VMware View Administration View 4.6 View Manager 4.6 View Composer 2.6 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new edition. To check for more recent editions of this document, see http://www.vmware.com/support/pubs.
VMware View Administration You can find the most up-to-date technical documentation on the VMware Web site at: http://www.vmware.com/support/ The VMware Web site also provides the latest product updates. If you have comments about this documentation, submit your feedback to: docfeedback@vmware.com Copyright © 2011 VMware, Inc. All rights reserved. This product is protected by U.S. and international copyright and intellectual property laws.
Contents VMware View Administration 7 1 Configuring View Connection Server 9 Using View Administrator 9 Configuring vCenter Server and View Composer 12 Backing Up View Connection Server 17 Configuring Settings for Client Sessions 17 Disable or Enable View Connection Server 21 Edit the External URLs 21 View LDAP Directory 22 Configuring View Connection Server Settings 23 2 Configuring Role-Based Delegated Administration 25 Understanding Roles and Privileges 25 Using Folders to Delegate Administration 26
VMware View Administration 5 Creating Desktop Pools 71 Automated Pools That Contain Full Virtual Machines 72 Linked-Clone Desktop Pools 75 Manual Desktop Pools 95 Microsoft Terminal Services Pools 99 Provisioning Desktop Pools 100 Setting Power Policies for Desktop Pools 109 6 Entitling Users and Groups 115 Add Entitlements to Desktop Pools 115 Remove Entitlements from a Desktop Pool 115 Review Desktop Pool Entitlements 116 Restricting View Desktop Access 116 7 Setting Up User Authentication 121 Using
Contents 12 Managing ThinApp Applications in View Administrator 197 View Requirements for ThinApp Applications 197 Capturing and Storing Application Packages 198 Assigning ThinApp Applications to Desktops and Pools 201 Maintaining ThinApp Applications in View Administrator 208 Monitoring and Troubleshooting ThinApp Applications in View Administrator 211 ThinApp Configuration Example 214 13 Managing Local Desktops 217 Benefits of Using View Desktops in Local Mode 217 Managing View Transfer Server 223 Man
VMware View Administration Configuring Logging in View Agent Using the -A Option 301 Overriding IP Addresses Using the -A Option 302 Setting the Name of a View Connection Server Group Using the -C Option 303 Updating Foreign Security Principals Using the -F Option 304 Listing and Displaying Health Monitors Using the -H Option 304 Listing and Displaying Reports of View Manager Operation Using the -I Option 305 Assigning Dedicated Desktops Using the -L Option 306 Displaying Information About Machines Using t
VMware View Administration VMware View Administration describes how to configure and administer VMware View™, including how to configure View Connection Server, create administrators, provision and deploy View desktops, set up user authentication, configure policies, and manage VMware ThinApp™ applications in View Administrator. This information also describes how to maintain and troubleshoot VMware View components.
VMware View Administration 8 VMware, Inc.
Configuring View Connection Server 1 After you install and perform initial configuration of View Connection Server, you can add vCenter Server instances and View Composer services to View Manager, set up roles to delegate administrator responsibilities, and schedule backups of your configuration data.
VMware View Administration You also use View Administrator to manage security servers and View Transfer Server instances associated with View Connection Server. n Each security server is associated with one View Connection Server instance. n Each View Transfer Server instance can communicate with any View Connection Server instance in a group of replicated instances. Log In to View Administrator To perform initial configuration tasks, you must log in to View Administrator.
Chapter 1 Configuring View Connection Server Table 1-1. View Administrator Navigation and Display Features View Administrator Feature Description Navigating backward and forward in View Administrator pages. Click the Back button in the upper left corner of a View Administrator page to go to the previously displayed View Administrator page. Click the Forward button to return to the current page. Do not use your browser's Back button. This button displays the View Administrator log-in page.
VMware View Administration This problem occurs when you change this setting in View Administrator by navigating to View Configuration > Global Settings and deselecting the Require SSL for client connections and View Administrator check box. Solution Use the following URL to connect to View Administrator, where server is the host name or IP address of the View Connection Server instance.
Chapter 1 Configuring View Connection Server Procedure 1 In View Administrator, click View Configuration > Servers. 2 In the vCenter Servers panel, click Add. 3 In the server address text box, type the fully qualified domain name (FQDN) or IP address of the vCenter Server instance. The FQDN includes the host name and domain name. For example, in the FQDN myserverhost.companydomain.com, myserverhost is the host name and companydomain.com is the domain.
VMware View Administration Remove a vCenter Server Instance from View Manager You can remove the connection between View Manager and a vCenter Server instance. When you do so, View Manager no longer manages the View desktops created in that vCenter Server instance. Prerequisites Delete all the View desktops that are associated with the vCenter Server instance. See “Delete a Desktop Pool from View Manager,” on page 183. Procedure 1 Click View Configuration > Servers.
Chapter 1 Configuring View Connection Server What to do next Specify the account in View Administrator when you configure View Composer for vCenter Server and when you configure and deploy linked-clone desktop pools. Configure View Composer Settings for vCenter Server To use View Composer, you must configure View Manager with initial settings that match the settings for the View Composer service that is installed in vCenter Server.
VMware View Administration Remove View Composer from View Manager You can remove the connection between View Manager and the View Composer service installed in a vCenter Server instance. When you do so, View Manager no longer manages the linked-clone desktops created by View Composer in the vCenter Server instance. Before you disable the connection to View Composer, you must remove from View Manager all the linkedclone desktops that were created by View Composer.
Chapter 1 Configuring View Connection Server Solution 1 In vSphere Client, click Administration > vCenter Server Settings > Runtime Settings. 2 Type a new unique ID and click OK. For details about editing vCenter Server unique ID values, see the vSphere documentation. Backing Up View Connection Server After you complete the initial configuration of View Connection Server, you should schedule regular backups of your View Manager and View Composer configuration data.
VMware View Administration Global Settings for Client Sessions and Connections Global settings determine session time-out length and whether SSL is used, clients are reauthenticated after interruptions, View components use secure internal communications, prelogin and warning messages are displayed, and SSO is used for local-desktop operations. Table 1-2.
Chapter 1 Configuring View Connection Server Table 1-2. Global Settings for Client Sessions and Connections (Continued) Setting Description Display a pre-login message Displays a disclaimer or another message to View Client users when they log in. Type your information or instructions in the text box in the Global Settings dialog window. To display no message, leave the text box blank.
VMware View Administration When the secure tunnel or PCoIP Secure Gateway is not enabled, the desktop session is established directly between the client system and the View desktop virtual machine, bypassing the View Connection Server or security server host. This type of connection is called a direct connection. Clients that use the HP RGS display protocol do not use the tunnel connection or PCoIP Secure Gateway. These clients must use direct connections.
Chapter 1 Configuring View Connection Server Prerequisites See the Microsoft TechNet Web site for information on how to use the ADSI Edit utility on your Windows operating system version. Procedure 1 Start the ADSI Edit utility on your View Connection Server host. 2 Select or connect to DC=vdi, DC=vmware, DC=int. 3 On the object CN=Common, OU=Global, OU=Properties, set the pae-SSOCredentialCacheTimeout attribute to the new SSO timeout limit in minutes.
VMware View Administration Both the secure tunnel external URL and PCoIP external URL must be the addresses that client systems use to reach this host. For example, if you configure a View Connection Server host, do not specify the secure tunnel external URL for this host and the PCoIP external URL for a paired security server. NOTE You cannot edit the external URLs for a security server that has not been upgraded to View Connection Server 4.5 or later.
Chapter 1 Configuring View Connection Server View LDAP also contains a set of View Manager plug-in DLLs that provide automation and notification services for other View Manager components. NOTE Security server instances do not contain a View LDAP directory. Configuring View Connection Server Settings You can use View Administrator to modify configuration settings for View Connection Server instances. VMware, Inc.
VMware View Administration 24 VMware, Inc.
Configuring Role-Based Delegated Administration 2 One key management task in a View environment is to determine who can use View Administrator and what tasks those users are authorized to perform. With role-based delegated administration, you can selectively assign administrative rights by assigning administrator roles to specific Active Directory users and groups.
VMware View Administration To create administrators, you select users and groups from your Active Directory users and groups and assign administrator roles. Administrators obtain privileges through their role assignments. You cannot assign privileges directly to administrators. An administrator that has multiple role assignments acquires the sum of all the privileges contained in those roles.
Chapter 2 Configuring Role-Based Delegated Administration Different Administrators for the Same Folder You can create different administrators to manage the same folder. For example, if your corporate desktop pools are in one folder, you can create one administrator that can view and modify those pools and another administrator that can only view them. Table 2-2 shows an example of this type of configuration. Table 2-2. Different Administrators for the Same Folder Administrator Role Folder view-domain.
VMware View Administration Table 2-5. Permissions on the Role Tab for Inventory Administrators Administrator Folder view-domain.com\Admin1 /MarketingDesktops Manage Administrators Users who have the Administrators role can use View Administrator to add and remove administrator users and groups. The Administrators role is the most powerful role in View Administrator. Initially, members of the local Administrators group (BUILTIN\Administrators) on your View Connection Server host are given the Administra
Chapter 2 Configuring Role-Based Delegated Administration 5 Select a role to assign to the administrator user or group. The Apply to Folder column indicates whether a role applies to folders. Only roles that contain objectspecific privileges apply to folders. Roles that contain only global privileges do not apply to folders. 6 Option Action The role you selected applies to folders Select one or more folders and click Next.
VMware View Administration Add a Permission You can add a permission that includes a specific administrator user or group, a specific role, or a specific folder. Procedure 1 In View Administrator, select View Configuration > Administrators. 2 Create the permission. Option Action Create a permission that includes a specific administrator user or group a b c Create a permission that includes a specific role d If the role applies to folders, click Next, select one or more folders, and click Finish.
Chapter 2 Configuring Role-Based Delegated Administration Procedure 1 In View Administrator, select View Configuration > Administrators. 2 Select the permission to delete. 3 Option Action Delete a permission that applies to a specific administrator or group Select the administrator or group on the Administrators and Groups tab. Delete a permission that applies to a specific role Select the role on the Roles tab.
VMware View Administration n Review the Desktop Pools in a Folder on page 33 You can see all of the desktop pools in a particular folder in View Administrator. n Review the Desktops in a Folder on page 33 You can see all of the desktops in a particular folder in View Administrator. A desktop inherits the folder from its pool. Add a Folder If you want to delegate the administration of specific desktops or pools to different administrators, you must create folders to subdivide your desktops or pools.
Chapter 2 Configuring Role-Based Delegated Administration Review the Desktop Pools in a Folder You can see all of the desktop pools in a particular folder in View Administrator. Procedure 1 In View Administrator, select Inventory > Pools. The Pools page shows the pools in all folders by default. 2 Select the folder from the Folder drop-down menu. The Pools page shows the pools in the folder that you selected.
VMware View Administration Modify the Privileges in a Custom Role You can modify the privileges in a custom role. You cannot modify the predefined administrator roles. Prerequisites Familiarize yourself with the administrator privileges that you can use to create custom roles. See “Predefined Roles and Privileges,” on page 34. Procedure 1 In View Administrator, select View Configuration > Administrators. 2 On the Roles tab, select the role.
Chapter 2 Configuring Role-Based Delegated Administration Predefined Administrator Roles The predefined administrator roles combine all of the individual privileges required to perform common administration tasks. You cannot modify the predefined roles. Table 2-6 describes the predefined roles and indicates whether a role can be applied to a folder. Table 2-6.
VMware View Administration Global Privileges Global privileges control system-wide operations, such as viewing and changing global settings. Roles that contain only global privileges cannot be applied to folders. Table 2-7 describes the global privileges and lists the predefined roles that contain each privilege. Table 2-7. Global Privileges Privilege User Capabilities Predefined Roles Console Interaction Log in to and use View Administrator.
Chapter 2 Configuring Role-Based Delegated Administration Table 2-8. Object-Specific Privileges (Continued) Privilege User Capabilities Object Manage Persistent Disks Perform all View Composer persistent disk operations, including attaching, detaching, and importing persistent disks. Persistent disk Manage Pool Add, modify, and delete desktop pools and add and remove desktops. Desktop pool Manage Remote Sessions Disconnect and log off remote sessions and send messages to desktop users.
VMware View Administration Table 2-10. Pool Management Tasks and Privileges (Continued) Task Required Privileges Refresh, Recompose, Rebalance, or change the default View Composer image Manage Composer Pool Image on the pool. Change folders Manage Pool on both the source and target folders. Privileges for Managing Desktops An administrator must have certain privileges to manage desktops in View Administrator.
Chapter 2 Configuring Role-Based Delegated Administration Privileges for Managing Users and Administrators An administrator must have certain privileges to manage users and administrators in View Administrator. Table 2-13 lists common user and administrator management tasks and shows the privileges that are required to perform each task. You manage users on the Users and Groups page in View Administrator. You manage administrators on the Global Administrators View page in View Administrator. Table 2-13.
VMware View Administration 40 n Create new user groups for administrators. Avoid using Windows built-in groups or other existing groups that might contain additional users or groups. n Because it is highly visible and easily guessed, avoid using the name Administrator when creating administrator users and groups. n Create folders to segregate sensitive desktops. Delegate the administration of those folders to a limited set of users.
Preparing Unmanaged Desktop Sources 3 Users can access View desktops delivered by machines that are not managed by vCenter Server. These unmanaged desktop sources can include physical computers, terminal servers, and virtual machines running on VMware Server and other virtualization platforms. You must prepare an unmanaged desktop source to deliver View desktop access.
VMware View Administration Prerequisites n Verify that you have administrative rights on the unmanaged desktop source. n Familiarize yourself with the View Agent custom setup options for unmanaged desktop sources. See “View Agent Custom Setup Options for Unmanaged Desktop Sources,” on page 43. n Familiarize yourself with the TCP ports that the View Agent installation program opens on the firewall. See the VMware View Architecture Planning document for more information.
Chapter 3 Preparing Unmanaged Desktop Sources View Agent Custom Setup Options for Unmanaged Desktop Sources When you install View Agent on an unmanaged desktop source, you can select certain custom setup options. Table 3-1. View Agent Custom Setup Options for Unmanaged Desktop Sources Option Description USB Redirection Gives users access to locally connected USB devices on their desktops. Windows 2000 does not support USB redirection.
VMware View Administration 44 VMware, Inc.
Creating and Preparing Virtual Machines 4 You can use virtual machines managed by vCenter Server to provision and deploy View desktops. You can use a virtual machine managed by vCenter Server as a template for an automated pool, a parent for a linkedclone pool, or a desktop source in a manual pool. You must prepare virtual machines to deliver View desktop access.
VMware View Administration Create a Virtual Machine for View Desktop Deployment You use vSphere Client to create virtual machines in vCenter Server for View desktops. Prerequisites n Upload an ISO image file of the guest operating system to a datastore on your ESX server. n Familiarize yourself with the custom configuration parameters for virtual machines. See “Virtual Machine Custom Configuration Parameters,” on page 46. Procedure 1 In vSphere Client, log in to the vCenter Server system.
Chapter 4 Creating and Preparing Virtual Machines Table 4-1. Custom Configuration Parameters (Continued) Parameter Description and Recommendations CPUs The number of virtual processors in the virtual machine. For most guest operating systems, a single processor is sufficient. Memory The amount of memory to allocate to the virtual machine. In most cases, 512MB is sufficient. Network The number of virtual network adapters (NICs) in the virtual machine. One NIC is usually sufficient.
VMware View Administration 3 Click the Console tab and follow the installation instructions provided by the operating system vendor. 4 If you are installing Windows XP and you selected the LSI Logic adapter for the virtual machine, install the LSI Logic driver during the Windows setup process. 5 a Press F6 to select additional SCSI drivers. b Type S to specify an additional device. c On the vSphere Client toolbar, click Connect Floppy to select the LSI Logic driver floppy image (.flp) file.
Chapter 4 Creating and Preparing Virtual Machines 8 If View clients will connect to the virtual machine with the PCoIP display protocol, set the power option Turn off the display to Never. If you do not disable this setting, the display will appear to freeze in its last state when power savings mode starts. 9 If a proxy server is used in your network environment, configure network proxy settings. 10 Configure network connection properties.
VMware View Administration 3 Select your custom setup options. To deploy linked-clone desktops, select the View Composer Agent option. 4 Accept or change the destination folder. 5 Follow the prompts in the View Agent installation program and finish the installation. NOTE If you did not enable Remote Desktop support during guest operating system preparation, the View Agent installation program prompts you to enable it.
Chapter 4 Creating and Preparing Virtual Machines Table 4-2. View Agent Custom Setup Options (Continued) Option Description PCoIP Server Lets users connect to the View desktop using the PCoIP display protocol. Installing the PCoIP Server feature disables sleep mode on Windows 7 and Windows Vista desktops and standby mode on Windows XP desktops. When a user navigates to the Power Options or Shut Down menu, sleep mode or standby mode is inactive.
VMware View Administration Procedure 1 Open a Windows command prompt on the virtual machine or physical PC. 2 Type the installation command on one line. This example installs View Agent in a virtual machine that is managed by vCenter Server. The installer configures the PCoIP, View Composer Agent, Virtual Printing, and USB redirection custom setup options. VMware-viewagent-4.6.0-xxxxxx.
Chapter 4 Creating and Preparing Virtual Machines Table 4-3. Command-Line Options for a View Component's Bootstrap Program Option Description /s Disables the bootstrap splash screen and extraction dialog, which prevents the display of interactive dialogs. For example: VMware-viewconnectionserver-4.6.x-xxxxxx.exe /s The /s option is required to run a silent installation.
VMware View Administration Table 4-4. MSI Command-Line Options and MSI Properties (Continued) MSI Option or Property Description REBOOT You can use the REBOOT=ReallySuppress option to allow system configuration tasks to complete before the system reboots. This MSI property is optional. /l*v log_file Writes logging information into the specified log file with verbose output. For example: /l*v ""%TEMP%\vmmsi.
Chapter 4 Creating and Preparing Virtual Machines Table 4-5. MSI Properties for Silently Installing View Agent (Continued) MSI Property Description Default Value VDM_SERVER_USERNAME The user name of the administrator on the View Connection Server computer. This MSI property applies to unmanaged desktops only. For example: VDM_SERVER_USERNAME=admin.companydomain.com None This MSI property is required for unmanaged desktops.
VMware View Administration Configure a Virtual Machine with Multiple NICs for View Agent When you install View Agent on a virtual machine that has more than one NIC, you must configure the subnet that View Agent uses. The subnet determines which network address View Agent provides to the View Connection Server instance for client protocol connections. Procedure u On the virtual machine on which View Agent is installed, open a command prompt, type regedit.
Chapter 4 Creating and Preparing Virtual Machines n Run Disk Cleanup to remove temporary files, empty the Recycle Bin, and remove system files and other items that are no longer needed. n Run Disk Defragmenter to rearrange fragmented data. What to do next For Windows 7 guest operating systems, perform additional optimization tasks. See “Optimize Windows 7 Guest Operating System Performance,” on page 57.
VMware View Administration Optimizing Windows 7 for Linked-Clone Desktops By disabling certain Windows 7 services and tasks, you can reduce the growth of View Composer linked-clone desktops. Disabling certain services and tasks can also result in performance benefits for full virtual machines. Benefits of Disabling Windows 7 Services and Tasks Windows 7 schedules services and tasks that can cause View Composer linked clones to grow, even when the linked-clone desktops are idle.
Chapter 4 Creating and Preparing Virtual Machines Table 4-7. Impact of Windows 7 Services and Tasks on OS Disk Growth and IOPS When OS Is Left Idle Default Occurrence or Startup Impact on LinkedClone OS Disks Description Windows Hibernation Provides a powersaving state by storing open documents and programs in a file before the computer is powered off. The file is reloaded into memory when the computer is restarted, restoring the state when the hibernation was invoked.
VMware View Administration Table 4-7. Impact of Windows 7 Services and Tasks on OS Disk Growth and IOPS When OS Is Left Idle (Continued) Default Occurrence or Startup Impact on LinkedClone OS Disks Impact on IOPS Turn Off This Service or Task? Service or Task Description Windows Registry Backup (RegIdleBackup) Automatically backs up the Windows registry when the system is idle. Every 10 days at 12:00 am Medium. Each time this task runs, it generates registry backup files. Medium. Yes.
Chapter 4 Creating and Preparing Virtual Machines Prerequisites n Verify that the applications that you intend to deploy to the linked clones are installed on the virtual machine. n Verify that View Agent with View Composer Agent is installed on the virtual machine. Procedure 1 In vSphere Client, select the parent virtual machine and select Open Console. 2 Log in to the Windows 7 guest operating system as an administrator. 3 Click Start and type defrag in the Search programs and files box.
VMware View Administration Procedure 1 In vSphere Client, select the parent virtual machine and select Open Console. 2 Log in to the Windows 7 guest operating system as an administrator. 3 Click Start > Control Panel > System and Security > Administrative Tools. 4 Select Services and click Open. 5 Double-click Diagnostic Policy Service. 6 In the Diagnostic Policy Service Properties (Local Computer) dialog, click Stop. 7 In the Startup type menu, select Disabled. 8 Click OK.
Chapter 4 Creating and Preparing Virtual Machines 4 Select Task Scheduler and click Open. 5 In the left pane, expand Task Scheduler Library, Microsoft, Windows. 6 Double-click Registry and select RegIdleBackup. 7 In the Actions pane, click Disable. Disable the System Restore on Windows 7 Virtual Machines You do not need to use the Windows System Restore feature if you use View Composer refresh to restore linked-clone OS disks to their original snapshots.
VMware View Administration Disable Microsoft Feeds Synchronization on Windows 7 Virtual Machines Windows Internet Explorer 7 or 8 uses the Microsoft Feeds Synchronization task to update RSS feeds in users' Web browsers. This task can contribute to linked-clone growth. Disable this task if your users do not require automatic RSS feed updates in their browsers. Microsoft Feeds Synchronization can cause OS-disk growth if persistent disks are not configured.
Chapter 4 Creating and Preparing Virtual Machines Prepare a Parent Virtual Machine The View Composer service requires a parent virtual machine from which you generate a base image for creating and managing linked-clone desktops. Prerequisites n Verify that you prepared a virtual machine to use for deploying View desktops. See “Creating Virtual Machines for View Desktop Deployment,” on page 45.
VMware View Administration You can deploy a linked-clone pool from the parent virtual machine. If the parent virtual machine hardware is v7, follow these rules when you create a linked-clone pool: n Deploy the linked-clone pool on an ESX/ESXi 4.x host or cluster. The linked-clone pool cannot reside on an ESX/ESXi 3.5 host or a cluster with ESX/ESXi 4.x hosts mixed with ESX/ESXi 3.5 hosts. n Create the linked-clone pool in vSphere mode.
Chapter 4 Creating and Preparing Virtual Machines On Windows 7 virtual machines, this file can be 10GB. CAUTION When you make hibernation unavailable, the hybrid sleep setting does not work. Users can lose data if the hybrid sleep setting is turned on and a power loss occurs. Prerequisites Familiarize yourself with the Windows hibernation feature. See the Microsoft Support Web site.
VMware View Administration Procedure 1 Configure a swapfile datastore on the ESX/ESXi host or cluster on which you will deploy the linked-clone pool. 2 When you create the parent virtual machine in vCenter Server, store the virtual-machine swap files on the swapfile datastore on the local ESX/ESXi host or cluster: a In vSphere Client, select the parent virtual machine. b Click Edit Settings and click the Options tab. c Click Swapfile location and click Store in the host's swapfile datastore.
Chapter 4 Creating and Preparing Virtual Machines Increase the Timeout Limit of QuickPrep Customization Scripts View Composer terminates a QuickPrep post-synchronization or power-off script that takes longer than 20 seconds. You can increase the timeout limit for these scripts by changing the ExecScriptTimeout Windows registry value on the parent virtual machine. The increased timeout limit is propagated to linked clones that are created from the parent virtual machine.
VMware View Administration See the vSphere Basic System Administration guide for information on using vSphere Client to create virtual machine templates. See “Automated Pools That Contain Full Virtual Machines,” on page 72 for information on creating automated pools. NOTE You do not create a linked-clone pool from a virtual machine template.
Creating Desktop Pools 5 With View Manager, you create pools of desktops that deliver View desktop access to clients. View Manager deploys pools from desktop sources, which can be virtual machines that are managed by vCenter Server, virtual machines that run on another virtualization platform, or physical computers, terminal servers, or blade PCs. You can create several types of desktop pools. You can also provision an individual desktop by deploying a manual pool with a single desktop source.
VMware View Administration Automated Pools That Contain Full Virtual Machines To create an automated desktop pool, View Manager dynamically provisions desktops based on settings that you apply to the pool. View Manager uses a virtual machine template as the desktop source for the pool and creates a new virtual machine in vCenter Server for each desktop.
Chapter 5 Creating Desktop Pools Table 5-1. Worksheet: Configuration Options for Creating an Automated Pool That Contains Full Virtual Machines (Continued) Option Description Delete desktop after logoff If you select floating user assignment, choose whether to delete desktops after users log off. NOTE You set this option on the Pool Settings page.
VMware View Administration Table 5-1. Worksheet: Configuration Options for Creating an Automated Pool That Contains Full Virtual Machines (Continued) Option Description Template Select the virtual machine template that View Manager uses to create the pool. vCenter Server folder Select the folder in vCenter Server in which the desktop pool resides. Host or cluster Select the ESX host or cluster on which the desktop virtual machines run.
Chapter 5 Creating Desktop Pools 4 On the vCenter Server page, choose Full virtual machines. 5 Follow the prompts in the wizard to create the pool. Use the configuration information that you gathered in the worksheet. You can go directly back to any wizard page that you completed by clicking the page name in the navigation panel. In View Administrator, you can view the desktops as they are added to the pool by clicking Inventory > Desktops. What to do next Entitle users to access the pool.
VMware View Administration Worksheet for Creating a Linked-Clone Desktop Pool When you create a linked-clone desktop pool, the View Administrator Add Pool wizard prompts you to configure certain options. Use this worksheet to prepare your configuration options before you create the pool. You can print this worksheet and write down the values you want to specify when you run the Add Pool wizard.
Chapter 5 Creating Desktop Pools Table 5-3. Worksheet: Configuration Options for Creating a Linked-Clone Desktop Pool (Continued) Option Description Delete or refresh desktop on logoff If you select floating user assignment, choose whether to refresh desktops, delete desktops, or do nothing after users log off. NOTE You set this option on the Pool Settings page.
VMware View Administration Table 5-3. Worksheet: Configuration Options for Creating a Linked-Clone Desktop Pool (Continued) 78 Option Description Virtual machine naming Choose whether to provision desktops by manually specifying a list of desktop names or by providing a naming pattern and the total number of desktops. For details, see “Naming Desktops Manually or Providing a Naming Pattern,” on page 101.
Chapter 5 Creating Desktop Pools Table 5-3. Worksheet: Configuration Options for Creating a Linked-Clone Desktop Pool (Continued) Option Description Publish base image to the Transfer Server repository. Select this option if you use the pool to provision local desktops. When a local desktop is provisioned, View Transfer Server downloads the base image from the Transfer Server repository to the client. You can also publish the base image after you create the pool.
VMware View Administration Table 5-3. Worksheet: Configuration Options for Creating a Linked-Clone Desktop Pool (Continued) Option Description Storage Overcommit Determine the storage-overcommit level at which View Manager creates linked-clone desktops on each datastore. As the level increases, more linked clones fit on the datastore and less space is reserved to let individual clones grow.
Chapter 5 Creating Desktop Pools Create a Linked-Clone Desktop Pool You can create an automated, linked-clone desktop pool based on a parent virtual machine that you select. The View Composer service dynamically creates a new linked-clone virtual machine in vCenter Server for each desktop. To create an automated pool that contains full virtual machines, see “Automated Pools That Contain Full Virtual Machines,” on page 72.
VMware View Administration 4 On the vCenter Server page, choose View Composer linked clones. 5 Follow the prompts in the wizard to create the pool. Use the configuration information you gathered in the worksheet. You can go directly back to any wizard page you completed by clicking the page name in the navigation panel. On the vCenter Settings page, you must click Browse and select the vCenter Server settings in sequence.
Chapter 5 Creating Desktop Pools Table 5-4.
VMware View Administration View Composer Support for Linked-Clone SIDs and Third-Party Applications View Composer can generate and preserve local computer security identifiers (SIDs) for linked-clone virtual machines in some situations. View Composer can preserve globally unique identifiers (GUIDs) of third-party applications, depending on the way that the applications generate GUIDs.
Chapter 5 Creating Desktop Pools Table 5-5. View Composer Operations, Linked-Clone SIDs, and Application GUIDs Support for SIDs or GUIDs Clone Creation Refresh Recompose Sysprep: Unique SIDs for linked clones With Sysprep customization, unique SIDs are generated for linked clones. Unique SIDs are preserved. Unique SIDS are not preserved. QuickPrep: Common SIDs for linked clones With QuickPrep customization, a common SID is generated for all clones in a pool. Common SID is preserved.
VMware View Administration Table 5-6. Comparing QuickPrep and Microsoft Sysprep (Continued) QuickPrep Customization Specification (Sysprep) Does not generate a new SID after linked clones are recomposed. The common SID is preserved. Runs again after linked clones are recomposed, generating new SIDs for the virtual machines. For details, see “Recomposing Linked Clones Customized with Sysprep,” on page 87. Runs faster than Sysprep. Can take longer than QuickPrep.
Chapter 5 Creating Desktop Pools In particular, QuickPrep passes the path that is specified for the script as the second parameter to the CreateProcess API and sets the first parameter to NULL. For example, if the script path is c:\myscript.cmd, the path appears as the second parameter in the function in the View Composer log file: CreateProcess(NULL,c:\myscript.cmd,...).
VMware View Administration Storage Sizing for Linked-Clone Desktop Pools View Manager provides high-level guidelines that can help you determine how much storage a linked-clone desktop pool requires. A table in the Add Pool wizard shows a general estimate of the linked-clone disks' storage requirements when the pool is created and as the linked clones grow over time.
Chapter 5 Creating Desktop Pools The Max Recommended column shows the recommended storage when the linked-clone disks approach the full size of the parent virtual machine. If you store OS disks and persistent disks on the same datastore, View Manager calculates the storage requirements of both disk types. The Data Type is shown as Linked clones instead of a particular disk type.
VMware View Administration If you select an aggressive storage-overcommit level, the estimated storage requirements might exceed the capacity shown in the Selected Free Space column. The storage-overcommit level affects how many virtual machines that View Manager actually creates on a datastore. For details, see “Set the Storage Overcommit Level for Linked-Clone Desktops,” on page 91.
Chapter 5 Creating Desktop Pools Sizing Formulas for Creating Linked Clones When You Edit a Pool or Store Replicas on a Separate Datastore View Manager calculates different sizing formulas when you edit an existing linked-clone pool, or store replicas on a separate datastore, than when you first create a pool. If you edit an existing pool and select datastores for the pool, View Composer creates new clones on the selected datastores.
VMware View Administration The storage overcommit level calculates the amount of storage greater than the physical size of the datastore that the clones would use if each clone were a full virtual machine. For details, see “Storage Overcommit for Linked-Clone Desktops,” on page 92. Procedure 1 In View Administrator, click Inventory > Pools. 2 When you create a new desktop pool or edit an existing pool, navigate to the Select Datastores page. 3 Option Action New desktop pool a b Click Add.
Chapter 5 Creating Desktop Pools Table 5-12. Storage Overcommit Levels (Continued) Option Storage Overcommit Level Moderate 7 times the size of the datastore. Aggressive 15 times the size of the datastore. Storage overcommit levels provide a high-level guide for determining storage capacity. To determine the best level, monitor the growth of linked clones in your environment. Set an aggressive level if your OS disks will never grow to their maximum possible size.
VMware View Administration Availability Considerations for Storing Replicas on a Separate Datastore or Shared Datastores You can store View Composer replicas on a separate datastore or on the same datastores as linked-clone virtual machines. These configurations affect the availability of the pool in different ways. When you store replicas on the same datastores as linked clones, to enhance availability, View Composer creates a separate replica on each datastore.
Chapter 5 Creating Desktop Pools Manual Desktop Pools To create a manual desktop pool, View Manager provisions desktops from existing desktop sources. For each desktop in the pool, you select a separate desktop source to deliver View access to clients.
VMware View Administration Table 5-13. Worksheet: Configuration Options for Creating a Manual Desktop Pool (Continued) Option Description Pool ID The pool name that users see when they log in and that identifies the pool in View Administrator. If multiple vCenter Servers are running in your environment, make sure that another vCenter Server is not using the same pool ID.
Chapter 5 Creating Desktop Pools Create a Manual Pool That Contains One Desktop You can create a pool that contains a single desktop when a user requires a unique, dedicated desktop, or when, at different times, multiple users must access a costly application with a single-host license. You can provision an individual View desktop in its own pool by creating a manual desktop pool and selecting a single desktop source.
VMware View Administration Desktop Settings for Manual Pools You must specify desktop and pool settings when you configure manual pools. Not all settings apply to all types of manual pools.
Chapter 5 Creating Desktop Pools Microsoft Terminal Services Pools You can use Microsoft Terminal Servers to provide Terminal Services sessions as desktops to View clients. View Manager manages Terminal Services sessions in the same way that it manages other View desktops. A Terminal Services pools can contain multiple desktop sources served by one or more terminal servers. A terminal server desktop source can deliver multiple View desktops.
VMware View Administration Desktop Settings for Microsoft Terminal Services Pools You must specify desktop and pool settings when you configure Microsoft Terminal Services pools. Not all settings apply to all types of Terminal Services pools. Table 5-15 lists the settings that apply to Terminal Services pools. For descriptions of each desktop setting, see “Desktop and Pool Settings,” on page 107. Table 5-15.
Chapter 5 Creating Desktop Pools n Manually Customizing Desktops on page 106 After you create an automated pool, you can customize particular desktops without reassigning ownership. By starting the desktops in maintenance mode, you can modify and test the desktops before you release them to their assigned users or make them available to all entitled users in the pool.
VMware View Administration Table 5-16. Naming Desktops Manually or Providing a Desktop-Naming Pattern (Continued) Feature Providing a Desktop-Naming Pattern Naming Desktops Manually To add desktops to the pool You can increase the maximum pool size. You can add desktop names to the list. For details, see “Add Desktops to an Automated Pool Provisioned by a List of Names,” on page 181. 102 On-demand provisioning Available.
Chapter 5 Creating Desktop Pools Specify a List of Desktop Names You can provision an automated desktop pool by manually specifying a list of desktop names. This naming method lets you use your company's naming conventions to identify the desktops in a pool. When you explicitly specify desktop names, users can see familiar names based on their company's organization when they log in to their desktops.
VMware View Administration Using a Naming Pattern for Automated Desktop Pools You can provision the desktops in a pool by providing a naming pattern and the total number of desktops you want in the pool. By default, View Manager uses your pattern as a prefix in all the desktop names and appends a unique number to identify each desktop. Length of the Naming Pattern in a Desktop Name Desktop names have a 15-character limit, including your naming pattern and the automatically generated number. Table 5-17.
Chapter 5 Creating Desktop Pools You can use either desktop-naming method to satisfy this objective. n To create fixed sets of desktops at one time, specify desktop names manually. n To create desktops dynamically when users log in for the first time, provide a naming pattern and use a token to designate the sequential numbers. Specifying the Names Manually 1 Prepare a text file for the first pool that contains a list of desktop names from VDIABC-01 through VDIABC-10.
VMware View Administration Manually Customizing Desktops After you create an automated pool, you can customize particular desktops without reassigning ownership. By starting the desktops in maintenance mode, you can modify and test the desktops before you release them to their assigned users or make them available to all entitled users in the pool. n Customizing Desktops in Maintenance Mode on page 106 Maintenance mode prevents users from accessing their desktops.
Chapter 5 Creating Desktop Pools Desktop and Pool Settings You must specify desktop and pool settings when you configure automated pools that contain full virtual machines, linked-clone desktop pools, manual desktop pools, and Microsoft Terminal Services pools. Not all settings apply to all types of desktop pools. Table 5-19. Desktop and Pool Setting Descriptions Setting Options State n n Connection Server restrictions n n Enabled.
VMware View Administration Table 5-19. Desktop and Pool Setting Descriptions (Continued) Setting Options Refresh OS disk after logoff Select whether and when to refresh the OS disks for dedicated-assignment, linked-clone desktops. n Never. The OS disk is never refreshed. n Always. The OS disk is refreshed every time the user logs off. n Every. The OS disk is refreshed at regular intervals of a specified number of days. Type the number of days. n At.
Chapter 5 Creating Desktop Pools Table 5-19. Desktop and Pool Setting Descriptions (Continued) Setting Options Max resolution of any one monitor If you use PCoIP, select the pixel dimensions of the highest resolution monitor. This setting affects the amount of vRAM that is assigned to desktops in the pool. When you increase this value, more memory is consumed on the associated ESX hosts. NOTE You must power off and on existing virtual machines for this setting to take effect.
VMware View Administration Power Policies for Desktop Pools Power policies control how a virtual machine behaves when the associated View desktop is not in use. You set power policies when you create or edit a desktop pool. Table 5-20 describes the available power policies. Table 5-20. Power Policies Power Policy Description Take no power action View Manager does not enforce any power policy after a user logs off. This setting has two consequences.
Chapter 5 Creating Desktop Pools Table 5-21. When View Manager Applies the Power Policy Desktop Pool Type The power policy is applied ... Manual pool that contains one desktop (vCenter Servermanaged virtual machine) Power operations are initiated by session management. The virtual machine is powered on when a user requests the desktop and powered off or suspended when the user logs off.
VMware View Administration Power Policy Examples for Automated Pools with Floating Assignments When you configure an automated pool with floating assignments, you can specify that a particular number of View desktops must be available at a given time. The spare, available desktops are always powered on, no matter how the pool policy is set. Power Policy Example 1 Table 5-22 describes the floating-assignment, automated pool in this example.
Chapter 5 Creating Desktop Pools Table 5-24. Desktop Pool Settings for Automated Pool with Dedicated Assignments Example Desktop Pool Setting Value Number of desktops (minimum) 3 Number of desktops (maximum) 5 Number of spare, powered-on desktops 2 Remote desktop power policy Ensure desktops are always powered on When this desktop pool is provisioned, three desktops are created and powered on.
VMware View Administration 114 VMware, Inc.
Entitling Users and Groups 6 You configure desktop pool entitlements to control which View desktops your users can access. You can also configure the restricted entitlements feature to control desktop access based on the View Connection Server instance that users connect to when they select desktops.
VMware View Administration 3 Select the user or group whose entitlement you want to remove and click Remove. 4 Click OK to save your changes. Review Desktop Pool Entitlements You can review the desktop pools that a user or group is entitled to. Procedure 1 In View Administrator, select Users and Groups and click the name of the user or group. 2 Select the Summary tab. The Pool Entitlements pane lists the pools that the user or group is currently entitled to.
Chapter 6 Entitling Users and Groups n Assign the "Internal" tag to the desktop pools that should be accessible only to internal users. n Assign the "External" tag to the desktop pools that should be accessible only to external users.
VMware View Administration Table 6-1. Tag Matching Rules (Continued) View Connection Server Desktop Pool Access Permitted? One or more tags No tags Yes One or more tags One or more tags Only when tags match The restricted entitlements feature only enforces tag matching. You must design your network topology to force certain clients to connect through a particular View Connection Server instance.
Chapter 6 Entitling Users and Groups Procedure 1 In View Administrator, select Inventory > Pools. 2 Select the pool that you want to assign a tag to. 3 4 5 VMware, Inc. Option Action Assign a tag to a new pool Click Add to start the Add Pool wizard and define and identify the pool. Assign a tag to an existing pool Select the pool and click Edit. Go to the Pool Settings page. Option Action Pool settings for a new pool Click Pool Settings in the Add Pool wizard.
VMware View Administration 120 VMware, Inc.
Setting Up User Authentication 7 View uses your existing Active Directory infrastructure for user authentication and management. For added security, you can integrate View with smart card authentication and RSA SecurID solutions.
VMware View Administration The View client sends the user certificate to the View Connection Server instance or security server, which verifies the certificate by checking the certificate trust and validity period. Typically, users can successfully authenticate if their user certificate is signed and valid. If certificate revocation checking is configured, users who have revoked user certificates are prevented from authenticating. Display protocol switching is not supported with smart card authentication.
Chapter 7 Setting Up User Authentication Obtain the Root Certificate from the CA You must obtain the root certificate from the CA that signed the certificates on the smart cards presented by your users. If you do not have the root certificate of the CA that signed the certificates on the smart cards presented by your users, you can export a root certificate from a CA-signed user certificate or a smart card that contains one. See “Export a Root Certificate from a User Certificate,” on page 123.
VMware View Administration 7 Click Next > Next and type a name and location for the file that you want to export. 8 Click Next to save the file as a root certificate in the specified location. What to do next Add the root certificate to a server truststore file.
Chapter 7 Setting Up User Authentication Procedure 1 Create or edit the locked.properties file in SSL gateway configuration folder on the View Connection Server or security server host. For example: install_directory\VMware\VMware View\Server\sslgateway\conf\locked.properties 2 3 Add the trustKeyfile, trustStoretype, and useCertAuth properties to the locked.properties file. a Set trustKeyfile to the name of your truststore file. b Set trustStoretype to JKS.
VMware View Administration 3 4 On the Authentication tab, select a configuration option from the Smart card authentication drop-down menu. Option Action Not Allowed Smart card authentication is disabled on the View Connection Server instance. Optional Users can use smart card authentication or password authentication to connect to the View Connection Server instance. If smart card authentication fails, the user must provide a password.
Chapter 7 Setting Up User Authentication Prepare Active Directory for Smart Card Authentication You might need to perform certain tasks in Active Directory when you implement smart card authentication. n Add UPNs for Smart Card Users on page 127 Because smart card logins rely on user principal names (UPNs), the Active Directory accounts of users that use smart cards to authenticate in View must have a valid UPN.
VMware View Administration Add the Root Certificate to the Enterprise NTAuth Store If you use a CA to issue smart card login or domain controller certificates, you must add the root certificate to the Enterprise NTAuth store in Active Directory. You do not need to perform this procedure if the Windows domain controller acts as the root CA. Procedure u On your Active Directory server, use the certutil command to publish the certificate to the Enterprise NTAuth store.
Chapter 7 Setting Up User Authentication 5 Expand the Computer Configuration section and open Windows Settings\Security Settings\Public Key. 6 Right-click Intermediate Certification Authorities and select Import. 7 Follow the prompts in the wizard to import the intermediate certificate (for example, intermediateCA.cer) and click OK. 8 Close the Group Policy window. All of the systems in the domain now have a copy of the intermediate certificate in their intermediate certification authority store.
VMware View Administration n If smart card users use the PCoIP display protocol to connect to View desktops, verify that the View Agent PCoIP Smartcard subfeature is installed on desktop sources. The PCoIP Smartcard subfeature lets users authenticate with smart cards when they use the PCoIP display protocol. NOTE The PCoIP Smartcard subfeature is not supported on Windows Vista. n Check the log files in drive:\Documents and Settings\All Users\Application Data\VMware\VDM\logs on the View Connection Server
Chapter 7 Setting Up User Authentication Logging in with CRL Checking When you configure CRL checking, View constructs and reads a CRL to determine the revocation status of a user certificate. If a certificate is revoked and smart card authentication is optional, the Enter your user name and password dialog box appears and the user must provide a password to authenticate. If smart card authentication is required, the user receives an error message and is not allowed to authenticate.
VMware View Administration Configure OCSP Certificate Revocation Checking When you configure OCSP certificate revocation checking, View sends a verification request to an OCSP Responder to determine the revocation status of a smart card user certificate. Prerequisites Familiarize yourself with the locked.properties file properties for OCSP certificate revocation checking. See “Smart Card Certificate Revocation Checking Properties,” on page 132. Procedure 1 Create or edit the locked.
Chapter 7 Setting Up User Authentication Table 7-1. Properties for Smart Card Certificate Revocation Checking Property Description enableRevocationChecking Set this property to true to enable certificate revocation checking. When this property is set to false, certificate revocation checking is disabled and all other certificate revocation checking properties are ignored. The default value is false. crlLocation Specifies the location of the CRL, which can be either a URL or a file path.
VMware View Administration n Logging in with RSA SecurID on page 134 When a user connects to a View Connection Server instance that has RSA SecurID authentication enabled, a RSA SecurID login dialog box appears in View Client. n Enable RSA SecurID Authentication in View Administrator on page 134 You enable a View Connection Server instance for RSA SecurID authentication by modifying View Connection Server settings in View Administrator.
Chapter 7 Setting Up User Authentication Troubleshooting RSA SecurID Access Denial Access is denied when View Client connects with RSA SecurID authentication. Problem A View Client connection with RSA SecurID displays Access Denied and the RSA Authentication Manager Log Monitor displays the error Node Verification Failed. Cause The RSA Agent host node secret needs to be reset. Solution 1 In View Administrator, select View Configuration > Servers.
VMware View Administration The Log in as current user feature has the following limitations and requirements: 136 n If smart card authentication is set to Required on a View Connection Server instance, smart card users who select the Log in as current user check box must still reauthenticate with their smart card and PIN when logging in to the View desktop. n Users cannot check out a desktop for use in local mode if they selected the Log in as current user check box when they logged in.
Configuring Policies 8 You can configure policies to control the behavior of View components, desktop pools, and desktop users. You use View Administrator to set policies for client sessions and you use Active Directory group policy settings to control the behavior of View components and certain features.
VMware View Administration n View Policies on page 139 You can configure View policies to affect all client sessions, or you can apply them to affect specific desktops or users. n Local Mode Policies on page 140 You can configure local mode policies to affect all client sessions, or you can apply them to specific desktops or users. Configure Global Policy Settings You can configure global policies to control the behavior of all client sessions users.
Chapter 8 Configuring Policies Configure Policies for Desktop Users You can configure user-level policies to affect specific users. User-level policy settings always take precedence over their equivalent global and desktop-level policy settings. Prerequisites Familiarize yourself with the policy descriptions. See “View Policies,” on page 139. Procedure 1 In View Administrator, select Inventory > Pools. 2 Double-click the ID of the desktop pool and click the Policies tab.
VMware View Administration Table 8-1. View Policies (Continued) Policy Description Remote mode Determines whether users can connect to and use desktops running on vCenter Server instances. If set to Deny, users must check out the desktop on their local computers and run the desktop only in local mode. Restricting users to running desktops only in local mode reduces the costs associated with CPU, memory, and network bandwidth requirements of running the desktop on a back-end server.
Chapter 8 Configuring Policies Table 8-2. Local Mode Policies (Continued) Policy Description Target replication frequency Specifies the interval in days, hours, or minutes between the start of one replication and the start of the next replication. A replication copies any changes in local desktop files to the corresponding remote desktop or View Composer persistent disk in the datacenter. The default value is the No replication setting.
VMware View Administration You use the Microsoft Windows Group Policy Object Editor to manage group policy settings. The Group Policy Object Editor is a Microsoft Management Console (MMC) snap-in. The MMC is part of the Microsoft Group Policy Management Console (GPMC). See the Microsoft TechNet Web site for information on installing and using the GPMC. Creating an OU for View Desktops You should create an organizational unit (OU) in Active Directory specifically for your View desktops.
Chapter 8 Configuring Policies Table 8-3. View ADM Template Files Template Name Template File Description VMware View Agent Configuration vdm_agent.adm Contains policy settings related to the authentication and environmental components of View Agent. VMware View Client Configuration vdm_client.adm Contains policy settings related to View Client configuration. Clients that connect from outside the View Connection Server host domain are not affected by policies applied to View Client.
VMware View Administration Table 8-4. View Agent Configuration Template Settings (Continued) Setting Computer User ConnectionTicketTimeout X Specifies the amount of time in seconds that the View connection ticket is valid. View clients use a connection ticket for verification and single sign-on when connecting to View Agent. For security reasons, a connection ticket is valid for a limited amount of time.
Chapter 8 Configuring Policies -C C:\WINDOWS\system32\wscript.exe C:\Scripts\checking.vbs The total length of the string, including the -C or -c option, should not exceed 260 characters. Client System Information Sent to View Desktops When a user connects or reconnects to a View desktop, the View client gathers information about the client system and View Connection Server sends that information to the desktop. View Agent writes the client computer information to the system registry path HKCU\Volatile En
VMware View Administration Table 8-5. Client System Information (Continued) Registry Key Description Client Systems Supported ViewClient_Broker_Tunneled The status of the tunnel connection for the View Connection Server, which can be either true (enabled) or false (disabled). Windows ViewClient_Broker_Tunnel_URL The URL of the View Connection Server tunnel connection, if the tunnel connection is enabled.
Chapter 8 Configuring Policies Table 8-6. View Client Configuration Template: Scripting Definitions (Continued) Setting Description Server URL Specifies the URL that View Client uses during login, for example, http://view1.example.com. Suppress error messages (when fully scripted only) Determines whether View Client error messages are hidden during login.
VMware View Administration Table 8-7. View Client Configuration Template: Security Settings (Continued) Setting Computer User Description Display option to Log in as current user X X Determines whether the Log in as current user check box is visible on the View Client connection dialog box. When the check box is visible, users can select or deselect it and override its default value. When the check box is hidden, users cannot override its default value from the View Client connection dialog box.
Chapter 8 Configuring Policies Table 8-8. View Client Configuration Administrative Template: RDP Settings Setting Description Audio redirection Determines whether audio information played on the View desktop is redirected. Select one of the following settings: Disable Audio Audio is disabled. Play VM (needed for VoIP USB Support) Audio plays within the View desktop. This setting requires a shared USB audio device to provide sound on the client. Redirect to client Audio is redirected to the client.
VMware View Administration Table 8-8. View Client Configuration Administrative Template: RDP Settings (Continued) 150 Setting Description Enable compression Determines whether RDP data is compressed. This setting is enabled by default. Enable Credential Security Service Provider Specifies whether the View desktop connection uses Network Level Authentication (NLA). In Windows Vista, remote desktop connections require NLA by default.
Chapter 8 Configuring Policies General Settings Table 8-9 describes the general settings in the View Client Configuration ADM template file. General settings include both Computer Configuration and User Configuration settings. The User Configuration setting overrides the equivalent Computer Configuration setting. Table 8-9. View Client Configuration Template: General Settings Setting Computer User Description Always on top X Determines whether the View Client window is always the topmost window.
VMware View Administration Table 8-9. View Client Configuration Template: General Settings (Continued) Setting Computer Pre-login message precedes smart card PIN request X Determines whether the prelogin message is sent before the smart card PIN request. Disable this setting to send the prelogin message after the smart card PIN request. Redirect smart card readers in Local Mode X Determines whether smart card readers are redirected to local desktops. The readers are shared with the client system.
Chapter 8 Configuring Policies Table 8-11. View Common Configuration Template: Log Configuration Settings Setting Properties Number of days to keep production logs Specifies the number of days for which log files are retained on the system. If no value is set, the default applies and log files are kept for seven days. Maximum number of debug logs Specifies the maximum number of debug log files to retain on the system.
VMware View Administration Table 8-13. View Common Configuration Template: General Settings Setting Properties Disk threshold for log and events in Megabytes Specifies the minimum remaining disk space threshold for logs and events. If no value is specified, the default is 200. When the specified value is met, event logging stops. Enable extended logging Determines whether trace and debug events are included in the log files.
Chapter 8 Configuring Policies Procedure 1 Copy the appropriate version of TPVMGPoACmap.dll to your Active Directory server or to the domain computer that you use to configure group policies. 2 Use the regsvr32 utility to register the TPVMGPoACmap.dll file. For example: regsvr32 "C:\TPVMGPoACmap.dll" What to do next Configure the group policy setting for location-based printing.
VMware View Administration 8 Add the printers that you want to map to View desktops and define their associated translation rules. 9 Click OK to save your changes. Location-Based Printing Group Policy Setting Syntax You use the AutoConnect Location-based Printing for VMware View group policy setting to map printers to View desktops. AutoConnect Location-based Printing for VMware View is a name translation table that identifies printers and defines associated translation rules.
Chapter 8 Configuring Policies Table 8-15 shows an example of two translation table rows. Table 8-15. Location-Based Printing Group Policy Setting Example IP Range Client Name Mac Address User/Use r Group Printer Name Printer Driver IP Port/ThinPrint PortD * * * * PRINTER-1-CLR HP Color LaserJet 4700 PS IP_10.114.24.1 10.112.116.140-10.1 12.116.145 * * * PRINTER-2-CLR HP Color LaserJet 4700 PS IP_10.114.24.
VMware View Administration Table 8-17. Terminal Services Policy Settings for Sessions Setting Description Set time limit for disconnected sessions Enabling this setting lets you set a time limit for disconnected sessions. Disconnected sessions are logged off after the specified time limit. Sets a time limit for active but idle Terminal Services sessions Enabling this setting lets you set a time limit for idle sessions. Idle sessions are logged off after the specified time limit.
Chapter 8 Configuring Policies 3 Type a name for the OU and click OK. The new OU appears in the left pane. 4 To add View desktops to the new OU: a Click Computers in the left pane. All the computer objects in the domain appear in the right pane. b Right-click the name of the computer object that represents the View desktop in the right panel and select Move. c Select the OU and click OK. The View desktop appears in the right pane when you select the OU.
VMware View Administration Add View ADM Templates to a GPO To apply View component group policy settings to your View desktops, add their ADM template files to GPOs. Prerequisites n Create GPOs for the View component group policy settings and link them to the OU that contains your View desktops. n Verify that the Microsoft MMC and the Group Policy Object Editor snap-in are available on your Active Directory server. Procedure 1 Copy the View component ADM Template files from the install_directory\VMwar
Chapter 8 Configuring Policies 4 In the right pane, right-click the GPO that you created for the group policy settings and select Edit. The Group Policy Object Editor window appears. 5 Expand the Computer Configuration folder and then expand the Administrative Templates, System, and Group Policy folders. 6 In the right pane, right-click User Group Policy loopback processing mode and select Properties.
VMware View Administration 162 VMware, Inc.
Managing Linked-Clone Desktops 9 With View Composer, you can update linked-clone desktops, reduce the size of their operating system data, and rebalance the linked-clone virtual machines among disk drives. You also can manage the View Composer persistent disks associated with linked clones. n Reduce Linked-Clone Size with Desktop Refresh on page 163 A desktop refresh operation restores the operating system disk of each linked clone to its original state and size, reducing storage costs.
VMware View Administration Procedure 1 In View Administrator, click Inventory > Pools. 2 Select the pool to refresh by double-clicking the pool ID in the left column. 3 Choose whether to refresh the whole pool or selected desktops. Option Action To refresh all desktops in the pool On the selected pool's page, click the Settings tab. To refresh selected desktops a b On the selected pool's page, click the Inventory tab. Select the desktops to refresh. 4 Click View Composer > Refresh.
Chapter 9 Managing Linked-Clone Desktops n A refresh preserves the unique computer information set up by QuickPrep or Sysprep. You do not need to rerun Sysprep after a refresh to restore the SID or the GUIDs of third-party software installed in the system drive. n After you recompose a linked clone, View Manager takes a new snapshot of the linked clone's OS disk. Future refresh operations restore the OS data to that snapshot, not the one originally taken when the linked clone was first created.
VMware View Administration Prerequisites If you upgrade the parent virtual machine hardware to v7, deploy the linked clone pool on an ESX/ESXi 4.0 host or cluster. You cannot deploy the pool on a cluster with ESX/ESXi 4.0 hosts mixed with ESX/ESXi 3.5 hosts. Procedure 1 In vCenter Server, update the parent virtual machine for the recomposition. n Install OS patches or service packs, new applications, application updates, or make other changes in the parent virtual machine.
Chapter 9 Managing Linked-Clone Desktops n Decide whether to force all users to log off as soon as the recomposition begins or wait for each user to log off before recomposing that user's desktop. If you force users to log off, View Manager notifies users before they are disconnected and allows them to close their applications and log off. n Verify that provisioning for the pool is enabled.
VMware View Administration Recompose Linked-Clone Desktops That Can Run in Local Mode You can recompose linked-clone desktops that can run in local mode. However, the desktops must be checked in or rolled back to the datacenter before the recompose operation can take place. Prerequisites n Familiarize yourself with the recomposition guidelines. See “Updating Linked Clones with Desktop Recomposition,” on page 168.
Chapter 9 Managing Linked-Clone Desktops Apply these guidelines to recompositions: n You can recompose dedicated-assignment and floating-assignment pools. n You can recompose a desktop pool on demand or as a scheduled event. You can schedule only one recomposition at a time for a given set of linked clones. Before you can schedule a new recomposition, you must cancel any previously scheduled task or wait until the previous operation is completed.
VMware View Administration Solution 1 Select the snapshot that was used in the last successful recomposition. You can also select a new snapshot to update the linked clones to a new state. The snapshot must use the same operating system as the original parent virtual machine's snapshot. 2 Recompose the pool again. View Composer creates a base image from the snapshot and recreates the linked-clone OS disks.
Chapter 9 Managing Linked-Clone Desktops What to do next Recompose the linked-clone desktop pool. Rebalance Linked-Clone Desktops A desktop rebalance operation evenly redistributes linked-clone desktops among available datastores. If possible, schedule rebalance operations during off-peak hours. For guidelines, see “Rebalancing Linked Clones Among Logical Drives,” on page 171. Prerequisites n Familiarize yourself with the rebalance operation.
VMware View Administration When the virtual machines use 95% of the space on the datastore, View Manager generates a warning log entry. At 99% usage, vSphere suspends every virtual machine on the datastore. The rebalance also refreshes the linked clones, reducing the size of their OS disks. It does not affect View Composer persistent disks. Apply these guidelines to desktop rebalances: n You can rebalance dedicated-assignment and floating-assignment pools.
Chapter 9 Managing Linked-Clone Desktops Manage View Composer Persistent Disks You can detach a View Composer persistent disk from a linked-clone desktop and attach it to another linked clone. This feature lets you manage user information separately from linked-clone desktops. When you attach persistent disks to linked-clone desktops, the target linked clones must use vSphere mode.
VMware View Administration 4 5 Choose where to store the persistent disk. Option Description Use current datastore Store the persistent disk on the datastore where it is currently located. Move to the following datastore Select a new datastore on which to store the persistent disk. Click Browse, click the down arrow, and select a new datastore from the Choose a Datastore menu. (Optional) Click Save the OS Disk to store the linked clone's OS disk in vCenter Server.
Chapter 9 Managing Linked-Clone Desktops Edit a View Composer Persistent Disk's Pool or User You can assign a detached View Composer persistent disk to a new pool or user if the original pool or user was deleted from View Manager. A detached persistent disk is still associated with its original pool and user. If the pool or user is deleted from View Manager, you cannot use the persistent disk to recreate a linked-clone desktop.
VMware View Administration 4 Click Recreate Desktop. 5 Click OK. View Manager creates a linked-clone desktop for each persistent disk you select and adds the desktop to the original pool. The persistent disks remain on the datastore where they were stored. Restore a Linked-Clone Desktop by Importing a Persistent Disk from vSphere If a linked-clone desktop becomes inaccessible in View Manager, you can restore the desktop if it was configured with a View Composer persistent disk.
Chapter 9 Managing Linked-Clone Desktops 5 6 VMware, Inc. Choose whether to delete the disk from the datastore or let it remain on the datastore after it is removed from View Manager. Option Description Delete from disk After the deletion, the persistent disk no longer exists. Delete from View Manager only After the deletion, the persistent disk is no longer accessible in View Manager but remains on the datastore. Click OK.
VMware View Administration 178 VMware, Inc.
Managing Desktops and Desktop Pools 10 In View Administrator, you can manage desktop pools, virtual-machine desktops, and desktop sessions. This chapter includes the following topics: n “Managing Desktop Pools,” on page 179 n “Reducing Adobe Flash Bandwidth,” on page 184 n “Managing Virtual-Machine Desktops,” on page 186 n “Export View Information to External Files,” on page 191 Managing Desktop Pools You can edit, disable, and delete desktop pools in View Administrator.
VMware View Administration Modifying Settings in an Existing Desktop Pool After you create a desktop pool, you can change certain configuration settings. Table 10-1. Editable Settings in an Existing Desktop Pool Configuration Tab Description General Edit pool-naming options. Pool Settings Edit desktop settings such as the remote desktop power policy, display protocol, and Adobe Flash settings. Provisioning Settings Edit pool-provisioning options and add desktops to the pool.
Chapter 10 Managing Desktops and Desktop Pools Change the Size of an Automated Pool Provisioned by a Naming Pattern When you provision an automated desktop pool by using a naming pattern, you can increase or decrease the size of the pool by changing the maximum number of desktops. Prerequisites n Verify that you provisioned the pool by using a naming pattern. If you specify desktop names manually, see “Add Desktops to an Automated Pool Provisioned by a List of Names,” on page 181.
VMware View Administration Procedure 1 Create a text file that contains the list of additional desktop names. If you intend to add only a few desktops, you can type the desktop names directly in the Add Pool wizard. You do not have to create a separate text file. 2 In View Administrator, click Inventory > Pools. 3 Select the pool to be expanded. 4 Click Edit. 5 Click the Provisioning Settings tab. 6 Click Add Desktops.
Chapter 10 Managing Desktops and Desktop Pools Disable or Enable Provisioning in a Desktop Pool When you disable provisioning in a desktop pool, View Manager stops provisioning new virtual machines for the pool. After you disable provisioning, you can enable provisioning again. Before you change a pool's configuration, you can disable provisioning to ensure that no new desktops are created with the old configuration.
VMware View Administration Procedure 1 In View Administrator, click Inventory > Pools. 2 Select a desktop pool and click Delete. 3 Choose how to delete the pool. Option Description Pool that contains full virtualmachine desktops Choose whether to keep or delete the virtual machines in vCenter Server. If you delete the virtual machines from disk, users in active sessions are disconnected from their desktops.
Chapter 10 Managing Desktops and Desktop Pools 3 Click the Pool Settings tab. 4 Select a quality mode from the Adobe Flash quality menu. 5 Select a throttling mode from the Adobe Flash throttling menu. 6 Click OK. NOTE Adobe Flash bandwidth-reduction settings do not take effect until View Client reconnects with the desktop. Adobe Flash Quality and Throttling You can specify a maximum allowable level of quality for Adobe Flash content that overrides Web page settings.
VMware View Administration Configure Adobe Flash Throttling with Internet Explorer in Terminal Services Sessions To ensure that Adobe Flash throttling works with Internet Explorer in Terminal Services sessions, users must enable third-party browser extensions. Procedure 1 Start View Client and log in to a user's desktop. 2 In Internet Explorer, click Tools > Internet Options. 3 Click the Advanced tab, select Enable third-party browser extensions, and click OK. 4 Restart Internet Explorer.
Chapter 10 Managing Desktops and Desktop Pools 3 Select a desktop. 4 Choose whether to disconnect, log off, or restart the session. Option Description Disconnect Session Disconnects the user from the desktop. The session remains active. The user can log back in to the session if Automatically logoff after disconnect is set to Never, or the specified length of time after the disconnect occurs is not exceeded.
VMware View Administration Unassign a User from a Dedicated Desktop In a dedicated-assignment pool, you can remove a desktop assignment to a user. You can also use the vdmadmin command to remove a desktop assignment to a user. See “Assigning Dedicated Desktops Using the -L Option,” on page 306. Prerequisites Verify that the desktop is not checked out for use in local mode. You cannot assign users or remove user assignments while desktops are checked out.
Chapter 10 Managing Desktops and Desktop Pools Procedure 1 In View Administrator, click Dashboard. 2 In the Desktop Status pane, expand a status folder. 3 Option Description Preparing Lists the desktop states while the virtual machine is being provisioned, deleted, or in maintenance mode. Problem Desktops Lists the desktop error states. Prepared for use Lists the desktop states when the desktop is ready for use. Locate the desktop status and click the hyperlinked number next to it.
VMware View Administration Table 10-5. Status of Virtual-Machine Desktops That Are Managed by vCenter Server (Continued) Status Type of State Description Disconnected Session state The virtual machine is in an active session, but it is disconnected from the View client. Unassigned user connected Miscellaneous A user other than the assigned user is logged in to a virtual machine in a dedicated pool.
Chapter 10 Managing Desktops and Desktop Pools Procedure 1 In View Administrator, click Inventory > Desktops. 2 Select one or more desktops and click Remove. 3 Choose how to delete the desktops. Option Description Pool that contains full virtualmachine desktops Choose whether to keep or delete the virtual machines in vCenter Server. If you delete the virtual machines from disk, users in active sessions are disconnected from their desktops.
VMware View Administration 3 Type a filename for the csv file in the Select location for download dialog. The default filename is global_table_data_export.csv. 4 Browse to a location to store the file. 5 Click Save. What to do next Open a spreadsheet or another tool to view the csv file. 192 VMware, Inc.
Managing Physical Computers and Terminal Servers 11 In View Administrator, you can add, remove, and unregister View desktops that are not managed by vCenter Server. Unmanaged desktop sources include virtual machines that are not managed by vCenter Server, physical computers, blade PCs, and Microsoft Terminal Services sources. NOTE When you reconfigure a setting that affects an unmanaged desktop source, it can take up to 10 minutes for the new setting to take effect.
VMware View Administration Remove an Unmanaged Desktop Source from a Pool You can reduce the size of a manual desktop pool that uses unmanaged desktop sources by removing desktop sources from the pool. Procedure 1 In View Administrator, click Inventory > Pools. 2 Double-click a pool ID and select the Inventory tab. 3 Select the desktop sources to remove. 4 Click Remove. 5 If users are logged in to the unmanaged desktops, choose whether to terminate the sessions or let the sessions remain active.
Chapter 11 Managing Physical Computers and Terminal Servers Unregister an Unmanaged Desktop Source All desktop sources that vCenter Server manages are registered when you install View Agent. You can unregister only unmanaged desktop sources. Unmanaged desktop sources include virtual machines that are not managed by vCenter Server, physical computers, blade PCs, and Terminal Services sources. When you unregister a desktop source, it becomes unavailable in View Manager.
VMware View Administration 196 VMware, Inc.
Managing ThinApp Applications in View Administrator 12 You can use View Administrator to distribute and manage applications packaged with VMware ThinApp™. Managing ThinApp applications in View Administrator involves capturing and storing application packages, adding ThinApp applications to View Administrator, and assigning ThinApp applications to desktops and pools. You must have a license to use the ThinApp management feature in View Administrator.
VMware View Administration n Make sure that a disjoint namespace does not prevent domain member computers from accessing the network share that hosts the MSI packages. A disjoint namespace occurs when an Active Directory domain name is different from the DNS namespace that is used by machines in that domain. See VMware Knowledge Base (KB) article 1023309 for more information. n To run streamed ThinApp applications on View desktops, users must have access to the network share that hosts the MSI packages.
Chapter 12 Managing ThinApp Applications in View Administrator Procedure 1 Start the ThinApp Setup Capture wizard and follow the prompts in the wizard. 2 When the ThinApp Setup Capture wizard prompts you for a project location, select Build MSI package. 3 If you plan to stream the application to View desktops, set the MSIStreaming property to 1 in the package.ini file.
VMware View Administration Procedure 1 In View Administrator, select View Configuration > ThinApp Configuration and click Add Repository. 2 Type a display name for the application repository in the Display name text box. 3 Type the path to the Windows network share that hosts your application packages in the Share path text box. The network share path must be in the form \\ServerComputerName\ShareName where ServerComputerName is the DNS name of the server computer. Do not specify an IP address.
Chapter 12 Managing ThinApp Applications in View Administrator Creating ThinApp templates is optional. NOTE If you add an application to a ThinApp template after assigning the template to a desktop or pool, View Administrator does not automatically assign the new application to the desktop or pool. If you remove an application from a ThinApp template that was previously assigned to a desktop or pool, the application remains assigned to the desktop or pool.
VMware View Administration n Assign Multiple ThinApp Applications to a Pool on page 205 You can assign one more ThinApp applications to a particular pool. n Assign a ThinApp Template to a Desktop or Pool on page 205 You can streamline the distribution of multiple ThinApp applications by assigning a ThinApp template to a desktop or pool. n Review ThinApp Application Assignments on page 206 You can review all of the desktops and pools that a particular ThinApp application is currently assigned to.
Chapter 12 Managing ThinApp Applications in View Administrator Procedure 1 Select Inventory > ThinApps and select the ThinApp application. 2 From the Add Assignment drop-down menu, select Desktops. The desktops that the ThinApp application is not already assigned to appear in the table. 3 Option Action Find a specific desktop Type the name of the desktop in the Find text box and click Find.
VMware View Administration 4 Select a ThinApp application to assign to the desktop and click Add. Repeat this step to add multiple applications. 5 Select an installation type and click OK. Option Action Streaming Installs a shortcut to the application on the desktop. The shortcut points to the application on the network share that hosts the repository. Users must have access to the network share to run the application. Full Installs the full application on the local file system.
Chapter 12 Managing ThinApp Applications in View Administrator Assign Multiple ThinApp Applications to a Pool You can assign one more ThinApp applications to a particular pool. If you assign a ThinApp application to a linked-clone pool and later refresh, recompose, or rebalance the pool, View Administrator reinstalls the application for you. You do not have to manually reinstall the application. Prerequisites Scan an application repository and add selected ThinApp applications to View Administrator.
VMware View Administration 3 From the Add Assignment drop-down menu, select Desktops or Pools. All desktops or pools appear in the table. 4 Option Action Find a specific desktop or pool Type the name of the desktop or pool in the Find text box and click Find. Find all of the desktops or pools that follow the same naming convention Type a partial desktop or pool name in the Find text box and click Find. Select the desktops or pools that you want to assign the ThinApp template to and click Add.
Chapter 12 Managing ThinApp Applications in View Administrator Procedure u Select the ThinApp application assignments that you want to review. Option Action Review all of the desktops and pools that a particular ThinApp application is assigned to Select Inventory > ThinApps and double-click the name of the ThinApp application. The Assignments tab shows the desktops and pools that the application is currently assigned to, including the installation type.
VMware View Administration 3 Select the Summary tab to see general information about the MSI package. 4 Click Package Info to see detailed information about the MSI package. Maintaining ThinApp Applications in View Administrator Maintaining ThinApp applications in View Administrator involves tasks such as removing ThinApp application assignments, removing ThinApp applications and application repositories, and modifying and deleting ThinApp templates.
Chapter 12 Managing ThinApp Applications in View Administrator Remove Multiple ThinApp Application Assignments from a Desktop You can remove assignments to one or more ThinApp applications from a particular desktop. Prerequisites Notify the users of the desktop that you intend to remove the applications. Procedure 1 Select Inventory > Desktops and double-click the name of the desktop in the Desktop column.
VMware View Administration Remove a ThinApp Application from View Administrator When you remove a ThinApp application from View Administrator, you can no longer assign the application to desktops and pools. You might need to remove a ThinApp application if your organization decides to replace it with a different vendor's application. NOTE You cannot remove a ThinApp application if it is already assigned to a desktop or pool or if it is in the Pending Uninstall state.
Chapter 12 Managing ThinApp Applications in View Administrator Monitoring and Troubleshooting ThinApp Applications in View Administrator View Administrator logs events that are related to ThinApp application management to the Events and Reporting database. You can view these events on the Events tab in View Administrator. An event appears on the Events tab when the following situations occur.
VMware View Administration Solution n Verify that the application packages in the application repository are in MSI format. n Verify that the network share meets View requirements for ThinApp applications. See “View Requirements for ThinApp Applications,” on page 197 for more information. n Verify that the directories in the network share have the proper permissions. See “Cannot Register an Application Repository,” on page 211 for more information.
Chapter 12 Managing ThinApp Applications in View Administrator View Connection Server log files are located on the View Connection Server host in the drive:\Documents and Settings\All Users\Application Data\VMware\VDM\logs directory. Solution 1 In View Administrator, select Inventory > ThinApps. 2 Click the name of the ThinApp application. 3 On the Desktops tab, select the desktop and click Retry Install to reinstall the ThinApp application.
VMware View Administration Cause Common causes of this problem include the following: n The MSI file is corrupted. n The MSI file was not created with ThinApp. n The MSI file was created or repackaged with an unsupported version of ThinApp. You must use ThinApp version 4.6 or later. Solution See the ThinApp User's Guide for information on troubleshooting problems with MSI packages.
Chapter 12 Managing ThinApp Applications in View Administrator 8 9 VMware, Inc. In View Administrator, select the ThinApp applications to assign to your desktops or pools and specify the installation method. Option Action Streaming Installs a shortcut to the application on the desktop. The shortcut points to the application on the network share that hosts the repository. Users must have access to the network share to run the application. Full Installs the full application on the local file system.
VMware View Administration 216 VMware, Inc.
Managing Local Desktops 13 To manage desktops that are used in local mode, you must set up the environment so that data is transferred when users check View desktops out to their local systems. You must also manage other tasks where data transfer occurs, such as desktop check-in, rollback, and backup, and set policies for which of these actions users can initiate.
VMware View Administration View desktops in local mode behave in the same way as their remote desktop equivalents, yet can take advantage of local resources. Latency is eliminated, and performance is enhanced. Users can disconnect from their local View desktop and log in again without connecting to the View Connection Server. After network access is restored, or when the user is ready, the checked-out virtual machine can be backed up, rolled back, or checked in.
Chapter 13 Managing Local Desktops The data on each local system is encrypted with AES. 128-bit encryption is the default, but you can configure 192-bit or 256-bit encryption. The desktop has a lifetime controlled through policy. If the client loses contact with View Connection Server, the maximum time without server contact is the period in which the user can continue to use the desktop before the user is refused access.
VMware View Administration 8 Verify that the Local Mode policy is set to Allow for the desktop pool. In View Administrator, go to the Policies tab for that pool. 9 If you want desktops to run only in local mode so that users must always check out the desktop, set the Remote Mode policy to Deny. In View Administrator, go to the Policies tab for that pool. 10 Direct end users to install View Client with Local Mode on their local systems.
Chapter 13 Managing Local Desktops The desktop now requires a download and check out. What to do next If you want to prevent end users from checking the desktop in again, set the User-initiated check in policy to Deny. If you want to prevent end users from rolling the desktop back, set the User-initiated rollback policy to Deny.
VMware View Administration Best Practices for Deploying Local Desktops Best-practice recommendations address questions about the memory, processing power, and number of the various components that affect a local mode deployment. General Recommendations for Most Deployments Virtual machine configuration Desktops that run in local mode automatically adjust the amount of memory and processing power they use based on that available from the client computer.
Chapter 13 Managing Local Desktops Small Deployment with Minimal Capital Expenditure You can reduce the number of ESX servers required for your deployment if you increase the number of virtual machines on each server. An ESX 4.1 server can host up to 500 virtual machines if most are not powered on at the same time. Use the following recommendations to reduce the amount of bandwidth and I/O operations required by each virtual machine and maximize the number of virtual machines on an ESX server.
VMware View Administration Add View Transfer Server to View Manager View Transfer Server works with View Connection Server to transfer files and data between local desktops and the datacenter. Before View Transfer Server can perform these tasks, you must add it to your View Manager deployment. You can add multiple View Transfer Server instances to View Manager. The View Transfer Server instances access one common Transfer Server repository.
Chapter 13 Managing Local Desktops For example, if you remove View Transfer Server while you check out a desktop, the check-out operation is paused. The user can resume the paused transfer operation from the client computer.
VMware View Administration Improve Transfer Performance Over a WAN on Windows Server 2003 In a WAN environment with high network latency, you can enhance transfer performance by increasing the sizes of TCP send and receive windows. When View Transfer Server is installed on Windows Server 2008, the TCP send and receive windows are increased to 640KB by default. You do not have to reconfigure these values.
Chapter 13 Managing Local Desktops View Transfer Server enters an error state when it becomes unavailable or cannot operate normally. To resolve an issue, read the troubleshooting tip for the displayed error state. See “Troubleshooting View Transfer Server and Local Desktop Operations,” on page 254. Table 13-2.
VMware View Administration If a base image is recomposed, View Transfer Server downloads the updated image from the Transfer Server repository to the local computers the next time users check out their desktops. For details, see “Recompose Linked-Clone Desktops That Can Run in Local Mode,” on page 168. IMPORTANT A linked-clone desktop that was created from a base image must be checked into the datacenter before you can recompose it.
Chapter 13 Managing Local Desktops Prerequisites n Verify that View Transfer Server is installed on a Windows Server virtual machine. n Verify that View Transfer Server is added to View Manager. See “Add View Transfer Server to View Manager,” on page 224. NOTE Adding View Transfer Server to View Manager before you configure the Transfer Server repository is a best practice, not a requirement. n Determine how large the Transfer Server repository must be to store your View Composer base images.
VMware View Administration 7 Click OK. If the repository network path or local drive is incorrect, the Edit Transfer Server Repository dialog displays an error message and does not let you configure the location. You must type a valid location. 8 On the View Configuration > Servers page, select the View Transfer Server instance and click Exit Maintenance Mode. The View Transfer Server status changes to Ready.
Chapter 13 Managing Local Desktops Prerequisites n Verify that View Transfer Server is configured in View Manager. See “Add View Transfer Server to View Manager,” on page 224. n Verify that a Transfer Server repository is configured. See “Configure the Transfer Server Repository,” on page 228. Procedure 1 In View Administrator, click View Configuration > Transfer Server Repository. 2 In the Contents panel, select a package file. 3 Click Remove.
VMware View Administration Procedure 1 Configure a local or remote destination folder to which you will migrate the Transfer Server repository. Option Action Local Transfer Server repository On the virtual machine where View Transfer Server is installed, create a path and folder for the Transfer Server repository. For example: C:\TransferRepository\ Remote Transfer Server repository Configure a UNC path for the network share. For example: \\server.domain.com\TransferRepository\ All View Transfer Serv
Chapter 13 Managing Local Desktops Recover from a Corrupted Transfer Server Repository Folder If the network-shared folder or local folder on which the Transfer Server repository is configured becomes corrupted, you must recreate the Transfer Server repository on a functioning folder. This situation occurs if the network share or local drive is inaccessible and you cannot access the Transfer Server package files that are stored in the configured folder.
VMware View Administration When you initiate a replication, or when a replication is scheduled to begin, the request starts the next time the client computer contacts the datacenter. View Client with Local Mode takes a snapshot and starts the replication. View maintains only one pending replication at a time. NOTE At the beginning and end of each replication, the end user might notice that desktop performance is affected for a few seconds while a local snapshot is taken or updated.
Chapter 13 Managing Local Desktops Procedure n Set the Target replication frequency. This policy specifies the interval in days, hours, or minutes between the start of one replication and the start of the next replication. You can prohibit scheduled replications by selecting No replication. The No replication policy does not prohibit explicit replication requests.
VMware View Administration 4 5 Choose whether to start the replication at the next connection between the local desktop and the datacenter. Option Description Yes Starts the replication the next time View Client is running and the desktop contacts the datacenter. No Cancels your replication request. If you requested a replication previously and it has not started yet, you can select No to cancel the pending replication. Click OK.
Chapter 13 Managing Local Desktops What to do next To clean up the files on the end user's computer, have the end user delete the local mode directory for this desktop. See “Delete a Local Desktop,” on page 237. For information about checking out a View desktop for use in local mode, see the View Installation document. Delete a Local Desktop When you roll back a local desktop or uninstall View Client, the files that make up a local desktop on that client computer are not deleted or cleaned up.
VMware View Administration Procedure 1 In View Administrator, click View Configuration > Servers. 2 In the View Servers panel, select a View Connection Server instance and click Edit. 3 Select security and optimization settings for data transfers and local desktop operations.
Chapter 13 Managing Local Desktops The SSL settings do not affect local data on the client computers, which is always encrypted. The data disk stored locally on client systems is encrypted using a default encryption strength of AES-128. The encryption keys are stored encrypted on the client system with a key derived from a hash of the user's credentials (username and password or smart card and PIN). On the server side, the key is stored in View LDAP.
VMware View Administration Procedure 1 Start the ADSI Edit utility on your View Connection Server host. 2 Select or connect to DC=vdi, DC=vmware, DC=int. 3 On the object CN=Common, OU=Global, OU=Properties, set the pae-OVDIKeyCipher attribute to the new encryption key cipher value. You can set the encryption key cipher value to AES-128, AES-192 or AES-256. The default value is AES-128.
Chapter 13 Managing Local Desktops Table 13-5 shows the location of the View Client with Local Mode logs on the client computer. Table 13-5. Location of View Client with Local Mode Logs Operating System Path Windows 7 and Windows Vista C:\Users\user name\AppData\VMware\VDM\Logs\ Windows XP C:\Documents and Settings\user name\Local Settings\Application Data\VMware\VDM\Logs\ When a local desktop is checked in or replicated, View Transfer Server transfers the data that was generated on the local desktop
VMware View Administration In this example, the local desktop displayed a message such as "Transferring 871MB". However, this amount of data was reduced by deduplication. Although the remaining data could not be compressed, only 2.198MB of data was transferred over the network. Guest File System Optimization of Data Transfers During transfer operations, View Transfer Server reduces the amount of data that must be sent over the network by taking advantage of guest file system optimization.
Chapter 13 Managing Local Desktops Similarly, the local View desktop can use up to two CPUs available on the client host if the View desktop is running a Windows Vista or later operating system. You can change the defaults and specify the scope of the setting. The setting can apply to all local desktops on the client or, depending on the setting, it can apply to a specific desktop or to all desktops from a specific View Connection Server instance that a specific user is entitled to use on the client.
VMware View Administration Procedure n To override the default behavior so that the local desktop uses only the amount of memory configured in vCenter Server, create and deploy a GPO to add one of the following registry keys and set the key to 1. Scope of Setting Path Client-wide HKCU\Software\VMware, Inc.\VMware VDM\Client\disableOfflineDesktopMemoryScaleup Broker and user specific HKCU\Software\VMware, Inc.\VMware VDM\Client\broker_guid\remote_user_sid\disableOfflineDeskto pMemoryScaleup The value
Chapter 13 Managing Local Desktops n To override the default behavior so that the local desktop uses only the number of CPUs configured in vCenter Server, create and deploy a GPO to add one of the following registry keys and set the key to 1. Scope of Setting Path Client-wide HKCU\Software\VMware, Inc.\VMware VDM\Client\disableOfflineDesktopCPUScaleup Broker and user specific HKCU\Software\VMware, Inc.\VMware VDM\Client\broker_guid\remote_user_sid\disableOfflineDeskto pCPUScaleup The value 1 indicat
VMware View Administration Prerequisites n Because in many cases you can specify the scope of the setting, determine the IDs you will need to specify. Table 13-8. Identifiers Used in Registry Settings for Local Mode Resource Usage Scope Variable Name Description Broker specific broker_guid Globally unique identifier for the View Connection Server instance or group. Use the vdmadmin -C command to determine the GUID.
Chapter 13 Managing Local Desktops Configuring an HTTP Cache to Provision Local Desktops Over a WAN You can use an HTTP cache to facilitate the provisioning of linked-clone, local desktops. Configuring an HTTP cache benefits remote offices and branch offices that are connected to the datacenter over a WAN. The HTTP cache reduces the performance cost of transferring View Composer base images over a WAN.
VMware View Administration If you use SSL encryption, you do not have to change proxy server settings, but SSL encryption can affect the performance of transfers of linked-clone OS disks and persistent disks. You must configure these SSL settings on each View Connection Server instance that delivers View services to the clients for which you configure HTTP caching. Procedure 1 In View Administrator, click View Configuration > Servers.
Chapter 13 Managing Local Desktops Configure Client Computers to Transfer Data Through a Proxy Server To support HTTP caching, you must configure the client computers that host local desktops to transfer the desktop data through a caching proxy server. You also must configure the client computers to use the proxy server's HTTP address for internet connections. To allow transfers to pass through a proxy server, you add a registry key to the client computers.
VMware View Administration Procedure 1 Configure the maximum size of the cache on the proxy server. To calculate the maximum size, consider the number and size of the View Composer base images that are used by local desktops. The base images are downloaded as package files to the proxy server. Also consider other files that you plan to cache on the proxy server. 2 Configure the size of the largest single file that can be cached.
Chapter 13 Managing Local Desktops The new heartbeat interval takes effect the next time a client computer that hosts a local desktop sends a heartbeat message to View Connection Server. You do not need to restart the View Connection Server service or the client computer. If the heartbeat interval is set to a lesser value on a client computer, View uses the client computer value instead of the View Connection Server value. By default, the heartbeat interval is not set on client computers.
VMware View Administration 1 Copy the Base Image from the Transfer Server Repository on page 252 To download a desktop manually to a client computer to use in local mode, you must copy the View Composer base image to a portable device. The base image is published as a package in the Transfer Server repository.
Chapter 13 Managing Local Desktops Procedure 1 Deliver the portable device that contains the desktop pool's package files to the user. 2 Copy the package files to a specified check-out directory on the client computer. Copy the files to a subdirectory in the check-out directory that uses the display name of the desktop pool. For example, to download files from a desktop pool with the display name LocalPool, copy the files to check_out_directory\LocalPool.
VMware View Administration Check Out a Desktop After Manually Copying the Base Image After you manually copy the base image to the client computer and set permissions on the package files, you must direct the user to check out a desktop. Prerequisites n Verify that View Client with Local Mode is installed on the client computer. n Verify that you set permissions to use the package files that were copied to the client computer.
Chapter 13 Managing Local Desktops n The Transfer Server Repository Is Invalid on page 258 In View Administrator, View Transfer Server displays a status of Bad Transfer Server repository. n View Transfer Server Cannot Connect to the Transfer Server Repository on page 258 In View Administrator, View Transfer Server displays a status of Repository Connection Error. n View Transfer Server Fails the Health Check on page 259 In View Administrator, View Transfer Server displays a status of Bad Health Check.
VMware View Administration Solution n n Migrate the View Transfer Server virtual machine to an ESX host with access to the datastores. a In View Administrator, place the View Transfer Server instance in maintenance mode. b In vSphere Client, use the Migration wizard to migrate the View Transfer Server virtual machine to the destination ESX host. c In View Administrator, select the View Transfer Server instance and exit maintenance mode.
Chapter 13 Managing Local Desktops Login Window Takes a Long Time to Appear Under certain circumstances, after you open View Client and specify a View Connection Server instance, the login window does not appear for 30 or more seconds. Problem The login window is not accessible for sometimes as long as 30 seconds, until the connection attempt times out.
VMware View Administration View Transfer Server Fails to Enter Maintenance Mode When you attempt to place View Transfer Server in maintenance mode, it remains in the Maintenance mode pending state for an excessively long time. Problem When View Transfer Server is in the Maintenance mode pending state, you cannot perform operations such as migrating the Transfer Server repository to a new location, which you can do after View Transfer Server enters maintenance mode.
Chapter 13 Managing Local Desktops Solution 1 Place all View Transfer Server instances in maintenance mode. a In View Administrator, click View Configuration > Servers. b Select a View Transfer Server instance. c If transfers are currently active, choose whether to cancel the active transfers or wait until the active transfers are completed before placing the View Transfer Server instance in maintenance mode. d Click OK. e Repeat these steps for all View Transfer Server instances.
VMware View Administration Solution 1 Place all View Transfer Server instances in maintenance mode. a In View Administrator, click View Configuration > Servers. b Select a View Transfer Server instance. c If transfers are currently active, choose whether to cancel the active transfers or wait until the active transfers are completed before placing the View Transfer Server instance in maintenance mode. d Click OK. e Repeat these steps for all View Transfer Server instances.
Chapter 13 Managing Local Desktops Virtual Disk of a Local Desktop Needs Repair You might need to repair the virtual disk of a local desktop. Problem You see an error message when you try to connect to your local desktop. For example: Cannot open the disk 'C:\Documents and Settings\jo\Local Settings\Application Data\View\Local Desktops\Win7_32b_Local_Mode\52411f5e05b854ca-b5c54521f6010b22-scsi00-000002.vmdk' or one of the snapshot disks it depends on. Reason: The specified disk needs repair.
VMware View Administration Procedure 1 Copy the virtual machine files from the client machine to a local folder on the View Connection Server instance. IMPORTANT Do not access the files using a network share or mapped drive. 2 To decrypt a file, run the vdmadmin command. vdmadmin -V -rescue -d desktop -u domain\user -infile path_to_VM_file Option Description -d desktop Specifies the name of the desktop pool.
Maintaining View Components 14 To keep your View components available and running, you can perform a variety of maintenance tasks.
VMware View Administration Do not rely on using replicated instances of View Connection Server to act as your backup mechanism. When View Manager synchronizes data in replicated instances of View Connection Server, any data lost in one instance might be lost in all members of the group. If View Connection Server uses multiple vCenter Server instances with multiple View Composer services, View Manager backs up all the View Composer databases associated with the vCenter Server instances.
Chapter 14 Maintaining View Components View Manager Configuration Backup Settings View Manager can back up your View Connection Server and View Composer configuration data at regular intervals. In View Administrator, you can set the frequency and other aspects of the backup operations. Table 14-1. View Manager Configuration Backup Settings Setting Description Automatic backup frequency Every Hour. Backups take place every hour on the hour. Every 6 Hours.
VMware View Administration Procedure 1 Select Start > Command Prompt. 2 At the command prompt, type the vdmexport command and redirect the output to a file. For example: vdmexport > Myexport.LDF You can specify the output file name as an argument to the -f parameter. For example: vdmexport -f Myexport.LDF The vdmexport command writes your View Connection Server configuration data to the specified LDIF file. For more information about the vdmexport command, see the VMware View Integration document.
Chapter 14 Maintaining View Components Procedure 1 Select Start > Command Prompt. 2 At the command prompt, type the vdmimport command and specify an existing LDIF file as the argument to the -f parameter. For example: vdmimport -f Myexport.LDF The vdmimport command updates the View LDAP repository in View Connection Server with the configuration data from the LDIF file. For more information about the vdmimport command, see the VMware View Integration document.
VMware View Administration 4 Run the SviConfig restoredata command. sviconfig -operation=restoredata -DsnName=target_database_source_name_(DSN) -Username=database_administrator_username -Password=database_administrator_password -BackupFilePath=path_to_View_Composer_backup_file For example: sviconfig -operation=restoredata -dsnname=LinkedClone -username=Admin -password=Pass -backupfilepath="C:\Program Files\VMware\VMware View Composer\Backup-20090304000010-foobar_test_org.
Chapter 14 Maintaining View Components Procedure 1 In View Administrator, click Dashboard. 2 In the System Health pane, expand View components, vSphere components, or Other components. 3 n A green up arrow indicates that a component has no problems. n A red down arrow indicates that a component is unavailable or not functioning. n A yellow double arrow indicates that a component is in a warning state. n A question mark indicates that the status of a component is unknown.
VMware View Administration Stop and Start View Services The operation of View Connection Server instances and security servers depends on several services that run on the system. You might sometimes find it necessary to stop and start these services manually when troubleshooting problems with the operation of VMware View. When you stop View services, end users cannot log in to their desktops.
Chapter 14 Maintaining View Components Table 14-3. View Connection Server Host Services (Continued) Service Name Startup Type Description VMware View Web Component Manual Provides web services for View Manager. This service must be running for the correct operation of View Manager. VMwareVDMDS Automatic Provides LDAP directory services for View Manager. This service must be running for the correct operation of View Manager.
VMware View Administration Add Licenses to VMware View If the current licenses on a system expire, or if you want to access VMware View features that are currently unlicensed, you can use View Administrator to add licenses. You can add a license to VMware View while View Manager is running. You do not need to reboot the system, and access to desktops is not interrupted.
Chapter 14 Maintaining View Components The existing View Composer database must be configured on an available computer in the same domain as the computer on which you install the new View Composer service, or on a trusted domain. View Composer creates RSA key pairs to encrypt and decrypt authentication information stored in the View Composer database.
VMware View Administration 3 4 Copy the keys.xml file to the destination computer on which you want to install the new View Composer service. On the destination computer, open a command prompt and navigate to the %windir %\Microsoft.NET\Framework\v2.0xxxxx directory. 5 Type the aspnet_regiis command to migrate the RSA key pair data. aspnet_regiis -pi "SviKeyContainer" "path\keys.xml" where path is the path to the exported file.
Chapter 14 Maintaining View Components 3 Edit the keyfile and keypass properties in the locked.properties file on the View Connection Server or security server host. a Set the keyfile property to the name of the new keystore file. For example: keyfile=keys_20141231.jks b If the password for the keystore file has changed, set the keypass property to the new password. For example: keypass=NEW_PASS 4 Verify that the storetype property in the locked.properties file matches the type of the keystore file.
VMware View Administration 276 VMware, Inc.
Troubleshooting View Components 15 You can use a variety of procedures for diagnosing and fixing problems that you might encounter when using View Manager, View Composer, and View Client. Administrators might encounter unexpected behavior when using View Manager and View Composer, and users might experience difficulty when using View Client to access their desktops.
VMware View Administration Monitoring System Health You can use the system health dashboard in View Administrator to quickly see problems that might affect the operation of View or access to desktops by end users.
Chapter 15 Troubleshooting View Components Table 15-1. Types of Event Reported by View Manager Event Type Description Audit Failure or Audit Success Reports the failure or success of a change that an administrator or user makes to the operation or configuration of VMware View. Error Reports a failed operation by View Manager. Information Reports normal operations within VMware View.
VMware View Administration n If a desktop reports that it is ready, but does not accept connections, check the firewall configuration to make sure that the display protocol (RDP or PCoIP) is not blocked. See “Connection Problems Between Desktops and View Connection Server Instances,” on page 287. n If a desktop appears to be missing from a vCenter Server, verify whether its virtual machine is configured on the expected vCenter Server, or if it has been moved to another vCenter Server.
Chapter 15 Troubleshooting View Components n Collect Diagnostic Information for View Connection Server Using the Support Tool on page 282 You can use the support tool to set logging levels and generate log files for View Connection Server.
VMware View Administration Collect Diagnostic Information for View Composer Using the Support Script You can use the View Composer support script to collect configuration data and generate log files for View Composer. This information helps VMware customer support diagnose any issues that arise with View Composer. Prerequisites Log in to the vCenter Server on which View Composer is installed.
Chapter 15 Troubleshooting View Components Procedure 1 Select Start > All Programs > VMware > Set View Connection Server Log Levels. 2 In the Choice text box, type a numeric value to set the logging level and press Enter. Option Description 0 Resets the logging level to the default value. 1 Selects a normal level of logging (default). 2 Selects a debug level of logging. 3 Selects full logging. You should usually enter 2 to select a debug level of logging.
VMware View Administration Procedure 1 Open a command prompt window and change to the appropriate directory for the VMware View component that you want to collect diagnostic information for. Option Description View Agent Change to the C:\Program Files\VMware View\Agent\DCT directory. View Client Change to the C:\Program Files\VMware View\Client\DCT directory. View Connection Server Change to the C:\Program Files\VMware View\Server\DCT directory.
Chapter 15 Troubleshooting View Components Procedure 1 Visit the Support page at the VMware Web site and log in. 2 Click Support Request History and find the applicable support request number. 3 Update the support request and attach the output that you obtained by running the support or svisupport script. Further Troubleshooting Information You can find further troubleshooting information in VMware Knowledge Base articles.
VMware View Administration n If you receive an error message about being unable to start the secure connection, the most likely reason is that View Client (or proxy server, if configured) is unable to resolve the DNS name of the View Connection Server host. Configure the host to provide its IP address rather than its FQDN when it directs View Client to open a secure connection. a In View Administrator, click View Configuration > Servers.
Chapter 15 Troubleshooting View Components Solution n n Check that the following network ports are opened on the firewall for the security server or View Connection Server host. Port Description TCP 4172 From View Client to the security server or View Connection Server host. UDP 4172 Between View client and the security server or View Connection Server host, in both directions. TCP 4172 From the security server or View Connection Server host to the View desktop.
VMware View Administration Cause The connectivity problems between a desktop and a View Connection Server instance can occur for different reasons. n Lookup failure on the desktop for the DNS name of the View Connection Server host. n The ports for JMS, RDP, or AJP13 communication being blocked by firewall rules. n The failure of the JMS router on the View Connection Server host. Solution n At a command prompt on the desktop, type the nslookup command.
Chapter 15 Troubleshooting View Components Troubleshooting Desktop Pool Creation Problems You can use several procedures for diagnosing and fixing problems with the creation of desktop pools. Pool Creation Fails if Customization Specifications Cannot Be Found If you try to create a desktop pool, the operation fails if the customization specifications cannot be found. Problem You cannot create a desktop pool, and you see the following message in the event database.
VMware View Administration Pool Provisioning Fails Due to a Configuration Problem If a template is not available or a virtual machine image has been moved or deleted, provisioning of a desktop pool can fail. Problem A desktop pool is not provisioned, and you see the following message in the event database. Provisioning error occurred on Pool Desktop_ID because of a configuration problem Cause This problem has a number of possible causes. n A template is not accessible.
Chapter 15 Troubleshooting View Components Pool Provisioning Fails Due to Datastore Problems If a datastore is out of disk space, or you do not have permission to access the datastore, provisioning of a desktop pool can fail. Problem Provisioning of a desktop pool fails, and you see one of the following error messages in the event database.
VMware View Administration Cause The most likely cause of this problem is that you restarted the View Connection Server instance during a cloning operation. Solution u Delete the virtual machines and clone them again. Virtual Machines Are Stuck in the Customizing State After being cloned, virtual machines are stuck in the Customizing state. Problem Virtual machines are stuck in the Customizing state.
Chapter 15 Troubleshooting View Components n For some USB HIDs, you must configure the virtual machine to update the position of the mouse pointer. See http://kb.vmware.com/kb/1022076. n Some audio devices might require changes to policy settings or to registry settings. See http://kb.vmware.com/kb/1023868. n Network latency can cause slow device interaction or cause applications to appear frozen because they are designed to interact with local devices.
VMware View Administration Cause A few common causes exist for QuickPrep script failures: n The script times out n The script path refers to a script that requires an interpreter n The account under which the script runs does not have sufficient permission to execute a script task Solution n Examine the customization script log. QuickPrep customization information is written to a log file in Windows temp directory: C:\Windows\Temp\vmware-viewcomposer-ga-new.log n Determine if the script timed out.
Chapter 15 Troubleshooting View Components Table 15-2. View Composer Provisioning Errors Error Description 0 The policy was applied successfully. NOTE Result code 0 does not appear in View Administrator. The linked-clone desktop proceeds to a Ready state, unless a View Manager error outside the domain of View Composer occurs. This result code is included for completeness. 1 Failed to set the computer name. 2 Failed to redirect the user profiles to the View Composer persistent disk.
VMware View Administration Windows XP Linked Clones Fail to Join the Domain Windows XP linked-clone desktops can fail to join the domain if your Active Directory runs on Windows Server 2008. Problem When linked-clone desktops are provisioned, the linked clones fail to join the domain. View Administrator displays View Composer provisioning error messages.
Using the vdmadmin Command 16 You can use the vdmadmin command line interface to perform a variety of administration tasks on a View Connection Server instance. You can use vdmadmin to perform administration tasks that are not possible from within the View Administrator user interface or to perform administration tasks that need to run automatically from scripts.
VMware View Administration n Configuring Domain Filters Using the -N Option on page 308 You can use the vdmadmin command with the -N option to control the domains that View Manager makes available to end users. n Configuring Domain Filters on page 310 You can configure domain filters to limit the domains that a View Connection Server instance or security server makes available to end users.
Chapter 16 Using the vdmadmin Command By default, the path to the vdmadmin command executable file is C:\Program Files\VMware\VMware View\Server\tools\bin. To avoid having to enter the path on the command line, add the path to your PATH environment variable. n vdmadmin Command Authentication on page 299 You must run the vdmadmin command as a user who is in the Administrators role for a specified action to succeed.
VMware View Administration vdmadmin Command Options You use the command options of the vdmadmin command to specify the operation that you want it to perform. Table 16-2 shows the command options that you can use with the vdmadmin command to control and examine the operation of View Manager. Table 16-2. Vdmadmin Command Options 300 Option Description -A Administers the information that a View Agent records in its log files. See “Configuring Logging in View Agent Using the -A Option,” on page 301.
Chapter 16 Using the vdmadmin Command Configuring Logging in View Agent Using the -A Option You can use the vdmadmin command with the -A option to configure logging by View Agent.
VMware View Administration Examples Display the logging level of the Agent for the machine machine1 in the desktop pool dtpool2. vdmadmin -A -d dtpool2 -m machine1 -getloglevel Set the logging level of the View Agent for the machine machine1 in the desktop pool dtpool2 to debug. vdmadmin -A -d dtpool2 -m machine1 -setloglevel debug Display the list of View Agent log files for the machine machine1 in the desktop pool dtpool2.
Chapter 16 Using the vdmadmin Command Table 16-4. Options for Overriding IP Addresses (Continued) Option Description -override Specifies an operation for overriding IP addresses. -r Removes an overridden IP address. Examples Override the IP address for the machine machine2 in the desktop pool dtpool2. vdmadmin -A -override -i 10.20.54.165 -d dtpool2 -m machine2 Display the IP addresses that are defined for the machine machine2 in the desktop pool dtpool2.
VMware View Administration Updating Foreign Security Principals Using the -F Option You can use the vdmadmin command with the -F option to update the foreign security principals (FSPs) of Windows users in Active Directory who are authorized to use a desktop. Syntax vdmadmin -F [-b authentication_arguments] [-u domain\user] Usage Notes If you trust domains outside of your local domains, you allow access by security principals in the external domains to the local domains' resources.
Chapter 16 Using the vdmadmin Command Table 16-5. Health Monitors (Continued) Monitor Description TSMonitor Monitors the health of transfer servers. VCMonitor Monitors the health of vCenter servers. If a component has several instances, View Manager creates a separate monitor instance to monitor each instance of the component. The command outputs all information about health monitors and monitor instances in XML format.
VMware View Administration Options Table 16-7 shows the options that you can specify to list and display reports and views. Table 16-7. Options for Listing and Displaying Reports and Views Option Description -enddate yyyy-MM-dd-HH:mm:ss Specifies a upper limit for the date of information to be displayed. -list Lists the available reports and views. -report report Specifies a report. -startdate yyyy-MM-dd-HH:mm:ss Specifies a lower limit for the date of information to be displayed.
Chapter 16 Using the vdmadmin Command Table 16-8. Options for Assigning Dedicated Desktops Option Description -d desktop Specifies the name of the desktop pool. -m machine Specifies the name of the virtual machine. -r Removes an assignment to a specified user, or all assignments to a specified machine. -u domain\user Specifies the login name and domain of the user. Examples Assign the machine machine2 in the desktop pool dtpool1 to the user Jo in the CORP domain.
VMware View Administration Table 16-9. Options for Displaying Information About Machines Option Description -d desktop Specifies the name of the desktop pool. -m machine Specifies the name of the virtual machine. -u domain\user Specifies the login name and domain of the user. Examples Display information about the underlying machine for the desktop in the pool dtpool2 that is assigned to the user Jo in the CORP domain and format the output as XML using ASCII characters. vdmadmin -M -u CORP\Jo -d dt
Chapter 16 Using the vdmadmin Command Table 16-10. Options for Configuring Domain Filters (Continued) Option Description -domains Specifies a domain filter operation. -exclude Specifies an operation on a exclusion list. -include Specifies an operation on an inclusion list. -list Displays the domains that are configured in the search exclusion list, exclusion list, and inclusion list on each View Connection Server instance and for the View Connection Server group.
VMware View Administration View Manager limits the domain search on each View Connection Server host in the group to exclude the domains FARDOM and DEPTX. The characters (*) next to the exclusion list for CONSVR-1 indicates that View Manager excludes the YOURDOM domain from the results of the domain search on CONSVR-1. Display the domain filters in XML using ASCII characters.
Chapter 16 Using the vdmadmin Command Table 16-11. Types of Domain List Domain List Type Description Search exclusion list Specifies the domains that View Manager can traverse during an automated search. The search ignores domains that are included in the search exclusion list, and does not attempt to locate domains that the excluded domain trusts. You cannot exclude the primary domain from the search. Exclusion list Specifies the domains that View Manager excludes from the results of a domain search.
VMware View Administration Display the currently active domains after including the YOURDOM and DEPTX domains. C:\ vdmadmin -N -domains -list -active Domain Information (CONSVR) =========================== Primary Domain: MYDOM Domain: MYDOM DNS:mydom.mycorp.com Domain: YOURDOM DNS:yourdom.mycorp.com Domain: DEPTX DNS:deptx.mycorp.com View Manager applies the include list to the results of a domain search.
Chapter 16 Using the vdmadmin Command Domain: Domain: Domain: Domain: YOURDOM DNS:yourdom.mycorp.com DEPTX DNS:deptx.mycorp.com DEPTY DNS:depty.mycorp.com DEPTZ DNS:deptz.mycorp.com Extend the search exclusion list to exclude the DEPTX domain and all its trusted domains from the domain search for all View Connection Server instances in a group. Also, exclude the YOURDOM domain from being available on CONSVR-1.
VMware View Administration Primary Domain: MYDOM Domain: MYDOM DNS:mydom.mycorp.com Domain: YOURDOM DNS:yourdom.mycorp.com Displaying the Desktops and Policies of Unentitled Users Using the -O and -P Options You can use the vdmadmin command with the -O and -P options to display the desktops and policies that are assigned to users who are no longer entitled to use the system.
Chapter 16 Using the vdmadmin Command Examples Display the desktops that are assigned to unentitled users, grouped by desktop in text format. vdmadmin -O -ld Display desktops that are assigned to unentitled users, grouped by user, in XML format using ASCII characters. vdmadmin -O -lu -xml -n Apply your own stylesheet C:\tmp\unentitled-users.xsl and redirect the output to the file uu-output.html. vdmadmin -O -lu -xml -xsltpath "C:\tmp\unentitled-users.xsl" > uu-output.
VMware View Administration When you add a client in kiosk mode, View Manager creates a user account for the client in Active Directory. If you specify a name for a client, this name must start with the characters "Custom-" and it cannot be more than 20 characters long. You should use each specified name with no more than one client device. If you do not specify a name for a client, View Manager generates a name from the MAC address that you specify for the client device.
Chapter 16 Using the vdmadmin Command Table 16-14. Options for Configuring Clients in Kiosk Mode (Continued) Option Description -genpassword Generates a password for the client's account. This is the default behavior if you do not specify either -password or -genpassword. -getdefaults Gets the default values that are used for adding client accounts. -group group_name Specifies the name of the default group to which client accounts are added.
VMware View Administration Add an account for a client specified by its MAC address to the MYORG domain, and use an automatically generated password. vdmadmin -Q -clientauth -add -domain MYORG -clientid 00:10:db:ee:76:80 -genpassword -ou "OU=kioskou,DC=myorg,DC=com" -group kc-grp Add an account for a named client, and specify a password to be used with the client.
Chapter 16 Using the vdmadmin Command Common Name : CONSVR2 Client Authentication Enabled : true Password Required : false Displaying the First User of a Desktop Using the -R Option You can use the vdmadmin command with the -R option to find out the initial assignment of a managed desktop. For example, in the event of the loss of LDAP data, you might need this information so that you can reassign desktops to users.
VMware View Administration If you want to reinstall VMware View on the removed systems without replicating the View configuration of the original group, restart all the View Connection Server hosts in the original group before performing the reinstallation. This prevents the reinstalled View Connection Server instances from receiving configuration updates from their original group. Options The -s option specifies the NetBIOS name of the View Connection Server instance to be removed.
Chapter 16 Using the vdmadmin Command Usage Notes The command displays information about a user obtained from Active Directory and View Manager. n Details from Active Directory about the user's account. n Membership of Active Directory groups. n Desktop entitlements including the desktop ID, display name, description, folder, and whether a desktop has been disabled. n ThinApp assignments.
VMware View Administration Table 16-15. Options for Decrypting the Virtual Machine of a Local Desktop Option Description -d desktop Specifies the name of the desktop pool. -infile path_to_VM_file Specifies the path to the VMX or VMDK file for the local desktop's virtual machine. -u domain\user Specifies the domain and name of the local desktop's end user. Examples Decrypt a full virtual machine by specifying its VMX file. vdmadmin -V -rescue -d lmdtpool -u MYCORP\jo -infile "J:\Temp\LMDT_Recovery\C
Chapter 16 Using the vdmadmin Command Table 16-16. Options for Unlocking or Locking Virtual Machines Option Description -d desktop Specifies the desktop pool. -e Unlocks a virtual machine. -m machine Specifies the name of the virtual machine. -p Locks a virtual machine. -vcdn vCenter_dn Specifies the distinguished name of the vCenter Server. -vmpath inventory_path Specifies the inventory path of the virtual machine.
VMware View Administration Examples Detect LDAP entry collisions in a View Connection Server group. vdmadmin -X -collisions Detect and resolve LDAP entry collisions. vdmadmin -X -collisions -resolve 324 VMware, Inc.
Setting Up Clients in Kiosk Mode 17 You can set up unattended clients that can obtain access to their desktops from VMware View. A client in kiosk mode is a thin client or a lock-down PC that runs View Client to connect to a View Connection Server instance and launch a remote session. End users do not typically need to log in to access the client device, although the desktop might require them to provide authentication information for some applications.
VMware View Administration Configure Clients in Kiosk Mode To configure Active Directory and View Manager to support clients in kiosk mode, you must perform several tasks in sequence. Prerequisites Verify that you have the privileges required to perform the configuration tasks. n Domain Admins or Account Operators credentials in Active Directory to make changes to the accounts of users and groups in a domain.
Chapter 17 Setting Up Clients in Kiosk Mode Procedure 1 In Active Directory, create a separate organizational unit and group to use with clients in kiosk mode. You must specify a pre-Windows 2000 name for the group. You use this name to identify the group to the vdmadmin command. 2 Create the image or template for the guest virtual machine.
VMware View Administration Procedure u Set the default values for clients. vdmadmin -Q -clientauth -setdefaults [-b authentication_arguments] [-ou DN] [ -expirepassword | -noexpirepassword ] [-group group_name | -nogroup] Option Description -expirepassword Specifies that the expiry time for passwords on the client accounts is the same as for the View Connection Server group. If no expiry time is defined for the group, passwords do not expire.
Chapter 17 Setting Up Clients in Kiosk Mode Procedure u To display the MAC address, type the appropriate command for your platform. Option Action Windows Enter C:\Program Files\VMware\VMware View\Client\bin\wswc printEnvironmentInfo View Client uses the default View Connection Server instance that you configured for it. If you have not configured a default value, View Client prompts you for the value. The command displays the IP address, MAC address, and machine name of the client device.
VMware View Administration Procedure u Run the vdmadmin command using the -domain and -clientid options to specify the domain and the name or the MAC address of the client.
Chapter 17 Setting Up Clients in Kiosk Mode Enable Authentication of Clients in Kiosk Mode You can use the vdmadmin command to enable authentication of clients that attempt to connect to their desktops via a View Connection Server instance. You must run the vdmadmin command on one of the View Connection Server instances in the group that contains the View Connection Server instance that clients will use to connect to their desktops.
VMware View Administration Procedure u Display information about clients in kiosk mode and client authentication. vdmadmin -Q -clientauth -list [-b authentication_arguments] [-xml] The command displays information about clients in kiosk mode and the View Connection Server instances on which you have enabled client authentication. Example: Displaying Information for Clients in Kiosk Mode Display information about clients in text format.
Chapter 17 Setting Up Clients in Kiosk Mode Procedure u To connect to a remote session, type the appropriate command for your platform. Option Description Windows Enter C:\Program Files\VMware\VMware View\Client\bin\wswc unattended [-serverURL connection_server] [-userName user_name] [-password password] Linux -password password Specifies the password for the client's account. If you defined a password for the account, you must specify this password.
VMware View Administration 334 VMware, Inc.
Running View Client from the Command Line 18 You can run View Client for Windows from the command line or from scripts. You might want to do this if you are implementing a kiosk-based application that grants end users access to desktop applications. You use the wswc command to run the View Client for Windows from the command line. The command includes options that you can specify to change the behavior of View Client.
VMware View Administration Table 18-1. View Client Command-Line Options (Continued) Option Description -connectUSBOnInsert Connects a USB device to the foreground desktop when you plug in the device. This option is implicitly set if you specify the -unattended option.
Chapter 18 Running View Client from the Command Line Table 18-1. View Client Command-Line Options (Continued) Option Description -unattended Runs View Client in a noninteractive mode that is suitable for clients in kiosk mode. You must also specify: n The account name of the client, if you did not generate the account name from the MAC address of the client device. The name must begin with the string “Custom-”.
VMware View Administration Table 18-2. View Client Registry Settings Registry Setting Description DomainName Specifies the default domain name. EnableShade Specifies whether the menu bar (shade) at the top of the View Client window is enabled. The menu bar is enabled by default except for clients in kiosk mode. A value of false disables the menu bar. Password Specifies the default password. ServerURL Specifies the default View Connection Server instance by its URL, IP address, or FQDN.
Chapter 18 Running View Client from the Command Line Table 18-3. View Client Exit Codes (Continued) Exit Code Description 24 View Connection Server error. 25 Desktop was not available. VMware, Inc.
VMware View Administration 340 VMware, Inc.
Index A Active Directory preparing for clients in kiosk mode 326 preparing for smart card authentication 127 troubleshooting linked clones failing to join the domain 296 updating Foreign Security Principals of users 304 updating general user information 272 active sessions disconnecting 186 restarting 186 viewing 186 ADM template files View Agent Configuration 143 View Client Configuration 146 View Common Configuration 152 View components 142 View Server Configuration 152 where to find 142 administration c
VMware View Administration maintenance mode 106 naming desktops manually 101, 103 power policies 111, 112 using a desktop-naming pattern 101 worksheet for creating 72 automatic Windows updates, disabling 61 B backing up configuration backup settings 265 scheduling backups 264 View configuration data 263 View Connection Server 17 bandwidth reduction, Adobe Flash 184 base images determining the size 228 downloading from the Transfer Server repository 227 bridged networking for local desktops 245 C caching
Index storage sizing table 88 storing linked clones and replicas 93, 94 DCT bundles, creating for View Agent 281, 301 dedicated-assignment pools assigning user ownership 187 choosing a user assignment type 101 maintenance mode 106 removing user assignments 188 user ownership 306 deduplication data transfers for local desktops 237, 238 impact on data transfers 240 defragmentation, disabling on linked clones 60 delegating administration 26 delta disks, storage overcommit 92 desktop management deleting deskto
VMware View Administration Do nothing policy 110 domain filters configuring 310 displaying 308 example of excluding domains 312 example of including domains 311 domains enumerating trusted 152 filter lists 308 drivers, installed on client systems for local desktops 221 E education resources 7 Enable Pool privilege 36 enableOCSP property 132 enableRevocationChecking property 131, 132 endpoint resource usage, configuring 242 Enterprise NTAuth store, adding root certificates 128 Entitle Pool privilege 36 ent
Index intermediate certificates adding to intermediate certification authorities 128 See also certificates Intermediate Certification Authorities policy 128 Inventory Administrators (Read only) role 35 Inventory Administrators role 35 IOPS, benefits of disabling Windows 7 services 58 IP addresses overriding for View Agent 302 troubleshooting for linked-cloned desktop connections 288 K keyfile property 274 keypass property 274 keytool utility 124 kiosk mode adding client accounts 329 configuring 326 connec
VMware View Administration security option settings 238 setting a desktop to run in local mode only 220 setting replication policies 234 understanding data transfer policies 233 understanding the heartbeat interval 250 understanding the Transfer Server repository 227 local desktop management authentication delays 257 copying package files to a portable device 252 improving data transfer performance 226 initiating a replication 235 locking and unlocking remote desktops 322 manually copying desktop files 252
Index Microsoft Terminal Services pools Adobe Flash Throttling 100, 186 creating 99 Microsoft Windows Defender, disabling in Windows 7 63 Microsoft Windows Installer, properties for View Agent 54 mouse grabbed inside desktop window 221 MSI packages creating 198 invalid 213 multiple NICs, configuring for View Agent 56 N naming desktop pools example 104 manually specifying names 101, 103 providing a naming pattern 101 naming patterns, linked-clone desktops 104 NAT on local desktops 245 NET Framework, migrat
VMware View Administration displaying for unentitled users 314 displaying unentitled 280 general client session 139 global 138 Intermediate Certification Authorities 128 local mode 140 pool-level 138 power 109–111 Trusted Root Certification Authorities 128 user-level 139 pool size, changing 181 post-synchronization script, customizing linkedclone desktops 86 Power Off VM policy 110 power policies automated desktop pools 112 avoiding conflicts 113 desktops and pools 110 power-off script, customizing linked-
Index RSA SecurID authentication configuring 133 enabling 134 logging in 134 S SCOM, setting the name of a View Connection Server group 303 Script Host service 270 search exclusion lists 310 Security Gateway Component service 270, 271 security server, connection problems to the PCoIP Secure Gateway 286 Security Server service 271 security servers enabling smart card authentication 124 restricted entitlements limitations 118 services 271 updating certificates 274 security settings, group policy 146 sending
VMware View Administration problems installing 212 problems uninstalling 213 removing assignments 208, 209 removing from View Administrator 210 requirements 197 reviewing assignments 206 troubleshooting 211 upgrading 208 ThinApp Setup Capture wizard 198 ThinApp templates assigning 205 creating 200 removing 210 third-party applications, support in View Composer 84 time synchronization desktop and client system 146 guest OS and ESX host 48 timeout limit, QuickPrep customization scripts 69 TPVMGPoACmap.
Index configuring multiple NICs 56 creating a Data Collection Tool bundle 281 custom setup options 43, 50 installing on a virtual machine 49 installing on unmanaged desktop sources 41 installing silently 51 overriding IP addresses 302 silent installation properties 54 View Client collecting diagnostic information 283 command syntax 335 configuration file 337 configuring online help URL 146 connection problems to the PCoIP Secure Gateway 286 improving Adobe Flash quality 186 registry settings 337 running fr
VMware View Administration View Connection Server configuration, server certificate 274 View LDAP configuration data 22 limiting size of base image package files 248 pae-mVDIOfflineUpdateFrequency attribute 250 View services, stopping and starting 270 View Transfer Server configuration adding an instance 224 configuring the repository 228 configuring transfer policies 233 determining the size of a base image 228 improving WAN performance 226 locking and unlocking instances 322 optimizing data transfers 237
