter Servers table, click Add and complete the details for one or more VirtualCenter servers to use with View Manager. i Enter the FQDN or IP address of the VMware VirtualCenter server you want View Manager to communicate with in the Server address text box. CAUTION If you enter a server using a DNS name or URL, no DNS lookup is performed to verify whether or not the server has previously been entered using its IP address.
View Manager Administration Guide f Click Administrators in the column on the left of the screen. g In the Administrators table, click Add and use the form provide to grant administrative rights to the Active Directory users who you want to be able to access to View Administrator. Once you have added all the required administrators, click OK.
Chapter 2 Installation This command creates a file called vdmconfig.ldf that contains the exported View LDAP configuration information. LDIF data is imported into View Manager using LDIFDE, a utility included with Windows Server 2003 that supports batch operations based on the LDIF file format standard. To import View Manager configuration data From the command prompt on a standard or replica View Connection Server, change to the LDAP directory and execute the following command: LDIFDE -i -f vdmconfig.
View Manager Administration Guide The default maximum number of ephemeral ports that can be created simultaneously on Windows Server is 5000. If you plan to deploy View Manager into an environment where a large number (greater than 900) of concurrent client connections is likely, VMware strongly recommends that you increase the number of available ephemeral ports. The number is determined by using the calculation provided in “Optimization Calculation” on page 41.
Chapter 2 Installation This formula equates to the following results: 1 CPU = 128 2 CPUs = 512 4 CPUs = 2048 8 CPUs = 8192 To accommodate large deployments of View desktops, you might have to increase the size of this table. View Manager Deployments with Security Servers When security servers are present in your View environment, the calculation provided in “Optimization Calculation” on page 41 is used to determine the size of the hash table on each security server.
View Manager Administration Guide For example, if your overall number of desktops is 2000, you anticipate that the greatest number of concurrent client connections that will take place at any given time is 1000, and your view environment is composed of these components: 1 standard server 1 replica server This number is 4250 for the standard and replica servers.
Chapter 2 Installation On 32‐bit Windows systems, the maximum size of an allocated contiguous memory block is 2GB. The JVM heap is implemented as a contiguous memory block and ~0.5GB of that space is required by the JVM itself for normal operation. Therefore, on a 32‐bit Windows system, JVM programs can only use up to ~1.5GB of memory per process. CAUTION You must not raise the JVM heap size to more than 1.5GB.
View Manager Administration Guide 46 VMware, Inc.
3 View Administrator 3 View Administrator is where you perform all of the configuration, deployment, analytical, and administrative tasks related to View Manager and desktop management. This chapter describes the features of View Manager and the tasks you can perform.
View Manager Administration Guide Desktops and Pools View The Desktops and Pools view is displayed by default when you log in to View Administrator or when you click the Desktops and Pools button, and is where you create, deploy, administer, and monitor your virtual desktops.
Chapter 3 View Administrator Table 3-1. Desktops Pane – Tab Summary Tab Context Description Summary Desktop This tab provides an overview of all information associated with a desktop or desktop pool, including: Desktop Pool General information about the pool, such as the name, type, persistence, and current activity. VirtualCenter environmental criteria, such as server name, capacity, and domain administrator.
View Manager Administration Guide Table 3-1. Desktops Pane – Tab Summary (Continued) Tab Context Description Users and Groups Desktop This tab lists all users and groups entitled to use this desktop or pool. From under the Entitlements sub‐tab, you can select and Remove Entitlement from any user listed in the table provided. Desktop Pool If the selected pool uses linked clone technology for its deployment, an additional sub‐tab—Known Users—is also displayed.
Chapter 3 View Administrator Table 3-1. Desktops Pane – Tab Summary (Continued) Tab Context Description Offline Sessions All This tab lists all the Offline Desktop desktops currently checked out, either globally or within the selected pool. Refer to Chapter 7, “Offline Desktop,” on page 155 for more information about this feature and the functions provided on this tab. Global Policies Global This tab lists the policies that are applied to all desktops and pools at the global level.
View Manager Administration Guide The Users and Groups view is divided into two parts: a left pane that contains an Inventory and a Search tab and a right pane that provides either global or pool‐level information about the users currently entitled. When the Inventory tab is selected, the left pane provides an alphabetic list of all the users under the top‐level Global users and group view entry. This entry is global in scope.
Chapter 3 View Administrator Table 3-2.
View Manager Administration Guide Configuration View The Configuration view is displayed when you click the Configuration button. This view contains multiple sections that allow you to analyze desktop usage, configure licensing, connections, authentication criteria, and so forth. Each section is listed in the pane on the left side of the screen. Click an entry in the list to display the configuration information associated with that section.
Chapter 3 View Administrator Security Servers Security servers operate within a DMZ and run a subset of the full View Connection Server functionality. By using a security server as an intermediary connection layer, View Manager ensures that only authenticated users can attempt a connection to your internal network. Security servers offer greater network security to environments that allow clients to access them from the Internet.
View Manager Administration Guide Refer to “View Connection Server Backup” on page 40 and “Restore View Composer Database (restoredata)” on page 151 for information on how to import View LDAP data and View Composer data. Table 3-3. View Server Settings Property Description External URL In order for external clients to communicate with View Connection Server, you must enter a URL that can be resolved externally. Enter a URL in the External URL field.
Chapter 3 View Administrator Table 3-3. View Server Settings (Continued) Property Description RSA SecurID 2‐Factor Authentication The properties in this group determine if clients connecting to View Connection Server must also RSA SecureID in order to authenticate: Enable—Determines if client authentication process requires RSA SecureID credentials. Enforce SecurID and Windows user name matching—Determines if RSA SecurID user names must match the user names stored in Active Directory.
View Manager Administration Guide Table 3-3. View Server Settings (Continued) Property Description View Manager Configuration Backup To preserve your configuration information, View Manager allows you to back up the contents of the View LDAP repository used by all View Connection Servers in your environment.
Chapter 3 View Administrator Registered Desktop Sources This section provides the number of Terminal Services sources and other sources (standalone virtual machines and physical systems) currently registered with View Connection Server. Administrators The Administrators table contains a list of all users and groups that are allowed to log in to View Administrator. All entities in this list reside within the current Active Directory domain forest.
View Manager Administration Guide Table 3-4. Global Settings Property Description Session timeout Determine how long (in minutes) users are allowed to keep sessions open after they log in to the View Connection Server. This field must contain a value, and the default is 600. Use SSL for client connections Determines if SSL is used to create a secure communication channel between View Connection Server and the client. This setting must be enabled if you are using smart card authentication.
Chapter 3 View Administrator Table 3-4. Global Settings (Continued) Property Description Disable Single Sign‐On for Offline Desktop operations Determines if single sign‐on is enabled for Offline Desktop. When disabled, users must manually log in to their desktop to start their Windows sessions. Display a pre‐login message Determines if View Client and View Portal users see a disclaimer or login message with information or instructions entered by the administrator in the field provided.
View Manager Administration Guide 62 VMware, Inc.
4 Virtual Desktop Deployment 4 Virtual desktop deployment is the task of preparing individual or multiple virtual machines for View Manager client connections. Once deployed, prepared systems can be accessed directly or act as a template from which View Manager can create an extensible pool of cloned desktops.
View Manager Administration Guide Overview of Virtual Desktop Deployment The procedure for deploying virtual desktops varies depending on whether you are creating an automated pool from a virtual machine template, an individual desktop instance, or a pool of manually‐selected virtual desktops. However, in all of these cases a base—or guest—system must first be selected and configured for use with View Manager.
Chapter 4 Virtual Desktop Deployment Unmanaged Desktop Sources— the desktop source is a machine that is not managed by a VirtualCenter server. This includes virtual machines running on VMware Server and virtual machines running on other virtualization platforms that support View Agent. Blade PCs, physical PCs, and Terminal Servers on which you can install View Agent are unmanaged desktop sources.
View Manager Administration Guide Terminal Server Pool – is a pool of terminal server (TS) desktop sources served by one or more terminal servers. A terminal server desktop source can deliver multiple desktops. A TS pool has the following characteristics: Pool of TS desktops served by a farm comprising of one or more terminal servers.
Chapter 4 Virtual Desktop Deployment To install View Manager Agent 1 Run the View Agent executable on the system that will host the agent, where xxx is the build number of the file: VMware-viewagent-xxx.exe The installation wizard opens. Click Next. 2 Accept the VMware license terms and click Next. 3 Choose your custom setup options. You must install the View Manager Composer Agent if you want to deploy linked clone desktops.
View Manager Administration Guide To configure this subnet, create the following registry string in the virtual machine on which the View Agent is installed, where n.n.n.n is the TCP/IP subnet and m is the number of bits in the subnet mask: HKLM\Software\VMware, Inc.\VMware VDM\Node Manager\subnet = n.n.n.n/m (REG_SZ) Individual Desktops Individual desktops are single virtual machines that contain View Agent and can be accessed remotely by View Manager clients.
Chapter 4 Virtual Desktop Deployment 5 Enter the Unique ID and, optionally, the Display name and Description. The unique ID is used by View Manager to identify the desktop pool and is the name that clients see when logging in. The unique ID and display name can be arbitrary but if you do not specify a display name the unique ID is used for both. NOTE You can use any alphanumeric character, including spaces, to provide an optional description.
View Manager Administration Guide Property Parameter Description Allow users to reset their desktop Select if you want to allow desktop users to reset their own desktops without administrative assistance. Default display protocol Select the display protocol that you want View Connection Server to use when communicating with View Client. Microsoft RDP—The default option. HP RGS—See “Enabling HP RGS Display Protocol” on page 112.
Chapter 4 Virtual Desktop Deployment Automated Desktop Pools Automated desktop pools contain one or more dynamically generated desktops that are automatically created and customized by View Manager from a VirtualCenter virtual machine template. Desktop pools of this type can be either: Persistent—Desktops in this type of pool are allocated statically in order to ensure that users connect to the same system each time they log in. Desktop assignment takes place the first time the user connects.
View Manager Administration Guide Customization Specifications Customization specifications are optional, but they can greatly expedite automated desktop pool deployments by providing configuration information for such general properties as licensing, domain attachment, and DHCP settings. To create a customization specification 1 In VirtualCenter, click Edit > Customization Specifications. 2 Click New to create a new Customization Specification.
Chapter 4 Virtual Desktop Deployment 11 Specify how the desktops derived from this template will participate in your network. If you want to automatically add deployed desktops to a domain, select Windows Server Domain and enter the appropriate name in the field provided. In the user name, password, and password confirmation fields, enter the credentials for a user who has the requisite level of permission to add a systems to this domain.
View Manager Administration Guide 6 Configure the desktop properties and click Next. CAUTION If you are using Windows Vista as your Parent VM, you must set the power policy to Ensure VM is always powered on. Property Parameter Description State Enabled—after being created, the desktop pool is automatically enabled and ready for immediate use. Disabled—after being created, the desktop pool is disabled and unavailable for use.
Chapter 4 Virtual Desktop Deployment Property Parameter Description Power off and delete virtual machine after first use Select if you want the virtual machine to be deleted immediately after the user logs off. (non‐persistent pools only) If necessary, a new virtual machine is cloned to maintain a specific pool size after virtual machines are deleted. Allow users to reset their desktop Select if you want to allow desktop users to reset their own desktops without administrative assistance.
View Manager Administration Guide Property Parameter Description VM naming pattern By default, a prefix is used to identify all desktops in a pool as part of the same group. The prefix can be up to 13 characters in length and a numeric suffix is appended to this entry in order to distinguish each desktop from others in the same pool. You can override this behavior by entering a name that contains a token representing the pool number; the token can appear anywhere in the name.
Chapter 4 Virtual Desktop Deployment 8 Select the template to be used as the base image for the deployment. You are only presented with templates that contain a desktop operating system supported by View Manager. Click Next. 9 Select where you want the folder for this desktop pool to reside within VirtualCenter and click Next. 10 Select a host or a cluster on which to run the virtual machines used by this desktop and click Next. NOTE Only clusters of 8 hosts or fewer are supported and shown.
View Manager Administration Guide Once the deployment has been initiated you can monitor the progress of the automated desktop pool by selecting either the Desktops or Desktop Sources tabs in the Global desktop and pool view pane. Manual Desktop Pools Manual desktop pools are pools of virtual machines that are manually constructed by the View Manager administrator.
Chapter 4 Virtual Desktop Deployment The unique ID is used by View Manager to identify the desktop pool and is the name that the user sees when logging in. The unique ID and display name can be arbitrary but if you do not specify a display name the unique ID is used for both. NOTE You can use any alphanumeric character, including spaces, to provide an optional description. The description can be up to 1024 characters in length and is only visible from within View Administrator.
View Manager Administration Guide Property Parameter Description Allow multiple sessions per user Select if you want to allow individual users to simultaneously connect to multiple desktops in the same pool. (non‐persistent pools only) Default display protocol Select the display protocol that you want View Connection Server to use when communicating with View Client. Microsoft RDP—The default option. HP RGS—See “Enabling HP RGS Display Protocol” on page 112.
Chapter 4 Virtual Desktop Deployment Entitling a Desktop or Pool Once a desktop or desktop pool has been created, you can entitle Active Directory users or groups to access it. To entitle a desktop to an Active Directory user or group 1 From within View Administrator, click the Desktops and Pools button and then click the Global desktop and pool view entry under the Inventory tab. Choose the desktop or pool you want to entitle from the Global desktop and pool view pane. 2 Click Entitlements.
View Manager Administration Guide 3 Click the arrow the left of the search field select the check boxes for the appropriate columns. 4 Click Done. 5 Enter search text and click Go. To search categories in the Desktops Search view 1 From within View Administrator, click the Desktops and Pools button and click the Search tab on the left side of the page. 2 In the Search for desktops and pools field, enter search text.
Chapter 4 Virtual Desktop Deployment Working with Active Sessions After users connect to a desktop, active sessions are listed in the inventory. You can view active sessions on the Inventory page. To view, disconnect, or restart active sessions 1 From within View Administrator, click the Desktops and Pools button and click the Inventory tab on the left side of the page. 2 In Global desktop and pool view, click Active Sessions.
View Manager Administration Guide Deleting View Manager Objects Delete View Manager objects (VirtualCenter connections, View Connection Server connections, and desktops) by using the administrator user interface. To remove a VirtualCenter server connection from a View Connection Server 1 From within View Administrator, click the Configuration button. 2 In VirtualCenter Servers, select the VirtualCenter server you want to remove and click Remove.
5 Client Management 5 The locally installed View Client application and the Web‐based View Portal component allow users to connect to their desktops. These applications can operate within an internal network or externally over the Internet, and their behavior can be modified in a number of ways. In addition, View Client offers a variety of user authentication models—including secure authentication—all of which must be first configured on View Connection Server.
View Manager Administration Guide “Adobe Flash Bandwidth Reduction” on page 108 “Client Device Information” on page 110 “Enabling HP RGS Display Protocol” on page 112 NOTE Features differ according to which View Client you use. This guide describes primarily View Client and View Portal for Microsoft Windows. The following types of clients are not covered in detail in this guide: View Portal for Linux (experimental) and View Portal for Mac OS X (experimental).
Chapter 5 Client Management To install View Client 1 Run the View Client executable on the system that will host the client, where xxx is the build number of the file: VMware-viewclient-xxx.exe The Installation wizard opens. Click Next. 2 Accept the VMware license terms and click Next. 3 Choose your custom setup options. You may deselect the USB Redirection component if users do not need to access locally connected USB devices through their desktops.
View Manager Administration Guide View Client Policies Certain View Client features can be controlled through policies. For information about configuring and applying policies to View Client at the global, pool, or user level refer to “Client Policies” on page 171. Client Connections from the Internet For a user to access a virtual desktop, their client system must be able to resolve the host name or IP address of the specified View Connection Server.
Chapter 5 Client Management Figure 5-1. External Client Connection thirdparty load firewall balancer View firewall Security Server server1.int View Client View Connection Server server2.int VMware Infrastructure VirtualCenter ESX 1 2 Active Directory 1 https://myview.mycorp.com 2 https://server1.int external internal 1 https://server2.int 2 https://server2.
View Manager Administration Guide Security Server External URLs The external URL of a security server cannot be defined from within View Administrator. Instead, you can use View Administrator to generate a configuration file that contains the externally resolvable security server name, port number, and protocol. This file is then placed on the security server. To generate a Security Server config.
Chapter 5 Client Management By default, in View Connection Server when a client visits a secure page such as View Administrator they are presented with the self‐signed certificate provided with the application. By reading the server certificate the user can decide if the server is a trusted source, and then accept (or reject) the connection. The certificate can be signed by a Certificate Authority (CA)—a trusted third party who guarantees the identity of the certificate and its creator.
View Manager Administration Guide You can replace the default certificate provided with View with a properly defined certificate for the service. If the certificate is signed by a trusted CA, users will not be presented with messages asking them to verify the certificate, and thin client devices will be able to connect without requiring additional configuration.
Chapter 5 Client Management 4 In the Variable value field add the path to the JRE installation directory: %ProgramFiles%\VMware\VMware View\Server\jre\bin Ensure that this entry is delimited with a semicolon (;) from any other entries present in the field. 5 Click OK > OK > OK to close the Windows System Properties dialog box. To create a self-signed SSL certificate 1 From a command prompt, enter the following: keytool -genkey -keyalg "RSA" -keystore keys.
View Manager Administration Guide To create a certificate signing request (CSR) From a command prompt, enter the following where is the keystore password: keytool -certreq -keyalg "RSA" -file certificate.csr -keystore keys.p12 -storetype pkcs12 -storepass The certificate.csr file is created in the same location.
Chapter 5 Client Management 3 From a command prompt, enter the following where is the keystore password: keytool -import -keystore keys.p12 -storetype pkcs12 -storepass -keyalg "RSA" -trustcacerts -file certificate.p7 If you are using a temporary certificate you may be presented with the following message: ... is not trusted.
View Manager Administration Guide 5 Save the file with a .P7 extension. 6 Add this certificate to your keystore, as described in “To submit the CSR and import the certificate” on page 94. Using Existing SSL Certificates You organization may already have a valid (CA signed) SSL certificates that you want to use with View Connection Server. In order to use an SSL certificate you will require both the certificate and the private key that accompanies it.
Chapter 5 Client Management The certificate is exported to the specified location. You must now carry out the procedure described in “To configure the View Connection Server to use the new certificate” on page 95. Ensure that the keypass entry in the locked.properties file corresponds to the password you used when exporting the certificate. Smart Card Authentication Some organizations require personnel to pass multiple stages of authentication before allowing them to connect to their systems.
View Manager Administration Guide Obtaining a Root Certificate You must obtain the root certificate from the CA that signed the certificates on the smart cards presented by your users. The root certificate is obtained from one of the following sources: Microsoft IIS server running Microsoft Certificate Services. The procedure for installing Microsoft IIS, issuing certificates, and distributing them in your organization exceeds the scope of this guide.
Chapter 5 Client Management 3 Under the Personal tab, select the certificate you wish to use and click View. NOTE If the user certificate is not present in the list you must first click the Import button to manually import the user certificate. Once the certificate has been imported, select it from the list and click View. 4 Under the Certification Path tab, select the certificate at the top of the tree and click View Certificate. 5 Under the Details tab click Copy to File.
View Manager Administration Guide 5 In the left pane, expand Computer Configuration > Windows Settings > Security Settings > Public Key Policy. 6 Right‐click Trusted Root Certification Authorities and select Import. 7 Follow the instructions in the wizard to import the certificate. Click OK. 8 Close the Group Policy window. By adding the certificate to the list of trusted roots, you are ensuring that all systems in the domain have a copy of the certificate in their trusted root store.
Chapter 5 Client Management Using keytool to Create a Truststore From a command prompt, enter the following: keytool -import -alias -file -keystore In this command, is a unique (case‐insensitive) name for a new entity entry in the truststore (in this case, the certificate you are about to import), is the name of the root CA certificate you previously obtained or exported, and is the name of the truststore output file.
View Manager Administration Guide Configuring a Standard or Replica Server A security server that has been configured to use smart card authentication will automatically require the user to authenticate using their card and PIN during login. Standard and replica servers can be configured to accommodate several different smart card authentication scenarios. To set the smart card authentication setting on a standard or replica server 1 From within the View Administrator, click the Configuration button.
Chapter 5 Client Management The most straightforward way of adding this information to Active Directory is to use the ADSI Edit utility provided as part of the Windows Support Tools software collection. If it is not already present on your Active Directory server, Windows Support Tools can be downloaded and installed from the following location: http://www.microsoft.com/downloads/details.
View Manager Administration Guide 3 Under the RSA SecurID 2‐Factor Authentication heading, configure the desired RSA settings: Enable—Enables RSA SecurID authentication for end users accessing virtual desktops. Enforce SecurID and Windows user name matching—SecurID checks user names against the Active Directory user names and denies access to entries that do not match. Clear node secret—refers to the node secret on View Agent. See “Node Secret Reset.
Chapter 5 Client Management To launch View Client in fully scripted mode—that is, with all connection, user, and desktop criteria provided—enter the following: "C:\Program Files\VMware\VMware View\Client\bin\wswc" -serverURL -userName -password -domainName -desktopName Table 5‐1 describes the command line options you can use when you launch View Client. Table 5-1.
View Manager Administration Guide Table 5-1. View Client Command Line Options (Continued) Property Description checkin (Offline Desktop only) Checks in the specified desktop and unlocks the online equivalent. This property requires the desktopName property to be supplied. staycheckedout (Offline Desktop only) Backs up the data on a checked out desktop to the server, but keeps the offline desktop checked out. This property requires the desktopName property to be supplied.
Chapter 5 Client Management Virtual Printing The Virtual Printing (ThinPrint) feature of View allows View Client and View Client with Offline Desktop users to transparently use local or network printers from within their remote systems, yet removes the requirement for installing proprietary printer drivers on each View desktop. NOTE View Portal does not support Virtual Printing.
View Manager Administration Guide 5 Select the General tab and click Printing Preferences. 6 Edit the page and color settings; the default values are acquired from the host printer. 7 Click the Advanced tab. If the printer installed on the host supports these options, edit the following settings for double‐sided printing: Long edge for portrait or Short edge for landscape printing. To preview each printout on the host, enable Preview on client before printing.
Chapter 5 Client Management The desktop user can override Adobe Flash settings in the desktop. For more information, see “Overriding Bandwidth Reduction Settings in the Desktop” on page 110. Setting Adobe Flash Quality and Throttling You can specify a maximum allowable level of quality for Adobe Flash content that overrides any Web page settings. If Adobe Flash quality for a given Web page is higher than the maximum level allowed, quality is reduced to the specified maximum.
View Manager Administration Guide 3 Select an appropriate throttling mode from the Adobe Flash throttling drop‐down menu. 4 Click Finish. The settings you configured now appear in Desktop/Pool Settings pane. NOTE Adobe Flash bandwidth reduction settings do not take effect until View Client reconnects with the desktop. Overriding Bandwidth Reduction Settings in the Desktop By using the mouse cursor in the desktop, users can override Adobe Flash content display settings.
Chapter 5 Client Management Table 5-2.
View Manager Administration Guide NOTE The full set of client information is sent only when the desktop is launched using View Client.
Chapter 5 Client Management Configuring HP RGS in View Administrator First, ensure that the View Connection Server RDP tunnel is turned off. To verify that the tunnel is turned off 1 From within the View Administrator, click Configuration. 2 Select Servers and select the server you want to configure. 3 Click Edit. 4 In the Edit Server Settings dialog, verify that the Direct connection to desktop check box is selected.
View Manager Administration Guide 114 VMware, Inc.
6 View Composer 6 The View Composer feature provides a versatile and highly storage‐efficient alternative to creating and managing many standalone virtual machines. This chapter provides an overview of View Composer. In addition to offering a conceptual overview of how linked clone desktops are created within VirtualCenter by View Composer and managed by View Manager, the following sections describe how to prepare VirtualCenter and a base virtual machine image for use in a View Composer deployment.
View Manager Administration Guide The link is indirect because the first time one or more linked clones are created, a uniquely identified copy of the Parent VM—called a replica—is also created. All the desktop clones are anchored directly to the replica and not to the Parent VM. Desktops of this type are called linked clone desktops. NOTE Replica VMs can be identified within VirtualCenter by their replica- prefix followed by a unique ID.
Chapter 6 View Composer View Manager administrators can simultaneously update (or change) the operating systems of all linked clone desktops, install or update client applications, or modify the desktop hardware settings by carrying out these activities on the Parent VM and then anchoring the linked clones to a new snapshot of this configuration. This action is called desktop recomposition. NOTE Linked clones can also be anchored to a new snapshot of a completely different Parent VM.
View Manager Administration Guide Because the delta disks for each desktop will inevitably grow over time, during linked clone deployment you can define the maximum allowable size of each virtual machine, up to the original size of the Parent VM. The amount of disk space required to store the difference between the linked clone operating system data and Parent VM operating system data will typically remain far smaller than that required by a standard clone.
Chapter 6 View Composer Storage overcommit levels can be varied between different types of datatstores in order to address the different levels of throughput on each datastore (for example, NAS versus SAN). Where throughput is relatively slow, the overcommit level can be set to a lower level to ensure that a smaller number of clones are created on the datastore. Conversely, a higher level of overcommit could be applied to datastores that exhibit a greater rate of data transfer.
View Manager Administration Guide Source Virtual Machine Recomposition is expedited through the use of an additional protected linked clone desktop in VirtualCenter—called a source virtual machine—that is created alongside the replica when a linked clone desktop pool is first deployed. NOTE The source virtual machine is located with the replica inside a folder called VMwareViewComposerReplicaFolder in VirtualCenter.
Chapter 6 View Composer Figure 6-3. Desktops Refresh parent VM base image + snapshot refresh replica 1 user data disk refreshed OS data disk user data disk bloated OS data disk It is important to occasionally refresh the attached systems in order to prevent the desktop clones growing to the size of a full virtual machine.
View Manager Administration Guide Figure 6-4. Desktop Rebalance – Before parent VM base image + snapshot replica 1 replica 2 user data disk user data disk OS data disk OS data disk user data disk OS data disk free space user data disk LUN A LUN B OS data disk Rebalancing the LUNs evenly distributes any selected (or all) virtual machines between the available logical drives. This result of this action is illustrated in Figure 6‐5. 122 VMware, Inc.
Chapter 6 View Composer Figure 6-5. Desktop Rebalance – After parent VM base image + snapshot replica 1 replica 2 OS data disk user data disk user data disk OS data disk OS data disk user data disk user data disk OS data disk free space free space LUN A LUN B A high level of storage overcommit introduces the possibility of virtual machines growing to such a level that all free space within the datastore is consumed.
View Manager Administration Guide The rebalance feature offers administrators a graceful mechanism for introducing additional storage to a datastore in order to prevent the latter outcome. In addition, prior to executing the rebalance action you may also retire old storage and make resource pool alterations, and host changes. Only desktops in the Ready, Error, or Customizing state with no schedules or pending cancellations can be rebalanced.
Chapter 6 View Composer During the initial startup of each new desktop, QuickPrep ensures that the system is given a new name (specified during the deployment process) and is joined to the appropriate domain, and to mount the new volume that will contain the user profile information. In addition, a new computer account corresponding to each desktop is created by QuickPrep on the Active Directory domain controller. These events also take place after a desktop refresh.
View Manager Administration Guide If a View Composer database does not already exist within your network environment, you must create a database and data source name (DSN) to store View Composer data. If a View Composer database already exists in your environment, see “Using an Existing View Composer Database” on page 147 for supplementary information about how to use this data source.
Chapter 6 View Composer To add a View Composer database to SQL Server 2005 1 On the VirtualCenter server host system select Start > All Programs > Microsoft SQL Server 2005 > SQL Server Management Studio Express and connect to the existing SQL Server instance for Virtual Infrastructure Management. 2 In the Object Explorer pane, right‐click the Databases entry and select New Database. You are presented with the New Database dialog.
View Manager Administration Guide 8 Select the Change the default database to check box and select the name of the database you have created for View Composer from the associated list (in this example, ViewComposer). Click Next. 9 Click Finish > OK. 10 Click OK to close the Microsoft ODBC Data Source Administrator wizard.
Chapter 6 View Composer To add an ODBC data source 1 On the VirtualCenter server host system select Start > Administrative Tools > Data Source (ODBC). The Microsoft ODBC Data Source Administrator wizard is displayed. 2 Select the System DSN tab. 3 Click Add and select the appropriate Oracle driver from the list (for example, Oracle in OraHome92). 4 Click Finish. The Oracle ODBC Driver Configuration dialog box is displayed.
View Manager Administration Guide 4 On the Database Templates page, select the Data Warehouse template and click Next. 5 On the Database Identification page, enter a Global Database Name and an Oracle System Identifier (SID) prefix. For simplicity, enter the same value for both. 6 On the Management Options page, click Next to accept the default settings. 7 On the Database Credentials page, enter a password for the SYSTEM account and click Next.
Chapter 6 View Composer Adding the View Composer Service to VirtualCenter View Composer is used by View Manager to create and deploy linked clone desktops from VirtualCenter. During the installation of the service you are offered the opportunity to specify which port the service should use to communicate with View Connection Server. If Windows firewall is running on the VirtualCenter system you must add this port to the exception list or deactivate the local firewall service.
View Manager Administration Guide In addition to the standard privileges described in “VirtualCenter Permissions for View Manager Users” on page 37, the View Composer service requires that you enable some additional privileges, described in Table 6‐1. Table 6-1.
Chapter 6 View Composer Uses DHCP in order to acquire its IP address. System disk is be attached to the SCSI (0:0) Virtual Device Node. This property can be configured from within VirtualCenter. Operating system power settings are set to remain on at all times. System disk contains a single volume (multiple virtual disks are supported). CAUTION Do not attempt to deploy clones from a Parent VM that contains more than one volume as the result of disk partitioning.
View Manager Administration Guide 3 Choose your custom setup options. You must install the View Manager Composer Agent, however you may also select or deselect the following features: Install the View Secure Authentication component if you want to install the Graphical Identification and Authentication (GINA) dynamic‐link library.
Chapter 6 View Composer Before you attempt to create a new linked clone desktop pool you must first ensure that View Manager is able to contact VirtualCenter and that the View Composer service has started. Once a connection has been established you will be able to deploy a new linked clone desktop pool.
View Manager Administration Guide 4 Ensure that the Enable View Composer check box is selected and that the port number corresponds to the port specified during the installation of the View Composer service on the VirtualCenter host. 5 Click Add to enter the required details in the Add QuickPrep Domain dialog box: Enter the fully qualified domain name of the Active Directory domain (for example, domain.com), the user name including the fully qualified domain name (for example, domain.com\admin), and the
Chapter 6 View Composer 4 Select the VirtualCenter server that will be used by this desktop, and ensure that Use linked clone technology to create desktops in this pool is selected. Click Next. 5 Enter the Desktop ID and, optionally, the Desktop Display Name and Description. The desktop ID is used by View Manager to identify the desktop pool and is the name that the user sees when logging in.
View Manager Administration Guide Property Parameter Description Power off and delete virtual machine after first use Select if you want the virtual machine to be deleted immediately after the user logs off. (non‐persistent pools only) If necessary, a new virtual machine is cloned to maintain a specific pool size after virtual machines are deleted. Allow users to reset their desktop Select if you want to allow desktop users to reset their own desktops without administrative assistance.
Chapter 6 View Composer 7 Configure the desktop provisioning properties and click Next. Property Parameter Description Provisioning Enabled—the desktops in the pool will be immediately created upon completion of the deployment procedure or after a desktop is deleted. Disabled—the desktops in the pool will not be immediately created upon completion of the deployment procedure or after a desktop is deleted. Number of desktops Specifies the number of desktops to create in this pool.
View Manager Administration Guide Property Parameter Description Stop provisioning on error Select this check box if you want View Manager to automatically stop provisioning new virtual machines if an error is detected during desktop creation. Advanced Settings Click to display the advanced pool configuration settings. You can enable the advanced parameters by selecting the Enable Advanced Pool Settings check box. This will disable the Pool Size parameter.
Chapter 6 View Composer If you are using multiple datastores, you can select Use different datastores for user data disks and OS disks. Then you can choose which datastores are used for which type of data during datastore selection in Step 14. CAUTION Do not select a letter that corresponds to a drive that is already present on the Parent VM. If you do not want user data to be preserved after a refresh or recomposition event, select Store user profile on the same disk as the OS.
View Manager Administration Guide 15 In order to join linked clone desktops to a domain, View Manager requires domain administrator credentials for the target domain. Select the domain name and user name entry from the QuickPrep domain drop‐down menu. You specify these credentials when you add or edit your VirtualCenter server settings in the procedure “To add or edit a VirtualCenter server entry in View Manager” on page 135.
Chapter 6 View Composer If you want to make changes to the datastore profile (add or remove a storage, or modify the pool configuration) before rebalancing, you must first use the Edit Desktop wizard to reconfigure the pool. NOTE Rebalancing will automatically initiate a refresh of the target desktop or desktops. In addition, only desktops in the Ready, Error, or Customizing state with no schedules or pending cancellations can be rebalanced.
View Manager Administration Guide 5 If you selected the Users and Groups tab you can now filter your user selection. Select All users if you want to execute a global refresh against all assigned users in the desktop pool. If you selected one or more users you can select The following users if you want the refresh to apply only to specific users within the selected group. If you selected the Summary or Desktop Sources tab you can now filter your desktop source selection.
Chapter 6 View Composer 3 Select one of the following options: To recompose the entire desktop pool, ensure that the Summary tab is selected in the right pane. To recompose the desktops assigned to specific users in the desktop pool, ensure that the Users and Groups tab is selected in the right pane. If you want to recompose the desktop of one or more assigned users, select the corresponding check boxes. You do not need to do this if you want to recompose the desktops of all assigned users.
View Manager Administration Guide 8 Edit the base image used by the selected desktop pool. If you want to anchor the clones in the desktop pool to a different snapshot within the same base image, select a new snapshot from the list provided. If you want to change the current base image to that of a new Parent VM, click Change and select a new virtual machine to be the Master VM for the pool from those highlighted in the list. Click OK. Click Next.
Chapter 6 View Composer 5 Click Rebalance. You are presented with the Rebalance wizard, which provides you with information about what will happen when you rebalance one or more desktops in the pool. Once you have read this information and are satisfied that you want to proceed click Next. 6 If you previously selected one or more virtual machines from the desktop source list you can choose to rebalance only these systems by selecting the corresponding radio button.
View Manager Administration Guide The ASP.NET IIS registration tool provided with the Microsoft .NET Framework allows you to conduct multiple configuration operations, including migrating key container content between different systems. To carry out the following procedure you must have the .NET Framework installed on the system that contains (or previously contained) the instance of View Composer that was associated with the database you want to use. You must also install the .
Chapter 6 View Composer Using the SviConfig Tool for View Composer The SviConfig utility accompanies the View Composer application and offers View Manager administrators the ability to upgrade or restore the View Composer database. The path to the SviConfig executable file is: C:\Program Files\VMware\VMware View Composer\sviconfig.exe The commands described in this section are intended for experienced View Composer administrators, and are intended to resolve issues relating to the View Composer service.
View Manager Administration Guide Result Output A successful operation results in the following output: Establishing database connection. Database connection established successfully. Upgrading database. Load data from SVI_VC_CONFIG_ENTRY table. Update SVI_DEPLOYMENT_GROUP table. Update SVI_REPLICA table. Update SVI_SIM_CLONE table. SviConfig finished successfully. Database is upgraded successfully.
Chapter 6 View Composer Restore View Composer Database (restoredata) View Connection Server can be set to create manual or automatic backups of View LDAP and View Composer database data. Using the restoredata command, the backup files that relate to your View Composer deployment can then be imported into the SQL database that stores linked clone information in order to restore your View environment to an earlier state.
View Manager Administration Guide SviConfig restoredata command instructions are issued from a Windows command prompt in the following form: sviconfig -operation=restoredata -DsnName= -Username= -Password= -BackupFilePath= For example: sviconfig -operation=restoredata -dsnname=LinkedClone -username=Admin -password=Pass -backupfilepath="C:\Program Files\VMware\VMware View C
Chapter 6 View Composer Object type SimCloneDo found in the backup Establishing database connection. Database connection established successfully. Database initialization. Execute 'DropScript' script. Execute 'CreateScript' script. Start processing the backup.
View Manager Administration Guide 154 VMware, Inc.
7 Offline Desktop 7 Offline Desktop offers mobile users the ability to check out a cloned instance of certain types of View Manager desktop onto a local system such as a laptop. Once checked out, the local copy behaves like a standalone desktop system and can be used with or without a network connection; the desktop is now considered to be “offline.” The following sections provide an overview of Offline Desktop, its purpose and implementation. NOTE Offline Desktop is an experimental feature.
View Manager Administration Guide In anticipation of this, an Offline Desktop user can use the View Client with Offline Desktop application to download a copy of their desktop virtual machine from the View Connection Server for use on a local computer—an event that also “locks” the online desktop virtual machine, preventing it from being accessed from any other location.
Chapter 7 Offline Desktop Figure 7-1. Offline Desktop – Usage Flow 1 vCenter View Connection Server VM n Internet VM 2 VM 1 VM 1 datastore (desktops in virtual machines) 2 ESX remote user vCenter View Connection Server VM n Internet VM 2 VM 1 1 VM datastore ESX remote user 3 vCenter View Connection Server VM n Internet VM 2 VM 1 VM 1 datastore ESX remote user VMware, Inc.
View Manager Administration Guide Table 7-1. Offline Desktop – Stage Description Stage Description 1 The remote user starts View Client with Offline Desktop and is presented with a list of their entitled desktops. The user selects an Offline Desktop compatible desktop and initiates a download that copies the desktop virtual machine onto their local system.
Chapter 7 Offline Desktop Once checked out, Offline Desktop uses thin provisioned virtual disks to store information on the host system. This type of disk occupies no more space than that required by the data it contains, and physical disk space is only allocated as data is written; this minimizes the storage footprint of the downloaded system.
View Manager Administration Guide Offline Desktop Policies Certain Offline Desktop features can be controlled through policy. For information about configuring and applying policies to offline desktops at the global, pool, or user level refer to “Client Policies” on page 171. Supported Desktop Types Not all types of View Manager desktop configuration support Offline Desktop. Table 7‐2 provides a matrix that describes the availability of this feature to the different desktop types. Table 7-2.
Chapter 7 Offline Desktop You cannot download a desktop to a system where the guest exceeds the capabilities of the host; the host system must be at least as capable as the guest in order to run the View Manager desktop. You cannot download a desktop if another user is currently logged in to that desktop. ESX supports two simultaneous desktop checkouts. ESXi supports five simultaneous desktop checkouts. Host CD‐ROM redirection is not supported.
View Manager Administration Guide The above applications must be uninstalled prior to installing View Client with Offline Desktop. NOTE The View Client application provides a subset of the functionality offered by View Client for Offline Desktop; however, many of the administrative tasks and connection considerations are common to both applications, including a number of startup options that can be invoked when launching the application from a command prompt.
Chapter 7 Offline Desktop To start View Client with Offline Desktop 1 If View Client does not start automatically after installation, click Start > Programs > VMware > View Manager Client. 2 In the Connection Server drop‐down menu, enter the host name or IP address of a View Connection Server and click Connect. 3 Enter the credentials for an entitles user, select the domain and click Login. 4 Choose a desktop from the list provided and click Connect.
View Manager Administration Guide This view presents you with a pane that contains a status table for all the offline sessions currently known to the server. The column entries in this table are described in Table 7‐3. Table 7-3. Offline Sessions Field Description User The Active Directory ID of the user who checked out the desktop—this is in the form domain\user_name.
Chapter 7 Offline Desktop Removing Access In addition to the standard methods of account suspension or removal offered by Active Directory, Offline Desktop sessions can be terminated from within the administrative interface by removing user entitlement from an individual desktop or desktop pool, or by discarding the offline session.
View Manager Administration Guide 166 VMware, Inc.
8 Component Policies 8 A policy is a rule or set of rules defined by a system administrator that governs the behavior of an application. Within View Manager, policies can be used to establish the configuration of constituent components by controlling the logging of information, managing client access, restricting device usage, establishing security parameters for client usage, and so forth.
View Manager Administration Guide Table 8‐1 describes the different virtual machine power policy states that can be assigned to a desktop or desktop pool during deployment. Table 8-1. Power Policy Definitions Property Description Do nothing (VM remains on) Virtual machines that are powered off will be started when required and will remain on, even when not in use, until they are shut down.
Chapter 8 Component Policies Table 8-2. Power Policy Notes (Continued) Desktop Type Power Policy is Applied... Non‐Persistent manual Pool After user disconnection or logoff. Note: If the Power Off policy is applied after a disconnection, the session is discarded. If the Suspend policy is applied after a disconnection, an orphaned session could be created (the desktop is non‐persistent so there is no guarantee that the user will ever be able to return to it).
View Manager Administration Guide Power Policy Example 2 In the following pooling example—the parameters for which are provided in Table 8‐4—the maximum and minimum number of desktops are equal. Table 8-4. Pooling Example 2 Type Minimum Maximum Available Power Policy Non‐Persistent Automated Pool 5 5 2 Suspend VM Initially, 5 desktops are created: 3 suspended and 2 powered on and available.
Chapter 8 Component Policies Client Policies The properties provided under the policies tab in View Administrator are used to assert behavioral control over client components at the global, desktop pool, or desktop user level. By default, each user‐level policy inherits its setting from a pool‐level policy that, in turn, inherits its setting from a global policy. A number of general component behaviors relating to desktop sessions can be configured directly from within View Administrator.
View Manager Administration Guide The View Manager policies that relate specifically to Offline Desktop sessions are described in Table 8‐7. Table 8-7. Client Policies for Offline Desktop Property Offline Desktop Description Specifies if desktops can be checked out for local use. Available options are Allow and Deny. Pool‐ and user‐level policies may also Inherit the default setting from their parent. The default is Allow.
Chapter 8 Component Policies Similarly, if the global policy that specifies the amount of time a checked out desktop can run without successfully contacting the server is set to 10 minutes, you cannot apply a server contact policy of 30 minutes to any desktop pool. NOTE View Administrator warns you if you attempt to apply a less restrictive policy to a pool. User‐level policies override global‐ or pool‐level policies—that is, they can be more or less restrictive than either.
View Manager Administration Guide 4 In the View Policies box, click Edit Pool Policies. If you have selected an offline desktop and want to configure offline policies, click Offline Desktop Policies. The appropriate policies window is displayed. 5 Specify the Offline Desktop, User‐initiated rollback, and Max time without server contact policy settings and click OK. The pool‐level policy settings are now applied.
Chapter 8 Component Policies GPOs can be applied to View Manager components at a domain‐wide level in order to provide granular control over various areas of the View Manager environment. Once applied, GPO properties are stored in the local Windows registry of the specified component. In order to minimize the administrative overhead of creating bespoke polices, a number of component‐specific GPO templates are provided with View Connection Server that can be imported into Active Directory.
View Manager Administration Guide Computer Configuration GPO With the Computer Configuration GPO you can set policies that are applied to all systems, regardless of who connects to the desktop. Where equivalent policies exist in the User Configuration GPO, the policies contained in this group are overridden. View Agent Configuration Use the GPOs described in Table 8‐8 and Table 8‐9 to configure View Agent behavior. Table 8-8.
Chapter 8 Component Policies Table 8-9. View Agent Configuration Properties - Agent Configuration Property Description AllowDirectRDP Determines if non‐View clients can connect directly to desktops using RDP. When disabled, the agent will only permit View Manager‐managed connections via View Client or View Portal. If the View Secure Authentication component was not provided when View Agent was installed on a desktop, this policy has no effect on that desktop. This property is enabled by default.
View Manager Administration Guide View Client Configuration Use the GPO described in Table 8‐10, Table 8‐11 and Table 8‐12 to configure View Client and View Client with Offline Desktop behavior. Table 8-10. View Client Configuration Properties Property Description Disable time zone forwarding Determines if the time zone of the View Manager desktop is synchronized with that of the connected client.
Chapter 8 Component Policies Table 8-11. View Client Configuration Properties: Scripting Definitions (Continued) Property Description DesktopLayout (requires DesktopName) Determines the display state of the View Client window when the desktop is launched. When this property is enabled, the available settings are: FullScreen MultiMonitor Window Note: This property is only available when the DesktopName to select property has been set.
View Manager Administration Guide Table 8-12. View Client Configuration Properties - Security Settings (Continued) Property Description Ignore incorrect usage problems Determines if errors associated with incorrect usage of a server certificate are ignored. This error occurs when the certificate sent by the server intended for some purpose other than verifying the identity of the sender and encrypting server communications.
Chapter 8 Component Policies View Server Configuration Use the GPOs described in Table 8‐15 to configure settings that can apply to View Connection Server. Table 8-15. View Manager Server Configuration Properties Property Description Recursive enumeration of trusted domains Determines if every domain trusted by the domain in which the server resides is enumerated.
View Manager Administration Guide View Client Configuration Use the GPOs described in Table 8‐17, Table 8‐18, and Table 8‐19 to configure View Client and View Client with Offline Desktop behavior. Table 8-17. View Client Configuration Properties Property Description Disable time zone forwarding Determines if the time zone of the View desktop is synchronized with that of the connected client.
Chapter 8 Component Policies Table 8-18. View Client Configuration Properties – Scripting Definitions Property Description Server URL Determines the URL used by View Client during login. For example: http://view1.example.com Logon UserName Determines the user name used by View Client during login. Logon DomainName Determines the NETBIOS domain name used by View Client during login. Logon Password Determines the password used by View Client during login.
View Manager Administration Guide Table 8-19. View Client Configuration Properties – RDP Settings Property Color Depth Description Determines the color depth of the remote desktop.
Chapter 8 Component Policies Table 8-19. View Client Configuration Properties – RDP Settings (Continued) Property Description Audio redirection Determines how audio information is channelled when played on the remote desktop.
View Manager Administration Guide Table 8-19. View Client Configuration Properties – RDP Settings (Continued) Property Description Windows key combinations Determines where Windows key combinations are applied. When this property is enabled, the available settings are: Bitmap cache file size in Kb for 8bpp bitmaps Apply key combinations locally Send key combinations to VM Specifies the size, in KB, of the persistent bitmap cache file to use for the 8 bits per pixel high‐color setting.
9 Unified Access 9 Large enterprises use a mix of physical PCs, server‐based desktops, or applications that are published using terminal services, virtual desktops, and blade PCs. Users requiring access to more than one platform must use several different interfaces. Unified Access enables View Manager to provide a unified interface through which users can access their desktops being delivered by multiple back ends.
View Manager Administration Guide Prepare Multiple Back-End Machines to Access Remote Desktops A desktop source must be prepared to deliver desktop access. If desktop sources do not meet the following conditions, remote desktop delivery fails. Install View agent on the back‐end machine. For more information about installing View agents, see “Install View Agent on an Unmanaged Desktop Source” on page 190.
Chapter 9 Unified Access Table 9‐1 describes all the desktop parameters. Table 9-1. Desktop Parameters Property Parameter Description Desktop pool state Enabled – After being created, the desktop pool is enabled and ready for immediate use. Disabled – After being created, the desktop pool is disabled and unavailable for use. This is an appropriate setting if you want to conduct post deployment activities such as testing or other forms of baseline maintenance.
View Manager Administration Guide Table 9‐2 shows which parameters are applicable to each desktop type. Table 9-2.
Chapter 9 Unified Access To install VMware View Agent on an unmanaged desktop source 1 Run the View Agent executable file on the system that will host the agent, where xxx is the build number of the file: VMware-viewagent-e.x.p-xxx.exe The installation wizard opens. Click Next. 2 Accept the VMware license terms and click Next. 3 Select your custom setup options. Accept or change the destination folder and click Next.
View Manager Administration Guide 3 In the Desktop Type window, select Individual Desktop and click Next. 4 In the Desktop Source window, select Physical computers or virtual machines not managed by a VirtualCenter server and click Next. 5 Enter the Unique ID and the Display name and Description. The unique ID is the name that View Manager uses to identify the desktop. The desktop display name is what the user sees when logging in.
Chapter 9 Unified Access 4 In the Desktop Persistence window, specify the persistence settings for the desktops in this pool. Persistent – This desktop pool allows users to log in to the same desktop every time. Users can save documents and files on persistent desktops because they return to the same desktop. Non‐persistent – Desktops are available to users when they log in but are returned to the pool when users log off.
View Manager Administration Guide To add a terminal server pool 1 Ensure that you have the appropriate login credentials and log in to View Administrator. 2 In the Desktops tab, click Add. 3 In the Desktop Type window, select Microsoft Terminal Services Desktop Pool and click Next. 4 Enter the Unique ID, the Display name, and the Description. The unique ID is the name that View Manager uses to identify the desktop. The desktop display name is what the user sees when logging in.
Chapter 9 Unified Access Enable or Disable a Desktop You can only access desktops that are enabled. To enable or disable a desktop 1 On the Desktops tab, select a desktop and click Enable/Disable. If the desktop is currently enabled, you can disable it, and if it is currently disabled, you can enable it. 2 Select Enable Desktop or Disable Desktop as applicable, and click OK.
View Manager Administration Guide To remove a desktop source from a desktop pool 1 In the desktop pane, select a desktop pool and click the Desktop Sources tab. 2 Select desktop sources and click Remove. A confirmation message appears. 3 Click OK to remove the selected desktop source from the pool. 4 If any of the desktop sources have active sessions, indicate the action to be taken: 5 Leave active – Active sessions will remain until the user logs off.
Chapter 9 Unified Access Delete a Desktop You can delete an individual desktop or a desktop pool. To remove unmanaged desktops, you must unregister them. See “Unregister a Desktop Source.” To delete an unmanaged desktop pool 1 On the Desktops tab, select an unmanaged desktop pool or desktop and click Delete. A warning message appears that you are trying to permanently delete this desktop pool. Only the desktop pool is deleted.
View Manager Administration Guide 3 Select the desktop source to unregister and click Unregister. You can select only desktop sources that are not assigned to a desktop. A message appears to check if you want to unregister the desktop source. If you unregister a desktop source, it becomes unavailable. To make these sources available again, reinstall the View Agent should in each desktop source. 4 Click OK if you want to unregister the selected desktop source.
10 Troubleshooting 10 Occasionally when using the View Manager product, administrators or users may encounter unexpected behavior. In these situations, you can obtain assistance from VMware. This chapter provides a summary of some of the high‐level steps you can take to gather application data, request assistance, and search for support information in our knowledge base.
View Manager Administration Guide Using the View Manager Support Tool to Collect Diagnostic Information The View Manager Support tool lets you generate log files and set log levels that determine if you want to generate normal, debug, or full log files for the View Connection Server. To set log levels using the View Manager Support Tool 1 On View Connection Server, click Start, click All Programs, and click VMware. 2 Select Set View Connection Server Log Levels.
Chapter 10 Troubleshooting To collect diagnostic information using the script 1 Open a command prompt and change to the View Manager program directory. The location for each View Manager component is shown below: View Connection Server—C:\Program Files\VMware\View Manager\Server\DCT View Client or View Portal—C:\Program Files\VMware\View Manager\Client\DCT View Manager desktops running View Agent—C:\Program Files\VMware\View Manager\Agent\DCT NOTE If you did not install the program in the defa
View Manager Administration Guide The svi-support script instructions are submitted from a Windows command prompt in the following form: cscript.wsf svi-support.wsf [/?] [/novclogs] [/dmpdir:] [/dmpformat:] [/nolog] [/fullbundle] [/filescount:] [/destdir:] [/logdir:] [/logformat:] [/zip:] All the parameters associated with the tool are optional, must be preceded by a forward‐slash (/), and are described in Table 10‐1. Table 10-1.
Chapter 10 Troubleshooting Updating Support Requests After you file a support request, you may receive an email request from VMware Technical Support asking for the output of the vdm-support or svi-support scripts. Reply to the email message and attach your script output file to the reply. If the output is too large to include as an attachment (10MB or more), contact VMware Technical Support with your support request number and request FTP upload instructions.
View Manager Administration Guide 204 VMware, Inc.
locked.properties In addition to determining the information returned to the client in order to establish a tunnel connection, the locked.properties file can contain properties relating to server communications. These properties are described in Table A‐1. Table A-1. locked.properties—Client and Server properties Property Description clientHost The externally resolvable host name that the client is instructed to use when contacting the security server.
View Manager Administration Guide By default, the clientHost, clientPort, and clientProtocol properties default to those exhibited by the security server; the server settings themselves can be explicitly configured using the serverName, serverPort, and serverProtocol properties. If these values are explicitly set, the port and protocol values should correlate between client and server.
Glossary A Active Directory A Microsoft directory service that stores information about the network operating system and provides services. Active Directory configures and manages users and groups and enables administrators to set security policies, control resources, and deploy programs across an enterprise. active session A live connection from a client or Web Access user to a virtual desktop. An established connection to a virtual desktop that has not timed out.
View Manager Administration Guide desktop See “virtual desktop.” desktop virtual machine See “virtual desktop.” desktop pool A pool of virtual machines that an administrator designates for users or groups of users. See also “persistent desktop pool,” “non‐persistent desktop pool.
Glossary N non‐persistent desktop pool A desktop pool in which users are not assigned to a specific desktop. When users log off or are timed out of a desktop, their desktops are returned to the pool and made available to other users. Users cannot save data or files to their desktops when using a non‐persistent pool. P persistent desktop pool A desktop pool in which users are assigned to a specific desktop. Users log on to the same desktop every time and their data is preserved when they log off.
View Manager Administration Guide 210 VMware, Inc.
Index A active sessions disconnecting 83 rebooting 83 viewing 83 authentication using RSA SecurID 103 using smart cards 97 automated desktop pools configuring 71 creating virtual machine templates 71 customization specifications 72 deploying 73 non-persistent 71, 73 persistent 73 properties 74 automated pools defined 65 power policies 169 B back-end machines preparing to access remote desktops 188 Unified Access 187 C client connections overview 88 resolving internet 88 client policies 171 configuring an
View Manager Administration Guide changing an individual 196 power policies 167 preparing to access remote desktops 188 Unified Access 187 unmanaged, installing View Agent on 190 unregistering 197 desktops adding unmanaged individual 191 automated pool 65 checking out 163 cloning 115 connecting using View Client 87 connecting using View Portal 87 database system requirements 22 deleting 197 enabling and disabling 195 entitling 81 entitling users and groups to 195 individual 65 manual pools 65 non-provision
Index J Java keytool 92 L LDAP replication 28, 103 linked clone desktops configuring VirtualCenter 125 creating database 126 defined 116 desktop recomposition 118 disk usage 117 protecting recomposition using source virtual machines 119 rebalancing 146 recomposing 144 recomposing desktops 119 refreshing 143 storage overcommit 118 using existing database 147 linked replicas 116 M manual desktop pools configuring 78 deploying 78 manual pools 65 N non-provisioned desktops 64 O Offline Desktop installing V
View Manager Administration Guide Q QuickPrep tool to personalize desktops 124 R rebalancing desktops 121 rebalancing linked clone desktops 146 rebooting active sessions 83 recomposing linked clone desktops 144 linked desktop clones 120 refreshing linked clone desktops 143 Remote Desktop Connection for View Client 19 replica server installation 28 RSA SecurID enabling 103 RSA SecurID authentication 103 S scripts svi-support 201 vdm-support 199 searching desktops 81 entitled users and groups 81 searching
Index V vdm-support script 199 View Administrator description 14 Inventory page 48 overview 47 View Agent description 14 installing on guest systems 66 system requirements 18 with multiple NICs 67 View Agent GPO 181 View Client description 14 installing 87 installing with Offline Desktop 162 starting with Offline Desktop 163 system requirements 19 View Client Configuration GPOs 178 View Client GPOs 182 View Common Configuration GPOs 180 View Composer description 14 overview 115 support 201 View Configurati
View Manager Administration Guide 216 VMware, Inc.
