VMware View Administrator's Guide View 4.5 View Manager 4.5 View Composer 2.5 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new edition. To check for more recent editions of this document, see http://www.vmware.com/support/pubs.
VMware View Administrator's Guide You can find the most up-to-date technical documentation on the VMware Web site at: http://www.vmware.com/support/ The VMware Web site also provides the latest product updates. If you have comments about this documentation, submit your feedback to: docfeedback@vmware.com Copyright © 2010 VMware, Inc. All rights reserved. This product is protected by U.S. and international copyright and intellectual property laws.
Contents About This Book 7 1 Configuring View Connection Server 9 Using View Administrator 9 Configuring vCenter Server and View Composer 12 Backing Up View Connection Server 16 Configuring Settings for Client Sessions 17 Disable or Enable View Connection Server 20 Edit an External URL 21 View LDAP Directory 21 Configuring View Connection Server Settings 22 2 Configuring Role-Based Delegated Administration 23 Understanding Roles and Privileges 23 Using Folders to Delegate Administration 24 Understanding
VMware View Administrator's Guide 5 Creating Desktop Pools 69 Automated Pools That Contain Full Virtual Machines 70 Linked-Clone Desktop Pools 73 Manual Desktop Pools 92 Microsoft Terminal Services Pools 96 Provisioning Desktop Pools 98 Setting Power Policies for Desktop Pools 107 6 Entitling Users and Groups 113 Add Entitlements to Desktop Pools 113 Remove Entitlements from a Desktop Pool 113 Review Desktop Pool Entitlements 114 Restricting View Desktop Access 114 7 Setting Up User Authentication 119
Contents 12 Managing ThinApp Applications in View Administrator 193 View Requirements for ThinApp Applications 193 Capturing and Storing Application Packages 194 Assigning ThinApp Applications to Desktops and Pools 197 Maintaining ThinApp Applications in View Administrator 203 Monitoring and Troubleshooting ThinApp Applications in View Administrator 206 ThinApp Configuration Example 209 13 Managing Local Desktops 211 Benefits of Using View Desktops in Local Mode 211 Managing View Transfer Server 217 Man
VMware View Administrator's Guide Overriding IP Addresses Using the -A Option 292 Setting the Name of a View Connection Server Group Using the -C Option 293 Updating Foreign Security Principals Using the -F Option 294 Listing and Displaying Health Monitors Using the -H Option 294 Listing and Displaying Reports of View Manager Operation Using the -I Option 295 Assigning Dedicated Desktops Using the -L Option 296 Displaying Information About Machines Using the -M Option 297 Configuring Domain Filters Using
About This Book The VMware View Administrator's Guide describes how to configure and administer VMware View™, including how to configure View Connection Server, create administrators, provision and deploy View desktops, set up user authentication, configure policies, and manage VMware ThinApp™ applications in View Administrator. This guide also describes how to maintain and troubleshoot VMware View components.
VMware View Administrator's Guide Services provides offerings to help you assess, plan, build, and manage your virtual environment. To access information about education classes, certification programs, and consulting services, go to http://www.vmware.com/services. 8 VMware, Inc.
Configuring View Connection Server 1 After you install and perform initial configuration of View Connection Server, you can add vCenter Server instances and View Composer services to View Manager, set up roles to delegate administrator responsibilities, and schedule backups of your configuration data.
VMware View Administrator's Guide You also use View Administrator to manage security servers and View Transfer Server instances associated with View Connection Server. n Each security server is associated with one View Connection Server instance. n Each View Transfer Server instance can communicate with any View Connection Server instance in a group of replicated instances. Log In to View Administrator To perform initial configuration tasks, you must log in to View Administrator.
Chapter 1 Configuring View Connection Server Table 1-1. View Administrator Navigation and Display Features View Administrator Feature Description Navigating backward and forward in View Administrator pages. Click the Back button in the upper left corner of a View Administrator page to go to the previously displayed View Administrator page. Click the Forward button to return to the current page. Do not use your browser's Back button. This button displays the View Administrator log-in page.
VMware View Administrator's Guide This problem occurs when you change this setting in View Administrator by navigating to View Configuration > Global Settings and deselecting the Require SSL for client connections and View Administrator check box. Solution Use the following URL to connect to View Administrator, where server is the host name or IP address of the View Connection Server instance.
Chapter 1 Configuring View Connection Server 3 In the server address text box, type the fully qualified domain name (FQDN) or IP address of the vCenter Server instance. The FQDN includes the host name and domain name. For example, in the FQDN myserverhost.companydomain.com, myserverhost is the host name and companydomain.com is the domain.
VMware View Administrator's Guide Procedure 1 Click View Configuration > Servers. 2 In the vCenter Servers panel, select the vCenter Server instance. 3 Click Remove. A dialog warns you that View Manager will no longer have access to the virtual machines that are managed by this vCenter Server instance. 4 Click OK. View Manager can no longer access the virtual machines created in the vCenter Server instance.
Chapter 1 Configuring View Connection Server Prerequisites n Verify that you created a user in Active Directory with permission to add and remove virtual machines from the Active Directory domain that contains your linked clones. See “Create a User Account for View Composer,” on page 14. n Verify that you configured View Manager to connect to vCenter Server. See “Add vCenter Server Instances to View Manager,” on page 12. Procedure 1 2 In View Administrator, open the Edit vCenter Server dialog box.
VMware View Administrator's Guide Procedure 1 Remove the linked-clone pools that were created by View Composer. a In View Administrator, click Inventory > Pools. b Select a linked-clone pool and click Delete. A dialog box warns that you will permanently delete the linked-clone pool from View Manager. The virtual machines are deleted from vCenter Server. In addition, the associated View Composer database entries and the replicas that were created by View Composer are removed. c Click OK.
Chapter 1 Configuring View Connection Server Configuring Settings for Client Sessions You can configure global settings that affect the client sessions that are managed by a View Connection Server instance or replicated group. You can set the session-timeout length, require SSL for client connections and View Administrator, display prelogin and warning messages, and set other client-connection options.
VMware View Administrator's Guide Global Settings for Client Sessions and Connections Global settings determine session time-out length and whether SSL is used, clients are reauthenticated after interruptions, View components use secure internal communications, prelogin and warning messages are displayed, and SSO is used for local-desktop operations. Table 1-2.
Chapter 1 Configuring View Connection Server Table 1-2. Global Settings for Client Sessions and Connections (Continued) Setting Description Display a pre-login message Displays a disclaimer or another message to View Client users when they log in. Type your information or instructions in the text box in the Global Settings dialog window. To display no message, leave the text box blank. After you change this setting, you must restart the View Connection Server service to make your change take effect.
VMware View Administrator's Guide Configure the Tunnel Connection When the tunnel connection is enabled, View Client makes a second HTTPS connection to the View Connection Server or security server host when users connect to a View desktop with the Microsoft RDP display protocol. When the tunnel connection is disabled, View desktop sessions are established directly between the client system and the View desktop virtual machine, bypassing the View Connection Server or security server host.
Chapter 1 Configuring View Connection Server Edit an External URL You can use View Administrator to edit external URLs for View Connection Server instances and security servers. By default, a View Connection Server or security server host can be contacted only by tunnel clients that reside within the same network. Tunnel clients that run outside of your network must use an externally resolvable URL to connect to a View Connection Server instance.
VMware View Administrator's Guide Configuring View Connection Server Settings You can use View Administrator to modify configuration settings for View Connection Server instances. 22 VMware, Inc.
Configuring Role-Based Delegated Administration 2 One key management task in a View environment is to determine who can use View Administrator and what tasks those users are authorized to perform. With role-based delegated administration, you can selectively assign administrative rights by assigning administrator roles to specific Active Directory users and groups.
VMware View Administrator's Guide To create administrators, you select users and groups from your Active Directory users and groups and assign administrator roles. Administrators obtain privileges through their role assignments. You cannot assign privileges directly to administrators. An administrator that has multiple role assignments acquires the sum of all the privileges contained in those roles.
Chapter 2 Configuring Role-Based Delegated Administration Different Administrators for the Same Folder You can create different administrators to manage the same folder. For example, if your corporate desktop pools are in one folder, you can create one administrator that can view and modify those pools and another administrator that can only view them. Table 2-2 shows an example of this type of configuration. Table 2-2. Different Administrators for the Same Folder Administrator Role Folder view-domain.
VMware View Administrator's Guide Table 2-5. Permissions on the Role Tab for Inventory Administrators Administrator Folder view-domain.com\Admin1 /MarketingDesktops Manage Administrators Users who have the Administrators role can use View Administrator to add and remove administrator users and groups. The Administrators role is the most powerful role in View Administrator. Initially, members of the local Administrators group (BUILTIN\Administrators) on your View Connection Server host are given the Adm
Chapter 2 Configuring Role-Based Delegated Administration 5 Select a role to assign to the administrator user or group. The Apply to Folder column indicates whether a role applies to folders. Only roles that contain objectspecific privileges apply to folders. Roles that contain only global privileges do not apply to folders. 6 Option Action The role you selected applies to folders Select one or more folders and click Next.
VMware View Administrator's Guide Add a Permission You can add a permission that includes a specific administrator user or group, a specific role, or a specific folder. Procedure 1 In View Administrator, select View Configuration > Administrators. 2 Create the permission.
Chapter 2 Configuring Role-Based Delegated Administration Procedure 1 In View Administrator, select View Configuration > Administrators. 2 Select the permission to delete. 3 Option Action Delete a permission that applies to a specific administrator or group Select the administrator or group on the Administrators and Groups tab. Delete a permission that applies to a specific role Select the role on the Roles tab.
VMware View Administrator's Guide n Review the Desktop Pools in a Folder on page 31 You can see all of the desktop pools in a particular folder in View Administrator. n Review the Desktops in a Folder on page 31 You can see all of the desktops in a particular folder in View Administrator. A desktop inherits the folder from its pool.
Chapter 2 Configuring Role-Based Delegated Administration Review the Desktop Pools in a Folder You can see all of the desktop pools in a particular folder in View Administrator. Procedure 1 In View Administrator, select Inventory > Pools. The Pools page shows the pools in all folders by default. 2 Select the folder from the Folder drop-down menu. The Pools page shows the pools in the folder that you selected.
VMware View Administrator's Guide Modify the Privileges in a Custom Role You can modify the privileges in a custom role. You cannot modify the predefined administrator roles. Prerequisites Familiarize yourself with the administrator privileges that you can use to create custom roles. See “Predefined Roles and Privileges,” on page 32. Procedure 1 In View Administrator, select View Configuration > Administrators. 2 On the Roles tab, select the role.
Chapter 2 Configuring Role-Based Delegated Administration Predefined Administrator Roles The predefined administrator roles combine all of the individual privileges required to perform common administration tasks. You cannot modify the predefined roles. Table 2-6 describes the predefined roles and indicates whether a role can be applied to a folder. Table 2-6.
VMware View Administrator's Guide Global Privileges Global privileges control system-wide operations, such as viewing and changing global settings. Roles that contain only global privileges cannot be applied to folders. Table 2-7 describes the global privileges and lists the predefined roles that contain each privilege. Table 2-7. Global Privileges Privilege User Capabilities Predefined Roles Console Interaction Log in to and use View Administrator.
Chapter 2 Configuring Role-Based Delegated Administration Table 2-8. Object-Specific Privileges (Continued) Privilege User Capabilities Object Manage Persistent Disks Perform all View Composer persistent disk operations, including attaching, detaching, and importing persistent disks. Persistent disk Manage Pool Add, modify, and delete desktop pools and add and remove desktops. Desktop pool Manage Remote Sessions Disconnect and log off remote sessions and send messages to desktop users.
VMware View Administrator's Guide Table 2-10. Pool Management Tasks and Privileges (Continued) Task Required Privileges Refresh, Recompose, Rebalance, or change the default View Composer image Manage Composer Pool Image on the pool. Change folders Manage Pool on both the source and target folders. Privileges for Managing Desktops An administrator must have certain privileges to manage desktops in View Administrator.
Chapter 2 Configuring Role-Based Delegated Administration Privileges for Managing Users and Administrators An administrator must have certain privileges to manage users and administrators in View Administrator. Table 2-13 lists common user and administrator management tasks and shows the privileges that are required to perform each task. You manage users on the Users and Groups page in View Administrator. You manage administrators on the Global Administrators View page in View Administrator. Table 2-13.
VMware View Administrator's Guide 38 n Create new user groups for administrators. Avoid using Windows built-in groups or other existing groups that might contain additional users or groups. n Because it is highly visible and easily guessed, avoid using the name Administrator when creating administrator users and groups. n Create folders to segregate sensitive desktops. Delegate the administration of those folders to a limited set of users.
Preparing Unmanaged Desktop Sources 3 Users can access View desktops delivered by machines that are not managed by vCenter Server. These unmanaged desktop sources can include physical computers, terminal servers, and virtual machines running on VMware Server and other virtualization platforms. You must prepare an unmanaged desktop source to deliver View desktop access.
VMware View Administrator's Guide Prerequisites n Verify that you have administrative rights on the unmanaged desktop source. n Familiarize yourself with the View Agent custom setup options for unmanaged desktop sources. See “View Agent Custom Setup Options for Unmanaged Desktop Sources,” on page 41. n Familiarize yourself with the TCP ports that the View Agent installation program opens on the firewall. See the VMware View Architecture Planning Guide for more information.
Chapter 3 Preparing Unmanaged Desktop Sources View Agent Custom Setup Options for Unmanaged Desktop Sources When you install View Agent on an unmanaged desktop source, you can select certain custom setup options. Table 3-1. View Agent Custom Setup Options for Unmanaged Desktop Sources Option Description USB Redirection Gives users access to locally connected USB devices on their desktops. Windows 2000 does not support USB redirection.
VMware View Administrator's Guide 42 VMware, Inc.
Creating and Preparing Virtual Machines 4 You can use virtual machines managed by vCenter Server to provision and deploy View desktops. You can use a virtual machine managed by vCenter Server as a template for an automated pool, a parent for a linkedclone pool, or a desktop source in a manual pool. You must prepare virtual machines to deliver View desktop access.
VMware View Administrator's Guide Create a Virtual Machine for View Desktop Deployment You use vSphere Client to create virtual machines in vCenter Server for View desktops. Prerequisites n Upload an ISO image file of the guest operating system to a datastore on your ESX server. n Familiarize yourself with the custom configuration parameters for virtual machines. See “Virtual Machine Custom Configuration Parameters,” on page 44. Procedure 1 In vSphere Client, log in to the vCenter Server system.
Chapter 4 Creating and Preparing Virtual Machines Table 4-1. Custom Configuration Parameters (Continued) Parameter Description and Recommendations CPUs The number of virtual processors in the virtual machine. For most guest operating systems, a single processor is sufficient. Memory The amount of memory to allocate to the virtual machine. In most cases, 512MB is sufficient. Network The number of virtual network adapters (NICs) in the virtual machine. One NIC is usually sufficient.
VMware View Administrator's Guide 3 Click the Console tab and follow the installation instructions provided by the operating system vendor. 4 If you are installing Windows XP and you selected the LSI Logic adapter for the virtual machine, install the LSI Logic driver during the Windows setup process. 5 a Press F6 to select additional SCSI drivers. b Type S to specify an additional device. c On the vSphere Client toolbar, click Connect Floppy to select the LSI Logic driver floppy image (.
Chapter 4 Creating and Preparing Virtual Machines 8 If View clients will connect to the virtual machine with the PCoIP display protocol, set the power option Turn off the display to Never. If you do not disable this setting, the display will appear to freeze in its last state when power savings mode starts. 9 If a proxy server is used in your network environment, configure network proxy settings. 10 Configure network connection properties.
VMware View Administrator's Guide 3 Select your custom setup options. To deploy linked-clone desktops, select the View Composer Agent option. 4 Accept or change the destination folder. 5 Follow the prompts in the View Agent installation program and finish the installation. NOTE If you did not enable Remote Desktop support during guest operating system preparation, the View Agent installation program prompts you to enable it.
Chapter 4 Creating and Preparing Virtual Machines Table 4-2. View Agent Custom Setup Options (Continued) Option Description PCoIP Server Lets users connect to the View desktop using the PCoIP display protocol. Installing the PCoIP Server feature disables sleep mode on Windows 7 and Windows Vista desktops and standby mode on Windows XP desktops. When a user navigates to the Power Options or Shut Down menu, sleep mode or standby mode is inactive.
VMware View Administrator's Guide Procedure 1 Open a Windows command prompt on the virtual machine or physical PC. 2 Type the installation command on one line. This example installs View Agent in a virtual machine that is managed by vCenter Server. The installer configures the PCoIP, View Composer Agent, Virtual Printing, and USB redirection custom setup options. VMware-viewagent-4.5.0-xxxxxx.
Chapter 4 Creating and Preparing Virtual Machines Table 4-3. Command-Line Options for a View Component's Bootstrap Program Option Description /s Disables the bootstrap splash screen and extraction dialog, which prevents the display of interactive dialogs. For example: VMware-viewconnectionserver-4.5.x-xxxxxx.exe /s The /s option is required to run a silent installation.
VMware View Administrator's Guide Table 4-4. MSI Command-Line Options and MSI Properties (Continued) MSI Option or Property Description ADDLOCAL Determines the component-specific features to install. In an interactive installation, the View installer displays custom setup options to select. The MSI property, ADDLOCAL, lets you specify these setup options on the command line. To install all available custom setup options, enter ADDLOCAL=ALL. For example: VMware-viewagent-4.5.x-xxxxxx.
Chapter 4 Creating and Preparing Virtual Machines Table 4-5. MSI Properties for Silently Installing View Agent (Continued) MSI Property Description Default Value VDM_SERVER_NAME The host name or IP address of the View Connection Server computer on which the View Agent installer registers an unmanaged desktop. This property applies to unmanaged desktops only. For example: VDM_SERVER_NAME=10.123.01.01 None This MSI property is required for unmanaged desktops.
VMware View Administrator's Guide Configure a Virtual Machine with Multiple NICs for View Agent When you install View Agent on a virtual machine that has more than one NIC, you must configure the subnet that View Agent uses. The subnet determines which network address View Agent provides to the View Connection Server instance for client protocol connections. Procedure u On the virtual machine on which View Agent is installed, open a command prompt, type regedit.
Chapter 4 Creating and Preparing Virtual Machines n Run Disk Cleanup to remove temporary files, empty the Recycle Bin, and remove system files and other items that are no longer needed. n Run Disk Defragmenter to rearrange fragmented data. What to do next For Windows 7 guest operating systems, perform additional optimization tasks. See “Optimize Windows 7 Guest Operating System Performance,” on page 55.
VMware View Administrator's Guide Optimizing Windows 7 for Linked-Clone Desktops By disabling certain Windows 7 services and tasks, you can reduce the growth of View Composer linked-clone desktops. Disabling certain services and tasks can also result in performance benefits for full virtual machines. Benefits of Disabling Windows 7 Services and Tasks Windows 7 schedules services and tasks that can cause View Composer linked clones to grow, even when the linked-clone desktops are idle.
Chapter 4 Creating and Preparing Virtual Machines Table 4-7. Impact of Windows 7 Services and Tasks on OS Disk Growth and IOPS When OS Is Left Idle Default Occurrence or Startup Impact on LinkedClone OS Disks Turn Off This Service or Task? Service or Task Description Windows Hibernation Provides a powersaving state by storing open documents and programs in a file before the computer is powered off.
VMware View Administrator's Guide Table 4-7. Impact of Windows 7 Services and Tasks on OS Disk Growth and IOPS When OS Is Left Idle (Continued) Default Occurrence or Startup Impact on LinkedClone OS Disks Turn Off This Service or Task? Service or Task Description Windows Registry Backup (RegIdleBackup) Automatically backs up the Windows registry when the system is idle. Every 10 days at 12:00 am Medium. Each time this task runs, it generates registry backup files. Medium. Yes.
Chapter 4 Creating and Preparing Virtual Machines Prerequisites n Verify that the applications that you intend to deploy to the linked clones are installed on the virtual machine. n Verify that View Agent with View Composer Agent is installed on the virtual machine. Procedure 1 In vSphere Client, select the parent virtual machine and select Open Console. 2 Log in to the Windows 7 guest operating system as an administrator. 3 Click Start and type defrag in the Search programs and files box.
VMware View Administrator's Guide Procedure 1 In vSphere Client, select the parent virtual machine and select Open Console. 2 Log in to the Windows 7 guest operating system as an administrator. 3 Click Start > Control Panel > System and Security > Administrative Tools. 4 Select Services and click Open. 5 Double-click Diagnostic Policy Service. 6 In the Diagnostic Policy Service Properties (Local Computer) dialog, click Stop. 7 In the Startup type menu, select Disabled. 8 Click OK.
Chapter 4 Creating and Preparing Virtual Machines 5 In the left pane, expand Task Scheduler Library, Microsoft, Windows. 6 Double-click Registry and select RegIdleBackup. 7 In the Actions pane, click Disable. Disable the System Restore on Windows 7 Virtual Machines You do not need to use the Windows System Restore feature if you use View Composer refresh to restore linked-clone OS disks to their original snapshots.
VMware View Administrator's Guide Disable Microsoft Feeds Synchronization on Windows 7 Virtual Machines Windows Internet Explorer 7 or 8 uses the Microsoft Feeds Synchronization task to update RSS feeds in users' Web browsers. This task can contribute to linked-clone growth. Disable this task if your users do not require automatic RSS feed updates in their browsers. Microsoft Feeds Synchronization can cause OS-disk growth if persistent disks are not configured.
Chapter 4 Creating and Preparing Virtual Machines Prepare a Parent Virtual Machine The View Composer service requires a parent virtual machine from which you generate a base image for creating and managing linked-clone desktops. Prerequisites n Verify that you prepared a virtual machine to use for deploying View desktops. See “Creating Virtual Machines for View Desktop Deployment,” on page 43.
VMware View Administrator's Guide You can deploy a linked-clone pool from the parent virtual machine. If the parent virtual machine hardware is v7, follow these rules when you create a linked-clone pool: n Deploy the linked-clone pool on an ESX/ESXi 4.x host or cluster. The linked-clone pool cannot reside on an ESX/ESXi 3.5 host or a cluster with ESX/ESXi 4.x hosts mixed with ESX/ESXi 3.5 hosts. n Create the linked-clone pool in vSphere mode.
Chapter 4 Creating and Preparing Virtual Machines On Windows 7 virtual machines, this file can be 10GB. CAUTION When you make hibernation unavailable, the hybrid sleep setting does not work. Users can lose data if the hybrid sleep setting is turned on and a power loss occurs. Prerequisites Familiarize yourself with the Windows hibernation feature. See the Microsoft Support Web site.
VMware View Administrator's Guide Procedure 1 Configure a swapfile datastore on the ESX/ESXi host or cluster on which you will deploy the linked-clone pool. 2 When you create the parent virtual machine in vCenter Server, store the virtual-machine swap files on the swapfile datastore on the local ESX/ESXi host or cluster: a In vSphere Client, select the parent virtual machine. b Click Edit Settings and click the Options tab. c Click Swapfile location and click Store in the host's swapfile datastore.
Chapter 4 Creating and Preparing Virtual Machines Increase the Timeout Limit of QuickPrep Customization Scripts View Composer terminates a QuickPrep post-synchronization or power-off script that takes longer than 20 seconds. You can increase the timeout limit for these scripts by changing the ExecScriptTimeout Windows registry value on the parent virtual machine. The increased timeout limit is propagated to linked clones that are created from the parent virtual machine.
VMware View Administrator's Guide See the vSphere Basic System Administration guide for information on using vSphere Client to create virtual machine templates. See “Automated Pools That Contain Full Virtual Machines,” on page 70 for information on creating automated pools. NOTE You do not create a linked-clone pool from a virtual machine template.
Creating Desktop Pools 5 With View Manager, you create pools of desktops that deliver View desktop access to clients. View Manager deploys pools from desktop sources, which can be virtual machines that are managed by vCenter Server, virtual machines that run on another virtualization platform, or physical computers, terminal servers, or blade PCs. You can create several types of desktop pools. You can also provision an individual desktop by deploying a manual pool with a single desktop source.
VMware View Administrator's Guide Automated Pools That Contain Full Virtual Machines To create an automated desktop pool, View Manager dynamically provisions desktops based on settings that you apply to the pool. View Manager uses a virtual machine template as the desktop source for the pool and creates a new virtual machine in vCenter Server for each desktop.
Chapter 5 Creating Desktop Pools Table 5-1. Worksheet: Configuration Options for Creating an Automated Pool That Contains Full Virtual Machines (Continued) Option Description Delete desktop after logoff If you select floating user assignment, choose whether to delete desktops after users log off. NOTE You set this option on the Pool Settings page.
VMware View Administrator's Guide Table 5-1. Worksheet: Configuration Options for Creating an Automated Pool That Contains Full Virtual Machines (Continued) Option Description Template Select the virtual machine template that View Manager uses to create the pool. vCenter Server folder Select the folder in vCenter Server in which the desktop pool resides. Host or cluster Select the ESX host or cluster on which the desktop virtual machines run.
Chapter 5 Creating Desktop Pools Desktop Settings for Automated Pools That Contain Full Virtual Machines You must specify desktop and pool settings when you configure automated pools that contain full virtual machines. Different settings apply to pools with dedicated user assignments and floating user assignments. Table 5-2 lists the settings that apply to automated pools with dedicated assignments and floating assignments.
VMware View Administrator's Guide Table 5-3. Worksheet: Configuration Options for Creating a Linked-Clone Desktop Pool 74 Option Description User assignment Choose the type of user assignment: n In a dedicated-assignment pool, each user is assigned to a desktop. Users receive the same desktop each time they log in. n In a floating-assignment pool, users receive different desktops each time they log in. For details, see “User Assignment in Desktop Pools,” on page 98.
Chapter 5 Creating Desktop Pools Table 5-3. Worksheet: Configuration Options for Creating a Linked-Clone Desktop Pool (Continued) Option Description Redirect Windows profile to persistent disks If you select dedicated user assignments, choose whether to store Windows user-profile data on a separate View Composer persistent disk or the same disk as the OS data. Separate persistent disks let you preserve user data and settings.
VMware View Administrator's Guide Table 5-3. Worksheet: Configuration Options for Creating a Linked-Clone Desktop Pool (Continued) 76 Option Description Maximum number of desktops If you use a naming pattern, specify the total number of desktops in the pool. You can also specify a minimum number of desktops to provision when you first create the pool.
Chapter 5 Creating Desktop Pools Table 5-3. Worksheet: Configuration Options for Creating a Linked-Clone Desktop Pool (Continued) Option Description Use vSphere mode for View Composer If you select a cluster that contains ESX 4 hosts only, you can create the pool in vSphere mode. IMPORTANT Several View Composer features are available only in vSphere mode. For details, see “Using vSphere Mode for View Composer,” on page 80.
VMware View Administrator's Guide Table 5-3. Worksheet: Configuration Options for Creating a Linked-Clone Desktop Pool (Continued) Option Description Active Directory domain Select the Active Directory domain and user name. View Composer requires certain user privileges to create a linked-clone pool. The domain and user account are used by QuickPrep or Sysprep to customize the linked-clone desktops. For details, see “Create a User Account for View Composer,” on page 14.
Chapter 5 Creating Desktop Pools Prerequisites n Verify that the View Composer service is installed in vCenter Server and a View Composer database is configured. See the VMware View Installation Guide. n Verify that View Composer settings for vCenter Server are configured in View Administrator. See “Configure View Composer Settings for vCenter Server,” on page 14. n Verify that you prepared a parent virtual machine. View Agent must be installed on the parent virtual machine.
VMware View Administrator's Guide If you do not store the replica on a separate datastore, View Composer creates a replica on each datastore on which linked clones are created. If you store the replica on a separate datastore, one replica is created for the entire pool, even when linked clones are created on multiple datastores. What to do next Entitle users to access the pool. See “Add Entitlements to Desktop Pools,” on page 113.
Chapter 5 Creating Desktop Pools n Creating pools from a parent virtual-machine snapshot that uses hardware version 7 n Using Sysprep customization specifications for linked-clone virtual machines In addition, Sysprep is supported for linked-clones only on vSphere 4.1 software. You cannot use Sysprep on vSphere 4.0 or VMware Infrastructure 3.5 software. vSphere mode uses a new API that operates on ESX/ESXi 4 or later.
VMware View Administrator's Guide If you use QuickPrep, when you recompose the linked clone, the parent virtual machine's SID is preserved on the linked clone as long as you select the same parent virtual machine for the recompose operation. If you select a different parent virtual machine for the recomposition, the new parent's SID is replicated on the clone. If you use Sysprep, a new SID is always generated on the clone. For details, see “Recomposing Linked Clones Customized with Sysprep,” on page 85.
Chapter 5 Creating Desktop Pools Table 5-6. Comparing QuickPrep and Microsoft Sysprep (Continued) QuickPrep Customization Specification (Sysprep) Joins the linked clone computer to the Active Directory domain. Joins the linked-clone computer to the Active Directory domain. The domain and administrator information in the Sysprep customization specification is not used.
VMware View Administrator's Guide Running QuickPrep Customization Scripts With the QuickPrep tool, you can create scripts to customize the linked-clone desktops in a pool. You can configure QuickPrep to run customization scripts at two predefined times. When QuickPrep Scripts Run The post-synchronization script runs after linked clones are created, recomposed, or rebalanced, and the clones' status is Ready. The power-off script runs before linked clones are powered off.
Chapter 5 Creating Desktop Pools Recomposing Linked Clones Customized with Sysprep If you recompose a linked-clone desktop that was customized with Sysprep, View Manager runs the Sysprep customization specification again after the OS disk is recomposed. This operation generates a new SID for the linked-clone virtual machine. If a new SID is generated, the recomposed linked clone functions as a new computer on the network.
VMware View Administrator's Guide Table 5-7. Example Sizing Table for Linked-Clone Disks Data Type Selected Free Space (GB) Min Recommended (GB) 50% Utilization (GB) Max Recommended (GB) OS disks 184.23 40.00 80.00 130.00 Persistent disks 28.56 4.00 10.00 20.00 The Selected Free Space column shows the total available space on all of the datastores that you selected for a disk type such as OS disks. The Min Recommended column shows the minimum amount of recommended storage for a pool.
Chapter 5 Creating Desktop Pools To arrive at a recommendation for storing replicas on a separate datastore, View Manager allows space for two replicas on the datastore. The same value is calculated for minimum and maximum usage. For details, see “Sizing Formulas for Linked-Clone Pools,” on page 87.
VMware View Administrator's Guide Table 5-9. Example of a Sizing Estimate for Linked-Clone Disks Deployed on Selected Datastores Data Type Selected Free Space (GB) Min Recommended (GB) 50% Utilization (GB) Max Recommended (GB) OS disks 184.23 10 * (2*1GB) + (2*10GB) = 40.00 10 * (50% of 10GB + 1GB) + (2*10GB) = 80.00 10 * (100% of 10GB + 1GB) + (2*10GB) = 130.00 Persistent disks 28.56 10 * (20% of 2GB) = 4.00 10 * (50% of 2GB) = 10.00 10 * (100% of 2GB) = 20.
Chapter 5 Creating Desktop Pools Table 5-11. Example of a Sizing Estimate for Linked-Clone Disks When You Edit a Pool or Store Replicas on a Separate Datastore Data Type Selected Free Space (GB) Min Recommended (GB) 50% Utilization (GB) Max Recommended (GB) OS disks 184.23 10 * (2*1GB) = 20.00 10 * (50% of 10GB + 1GB) = 60.00 10 * (100% of 10GB + 1GB) = 110.00 Persistent disks 28.56 10 * (20% of 2GB) = 4.00 10 * (50% of 2GB) = 10.00 10 * (100% of 2GB) = 20.
VMware View Administrator's Guide Storage Overcommit for Linked-Clone Desktops With the storage overcommit feature, you can reduce storage costs by placing more linked-clone desktops on a datastore than is possible with full virtual-machine desktops. The linked clones can use a logical storage space several times greater than the physical capacity of the datastore.
Chapter 5 Creating Desktop Pools Configuring replicas and linked clones in this way can reduce the impact of I/O storms that occur when many linked clones are created at once. For example, if you deploy a floating-assignment pool with a delete-desktopon-logoff policy, and your users start work at the same time, View Manager must concurrently provision new desktops for them. IMPORTANT This feature is designed for specific storage configurations provided by vendors who offer highperformance disk solutions.
VMware View Administrator's Guide View Composer Persistent Disk In a dedicated-assignment pool, you can configure separate View Composer persistent disks to store Windows user-profile data. This disk is optional. Separate persistent disks let you preserve user data and settings. View Composer refresh, recompose, and rebalance operations do not affect persistent disks. You can detach a persistent disk from a linked clone and attach it to another linked clone.
Chapter 5 Creating Desktop Pools Table 5-13. Worksheet: Configuration Options for Creating a Manual Desktop Pool Option Description User assignment Choose the type of user assignment: n In a dedicated-assignment pool, each user is assigned to a desktop. Users receive the same desktop each time they log in. n In a floating-assignment pool, users receive different desktops each time they log in. For details, see “User Assignment in Desktop Pools,” on page 98.
VMware View Administrator's Guide To prepare virtual machines managed by vCenter Server, see Chapter 4, “Creating and Preparing Virtual Machines,” on page 43. To prepare unmanaged virtual machines, physical computers, and Blade PCs, see Chapter 3, “Preparing Unmanaged Desktop Sources,” on page 39. n Gather the configuration information that you must provide to create the pool. See “Worksheet for Creating a Manual Desktop Pool,” on page 92.
Chapter 5 Creating Desktop Pools To prepare an unmanaged virtual machine, physical computer, or Blade PC, see Chapter 3, “Preparing Unmanaged Desktop Sources,” on page 39. n Gather the configuration information you must provide to create the manual pool. See “Worksheet for Creating a Manual Desktop Pool,” on page 92. n Decide how to configure power settings, display protocol, Adobe Flash quality, and other settings. See “Desktop and Pool Settings,” on page 104.
VMware View Administrator's Guide Table 5-14.
Chapter 5 Creating Desktop Pools Create a Microsoft Terminal Services Pool You can create a Microsoft Terminal Services pool that provisions desktops from terminal server desktop sources. You must select the desktop sources that make up View desktops in the pool. Prerequisites n Prepare the terminal server desktop sources to deliver View desktop access. View Agent must be installed and running on each desktop source. See Chapter 3, “Preparing Unmanaged Desktop Sources,” on page 39.
VMware View Administrator's Guide Configure Adobe Flash Throttling with Internet Explorer in Terminal Services Sessions To ensure that Adobe Flash throttling works with Internet Explorer in Terminal Services sessions, users must enable third-party browser extensions. Procedure 1 Start View Client and log in to a user's desktop. 2 In Internet Explorer, click Tools > Internet Options. 3 Click the Advanced tab, select Enable third-party browser extensions, and click OK. 4 Restart Internet Explorer.
Chapter 5 Creating Desktop Pools Naming Desktops Manually or Providing a Naming Pattern You can provision the desktops in an automated pool by manually specifying a list of desktop names or by providing a naming pattern and the number of desktops you want in the pool. These two approaches offer different advantages. If you name desktops by specifying a list, you can use your company's naming scheme, and you can associate each desktop name with a user.
VMware View Administrator's Guide Table 5-16. Naming Desktops Manually or Providing a Desktop-Naming Pattern (Continued) Feature Providing a Desktop-Naming Pattern Naming Desktops Manually Dynamic or fixed pool size Dynamic. If you remove a user assignment from a desktop in a dedicated-assignment pool, the desktop is returned to the pool of available desktops.
Chapter 5 Creating Desktop Pools Prerequisites Make sure that each desktop name is unique. You cannot use the names of existing virtual machines in vCenter Server. Procedure 1 Create a text file that contains the list of desktop names. If you intend to create a pool with only a few desktops, you can type the desktop names directly in the Add Pool wizard. You do not have to create a separate text file. 2 In View Administrator start the Add Pool wizard to begin creating an automated desktop pool.
VMware View Administrator's Guide Using a Token in a Desktop Name You can place the automatically generated number anywhere else in the name by using a token. When you type the pool name, type n surrounded by curly brackets to designate the token. For example: amber-{n}-desktop When View Manager creates a desktop, View Manager replaces {n} with a unique number. You can generate a fixed-length token by typing {n:fixed=number of digits}.
Chapter 5 Creating Desktop Pools Providing a Naming Pattern With a Token 1 In View Administrator, create the first pool and use a naming pattern to provision the desktop names. 2 In the naming-pattern text box, type VDIABC-0{n}. 3 Limit the pool's maximum size to 9. 4 Repeat these steps for the second pool, but in the naming-pattern text box, type VDIABC-1{n}. The first pool contains desktops VDIABC-01 through VDIABC-09. The second pool contains desktops VDIABC-11 through VDIABC-19.
VMware View Administrator's Guide To perform the same customization on all desktops in an automated pool, customize the virtual machine you prepare as a template or parent. View Manager deploys your customization to all the desktops. When you create the pool, you can also use a Sysprep customization specification to configure all the desktops with licensing, domain attachment, DHCP settings, and other computer properties.
Chapter 5 Creating Desktop Pools Table 5-19. Desktop and Pool Setting Descriptions (Continued) Setting Options Remote desktop power policy Determines how a virtual machine behaves when the user logs off of the associated desktop. For descriptions of the power-policy options, see “Power Policies for Desktop Pools,” on page 107. For more information about how power policies affect automated pools, see “Setting Power Policies for Desktop Pools,” on page 107.
VMware View Administrator's Guide Table 5-19. Desktop and Pool Setting Descriptions (Continued) 106 Setting Options Default display protocol Select the display protocol that you want View Connection Server to use to communicate with View clients. PCoIP The default option wherever it is supported. PCoIP is supported as the display protocol for virtual-machine desktops and physical machines that have Teradici hardware.
Chapter 5 Creating Desktop Pools Table 5-19. Desktop and Pool Setting Descriptions (Continued) Setting Options Adobe Flash quality Determines the quality of Adobe Flash content that is displayed on Web pages. n Do not control. Quality is determined by Web page settings. n Low. This setting results in the most bandwidth savings. If no quality level is specified, the system defaults to Low. n Medium. This setting results in moderate bandwidth savings. n High.
VMware View Administrator's Guide Table 5-20. Power Policies Power Policy Description Take no power action View Manager does not enforce any power policy after a user logs off. This setting has two consequences. n View Manager does not change the power state of the virtual machine after a user logs off. n For example, if a user shuts down the virtual machine, the virtual machine remains powered off. If a user logs off without shutting down, the virtual machine remains powered on.
Chapter 5 Creating Desktop Pools Table 5-21. When View Manager Applies the Power Policy Desktop Pool Type The power policy is applied ... Manual pool that contains one desktop (vCenter Servermanaged virtual machine) Power operations are initiated by session management. The virtual machine is powered on when a user requests the desktop and powered off or suspended when the user logs off.
VMware View Administrator's Guide Power Policy Examples for Automated Pools with Floating Assignments When you configure an automated pool with floating assignments, you can specify that a particular number of View desktops must be available at a given time. The spare, available desktops are always powered on, no matter how the pool policy is set. Power Policy Example 1 Table 5-22 describes the floating-assignment, automated pool in this example.
Chapter 5 Creating Desktop Pools Table 5-24. Desktop Pool Settings for Automated Pool with Dedicated Assignments Example Desktop Pool Setting Value Number of desktops (minimum) 3 Number of desktops (maximum) 5 Number of spare, powered-on desktops 2 Remote desktop power policy Ensure desktops are always powered on When this desktop pool is provisioned, three desktops are created and powered on.
VMware View Administrator's Guide 112 VMware, Inc.
Entitling Users and Groups 6 You configure desktop pool entitlements to control which View desktops your users can access. You can also configure the restricted entitlements feature to control desktop access based on the View Connection Server instance that users connect to when they select desktops.
VMware View Administrator's Guide 3 Select the user or group whose entitlement you want to remove and click Remove. 4 Click OK to save your changes. Review Desktop Pool Entitlements You can review the desktop pools that a user or group is entitled to. Procedure 1 In View Administrator, select Users and Groups and click the name of the user or group. 2 Select the Summary tab. The Pool Entitlements pane lists the pools that the user or group is currently entitled to.
Chapter 6 Entitling Users and Groups n Assign the "Internal" tag to the desktop pools that should be accessible only to internal users. n Assign the "External" tag to the desktop pools that should be accessible only to external users.
VMware View Administrator's Guide Table 6-1. Tag Matching Rules (Continued) View Connection Server Desktop Pool Access Permitted? One or more tags No tags Yes One or more tags One or more tags Only when tags match The restricted entitlements feature only enforces tag matching. You must design your network topology to force certain clients to connect through a particular View Connection Server instance.
Chapter 6 Entitling Users and Groups Procedure 1 In View Administrator, select Inventory > Pools. 2 Select the pool that you want to assign a tag to. 3 4 5 VMware, Inc. Option Action Assign a tag to a new pool Click Add to start the Add Pool wizard and define and identify the pool. Assign a tag to an existing pool Select the pool and click Edit. Go to the Pool Settings page. Option Action Pool settings for a new pool Click Pool Settings in the Add Pool wizard.
VMware View Administrator's Guide 118 VMware, Inc.
Setting Up User Authentication 7 View uses your existing Active Directory infrastructure for user authentication and management. For added security, you can integrate View with smart card authentication and RSA SecurID solutions.
VMware View Administrator's Guide The View client sends the user certificate to the View Connection Server instance or security server, which verifies the certificate by checking the certificate trust and validity period. Typically, users can successfully authenticate if their user certificate is signed and valid. If certificate revocation checking is configured, users who have revoked user certificates are prevented from authenticating.
Chapter 7 Setting Up User Authentication Obtain the Root Certificate from the CA You must obtain the root certificate from the CA that signed the certificates on the smart cards presented by your users. If you do not have the root certificate of the CA that signed the certificates on the smart cards presented by your users, you can export a root certificate from a CA-signed user certificate or a smart card that contains one. See “Export a Root Certificate from a User Certificate,” on page 121.
VMware View Administrator's Guide 7 Click Next > Next and type a name and location for the file that you want to export. 8 Click Next to save the file as a root certificate in the specified location. What to do next Add the root certificate to a server truststore file.
Chapter 7 Setting Up User Authentication Procedure 1 Create or edit the locked.properties file in SSL gateway configuration folder on the View Connection Server or security server host. For example: install_directory\VMware\VMware View\Server\sslgateway\conf\locked.properties 2 3 Add the trustKeyfile, trustStoretype, and useCertAuth properties to the locked.properties file. a Set trustKeyfile to the name of your truststore file. b Set trustStoretype to JKS.
VMware View Administrator's Guide 3 4 On the Authentication tab, select a configuration option from the Smart card authentication drop-down menu. Option Action Not Allowed Smart card authentication is disabled on the View Connection Server instance. Optional Users can use smart card authentication or password authentication to connect to the View Connection Server instance. If smart card authentication fails, the user must provide a password.
Chapter 7 Setting Up User Authentication Prepare Active Directory for Smart Card Authentication You might need to perform certain tasks in Active Directory when you implement smart card authentication. n Add UPNs for Smart Card Users on page 125 Because smart card logins rely on user principal names (UPNs), the Active Directory accounts of users that use smart cards to authenticate in View must have a valid UPN.
VMware View Administrator's Guide Add the Root Certificate to the Enterprise NTAuth Store If you use a CA to issue smart card login or domain controller certificates, you must add the root certificate to the Enterprise NTAuth store in Active Directory. You do not need to perform this procedure if the Windows domain controller acts as the root CA. Procedure u On your Active Directory server, use the certutil command to publish the certificate to the Enterprise NTAuth store.
Chapter 7 Setting Up User Authentication n In the locked.properties file on the View Connection Server or security server host, verify that the useCertAuth property is set to true and is spelled correctly. The locked.properties file is located in install_directory\VMware\VMware View\Server\sslgateway \conf. The useCertAuth property is commonly misspelled as userCertAuth.
VMware View Administrator's Guide n Logging in with OCSP Certificate Revocation Checking on page 128 When you configure OCSP certificate revocation checking, View sends a request to an OCSP Responder to determine the revocation status of a specific user certificate. View uses an OCSP signing certificate to verify that the responses it receives from the OCSP Responder are genuine.
Chapter 7 Setting Up User Authentication Procedure 1 Create or edit the locked.properties file in the SSL gateway configuration folder on the View Connection Server or security server host. For example: install_directory\VMware\VMware View\Server\sslgateway\conf\locked.properties 2 3 Add the enableRevocationChecking and crlLocation properties to the locked.properties file. a Set enableRevocationChecking to true to enable smart card certificate revocation checking.
VMware View Administrator's Guide Example 7-3. locked.properties File The file shown enables smart card authentication and smart card certificate revocation checking, configures both CRL and OCSP certificate revocation checking, specifies the OCSP Responder location, and identifies the file that contains the OCSP signing certificate. trustKeyfile=lonqa.key trustStoretype=JKS useCertAuth=true enableRevocationChecking=true enableOCSP=true allowCertCRLs=true ocspSigningCert=te-ca.signing.
Chapter 7 Setting Up User Authentication Using RSA SecurID Authentication You can configure a View Connection Server instance so that users are required to use RSA SecurID authentication before providing their Active Directory credentials. Because RSA SecurID authentication works with RSA Authentication Manager, an RSA Authentication Manager server is required and must be directly accessible from the View Connection Server host.
VMware View Administrator's Guide Procedure 1 In View Administrator, select View Configuration > Servers. 2 In View Connection Servers, select the View Connection Server instance and click Edit. 3 On the Authentication tab, select Enable under RSA Secure ID 2-Factor Authentication. 4 (Optional) To force RSA SecurID user names to match user names in Active Directory, select Enforce SecurID and Windows user name matching.
Chapter 7 Setting Up User Authentication Using the Log in as Current User Feature When View Client users select the Log in as current user check box, the credentials that they provided when logging in to the client system are used to authenticate to the View Connection Server instance and to the View desktop. No further user authentication is required. To support this feature, user credentials are stored on both the View Connection Server instance and on the client system.
VMware View Administrator's Guide 134 VMware, Inc.
Configuring Policies 8 You can configure policies to control the behavior of View components, desktop pools, and desktop users. You use View Administrator to set policies for client sessions and you use Active Directory group policy settings to control the behavior of View components and certain features.
VMware View Administrator's Guide n View Policies on page 137 You can configure View policies to affect all client sessions, or you can apply them to affect specific desktops or users. n Local Mode Policies on page 138 You can configure local mode policies to affect all client sessions, or you can apply them to specific desktops or users. Configure Global Policy Settings You can configure global policies to control the behavior of all client sessions users.
Chapter 8 Configuring Policies Configure Policies for Desktop Users You can configure user-level policies to affect specific users. User-level policy settings always take precedence over their equivalent global and desktop-level policy settings. Prerequisites Familiarize yourself with the policy descriptions. See “View Policies,” on page 137. Procedure 1 In View Administrator, select Inventory > Pools. 2 Double-click the ID of the desktop pool and click the Policies tab.
VMware View Administrator's Guide Table 8-1. View Policies (Continued) Policy Description Remote mode Determines whether users can connect to and use desktops running on vCenter Server instances. If set to Deny, users must check out the desktop on their local computers and run the desktop only in local mode. Restricting users to running desktops only in local mode reduces the costs associated with CPU, memory, and network bandwidth requirements of running the desktop on a back-end server.
Chapter 8 Configuring Policies Table 8-2. Local Mode Policies (Continued) Policy Description Target replication frequency Specifies the interval in days, hours, or minutes between the start of one replication and the start of the next replication. A replication copies any changes in local desktop files to the corresponding remote desktop or View Composer persistent disk in the datacenter. The default value is the No replication setting.
VMware View Administrator's Guide You use the Microsoft Windows Group Policy Object Editor to manage group policy settings. The Group Policy Object Editor is a Microsoft Management Console (MMC) snap-in. The MMC is part of the Microsoft Group Policy Management Console (GPMC). See the Microsoft TechNet Web site for information on installing and using the GPMC. Creating an OU for View Desktops You should create an organizational unit (OU) in Active Directory specifically for your View desktops.
Chapter 8 Configuring Policies Table 8-3. View ADM Template Files Template Name Template File Description VMware View Agent Configuration vdm_agent.adm Contains policy settings related to the authentication and environmental components of View Agent. VMware View Client Configuration vdm_client.adm Contains policy settings related to View Client configuration. Clients that connect from outside the View Connection Server host domain are not affected by policies applied to View Client.
VMware View Administrator's Guide Table 8-4. View Agent Configuration Template Settings (Continued) Setting Computer User ConnectionTicketTimeout X Specifies the amount of time in seconds that the View connection ticket is valid. View clients use a connection ticket for verification and single sign-on when connecting to View Agent. For security reasons, a connection ticket is valid for a limited amount of time.
Chapter 8 Configuring Policies -C C:\WINDOWS\system32\wscript.exe C:\Scripts\checking.vbs The total length of the string, including the -C or -c option, should not exceed 260 characters. Client System Information Sent to View Desktops When a user connects or reconnects to a View desktop, the View client gathers information about the client system and View Connection Server sends that information to the desktop. View Agent writes the client computer information to the system registry path HKCU\Volatile En
VMware View Administrator's Guide Table 8-5. Client System Information (Continued) Registry Key Description Client Systems Supported ViewClient_Broker_Tunnel_URL The URL of the View Connection Server tunnel connection, if the tunnel connection is enabled. Windows Linux ViewClient_Broker_Remote_IP_Address The remote IP address of the client system. Windows Wyse Thin OS Linux ViewClient_TimeOffset_GMT The time offset from GMT in the form HH:MM.
Chapter 8 Configuring Policies Table 8-6. View Client Configuration Template: Scripting Definitions Setting Description Connect all USB devices to the desktop on launch Determines whether all of the available USB devices on the client system are connected to the desktop when the desktop is launched. Connect all USB devices to the desktop when they are plugged in Determines whether USB devices are connected to the desktop when they are plugged in to the client system.
VMware View Administrator's Guide Table 8-7. View Client Configuration Template: Security Settings Setting Computer Allow command line credentials X Determines whether user credentials can be provided with View Client command line options. If this setting is enabled, the smartCardPIN and password options are not available when users run View Client from the command line. This setting is enabled by default.
Chapter 8 Configuring Policies Table 8-7. View Client Configuration Template: Security Settings (Continued) Setting Computer User Description Enable Single Sign-On for smart card authentication X Determines whether single sign-on is enabled for smart card authentication. When single sign-on is enabled, View Client stores the encrypted smart card PIN in temporary memory before submitting it to View Connection Server. When single sign-on is disabled, View Client does not display a custom PIN dialog.
VMware View Administrator's Guide Table 8-8. View Client Configuration Administrative Template: RDP Settings Setting Description Audio redirection Determines whether audio information played on the View desktop is redirected. Select one of the following settings: Disable Audio Audio is disabled. Play VM (needed for VoIP USB Support) Audio plays within the View desktop. This setting requires a shared USB audio device to provide sound on the client.
Chapter 8 Configuring Policies Table 8-8. View Client Configuration Administrative Template: RDP Settings (Continued) Setting Description Enable Credential Security Service Provider Specifies whether the View desktop connection uses Network Level Authentication (NLA). In Windows Vista, remote desktop connections require NLA by default. If the guest operating system requires NLA for remote desktop connections, you must enable this setting or View Client will not be able to connect to the View desktop.
VMware View Administrator's Guide Table 8-9. View Client Configuration Template: General Settings Setting 150 Computer User Description Always on top X Determines whether the View Client window is always the topmost window. Enabling this setting prevents the Windows taskbar from obscuring a full-screen View Client window. This setting is enabled by default. Default Exit Behavior For Local Mode Desktops X Controls the default exit behavior of desktops that are running in local mode.
Chapter 8 Configuring Policies Table 8-9. View Client Configuration Template: General Settings (Continued) Setting Computer Tunnel proxy bypass address list X Specifies a list of tunnel addresses. The proxy server is not used for these addresses. Use a semicolon (;) to separate multiple entries. URL for View Client online help X Specifies an alternate URL from which View Client can retrieve help pages.
VMware View Administrator's Guide Table 8-11. View Common Configuration Template: Log Configuration Settings (Continued) Setting Properties Maximum debug log size in Megabytes Specifies the maximum size in megabytes that a debug log can reach before the log file is closed and a new log file is created. Log Directory Specifies the full path to the directory for log files. If the location is not writeable, the default location is used.
Chapter 8 Configuring Policies Setting Up Location-Based Printing The location-based printing feature maps printers that are physically near client systems to View desktops, enabling users to print to their local and network printers from their View desktops.
VMware View Administrator's Guide Configure the Location-Based Printing Group Policy To set up location-based printing, you configure the AutoConnect Location-based Printing for VMware View group policy setting. The group policy setting is a name translation table that maps printers to View desktops. Prerequisites n Verify that the Microsoft MMC and the Group Policy Object Editor snap-in are available on your Active Directory server or on the domain computer that you use to configure group policies.
Chapter 8 Configuring Policies Table 8-14. Translation Table Columns and Values Column Description IP Range A translation rule that specifies a range of IP addresses. To specify IP addresses in a specific range, use the following notation: ip_address-ip_address For example: 10.112.116.0-10.112.119.255 To specify all of the IP addresses in a specific subnet, use the following notation: ip_address/subnet_mask_bits For example: 10.112.0.0/16 Type an asterisk to match any IP address.
VMware View Administrator's Guide Table 8-15. Location-Based Printing Group Policy Setting Example IP Range Client Name Mac Address User/ User Group Printer Name Printer Driver * * * * PRINTER-1-CLR HP Color LaserJet 4700 PS IP_10.114.24.1 10.112.116.140-10.1 12.116.145 * * * PRINTER-2-CLR HP Color LaserJet 4700 PS IP_10.114.24.
Chapter 8 Configuring Policies Table 8-17. Terminal Services Policy Settings for Sessions Setting Description Set time limit for disconnected sessions Enabling this setting lets you set a time limit for disconnected sessions. Disconnected sessions are logged off after the specified time limit. Sets a time limit for active but idle Terminal Services sessions Enabling this setting lets you set a time limit for idle sessions. Idle sessions are logged off after the specified time limit.
VMware View Administrator's Guide 3 Type a name for the OU and click OK. The new OU appears in the left pane. 4 To add View desktops to the new OU: a Click Computers in the left pane. All the computer objects in the domain appear in the right pane. b Right-click the name of the computer object that represents the View desktop in the right panel and select Move. c Select the OU and click OK. The View desktop appears in the right pane when you select the OU.
Chapter 8 Configuring Policies Add View ADM Templates to a GPO To apply View component group policy settings to your View desktops, add their ADM template files to GPOs. Prerequisites n Create GPOs for the View component group policy settings and link them to the OU that contains your View desktops. n Verify that the Microsoft MMC and the Group Policy Object Editor snap-in are available on your Active Directory server. Procedure 1 Copy the View component ADM Template files from the install_directory\V
VMware View Administrator's Guide 4 In the right pane, right-click the GPO that you created for the group policy settings and select Edit. The Group Policy Object Editor window appears. 5 Expand the Computer Configuration folder and then expand the Administrative Templates, System, and Group Policy folders. 6 In the right pane, right-click User Group Policy loopback processing mode and select Properties.
Managing Linked-Clone Desktops 9 With View Composer, you can update linked-clone desktops, reduce the size of their operating system data, and rebalance the linked-clone virtual machines among disk drives. You also can manage the View Composer persistent disks associated with linked clones. n Reduce Linked-Clone Size with Desktop Refresh on page 161 A desktop refresh operation restores the operating system disk of each linked clone to its original state and size, reducing storage costs.
VMware View Administrator's Guide Procedure 1 In View Administrator, click Inventory > Pools. 2 Select the pool to refresh by double-clicking the pool ID in the left column. 3 Choose whether to refresh the whole pool or selected desktops. Option Action To refresh all desktops in the pool On the selected pool's page, click the Settings tab. To refresh selected desktops a b On the selected pool's page, click the Inventory tab. Select the desktops to refresh. 4 Click View Composer > Refresh.
Chapter 9 Managing Linked-Clone Desktops n A refresh preserves the unique computer information set up by QuickPrep or Sysprep. You do not need to rerun Sysprep after a refresh to restore the SID or the GUIDs of third-party software installed in the system drive. n After you recompose a linked clone, View Manager takes a new snapshot of the linked clone's OS disk. Future refresh operations restore the OS data to that snapshot, not the one originally taken when the linked clone was first created.
VMware View Administrator's Guide Prerequisites If you upgrade the parent virtual machine hardware to v7, deploy the linked clone pool on an ESX/ESXi 4.0 host or cluster. You cannot deploy the pool on a cluster with ESX/ESXi 4.0 hosts mixed with ESX/ESXi 3.5 hosts. Procedure 1 In vCenter Server, update the parent virtual machine for the recomposition. n Install OS patches or service packs, new applications, application updates, or make other changes in the parent virtual machine.
Chapter 9 Managing Linked-Clone Desktops n Decide whether to force all users to log off as soon as the recomposition begins or wait for each user to log off before recomposing that user's desktop. If you force users to log off, View Manager notifies users before they are disconnected and allows them to close their applications and log off. n Verify that provisioning for the pool is enabled.
VMware View Administrator's Guide Recompose Linked-Clone Desktops That Can Run in Local Mode You can recompose linked-clone desktops that can run in local mode. However, the desktops must be checked in or rolled back to the datacenter before the recompose operation can take place. Prerequisites n Familiarize yourself with the recomposition guidelines. See “Updating Linked Clones with Desktop Recomposition,” on page 166.
Chapter 9 Managing Linked-Clone Desktops You can schedule only one recomposition at a time for a given set of linked clones. Before you can schedule a new recomposition, you must cancel any previously scheduled task or wait until the previous operation is completed. Before you can start a new recomposition immediately, you must cancel any previously scheduled task. You can schedule multiple recompositions if they affect different linked clones.
VMware View Administrator's Guide Depending on the conditions of the incorrect recomposition, you might refresh or rebalance the linked clones instead of or in addition to recomposing them. NOTE If you do not configure View Composer persistent disks, all recompositions delete user-generated changes in the linked-clone desktops.
Chapter 9 Managing Linked-Clone Desktops Prerequisites n Familiarize yourself with the rebalance operation. See “Rebalancing Linked Clones Among Logical Drives,” on page 169. n Decide when to schedule the rebalance operation. By default, View Composer starts the operation immediately. You can schedule only one rebalance operation at a time for a given set of linked clones. You can schedule multiple rebalance operations if they affect different linked clones.
VMware View Administrator's Guide n You can rebalance a desktop pool on demand or as a scheduled event. You can schedule only one rebalance operation at a time for a given set of linked clones. If you start a rebalance operation immediately, the operation overwrites any previously scheduled task. You can schedule multiple rebalance operations if they affect different linked clones. Before you schedule a new rebalance operation, you must cancel any previously scheduled task.
Chapter 9 Managing Linked-Clone Desktops You can detach a persistent disk from its linked-clone desktop and store the disk on its original datastore or another datastore. After you detach the disk, the linked-clone virtual machine is deleted. A detached persistent disk is no longer associated with any desktop. You can use several methods to attach an detached persistent disk to another linked-clone desktop.
VMware View Administrator's Guide Attach a View Composer Persistent Disk to Another Linked-Clone Desktop You can attach a detached persistent disk to another linked-clone desktop. Attaching a persistent disk makes the user settings and information in the disk available to the user of the other desktop. You attach a detached persistent disk as a secondary disk on the selected linked-clone desktop.
Chapter 9 Managing Linked-Clone Desktops Procedure 1 In View Administrator, click Inventory > Persistent Disks 2 Select the persistent disk for which the user or pool has been deleted. 3 Click Edit. 4 (Optional) Select a linked-clone pool from the list. 5 (Optional) Select a user for the persistent disk. You can browse your Active Directory for the domain and username. What to do next Recreate a linked-clone desktop with the detached persistent disk.
VMware View Administrator's Guide Procedure 1 In View Administrator, click Inventory > Persistent Disks. 2 Click the Detached tab. 3 Click Import from vCenter. 4 Select a vCenter Server. 5 Select the datacenter where the disk file is located. 6 Select a linked-clone pool in which to create a new linked clone desktop with the persistent disk. 7 In the Persistent Disk File box, click Browse, click the down arrow, and select a datastore from the Choose a Datastore menu.
Managing Desktops and Desktop Pools 10 In View Administrator, you can manage desktop pools, virtual-machine desktops, and desktop sessions. This chapter includes the following topics: n “Managing Desktop Pools,” on page 175 n “Reducing Adobe Flash Bandwidth,” on page 180 n “Managing Virtual-Machine Desktops,” on page 182 n “Export View Information to External Files,” on page 187 Managing Desktop Pools You can edit, disable, and delete desktop pools in View Administrator.
VMware View Administrator's Guide Modifying Settings in an Existing Desktop Pool After you create a desktop pool, you can change certain configuration settings. Table 10-1. Editable Settings in an Existing Desktop Pool Configuration Tab Description General Edit pool-naming options. Pool Settings Edit desktop settings such as the remote desktop power policy, display protocol, and Adobe Flash settings. Provisioning Settings Edit pool-provisioning options and add desktops to the pool.
Chapter 10 Managing Desktops and Desktop Pools Change the Size of an Automated Pool Provisioned by a Naming Pattern When you provision an automated desktop pool by using a naming pattern, you can increase or decrease the size of the pool by changing the maximum number of desktops. Prerequisites n Verify that you provisioned the pool by using a naming pattern. If you specify desktop names manually, see “Add Desktops to an Automated Pool Provisioned by a List of Names,” on page 177.
VMware View Administrator's Guide Procedure 1 Create a text file that contains the list of additional desktop names. If you intend to add only a few desktops, you can type the desktop names directly in the Add Pool wizard. You do not have to create a separate text file. 2 In View Administrator, click Inventory > Pools. 3 Select the pool to be expanded. 4 Click Edit. 5 Click the Provisioning Settings tab. 6 Click Add Desktops.
Chapter 10 Managing Desktops and Desktop Pools Disable or Enable Provisioning in a Desktop Pool When you disable provisioning in a desktop pool, View Manager stops provisioning new virtual machines for the pool. After you disable provisioning, you can enable provisioning again. Before you change a pool's configuration, you can disable provisioning to ensure that no new desktops are created with the old configuration.
VMware View Administrator's Guide Procedure 1 In View Administrator, click Inventory > Pools. 2 Select a desktop pool and click Delete. 3 Choose how to delete the pool. Option Description Pool that contains full virtualmachine desktops Choose whether to keep or delete the virtual machines in vCenter Server. If you delete the virtual machines from disk, users in active sessions are disconnected from their desktops.
Chapter 10 Managing Desktops and Desktop Pools 3 Click the Pool Settings tab. 4 Select a quality mode from the Adobe Flash quality menu. 5 Select a throttling mode from the Adobe Flash throttling menu. 6 Click OK. NOTE Adobe Flash bandwidth-reduction settings do not take effect until View Client reconnects with the desktop. Adobe Flash Quality and Throttling You can specify a maximum allowable level of quality for Adobe Flash content that overrides Web page settings.
VMware View Administrator's Guide Configure Adobe Flash Throttling with Internet Explorer in Terminal Services Sessions To ensure that Adobe Flash throttling works with Internet Explorer in Terminal Services sessions, users must enable third-party browser extensions. Procedure 1 Start View Client and log in to a user's desktop. 2 In Internet Explorer, click Tools > Internet Options. 3 Click the Advanced tab, select Enable third-party browser extensions, and click OK. 4 Restart Internet Explorer.
Chapter 10 Managing Desktops and Desktop Pools Option Description Reset Shuts down the desktop and restarts the session without a graceful logoff and disconnection. Send Message Lets you type a message that is displayed on the user's desktop. Assign a Desktop to a User In a dedicated-assignment pool, you can assign a user to be the owner of a desktop. Only the assigned user can log in and connect to the desktop. View Manager assigns desktops to users in these situations.
VMware View Administrator's Guide Procedure 1 In View Administrator, click Inventory > Desktops or click Inventory > Pools, double-click a pool ID, and select the Inventory tab. 2 Select the desktop. 3 Click More Commands > Unassign User. 4 Click OK. The desktop is available and can be assigned to another user. Customize Existing Desktops in Maintenance Mode After a desktop pool is created, you can customize, modify, or test individual desktops by placing them in maintenance mode.
Chapter 10 Managing Desktops and Desktop Pools What to do next You can click a desktop name to see details about the desktop or click the View Administrator back arrow to return to the dashboard page. Desktop Status of Virtual Machines Virtual-machine desktops that are managed by vCenter Server can be in various states of operation and availability. In View Administrator, you can track the status of desktops in the right-hand column of the desktop-list page.
VMware View Administrator's Guide Table 10-5. Status of Virtual-Machine Desktops That Are Managed by vCenter Server (Continued) Status Type of State Description Error Miscellaneous An unknown error occurred in the virtual machine. – Miscellaneous A failure occurred when the virtual machine was in any of the preceding states. While a desktop is in a particular state, it can be subject to further conditions. View Administrator displays these conditions as suffixes to the desktop state.
Chapter 10 Managing Desktops and Desktop Pools Procedure 1 In View Administrator, click Inventory > Desktops. 2 Select one or more desktops and click Remove. 3 Choose how to delete the desktops. Option Description Pool that contains full virtualmachine desktops Choose whether to keep or delete the virtual machines in vCenter Server. If you delete the virtual machines from disk, users in active sessions are disconnected from their desktops.
VMware View Administrator's Guide 3 Type a filename for the csv file in the Select location for download dialog. The default filename is global_table_data_export.csv. 4 Browse to a location to store the file. 5 Click Save. What to do next Open a spreadsheet or another tool to view the csv file. 188 VMware, Inc.
Managing Physical Computers and Terminal Servers 11 In View Administrator, you can add, remove, and unregister View desktops that are not managed by vCenter Server. Unmanaged desktop sources include virtual machines that are not managed by vCenter Server, physical computers, blade PCs, and Microsoft Terminal Services sources. NOTE When you reconfigure a setting that affects an unmanaged desktop source, it can take up to 10 minutes for the new setting to take effect.
VMware View Administrator's Guide Remove an Unmanaged Desktop Source from a Pool You can reduce the size of a manual desktop pool that uses unmanaged desktop sources by removing desktop sources from the pool. Procedure 1 In View Administrator, click Inventory > Pools. 2 Double-click a pool ID and select the Inventory tab. 3 Select the desktop sources to remove. 4 Click Remove.
Chapter 11 Managing Physical Computers and Terminal Servers Unregister an Unmanaged Desktop Source All desktop sources that vCenter Server manages are registered when you install View Agent. You can unregister only unmanaged desktop sources. Unmanaged desktop sources include virtual machines that are not managed by vCenter Server, physical computers, blade PCs, and Terminal Services sources. When you unregister a desktop source, it becomes unavailable in View Manager.
VMware View Administrator's Guide 192 VMware, Inc.
Managing ThinApp Applications in View Administrator 12 You can use View Administrator to distribute and manage applications packaged with VMware ThinApp™. Managing ThinApp applications in View Administrator involves capturing and storing application packages, adding ThinApp applications to View Administrator, and assigning ThinApp applications to desktops and pools. You must have a license to use the ThinApp management feature in View Administrator.
VMware View Administrator's Guide Capturing and Storing Application Packages ThinApp provides application virtualization by decoupling an application from the underlying operating system and its libraries and framework and bundling the application into a single executable file called an application package.
Chapter 12 Managing ThinApp Applications in View Administrator What to do next Create a Windows network share to store the MSI packages. Create a Windows Network Share You must create a Windows network share to host the MSI packages that are distributed to View desktops and pools in View Administrator. Prerequisites n Use the ThinApp Setup Capture wizard to package the applications. n Verify that the network share meets View requirements for storing ThinApp applications.
VMware View Administrator's Guide Add ThinApp Applications to View Administrator You add ThinApp applications to View Administrator by scanning an application repository and selecting ThinApp applications. After you add a ThinApp application to View Administrator, you can assign it to desktops and pools. Prerequisites Register an application repository with View Administrator. Procedure 1 In View Administrator, select Inventory > ThinApps. 2 On the Summary tab, click Scan New ThinApps.
Chapter 12 Managing ThinApp Applications in View Administrator Procedure 1 In View Administrator, select Inventory > ThinApps and click New Template. 2 Type a name for the template and click Add. All of the available ThinApp applications appear in the table. 3 To find a particular ThinApp application, type the name of the application in the Find text box and click Find. 4 Select the ThinApp applications that you want to include in the template and click Add.
VMware View Administrator's Guide n Review ThinApp Application Assignments on page 202 You can review all of the desktops and pools that a particular ThinApp application is currently assigned to. You can also review all of the ThinApp applications that are assigned to a particular desktop or pool. n Display MSI Package Information on page 203 After you add a ThinApp application to View Administrator, you can display information about its MSI package.
Chapter 12 Managing ThinApp Applications in View Administrator 3 Select the desktops that you want to assign the ThinApp application to and click Add. You can press Ctrl+click or Shift+click to select multiple desktops. 4 Select an installation type and click OK. Option Action Streaming Installs a shortcut to the application on the desktop. The shortcut points to the application on the network share that hosts the repository. Users must have access to the network share to run the application.
VMware View Administrator's Guide Prerequisites Scan an application repository and add selected ThinApp applications to View Administrator. See “Add ThinApp Applications to View Administrator,” on page 196. Procedure 1 Select Inventory > ThinApps and select the ThinApp application. 2 From the Add Assignment drop-down menu, select Pools. The pools that the ThinApp application is not already assigned to appear in the table.
Chapter 12 Managing ThinApp Applications in View Administrator 4 Select a ThinApp application to assign to the pool and click Add. Repeat this step to select multiple applications. 5 Select an installation type and click OK. Option Action Streaming Installs a shortcut to the application on the desktop. The shortcut points to the application on the network share that hosts the repository. Users must have access to the network share to run the application.
VMware View Administrator's Guide When you assign a ThinApp template to a desktop, View Administrator begins installing the applications in the template a few minutes later. When you assign a ThinApp template to a pool, View Administrator begins installing the applications in the template the first time a user logs in to a desktop in the pool. After the installation is finished, the applications are available to all of the users of the desktop or pool.
Chapter 12 Managing ThinApp Applications in View Administrator Table 12-1. ThinApp Application Installation Status (Continued) Status Description Pending Install View Administrator is attempting to install the ThinApp application. You cannot unassign an application that has this status. NOTE This value does not appear for desktops in pools. Pending Uninstall View Administrator is attempting to uninstall the ThinApp application.
VMware View Administrator's Guide Remove a ThinApp Application Assignment from Multiple Desktops You can remove an assignment to a particular ThinApp application from one or more desktops. Prerequisites Notify the users of the desktops that you intend to remove the application. Procedure 1 Select Inventory > ThinApps and double-click the name of the ThinApp application. 2 On the Assignments tab, select a desktop and click Remove Assignment.
Chapter 12 Managing ThinApp Applications in View Administrator Procedure 1 Select Inventory > Pools and double-click the pool ID. 2 On the Inventory tab, click ThinApps, select the ThinApp application, and click Remove Assignment. Repeat this step to remove multiple applications. View Administrator uninstalls the ThinApp applications the first time a user logs in to a desktop in the pool.
VMware View Administrator's Guide Procedure 1 In View Administrator, select View Configuration > ThinApp Configuration and select the application repository. 2 Click Remove Repository. Monitoring and Troubleshooting ThinApp Applications in View Administrator View Administrator logs events that are related to ThinApp application management to the Events and Reporting database. You can view these events on the Events tab in View Administrator.
Chapter 12 Managing ThinApp Applications in View Administrator Cause Either the application packages are not in MSI format or the View Connection Server host cannot access the directories in the network share. Solution n Verify that the application packages in the application repository are in MSI format. n Verify that the network share meets View requirements for ThinApp applications. See “View Requirements for ThinApp Applications,” on page 193 for more information.
VMware View Administrator's Guide You can see the View Agent and View Connection Server log files for more information about the cause of the problem. View Agent log files are located on the desktop in drive:\Documents and Settings\All Users\Application Data\VMware\VDM\logs for Windows XP systems and drive:\ProgramData\VMware\VDM\logs for Windows 7 systems. View Connection Server log files are located on the View Connection Server host in the drive:\Documents and Settings\All Users\Application Data\VMware\
Chapter 12 Managing ThinApp Applications in View Administrator MSI Package Is Invalid View Administrator reports an invalid MSI package in an application repository. Problem View Administrator reports that an MSI package is invalid during a scanning operation. Cause Common causes of this problem include the following: n The MSI file is corrupted. n The MSI file was not created with ThinApp. n The MSI file was created with an unsupported version of ThinApp. You must use ThinApp version 4.6 or later.
VMware View Administrator's Guide 7 Decide whether to assign the ThinApp applications to desktops or pools. If you use a common naming convention for your desktops, you can use desktop assignments to quickly distribute applications to all of the desktops that use that naming convention. If you organize your pools by department or user type, you can use pool assignments to quickly distribute applications to specific departments or users.
Managing Local Desktops 13 To manage desktops that are used in local mode, you must set up the environment so that data is transferred when users check View desktops out to their local systems. You must also manage other tasks where data transfer occurs, such as desktop check-in, rollback, and backup, and set policies for which of these actions users can initiate.
VMware View Administrator's Guide View desktops in local mode behave in the same way as their remote desktop equivalents, yet can take advantage of local resources. Latency is eliminated, and performance is enhanced. Users can disconnect from their local View desktop and log in again without connecting to the View Connection Server. After network access is restored, or when the user is ready, the checked-out virtual machine can be backed up, rolled back, or checked in.
Chapter 13 Managing Local Desktops n For security reasons, you cannot access the host CD-ROM from within the View desktop. n Also for security reasons, you cannot copy and paste text or system objects such as files and folders between the local system and the View desktop.
VMware View Administrator's Guide 9 If you want desktops to run only in local mode so that users must always check out the desktop, set the Remote Mode policy to Deny. In View Administrator, go to the Policies tab for that pool. 10 Direct end users to install View Client with Local Mode on their local systems.
Chapter 13 Managing Local Desktops What to do next If you want to prevent end users from checking the desktop in again, set the User-initiated check in policy to Deny. If you want to prevent end users from rolling the desktop back, set the User-initiated rollback policy to Deny.
VMware View Administrator's Guide Best Practices for Deploying Local Desktops Best-practice recommendations address questions about the memory, processing power, and number of the various components that affect a local mode deployment. General Recommendations for Most Deployments Virtual machine configuration Desktops that run in local mode automatically adjust the amount of memory and processing power they use based on that available from the client computer.
Chapter 13 Managing Local Desktops Small Deployment with Minimal Capital Expenditure You can reduce the number of ESX servers required for your deployment if you increase the number of virtual machines on each server. An ESX 4.1 server can host up to 500 virtual machines if most are not powered on at the same time. Use the following recommendations to reduce the amount of bandwidth and I/O operations required by each virtual machine and maximize the number of virtual machines on an ESX server.
VMware View Administrator's Guide Add View Transfer Server to View Manager View Transfer Server works with View Connection Server to transfer files and data between local desktops and the datacenter. Before View Transfer Server can perform these tasks, you must add it to your View Manager deployment. You can add multiple View Transfer Server instances to View Manager. The View Transfer Server instances access one common Transfer Server repository.
Chapter 13 Managing Local Desktops Remove View Transfer Server from View Manager When you remove all instances of View Transfer Server from View Manager, you cannot check out, check in, or replicate data for local desktops. When you remove a View Transfer Server instance that is actively performing transfers, the active transfer operations are paused. Local desktop sessions show the transfer status as paused.
VMware View Administrator's Guide 4 If transfers are currently active, choose whether to cancel the active transfers or wait until the active transfers are completed before placing View Transfer Server in maintenance mode. If you cancel active transfers, View Transfer Server enters maintenance mode immediately. If you allow active transfers to finish, View Transfer Server enters a Pending state. When the transfers are completed, it enters maintenance mode. 5 Click OK.
Chapter 13 Managing Local Desktops Table 13-1. View Transfer Server States During Normal Operations (Continued) Status Description Maintenance mode Active data transfers are suspended. Users cannot initiate new transfers. Scheduled, pending transfers cannot take place. View Transfer Server cannot publish packages to the Transfer Server repository. Initializing Transfer Server repository View Transfer Server is initializing the Transfer Server repository.
VMware View Administrator's Guide When a user checks out a linked-clone desktop for the first time, View Transfer Server performs two operations: n Downloads the base image from the Transfer Server repository to the local computer. n Downloads the remote linked-clone desktop from the datacenter to the local computer. The desktop consists of the linked clone's OS delta disk and a View Composer persistent disk.
Chapter 13 Managing Local Desktops If you plan to add multiple View Transfer Server instances to this View Manager deployment, configure the Transfer Server repository on a network share. Other View Transfer Server instances cannot access a Transfer Server repository that is configured on a local drive on one View Transfer Server instance. If you configure a remote Transfer Server repository on a network share, you must provide a user ID with credentials to access the network share.
VMware View Administrator's Guide 6 Type the Transfer Server repository location and other information. Option Description Network Share n n n n Local File System 7 Path. Type the UNC path that you configured. Username. Type the user ID of an administrator with credentials to access the network share. Password. Type the administrator password. Domain. Type the domain name of the network share in NetBIOS format. Do not use the .com suffix.
Chapter 13 Managing Local Desktops The publication process can take time. Click the refresh icon on the Transfer Repository page to display the percent of the operation that is completed. View Transfer Server can download the published View Composer base image to local desktops. Delete a Package File from the Transfer Server Repository View Transfer Server stores View Composer base images as package files in the Transfer Server repository.
VMware View Administrator's Guide Procedure 1 Configure a local or remote destination folder to which you will migrate the Transfer Server repository. Option Action Local Transfer Server repository On the virtual machine where View Transfer Server is installed, create a path and folder for the Transfer Server repository. For example: C:\TransferRepository\ Remote Transfer Server repository Configure a UNC path for the network share. For example: \\server.domain.com\TransferRepository\ All View Transf
Chapter 13 Managing Local Desktops Recover from a Corrupted Transfer Server Repository Folder If the network-shared folder or local folder on which the Transfer Server repository is configured becomes corrupted, you must recreate the Transfer Server repository on a functioning folder. This situation occurs if the network share or local drive is inaccessible and you cannot access the Transfer Server package files that are stored in the configured folder.
VMware View Administrator's Guide When you initiate a replication, or when a replication is scheduled to begin, the request starts the next time the client computer contacts the datacenter. View Client with Local Mode takes a snapshot and starts the replication. View maintains only one pending replication at a time. NOTE At the beginning and end of each replication, the end user might notice that desktop performance is affected for a few seconds while a local snapshot is taken or updated.
Chapter 13 Managing Local Desktops Procedure n Set the Target replication frequency. This policy specifies the interval in days, hours, or minutes between the start of one replication and the start of the next replication. You can prohibit scheduled replications by selecting No replication. The No replication policy does not prohibit explicit replication requests.
VMware View Administrator's Guide 4 5 Choose whether to start the replication at the next connection between the local desktop and the datacenter. Option Description Yes Starts the replication the next time View Client is running and the desktop contacts the datacenter. No Cancels your replication request. If you requested a replication previously and it has not started yet, you can select No to cancel the pending replication. Click OK.
Chapter 13 Managing Local Desktops What to do next To clean up the files on the end user's computer, have the end user delete the local mode directory for this desktop. See “Delete a Local Desktop,” on page 231. For information about checking out a View desktop for use in local mode, see the View Installation Guide. Delete a Local Desktop When you roll back a local desktop or uninstall View Client, the files that make up a local desktop on that client computer are not deleted or cleaned up.
VMware View Administrator's Guide Procedure 1 In View Administrator, click View Configuration > Servers. 2 In the View Servers panel, select a View Connection Server instance and click Edit. 3 Select security and optimization settings for data transfers and local desktop operations.
Chapter 13 Managing Local Desktops The SSL settings do not affect local data on the client computers, which is always encrypted. Table 13-4. Using Secure, Tunneled Connection and SSL for Local Desktop Operations Setting Description Use secure tunnel connection for Local Mode operations Local desktops use tunneled communications. Network traffic is routed through View Connection Server or a security server if one is configured.
VMware View Administrator's Guide Change the Encryption Key Cipher for an Existing Local Desktop To change the encryption key cipher for an existing local desktop, you edit the pae-VM record for the local desktop in View LDAP on your View Connection Server host. You use the ADSI Edit utility to modify View LDAP. The ADSI Edit utility is installed with View Connection Server.
Chapter 13 Managing Local Desktops When a local desktop is checked in or replicated, View Transfer Server transfers the data that was generated on the local desktop since the last check out or replication. You can estimate the potential size of a data transfer if you know how long the desktop has been generating new data.
VMware View Administrator's Guide Guest File System Optimization of Data Transfers During transfer operations, View Transfer Server reduces the amount of data that must be sent over the network by taking advantage of guest file system optimization. When a desktop virtual machine contains a primary NTFS partition, View Transfer Server transfers the blocks that are allocated by NTFS. Unallocated blocks are not transferred. This strategy minimizes the total number of blocks to be transferred.
Chapter 13 Managing Local Desktops You can change the defaults and specify the scope of the setting. The setting can apply to all local desktops on the client or, depending on the setting, it can apply to a specific desktop or to all desktops from a specific View Connection Server instance that a specific user is entitled to use on the client. To change these defaults, you must configure Windows registry settings.
VMware View Administrator's Guide Procedure n To override the default behavior so that the local desktop uses only the amount of memory configured in vCenter Server, create and deploy a GPO to add one of the following registry keys and set the key to 1. Scope of Setting Path Client-wide HKCU\Software\VMware, Inc.\VMware VDM\Client \disableOfflineDesktopMemoryScaleup Broker and user specific HKCU\Software\VMware, Inc.\VMware VDM\Client\broker_guid \remote_user_sid\disableOfflineDesktopMemoryScaleup T
Chapter 13 Managing Local Desktops The settings go into effect when the local desktop is powered on, except in the case of the setting that allows the reported required memory to be less than that set on vCenter Server. That setting is read only when the desktop is checked out. Change the Network Type from NAT to Bridged By default, the virtual network type of a View desktop changes to NAT (network address translation) when the desktop is checked out for use on a local system.
VMware View Administrator's Guide Procedure u To override the default behavior so that the local desktop uses bridged networking, create and deploy a GPO to add one of the following registry keys and set the key to 1. Scope of Setting Path Client-wide HKCU\Software\VMware, Inc.\VMware VDM\Client \offlineDesktopUseBridgedNetworking Connection Server and user specific HKCU\Software\VMware, Inc.\VMware VDM\Client\broker_guid \remote_user_sid\offlineDesktopUseBridgedNetworking Desktop-specific HKCU\Sof
Chapter 13 Managing Local Desktops Configure View Connection Server to Support HTTP Caching of View Composer Base Images To allow a caching proxy server to pass on View Composer base images and other data between local desktops and the datacenter, you must configure certain settings in View Connection Server.
VMware View Administrator's Guide Procedure 1 Start a Windows command prompt on your View Connection Server computer. 2 Type the vdmadmin command with the -T option. vdmadmin -T [-packagelimit size_in_bytes] By default, the path to the vdmadmin command executable file is C:\Program Files\VMware\VMware View \Server\tools\bin. Example 13-1. Setting a Package File Size Limit Set the package-file split limit to 10KB. vdmadmin -T -packagelimit 10240 Display the current package-file split limit.
Chapter 13 Managing Local Desktops Configure a Proxy Server to Cache View Composer Base Images When you set up a proxy server to support HTTP caching for local desktops, you must configure the capacity of the cache and the HTTP connection method. Prerequisites n Verify the size limit of base-image package files that you set with the vdmadmin -T command. See “Limit the Size of Base-Image Package Files to Allow Caching,” on page 241. n Determine whether you use SSL for local mode operations.
VMware View Administrator's Guide Prerequisites See the Microsoft TechNet Web site for information on how to use the ADSI Edit utility on your Windows Server operating system version. Procedure 1 Start the ADSI Edit utility on your View Connection Server host. 2 Select or connect to DC=vdi, DC=vmware, DC=int. 3 On the object CN=Common, OU=Global, OU=Properties, set the pae-mVDIOfflineUpdateFrequency attribute to the new heartbeat interval in minutes. You must type a positive integer.
Chapter 13 Managing Local Desktops Manually Downloading a Local Desktop to a Location with Poor Network Connections For users on a network that has extremely low bandwidth, checking out a desktop can be prohibitive because you must download several gigabytes of data. To serve these users, you can download the desktop files manually and copy the files to the client computers. For example, a user might work at home in a rural location with a dial-up network connection.
VMware View Administrator's Guide 3 Verify that the desktop pool is associated with this package. 4 Locate the Repository path, including the package ID. For example: \\mycomputer.com\ImageRepository\Published\f222434a-e52a-4ce3-92d1-c14122fca996 5 Copy the package contents from the Transfer Server repository to the portable device. You must copy the entire package directory to the portable device.
Chapter 13 Managing Local Desktops Procedure 1 Log in to the Windows 7 guest operating system, click the Libraries icon, and navigate to the check-out directory. 2 Right-click the check-out directory and click Properties. 3 Click the Security tab and click Edit. 4 In the Group or user names list, select the name of the user who will check out the desktop. If the user name is not in the list, click Add and add the user name. 5 Check Full control in the Allow column and click OK.
VMware View Administrator's Guide Troubleshooting View Transfer Server and Local Desktop Operations Troubleshooting tips are available for common View Transfer Server and local desktop operations. n Check-Out Fails with "No Available Transfer Server" Error on page 249 When users try to check out desktops, the operations fail and an error message, No available Transfer Server, is displayed.
Chapter 13 Managing Local Desktops Check-Out Fails with "No Available Transfer Server" Error When users try to check out desktops, the operations fail and an error message, No available Transfer Server, is displayed. Problem The check-out can fail when the operation is approximately 10% complete, before View Transfer Server begins transferring data to the client computer. The check-out can also fail later in the process.
VMware View Administrator's Guide When end users attempt to check out the desktop again, only changed files are downloaded. The new files that get downloaded use a new encryption key, but the old files already on the local machine use the old encryption key, which View Connection Server no longer has. Solution u End users must delete all local desktop files before checking the desktop out again. The folder resides in the local desktop check-out directory.
Chapter 13 Managing Local Desktops Solution n Verify that View Transfer Server is installed on the virtual machine. n Verify that the View Transfer Server services are running. a On the View Transfer Server virtual machine, open the Control Panel > Administrative Tools > Services dialog box. b Make sure that the VMware View Transfer Server Service, VMware View Transfer Server Control Service, and VMware View Framework Component services are started.
VMware View Administrator's Guide View Transfer Server Cannot Connect to the Transfer Server Repository In View Administrator, View Transfer Server displays a status of Repository Connection Error. Problem View Transfer Server cannot connect to the Transfer Server repository that is configured in View Connection Server. Cause The Transfer Server repository configuration is invalid. If the repository is configured on a network share, the network path or credentials are invalid.
Chapter 13 Managing Local Desktops n Verify that the View Connection Server machine can ping the View Transfer Server IP address. n Verify that the View Transfer Server virtual machine satisfies the recommended system configuration. See the View Transfer Server system requirements in the VMware View Installation Guide. The Transfer Server Repository Is Missing In View Administrator, View Transfer Server displays a status of Missing Transfer Server Repository.
VMware View Administrator's Guide The View Transfer Server Web Service Is Down In View Administrator, View Transfer Server displays a status of Web Server Down. Problem View Transfer Server cannot download packages from the Transfer Server repository and cannot transfer other desktop data to local desktops. Cause The Apache2.2 Web service that supports the Transfer Server repository is not running.
Chapter 13 Managing Local Desktops Depending on how much data you want to recover, you can choose to decrypt either the full virtual machine or one of its constituent disks. The decryption process is faster if you decrypt a single disk. Prerequisites n Verify that you cannot roll back the local desktop without data being lost. n Verify that the data in the local desktop has not been replicated or saved in another location.
VMware View Administrator's Guide Example 13-2. Decrypting Virtual Machine Files Decrypt a full virtual machine by specifying its VMX file. vdmadmin -V -rescue -d lmdtpool -u MYCORP\jo -infile "J:\Temp\LMDT_Recovery \CN=lmdtpool,OU=Applications,DC=mycorp,DC=com.vmx" List the files that are available for the scsi00 disk of a local desktop's virtual machine. J:\Temp\LMDT_Recovery>dir /b *scsi00* 52e52b7c26a2f683-42b945f934e0fbb2-scsi00-000001.vmdk 52e52b7c26a2f683-42b945f934e0fbb2-scsi00-000001-s001.
Maintaining View Components 14 To keep your View components available and running, you can perform a variety of maintenance tasks.
VMware View Administrator's Guide If View Connection Server uses multiple vCenter Server instances with multiple View Composer services, View Manager backs up all the View Composer databases associated with the vCenter Server instances. You can perform backups in several ways. n Schedule automatic backups by using the View Manager Configuration Backup feature. n Initiate a backup immediately by using the Backup Now feature in View Administrator.
Chapter 14 Maintaining View Components View Manager Configuration Backup Settings View Manager can back up your View Connection Server and View Composer configuration data at regular intervals. In View Administrator, you can set the frequency and other aspects of the backup operations. Table 14-1. View Manager Configuration Backup Settings Setting Description Automatic backup frequency Every Hour. Backups take place every hour on the hour. Every 6 Hours.
VMware View Administrator's Guide Procedure 1 Select Start > Command Prompt. 2 At the command prompt, type the vdmexport command and redirect the output to a file. For example: vdmexport > Myexport.LDF You can specify the output file name as an argument to the -f parameter. For example: vdmexport -f Myexport.LDF The vdmexport command writes your View Connection Server configuration data to the specified LDIF file. For more information about the vdmexport command, see the VMware View Integration Guide.
Chapter 14 Maintaining View Components Procedure 1 Select Start > Command Prompt. 2 At the command prompt, type the vdmimport command and specify an existing LDIF file as the argument to the -f parameter. For example: vdmimport -f Myexport.LDF The vdmimport command updates the View LDAP repository in View Connection Server with the configuration data from the LDIF file. For more information about the vdmimport command, see the VMware View Integration Guide.
VMware View Administrator's Guide 4 Run the SviConfig restoredata command. sviconfig -operation=restoredata -DsnName=target_database_source_name_(DSN) -Username=database_administrator_username -Password=database_administrator_password -BackupFilePath=path_to_View_Composer_backup_file For example: sviconfig -operation=restoredata -dsnname=LinkedClone -username=Admin -password=Pass -backupfilepath="C:\Program Files\VMware\VMware View Composer\Backup-20090304000010-foobar_test_org.
Chapter 14 Maintaining View Components 3 n A yellow double arrow indicates that a component is in a warning state. n A question mark indicates that the status of a component is unknown. Click a component name. A dialog displays the name, version, status, and other component information. Monitor Desktop Status You can quickly survey the status of desktops in your View deployment by using the View Administrator dashboard.
VMware View Administrator's Guide Stop and Start View Services The operation of View Connection Server instances and security servers depends on several services that run on the system. You might sometimes find it necessary to stop and start these services manually when troubleshooting problems with the operation of VMware View. When you stop View services, end users cannot log in to their desktops.
Chapter 14 Maintaining View Components Table 14-3. View Connection Server Host Services (Continued) Service Name Startup Type Description VMware View Web Component Manual Provides web services for View Manager. This service must be running for the correct operation of View Manager. VMwareVDMDS Automatic Provides LDAP directory services for View Manager. This service must be running for the correct operation of View Manager.
VMware View Administrator's Guide Add Licenses to VMware View If the current licenses on a system expire, or if you want to access VMware View features that are currently unlicensed, you can use View Administrator to add licenses. You can add a license to VMware View while View Manager is running. You do not need to reboot the system, and access to desktops is not interrupted.
Chapter 14 Maintaining View Components The existing View Composer database must be configured on an available computer in the same domain as the computer on which you install the new View Composer service, or on a trusted domain. View Composer creates RSA key pairs to encrypt and decrypt authentication information stored in the View Composer database.
VMware View Administrator's Guide 3 Copy the keys.xml file to the destination computer on which you want to install the new View Composer service. 4 On the destination computer, open a command prompt and navigate to the %windir%\Microsoft.NET \Framework\v2.0xxxxx directory. 5 Type the aspnet_regiis command to migrate the RSA key pair data. aspnet_regiis -pi "SviKeyContainer" "path\keys.xml" where path is the path to the exported file.
Troubleshooting View Components 15 You can use a variety of procedures for diagnosing and fixing problems that you might encounter when using View Manager, View Composer, and View Client. Administrators might encounter unexpected behavior when using View Manager and View Composer, and users might experience difficulty when using View Client to access their desktops.
VMware View Administrator's Guide Monitoring System Health You can use the system health dashboard in View Administrator to quickly see problems that might affect the operation of View or access to desktops by end users.
Chapter 15 Troubleshooting View Components Table 15-1. Types of Event Reported by View Manager Event Type Description Audit Failure or Audit Success Reports the failure or success of a change that an administrator or user makes to the operation or configuration of VMware View. Error Reports a failed operation by View Manager. Information Reports normal operations within VMware View.
VMware View Administrator's Guide n If a desktop reports that it is ready, but does not accept connections, check the firewall configuration to make sure that the display protocol (RDP or PCoIP) is not blocked. See “Connection Problems Between Desktops and View Connection Server Instances,” on page 277. n If a desktop appears to be missing from a vCenter Server, verify whether its virtual machine is configured on the expected vCenter Server, or if it has been moved to another vCenter Server.
Chapter 15 Troubleshooting View Components n Collect Diagnostic Information for View Connection Server on page 274 You can use the support tool to set logging levels and generate log files for View Connection Server. n Collect Diagnostic Information for View Agent, View Client, or View Connection Server on page 275 If you have direct access to the console, you can use the support scripts to generate log files for View Connection Server, View Client, or desktops that are running View Agent.
VMware View Administrator's Guide Collect Diagnostic Information for View Composer You can use the View Composer support script to collect configuration data and generate log files for View Composer. This information helps VMware customer support diagnose any issues that arise with View Composer. Prerequisites Log in to the vCenter Server on which View Composer is installed. Because you must use the Windows Script Host utility (cscript) to run the support script, familiarize yourself with using cscript.
Chapter 15 Troubleshooting View Components 3 When you have collected enough information about the behavior of View Connection Server, select Start > All Programs > VMware > Generate View Connection Server Log Bundle. The support tool writes the log files to a folder called vdm-sdct on the desktop of the View Connection Server instance. 4 File a support request on the Support page of the VMware Web site and attach the output files.
VMware View Administrator's Guide 3 You can find the View Composer guest agent logs in the C:\Program Files\Common Files\VMware\View Composer Guest Agent svi-ga-support directory. 4 File a support request on the Support page of the VMware Web site and attach the output file. Update Support Requests You can update your existing support request at the Support Web site.
Chapter 15 Troubleshooting View Components Cause Connectivity problems between View Client and a View Connection Server instance can occur for different reasons. n Incorrect network proxy or firewall settings on View Client. n Lookup failure for the DNS name of the View Connection Server host when setting up a secure connection. Solution 1 Use a browser to access the View Connection Server instance by using HTTP or HTTPS.
VMware View Administrator's Guide Solution n At a command prompt on the desktop, type the nslookup command. nslookup CS_FQDN CS_FQDN is the fully qualified domain name (FQDN) of the View Connection Server host. If the command fails to return the IP address of the View Connection Server host, apply general network troubleshooting techniques to correct the DNS configuration.
Chapter 15 Troubleshooting View Components Cause The most likely cause of this problem is that you have insufficient permissions to access the customization specifications, or to create a pool. Another possible cause is that the customization specification has been renamed or deleted. Solution n Verify that you have sufficient permissions to access the customization specifications, and to create a pool.
VMware View Administrator's Guide Solution n Verify that the template is accessible. n Verify that the correct name and folder are specified for the template. n If a virtual machine image has been moved between ESX servers, move the virtual machine to the correct vCenter folder. n If a virtual machine image has been deleted, delete the entry for the virtual machine in View Administrator and recreate or restore the image.
Chapter 15 Troubleshooting View Components Solution n Verify that you have sufficient permissions to access the selected datastore. n Verify whether the disk on which the datastore is configured is full. n If the disk is full or the space is reserved, free up space on the disk, rebalance the available datastores, or migrate the datastore to a larger disk. Pool Provisioning Fails Due to vCenter Being Overloaded If vCenter is overloaded with requests, provisioning of a desktop pool can fail.
VMware View Administrator's Guide Solution n Delete the virtual machine to recover from a stuck customization. n If the disk is full, free up space on the disk or migrate the datastore to a larger disk. Troubleshooting USB Redirection Problems Various problems can arise with USB redirection in View Client. Problem USB redirection in View Client fails to make local devices available on the remote desktop, or some devices do not appear to be available for redirection in View Client.
Chapter 15 Troubleshooting View Components n Missing or disabled USB redirection drivers on the guest. n Missing or disabled USB redirection drivers or missing or disabled drivers for the device that is being redirected on the client. Solution n If available, use PCoIP instead of RDP as the desktop protocol. n If a redirected device remains unavailable or stops working after a temporary disconnection, remove the device, plug it in again, and retry the redirection.
VMware View Administrator's Guide Solution n Examine the customization script log. QuickPrep customization information is written to a log file in Windows temp directory: C:\Windows\Temp\vmware-viewcomposer-ga-new.log n Determine if the script timed out. View Composer terminates a customization script that takes longer than 20 seconds. The log file displays a message showing that the script has started and a later message indicating the timeout: 2010-02-21 21:05:47,687 [1500] INFO Ready [Ready.
Chapter 15 Troubleshooting View Components Table 15-2. View Composer Provisioning Errors (Continued) Error Description 4 Failed to back up a user's profile keys. The next time the user logs in to this linked-clone desktop after the recompose operation, the OS creates a new profile directory for the user. As a new profile is created, the user cannot not see the old profile data. 5 Failed to restore a user's profile.
VMware View Administrator's Guide Solution 1 Check the View Composer log for the following error message: 0x4f1: The system detected a possible attempt to compromise security. Please ensure that you can contact the server that authenticated you. By default, the View Composer log file is generated in the Windows Temp directory: C:\Windows\Temp \vmware-viewcomposer-ga-new.log 2 On the parent virtual machine, apply the Windows Server 2008 RODC compatibility update for Windows XP.
Using the vdmadmin Command 16 You can use the vdmadmin command line interface to perform a variety of administration tasks on a View Connection Server instance. You can use vdmadmin to perform administration tasks that are not possible from within the View Administrator user interface or to perform administration tasks that need to run automatically from scripts. For a comparison of the operations that are possible in View Administrator, View cmdlets, and vdmadmin, see the VMware View Integration Guide.
VMware View Administrator's Guide n Configuring Domain Filters Using the -N Option on page 298 You can use the vdmadmin command with the -N option to control the domains that View Manager makes available to end users. n Configuring Domain Filters on page 300 You can configure domain filters to limit the domains that a View Connection Server instance or security server makes available to end users.
Chapter 16 Using the vdmadmin Command n vdmadmin Command Authentication on page 289 You must run the vdmadmin command as a user who is in the Administrators role for a specified action to succeed. n vdmadmin Command Output Format on page 289 Some vdmadmin command options allow you to specify the format of the output information. n vdmadmin Command Options on page 289 You use the command options of the vdmadmin command to specify the operation that you want it to perform.
VMware View Administrator's Guide Table 16-2. Vdmadmin Command Options 290 Option Description -A Administers the information that a View Agent records in its log files. See “Configuring Logging in View Agent Using the -A Option,” on page 291. Overrides the IP address reported by a View Agent. See “Overriding IP Addresses Using the -A Option,” on page 292 -C Sets the name for a View Connection Server group. See “Setting the Name of a View Connection Server Group Using the -C Option,” on page 293.
Chapter 16 Using the vdmadmin Command Configuring Logging in View Agent Using the -A Option You can use the vdmadmin command with the -A option to configure logging by View Agent.
VMware View Administrator's Guide Examples Display the logging level of the Agent for the machine machine1 in the desktop pool dtpool2. vdmadmin -A -d dtpool2 -m machine1 -getloglevel Set the logging level of the View Agent for the machine machine1 in the desktop pool dtpool2 to debug. vdmadmin -A -d dtpool2 -m machine1 -setloglevel debug Display the list of View Agent log files for the machine machine1 in the desktop pool dtpool2.
Chapter 16 Using the vdmadmin Command Table 16-4. Options for Overriding IP Addresses (Continued) Option Description -override Specifies an operation for overriding IP addresses. -r Removes an overridden IP address. Examples Override the IP address for the machine machine2 in the desktop pool dtpool2. vdmadmin -A -override -i 10.20.54.165 -d dtpool2 -m machine2 Display the IP addresses that are defined for the machine machine2 in the desktop pool dtpool2.
VMware View Administrator's Guide Updating Foreign Security Principals Using the -F Option You can use the vdmadmin command with the -F option to update the foreign security principals (FSPs) of Windows users in Active Directory who are authorized to use a desktop. Syntax vdmadmin -F [-b authentication_arguments] [-u domain\user] Usage Notes If you trust domains outside of your local domains, you allow access by security principals in the external domains to the local domains' resources.
Chapter 16 Using the vdmadmin Command Table 16-5. Health Monitors (Continued) Monitor Description TSMonitor Monitors the health of transfer servers. VCMonitor Monitors the health of vCenter servers. If a component has several instances, View Manager creates a separate monitor instance to monitor each instance of the component. The command outputs all information about health monitors and monitor instances in XML format.
VMware View Administrator's Guide Options Table 16-7 shows the options that you can specify to list and display reports and views. Table 16-7. Options for Listing and Displaying Reports and Views Option Description -enddate yyyy-MM-dd-HH:mm:ss Specifies a upper limit for the date of information to be displayed. -list Lists the available reports and views. -report report Specifies a report. -startdate yyyy-MM-dd-HH:mm:ss Specifies a lower limit for the date of information to be displayed.
Chapter 16 Using the vdmadmin Command Table 16-8. Options for Assigning Dedicated Desktops Option Description -d desktop Specifies the name of the desktop pool. -m machine Specifies the name of the virtual machine. -r Removes an assignment to a specified user, or all assignments to a specified machine. -u domain\user Specifies the login name and domain of the user. Examples Assign the machine machine2 in the desktop pool dtpool1 to the user Jo in the CORP domain.
VMware View Administrator's Guide Table 16-9. Options for Displaying Information About Machines Option Description -d desktop Specifies the name of the desktop pool. -m machine Specifies the name of the virtual machine. -u domain\user Specifies the login name and domain of the user. Examples Display information about the underlying machine for the desktop in the pool dtpool2 that is assigned to the user Jo in the CORP domain and format the output as XML using ASCII characters. vdmadmin -M -u CORP\J
Chapter 16 Using the vdmadmin Command Table 16-10. Options for Configuring Domain Filters (Continued) Option Description -domains Specifies a domain filter operation. -exclude Specifies an operation on a exclusion list. -include Specifies an operation on an inclusion list. -list Displays the domains that are configured in the search exclusion list, exclusion list, and inclusion list on each View Connection Server instance and for the View Connection Server group.
VMware View Administrator's Guide View Manager limits the domain search on each View Connection Server host in the group to exclude the domains FARDOM and DEPTX. The characters (*) next to the exclusion list for CONSVR-1 indicates that View Manager excludes the YOURDOM domain from the results of the domain search on CONSVR-1. Display the domain filters in XML using ASCII characters.
Chapter 16 Using the vdmadmin Command Table 16-11. Types of Domain List Domain List Type Description Search exclusion list Specifies the domains that View Manager can traverse during an automated search. The search ignores domains that are included in the search exclusion list, and does not attempt to locate domains that the excluded domain trusts. You cannot exclude the primary domain from the search. Exclusion list Specifies the domains that View Manager excludes from the results of a domain search.
VMware View Administrator's Guide Display the currently active domains after including the YOURDOM and DEPTX domains. C:\ vdmadmin -N -domains -list -active Domain Information (CONSVR) =========================== Primary Domain: MYDOM Domain: MYDOM DNS:mydom.mycorp.com Domain: YOURDOM DNS:yourdom.mycorp.com Domain: DEPTX DNS:deptx.mycorp.com View Manager applies the include list to the results of a domain search.
Chapter 16 Using the vdmadmin Command Domain: Domain: Domain: Domain: YOURDOM DNS:yourdom.mycorp.com DEPTX DNS:deptx.mycorp.com DEPTY DNS:depty.mycorp.com DEPTZ DNS:deptz.mycorp.com Extend the search exclusion list to exclude the DEPTX domain and all its trusted domains from the domain search for all View Connection Server instances in a group. Also, exclude the YOURDOM domain from being available on CONSVR-1.
VMware View Administrator's Guide Primary Domain: MYDOM Domain: MYDOM DNS:mydom.mycorp.com Domain: YOURDOM DNS:yourdom.mycorp.com Displaying the Desktops and Policies of Unentitled Users Using the -O and -P Options You can use the vdmadmin command with the -O and -P options to display the desktops and policies that are assigned to users who are no longer entitled to use the system.
Chapter 16 Using the vdmadmin Command Examples Display the desktops that are assigned to unentitled users, grouped by desktop in text format. vdmadmin -O -ld Display desktops that are assigned to unentitled users, grouped by user, in XML format using ASCII characters. vdmadmin -O -lu -xml -n Apply your own stylesheet C:\tmp\unentitled-users.xsl and redirect the output to the file uu-output.html. vdmadmin -O -lu -xml -xsltpath "C:\tmp\unentitled-users.xsl" > uu-output.
VMware View Administrator's Guide When you add a client in kiosk mode, View Manager creates a user account for the client in Active Directory. If you specify a name for a client, this name must start with the characters "Custom-" and it cannot be more than 20 characters long. You should use each specified name with no more than one client device. If you do not specify a name for a client, View Manager generates a name from the MAC address that you specify for the client device.
Chapter 16 Using the vdmadmin Command Table 16-14. Options for Configuring Clients in Kiosk Mode (Continued) Option Description -genpassword Generates a password for the client's account. This is the default behavior if you do not specify either -password or -genpassword. -getdefaults Gets the default values that are used for adding client accounts. -group group_name Specifies the name of the default group to which client accounts are added.
VMware View Administrator's Guide Add an account for a client specified by its MAC address to the MYORG domain, and use an automatically generated password. vdmadmin -Q -clientauth -add -domain MYORG -clientid 00:10:db:ee:76:80 -genpassword -ou "OU=kioskou,DC=myorg,DC=com" -group kc-grp Add an account for a named client, and specify a password to be used with the client.
Chapter 16 Using the vdmadmin Command Common Name : CONSVR2 Client Authentication Enabled : true Password Required : false Displaying the First User of a Desktop Using the -R Option You can use the vdmadmin command with the -R option to find out the initial assignment of a managed desktop. For example, in the event of the loss of LDAP data, you might need this information so that you can reassign desktops to users.
VMware View Administrator's Guide Examples Remove the entry for the View Connection Server instance connsvr3. vdmadmin -S -r -s connsvr3 Setting the Split Limit for Publishing View Transfer Server Packages Using the -T Option You can use the vdmadmin command with the -T option to set the split limit for publishing View Transfer Server packages. You might want to specify a split limit if you use a proxy cache that defines a maximum object size for its cache.
Chapter 16 Using the vdmadmin Command n ThinApp assignments. n Administrator roles including the administrative rights of a user and the folders in which they have those rights. Options The -u option specifies the name and domain of the user. Examples Display information about the user Jo in the CORP domain in XML using ASCII characters. vdmadmin -U -u CORP\Jo -n -xml Decrypting the Virtual Machine of a Local Desktop Using the -V Option VMware View secures the virtual machine of a local desktop by en
VMware View Administrator's Guide Examples Decrypt a full virtual machine by specifying its VMX file. vdmadmin -V -rescue -d lmdtpool -u MYCORP\jo -infile "J:\Temp\LMDT_Recovery \CN=lmdtpool,OU=Applications,DC=mycorp,DC=com.vmx" Decrypt the current version of the virtual machine's scsi00 disk by specifying its VMDK file. vdmadmin -V -rescue -d lmdtpool -u MYCORP\jo -infile "J:\Temp\LMDT_Recovery \52e52b7c26a2f683-42b945f934e0fbb2-scsi00-000001.
Chapter 16 Using the vdmadmin Command Examples Unlock the virtual machines machine 1 and machine2 in desktop pool dtpool3. vdmadmin -V -e -d dtpool3 -m machine1 -m machine2 Unlock the virtual machine for a View Transfer Server instance on a vCenter Server. vdmadmin -V -e -vcdn "CN=f1060058dde2-4940-947b-5d83757b1787,OU=VirtualCenter,OU=Properties,DC=myorg,DC=com" -vmpath "/ DataCenter1/vm/Desktops/LocalMode/LDwin7" Lock the virtual machine machine3 in desktop pool dtpool3.
VMware View Administrator's Guide 314 VMware, Inc.
Setting Up Clients in Kiosk Mode 17 You can set up unattended clients that can obtain access to their desktops from VMware View. A client in kiosk mode is a thin client or a lock-down PC that runs View Client to connect to a View Connection Server instance and launch a remote session. End users do not typically need to log in to access the client device, although the desktop might require them to provide authentication information for some applications.
VMware View Administrator's Guide Configure Clients in Kiosk Mode To configure Active Directory and View Manager to support clients in kiosk mode, you must perform several tasks in sequence. Prerequisites Verify that you have the privileges required to perform the configuration tasks. n Domain Admins or Account Operators credentials in Active Directory to make changes to the accounts of users and groups in a domain.
Chapter 17 Setting Up Clients in Kiosk Mode Procedure 1 In Active Directory, create a separate organizational unit and group to use with clients in kiosk mode. You must specify a pre-Windows 2000 name for the group. You use this name to identify the group to the vdmadmin command. 2 Create the image or template for the guest virtual machine.
VMware View Administrator's Guide Procedure u Set the default values for clients. vdmadmin -Q -clientauth -setdefaults [-b authentication_arguments] [-ou DN] [ -expirepassword | -noexpirepassword ] [-group group_name | -nogroup] Option Description -expirepassword Specifies that the expiry time for passwords on the client accounts is the same as for the View Connection Server group. If no expiry time is defined for the group, passwords do not expire.
Chapter 17 Setting Up Clients in Kiosk Mode Procedure u To display the MAC address, type the appropriate command for your platform. Option Action Windows Enter C:\Program Files\VMware\VMware View\Client\bin\wswc printEnvironmentInfo View Client uses the default View Connection Server instance that you configured for it. If you have not configured a default value, View Client prompts you for the value. The command displays the IP address, MAC address, and machine name of the client device.
VMware View Administrator's Guide Option Description -expirepassword Specifies that the expiry time for the password on the client's account is the same as for the View Connection Server group. If no expiry time is defined for the group, the password does not expire. -genpassword Generates a password for the client's account. This is the default behavior if you do not specify either -password or -genpassword.
Chapter 17 Setting Up Clients in Kiosk Mode Procedure u Enable authentication of clients on a View Connection Server instance. vdmadmin -Q -enable [-b authentication_arguments] -s connection_server [-requirepassword] Option Description -requirepassword Specifies that you require clients to provide passwords. IMPORTANT If you specify this option, the View Connection Server instance cannot authenticate clients that have automatically generated passwords.
VMware View Administrator's Guide Example 17-5. Displaying Information for Clients in Kiosk Mode Display information about clients in text format. Client cm-00_0c_29_0d_a3_e6 has an automatically generated password, and does not require an end user or an application script to specify this password to View Client. Client cm-00_22_19_12_6d_cf has an explicitly specified password and requires the end user to provide this.
Chapter 17 Setting Up Clients in Kiosk Mode Procedure u To connect to a remote session, type the appropriate command for your platform. Option Description Windows Enter C:\Program Files\VMware\VMware View\Client\bin\wswc unattended [-serverURL connection_server] [-userName user_na me] [-password password] Linux -password password Specifies the password for the client's account. If you defined a password for the account, you must specify this password.
VMware View Administrator's Guide 324 VMware, Inc.
Running View Client from the Command Line 18 You can run View Client for Windows from the command line or from scripts. You might want to do this if you are implementing a kiosk-based application that grants end users access to desktop applications. You use the wswc command to run the View Client for Windows from the command line. The command includes options that you can specify to change the behavior of View Client.
VMware View Administrator's Guide Table 18-1. View Client Command-Line Options (Continued) Option Description -connectUSBOnInsert Connects a USB device to the foreground desktop when you plug in the device. This option is implicitly set if you specify the -unattended option.
Chapter 18 Running View Client from the Command Line Table 18-1. View Client Command-Line Options (Continued) Option Description -unattended Runs View Client in a noninteractive mode that is suitable for clients in kiosk mode. You must also specify: n The account name of the client, if you did not generate the account name from the MAC address of the client device. The name must begin with the string “Custom-”.
VMware View Administrator's Guide Table 18-2. View Client Registry Settings Registry Setting Description DomainName Specifies the default domain name. EnableShade Specifies whether the menu bar (shade) at the top of the View Client window is enabled. The menu bar is enabled by default except for clients in kiosk mode. A value of false disables the menu bar. Password Specifies the default password. ServerURL Specifies the default View Connection Server instance by its URL, IP address, or FQDN.
Chapter 18 Running View Client from the Command Line Table 18-3. View Client Exit Codes (Continued) Exit Code Description 24 View Connection Server error. 25 Desktop was not available. VMware, Inc.
VMware View Administrator's Guide 330 VMware, Inc.
Index A Active Directory preparing for clients in kiosk mode 316 preparing for smart card authentication 125 troubleshooting linked clones failing to join the domain 285 updating Foreign Security Principals of users 294 updating general user information 266 active sessions disconnecting 182 restarting 182 viewing 182 ADM template files View Agent Configuration 141 View Client Configuration 144 View Common Configuration 151 View components 140 View Server Configuration 151 where to find 140 administration c
VMware View Administrator's Guide maintenance mode 103 naming desktops manually 99, 100 power policies 109, 110 using a desktop-naming pattern 99 worksheet for creating 70 automatic Windows updates, disabling 59 B backing up configuration backup settings 259 scheduling backups 258 View configuration data 257 View Connection Server 16 bandwidth reduction, Adobe Flash 180 base images determining the size 222 downloading from the Transfer Server repository 221 bridged networking for local desktops 239 C cac
Index choosing a user assignment type 98 maintenance mode 103 removing user assignments 183 user ownership 296 deduplication data transfers for local desktops 231, 232 impact on data transfers 234 defragmentation, disabling on linked clones 58 delegating administration 24 delta disks, storage overcommit 90 desktop management deleting desktops 186 displaying desktops for unentitled users 304 displaying the first user of a desktop 309 exporting desktop information to a file 187 monitoring desktop status 184,
VMware View Administrator's Guide domains enumerating trusted 151 filter lists 298 drivers, installed on client systems for local desktops 215 E education resources 7 Enable Pool privilege 34 enableOCSP property 129, 130 enableRevocationChecking property 128–130 endpoint resource usage, configuring 236 Enterprise NTAuth store, adding root certificates 126 Entitle Pool privilege 34 entitlements adding to desktop pools 113 removing from desktop pools 113 restricting 114 reviewing 114 events monitoring 270 t
Index IP addresses overriding for View Agent 292 troubleshooting for linked-cloned desktop connections 278 K keytool utility 122 kiosk mode adding client accounts 319 configuring 316 connecting to desktops 322 displaying information about clients 321 displaying MAC address of client devices 318 enabling authentication of clients 320 managing client authentication 305 preparing Active Directory 316 setting defaults for clients 317 setting up 315 viewing and modifying client accounts 305 KMS license keys, v
VMware View Administrator's Guide initiating a replication 229 locking and unlocking remote desktops 312 manually copying desktop files 246 manually downloading desktops 245 recomposing when checked in 166 recovering data from virtual machines 254, 311 removing a View Transfer Server instance 219 rolling back a checked-out desktop 230 setting permissions on manually copied desktop files 246 suspending data transfers 219 understanding management tasks 211 local desktop troubleshooting 248 local desktop use
Index manually specifying names 99, 100 providing a naming pattern 99 naming patterns, linked-clone desktops 101 NAT on local desktops 239 NET Framework, migrating RSA key container 267 network connections manually downloading desktops 245 troubleshooting 276 NICs 239 NTFS, optimizing data transfers 236 O OCSP certificate revocation checking configuring 129 logging in 128 ocspCRLFailover property 130 ocspSendNonce property 130 ocspSigningCert 130 ocspSigningCert property 129 ocspURL property 129, 130 Offl
VMware View Administrator's Guide power-off script, customizing linked-clone desktops 84 pre-login messages, displaying to clients 18 predefined administrator roles 23 prefetch and superfetch, disabling 60 printing, location-based 153 privileges, See administrator privileges problem desktops displaying 271 viewing 270 professional services 7 proxy caches, setting the split limit for View Transfer Server 310 proxy.
Index understanding 263 View Connection Server hosts 264 View Transfer Server hosts 265 sessions disconnecting 182 restarting 182 viewing 182 Setup Capture wizard, ThinApp 194 SIDs, support in View Composer 81 silent installation, View Agent 49 silent installation options 50 single sign-on enabling for local desktop operations 18 group policy settings 141, 144 smart card authentication Active Directory preparation 125 certificate revocation checking 127 configuring 120, 122, 123 enabling single sign-on 144
VMware View Administrator's Guide downloading system images 221 managing 221 migrating 225 publishing a package 224 recovering corrupted shared folder 227 recreating 227 status values 220 Transfer Server service 265 trusted domains, enumerating 151 Trusted Root Certification Authorities policy 126 trustKeyfile property 122 trustStoretype property 122 tunneled connections, local desktops 232 U unassigning users, dedicated-assignment pools 183 unentitled users displaying 272 displaying desktops 304 Unix sys
Index View Composer Agent View Agent custom option 48 View Agent custom setup option 48 View Composer configuration configuring settings for vCenter Server 14 creating a user account 14 deleting base images 225 publishing base images 221 removing the service from vCenter Server 15 support for unique SIDs 81 using vSphere mode 80 volume activation 64 View Composer maintenance backing up configuration data 16, 257 migrating an RSA key container 267 migrating the service to another computer 266 restoring conf
VMware View Administrator's Guide View Transfer Server troubleshooting bad health check 252 bad Transfer Server repository 251 checking out desktops 249 maintenance mode pending 251 missing Transfer Server repository 253 pending state 250 repository connection error 252 Transfer Server repository conflict 253 Web server down 254 viewVP.
