Archives For VMware View

 

I have recently worked with one of my colleagues (Josh Herbert) to setup demonstrations of every component of the Horizon Suite for a recent seminar I presented at. We presented the Seminar alongside Peter Von Oven Senior VMware End User Computing Specialist and wanted to ensure that customers not only understood what the Horizon Suite could do for them but also see for them selves in scenario based and hands on demos. The main points we wanted to get across was the fact that VMware did much more than just VDI and that a number of restrictions that have traditionally been around VDI no longer exist.

Regular readers of my blog will have seen my 8U mobile rack that I use for seminars before

LabonWheels

For the end user computing seminar the rack was upgraded to incorporate a Dell PowerEdge R720 so we could install the NVIDIA GRID K1 GPU for the 3D demos utilising VMware Virtual Shared Graphics Acceleration vSGA. We use a mobile rack to allow us to taken our seminars on tour to various different regions. Also installed in the rack is a R620, Dell EqualLogic Storage and Force10 switching. 

2013-06-20 14.43.10

We put together a number of demonstrations including utilising a Dell Wyse P45 Teradici Zero Client with 4 screens running 3D CAD demos utilising the NVIDIA GRID K1 card a vSGA, seen in the short video below.

We also had the Dell Wyse P25 the baby brother of the P45, it is also a Teradici Zero client with the ability to run two displays. The demo showed HD video but also the functionality of Horizon Workspace including Horizon Data and Horizon Application management over multiple devices, on display on the day was IOS and Android devices as well as using the Surface RT for web based demos of Horizon Workspace as well as the tech preview for View.

1oRdxYXYuRmuVOV17PMLXoYTS4-0K5Dah2nDBbGq1hk

One problem we have been seeing is many customer either have or are looking at investing in Microsoft Lync at present, traditionally using Lync for Video and Voice inside a VDI desktop whilst possible has been unsupported and the results were mixed. With Lync 2013, the Microsoft Lync Plugin for VDI, View 5.2 and a Windows based Thin Client these restrictions can be lifted. To show this we had a live demo between two Wyse WES7 thin clients connected to View desktops taking part in live video calls.

8AkIm87KZ0D8-TY6gnbP27mwh6yuy6sTLjFD8ELL2uk

Amongst the other demos we  had a live demo of a Windows XP laptop being migrated to a Windows 7 laptop utilising VMware Horizon Mirage, whilst all users data and settings remained intact. Using the same environment we were also able to demonstrate application layering, fixing a broken application in the base image and recover user data all using Mirage.

ccuEKK1oyTXlhyjoASJds1Ffwx16tdBtaPUSNW-Zj9E

I am intending to record a number of demos around Mirage and Horizon Workspace and will place a copy of these online when I have done so.

Below you will see a short video we put together showing the demo environment that we used.

Within my lab environment I largely used a wildcard certificate for all my external services. This certificate was originally created on my Exchange server within my environment. Using this certificate on other Windows servers is generally an easy task of exporting the certificate with the private key and applying to the new server. However using this certificate with Horizon Workspace was a little different.

Firstly the certificate needs to be configured on the Horizon Configurator appliance through the following URL >> https://horizonconfigname/cfg

You then select SSL Certificate from the left hand menu.

image

I re-downloaded the certificate from my certificate provider, opened it in notepad and was able to import this into the SSL box. Ensure that you also copy the intermediary certificates into this box immediately after your certificate. This was supplied by Go Daddy in a gd_bundle.cert file.

image

The exporting the private key from the Exchange server was a little more complex. First I exported the certificate as follows.

From an MMC console add the Certificate snap in, ensure you select Computer Account, Local Computer.

image

Browse to your wildcard certificate, right click and select export

image

The certificate export wizard will appear

image

Ensure you choose yes, export the private key.

image

Choose to export the certificate as Personal Information Exchange Format.

image

Finally you will need to input a password and choose where to save the certificate too.

Next we need to extract the private key from the certificate, the way that I achieved this was with an application called OpenSSL.

Download the installer from here http://www.openssl.org/related/binaries.html 

I chose the Win32 OpenSSL v1.0.1e Light variant, once downloaded I ran a simple Next, Next, Next installation. This installed the application to C:\OpenSSL-Win32

From a command prompt you will now need to run the following commands from the command line. 

openssl pkcs12 –in [location to *.pfx file] –nocerts –out key.pem

image

You will be prompted to enter the password and to create a password, you will then be asked to enter a phrase for the PEM file that is too be created.

Once this is done we are left with an encrypted private key file, the next step is to remove the passphrase encryption.

image

We now have a file that we are able to open in notepad and paste its contents into the Horizon Configurator.

image 

Once we have pasted the key into the Private Key box we are able to select save.

image

We will now need to repeat this process on the Horizon Connector.

image

You should now be in a position to test Horizon in a browser to ensure the certificate is valid.

image

If you receive the following error ensure that you have pasted your intermediary certificates after your certificate in the SSL Certificate boxes shown above.

Request failed: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

image

VMware View ships with a number of group policy templates, these can continently be found on your View servers at the location shown in the image below.

image

I’m not going to teach you all how to suck eggs here but you will obviously want to create a group policy to deploy these templates against your View Desktops or Clients depending on which template it is you are deploying, you will do this as usual through Group Policy management and creating a GPO.

Once you are inside the Group Policy Management Editor you are able to expand Computer Configuration, Policies, Administrative Templates then Select Add / Remove Templates

image

You can then browse to the admin templates and add them to your GPO.

image

Once imported you will see the policies listed under Classic Administrative Templates (ADM)

image

From the user guide the breakdown of the adm files is as follows.

Template Name Template File Description
VMware View Agent Configuration

vdm_agent.adm

Contains policy settings related to the authentication and environmental components of View Agent.

VMware View Client Configuration vdm_client.adm

Contains policy settings related to View Client configuration.

Clients that connect from outside the View Connection Server host domain are not affected by policies applied to View Client.

VMware View Server Configuration vdm_server.adm Contains policy settings related to View Connection Server.
VMware View Common Configuration

vdm_common.adm

Contains policy settings that are common to all View components.

VMware View PCoIP Session Variables

pcoip.adm

Contains policy settings related to the PCoIP display protocol.

VMware View Persona Management Configuration

ViewPM.adm

Contains policy settings related to View Persona Management

Also don’t forgot when configuring these templates you will need to enable loopback processing. This is configured under

Computer Configuration > Policies > Administrative Templates > System > Group Policy.

image

I hope to put some articles up delving a little deeper in the configuration of these group policies in the future.

I recently came across an issue having previously deleted an application from Horizon Workspace, the application had disappeared from the list of available ThinApps but upon looking on the connector where you configure the ThinApp share sync the application was still appearing. I then subsequently tried re-adding the application and it didn’t re-add. A quick look at the user guide shows I had missed a manual step when deleting ThinApps. I’m not sure why this step is manual or indeed has to be conducted from the CLI but hopefully we will see this change in the future.

From Page 61 of the User Guide

1. Delete the ThinApp package subfolder from the Windows application network file share.

2. Delete the application from Horizon Workspace.

a. Using a browser, log in to the Horizon Workspace Administrator Web interface.

b. Click Catalog > ThinApp Packages

c. Click the icon of the ThinApp package you want to delete.

d. Click Delete, read the message, and if you agree click Yes

3. Use the Connector virtual appliance interface to issue commands to remove the ThinApp database.

a. Select Login and Log in to the underlying Linux operating system of the Connector virtual appliance.

b. Issue the following command to stop the ThinApp service:

/opt/likewise/bin/lwsm stop thinapprepo

c. Issue the following command to delete the ThinApp database:

rm /var/lib/vmware/tam/repo/repodb

d. Issue the following command to restart the ThinApp service:

/opt/likewise/bin/lwsm start thinapprepo

4. Exit the Connector virtual appliance interface

The most complex thing about Horizon Workspace is remembering all the administration URLs. I hope in future version we will see a bit more of a combined admin interface between components. In the mean time here is a list with all the admin URLs taken from the user guide.

https://HorizonWorkspaceFQDN/admin

Administrator Web interface (Active Directory user)

Manage the Catalog, users and groups, entitlements, reports, etc. (Login as Active Directory user with administrator role.)

https://HorizonWorkspaceFQDN/SAAS/login/0

Administrator Web interface (non-Active Directory user)

Use this URL if you cannot login as the Active Directory user with the administrator role. (Log in as an administrator using the username admin and the password you set during configuration.)

https://HorizonWorkspaceFQDN/web

Web Client (end user)

Manage files, launch applications, or launch View pools. (Login as an Active Directory user or virtual user.)

https://ConnectorHostname/hc/admin/

Connector Web interface

Configure additional ThinApp settings, View pool settings, check directory sync status, or alerts. (Log in as an administrator using the password you set during configuration.)

https://ConfiguratorHostname/cfg

Configurator Web interface

See system information, check modules, set license key, or set admin password. (Log in as an administrator using the password you set during configuration.)

First of all we are going to start by creating our ThinApp package, I’m not going to document the finer details of creating ThinApp packages here but the steps below will allow you to create a basic ThinApp for us to use with Horizon Workspace.

We are starting with a basic ThinApp installation, I recommend having two VMs one with ThinApp installed and the installation directory shared and a second with the base Win 7 or XP installed.

Run Setup Capture.exe and complete the PreScan process

Once you have completed the prescan you are in a position to be able to install and configure your application. For the purpose of this blog post I am using the installed version of Putty.

Once your application is installed and configured you are in a position to run your Postscan.

The Postscan and compare will complete and you will be asked to select the entry points for your application.

We are now able to tell the ThinApp that we will be managing the Application with Horizon. This will negate the need for us to set our permissions for the application as Horizon will manage this element for us.

We will now run through the rest of the ThinApp process, I haven’t documented this here but I have chosen all the default options. Once the application has compiled I will edit the package.ini to set the Application to stream rather than be downloaded. We are also able to edit the Horizon URL here if needed.

We will now build the ThinApp.

Once finished we will see our exe and MSI in the bin folder, if we try and run the application on this machine we will see that it is unable to be ran as the Horizon agent hasn’t been installed on our build machine.

We will now copy the two files within the bin folder to our ThinApp share, please note these need to be placed into a folder named after the application for Horizon Workspace to pick it up correctly, if it is placed in the root of the folder it will not be picked up.

We are now going connect to the Horizon Configurator and ensure the ThinApp module is enabled.

As we can see above the ThinApp Package module is enabled and we are going to follow the Connector hyperlink to configure it.

Once at the connector management page, we select the ThinApp Packages section on the bottom left, edit in the middle of the screen and then configure the location of our ThinApp packages. As you can see above I am saving my ThinApps on a share on my domain controller, this obviously isn’t recommended in a production environment. You can also set how often Horizon should sync with this share to check for new packages.

As you can see above we are able to manually sync using the button in the top left and when the sync completes we are then able to see the new application appear.

We are now going to move over to the workspace admin page to entitle the users or groups to use the new application.

Once logged into the workspace admin page, we are going to select Catalog and select the application that we have just added.

As you can see above we have selected the add group entitlement button in the top right, we are then able to choose the group we wish to entitle the application for and finally choose whether the application is automatically installed on the user’s desktop or alternatively whether the user is able to choose to install the application. We have chosen to automatically install the application.

If we connect to one of our desktops with the Horizon Agent installed, with an entitled user connected we will see the application will automatically appear, you may also see very faintly that we received a notification telling us the application was now available.

Similarly if we remove access to the application it will disappear and we will get a further notification.

Finally if we had chosen User Activated the user is able to install the application to their desktop by using the Horizon web interface.

By selecting the Add button above the application is installed to the machine.

Conclusion

Whilst this functionality has been around for a while now with Horizon application manager it is nice to see this now packaged with the rest of the Horizon Workspace functionality and even the Horizon Suite. Whether you are using VMware View or not this is surely the must have way to be managing your application deployment to your desktops.

It seems most people that blog about the Surface RT end up being cut down in flames for a biased opinion either towards Apple, Google or Microsoft, so I wanted to start out by talking about my use cases and the devices I own.

By many I am seen to be an Apple Fan Boy, I have owned every iPhone since the 3G, I use my Mac Book Pro daily, I also own an Apple TV and an iPad one, however I also own a Google Nexus 7 a Samsung Galaxy S2 and use my Windows 8 laptop on a regular basis.

I am going to focus this blog post on my use case for my tablet devices, I am very much classed as a business worker, by day I’m attending meetings, traveling, creating and editing documents, installing and configuring hardware, to be honest in the evenings my use case changes very little as I’m usually working on something in the lab or replying to email or blogging etc. Both the iPad and Nexus 7 are fantastic devices for consuming content such as Music, films, books games etc but I have always been somewhat disappointed by the ability to create content in my work life. Whilst it is possible with the iPad with the larger screen typing on screen is less than ideal and carrying a separate Bluetooth keyboard seems counterproductive (I may as well just carry an ultrabook) a big gripe for me with the iPad is even if I have a fantastic desktop experience using solutions like VMware View the fact I am unable to connect a mouse of any kind makes a VDI solution on my iPad have limited usefulness.

As my iPad is getting older now (it’s an iPad 1) I was in the market for a new 10″ device, I was looking at the Nexus 10, the iPad 4, the Asus Transformer amongst others. I had ruled out the iPad at an early stage because of the limitations I mention above and to be honest because of the lack of innovation since the original iPad, I have never felt there has been a killer feature that would have me upgrade such a device to a newer one as yet. I also like the idea of having a tablet that had the ability to attach a keyboard and mouse as I would really like the ability to treat this device as a thin client into my View desktop when traveling. Whilst I do love my Nexus 7 I felt that the Nexus 10 and other Android devices wouldn’t offer me the software to create the content I wanted without having to use my View desktop all the time, I was keen to have the ability to work both online and offline. This really left me with the choice of looking at Windows devices.

One of the things I like the most about tablet computing is the simplicity and constant performance, going back to a full Windows device did not appeal to me and this is what led me to look at RT. A quick search online will find you a bunch of mixed reviews for devices like the Surface RT and the Dell XPS10 however most of these are trying to compare these devices to the likes of the iPad that offer a personal consumer experience, hands up now if that is the kind of device you a looking for e,g. play some games, browse the web then buy yourself an iPad you won’t be disappointed. With a little bit of further digging I started finding some business users talking about their love for the device my main requirement for the device was as follows.

  • Ability to create and read email
  • Ability to create and edit Microsoft Work documents
  • Ability to create and edit Powerpoint Presentations
  • Ability to create and edit Excel Documents
  • Evernote
  • Dropbox
  • VMware View Client
  • RDP Client

With my use case clearly defined and fully understanding the functionality of Windows RT it seems that a device with Windows RT would suit my use case down to the ground, this also meant I could avoid going down the full Windows install route for a simple continuous experience, longer battery life and maybe a cheaper point of entry.

Looking at the devices on the market I had considered the Surface and the Dell XPS 10, one of the main reasons I chose to go with the Surface was that I was fully able to test the device in my local John Lewis store where as this wasn’t the case with the Dell, for me hands on experience with a device prior to purchasing was important, also for me the touch keyboard on the surface appealed as I could get the mouse and keyboard functionality without any real further weight or girth.

So a week ago I decided to buy the Surface RT, now I fully understand that at present I am still in the honeymoon period and I will certainly be blogging if my experience changes.

So far I have used the Surface at home, in the office, on the plane and as my only device during a short business trip to Ireland. I have found that the ability to create documents and blog posts with Word on the device has been no different to using a Windows 8 laptop, the keyboard takes a bit of getting used to but it is more than adequate. The USB support has allowed me to pair my wireless RF mouse with ease and also my Logitech Slide Presenter with ease. Adding our work based HP printers has been hassle free although as yet I haven’t been able to add my home Kodak MFP. The Mail applications within Windows 8 is somewhat limited without the ability to create new folders but does the job I need, although I would love Outlook on the device.

The current third party vendor support is currently a bit poor with both the Dropbox application and Evernote applications falling short of where I would like them to be. I have found the Evernote application has been good enough to not need to switch to Onenote or similar but I am now embracing Skydrive as an equivalent to dropbox for my needs on the device, hurry up and get a Horizon Workspace application out VMware!

One of the huge wins for me on the device is the ability to utilise VMware View and RDS to create a full desktop experience, whilst I am spending 80%+ of my time consuming applications directly on the Surface there are some times the need to use a legacy desktop application, an example of the is Visio. I have found that using the View Client has allowed me to connect to a View desktop and consume these applications with ease and it offers an experience equal to using the view client on a laptop rather than a tablet (from the point of view of usability not functionality as the View client for RT is currently preview only)

I have also extensively used the remote desktop app and the built in mstsc functionality to connect to my lab servers and install a complete View and Horizon Workspace environment without any issue at all. This has been made all the more easier by having the ability to connect a second screen via HDMI.

I will attempt to keep this blog post up to date with any new findings but for me I couldn’t be happier with the device I have chosen.

p.s. 3rd blog post today created on the Surface, who would have thought of using Word to write and publish blog posts on a tablet would have been possible and functional!