Administering Cloud Pod Architecture in Horizon 7 Modified on 26 JUL 2017 VMware Horizon 7 7.
Administering Cloud Pod Architecture in Horizon 7 You can find the most up-to-date technical documentation on the VMware Web site at: https://docs.vmware.com/ The VMware Web site also provides the latest product updates. If you have comments about this documentation, submit your feedback to: docfeedback@vmware.com Copyright © 2017 VMware, Inc. All rights reserved. Copyright and trademark information. VMware, Inc. 3401 Hillview Ave. Palo Alto, CA 94304 www.vmware.com 2 VMware, Inc.
Contents Administering Cloud Pod Architecture in Horizon 7 5 1 Introduction to Cloud Pod Architecture 7 Understanding Cloud Pod Architecture 7 Configuring and Managing a Cloud Pod Architecture Environment Cloud Pod Architecture Limitations 8 8 2 Designing a Cloud Pod Architecture Topology 9 Creating Cloud Pod Architecture Sites 9 Entitling Users and Groups in the Pod Federation 10 Finding and Allocating Desktops and Applications in the Pod Federation Considerations for Unauthenticated Users 12 Global
Administering Cloud Pod Architecture in Horizon 7 5 lmvutil Command Reference 41 lmvutil Command Use 41 Initializing the Cloud Pod Architecture Feature 44 Disabling the Cloud Pod Architecture Feature 45 Managing Pod Federations 45 Managing Sites 47 Managing Global Entitlements 50 Managing Home Sites 58 Viewing a Cloud Pod Architecture Configuration 60 Managing SSL Certificates 65 Index 4 67 VMware, Inc.
Administering Cloud Pod Architecture in Horizon 7 Administering Cloud Pod Architecture in Horizon 7 describes how to configure and administer a Cloud Pod ® Architecture environment in VMware Horizon 7, including how to plan a Cloud Pod Architecture topology and set up, monitor, and maintain a Cloud Pod Architecture configuration. Intended Audience This information is intended for anyone who wants to set up and maintain a Cloud Pod Architecture environment.
Administering Cloud Pod Architecture in Horizon 7 6 VMware, Inc.
1 Introduction to Cloud Pod Architecture The Cloud Pod Architecture feature uses standard Horizon components to provide cross-datacenter administration, global and flexible user-to-desktop mapping, high availability desktops, and disaster recovery capabilities.
Administering Cloud Pod Architecture in Horizon 7 In the example topology, two previously standalone pods in different datacenters are joined together to form a single pod federation. An end user in this environment can connect to a Connection Server instance in the New York datacenter and receive a desktop or application in the London data center. Sharing Key Data in the Global Data Layer Connection Server instances in a pod federation use the Global Data Layer to share key data.
Designing a Cloud Pod Architecture Topology 2 Before you begin to configure the Cloud Pod Architecture feature, you must make decisions about your Cloud Pod Architecture topology. Cloud Pod Architecture topologies can vary, depending on your goals, the needs of your users, and your existing Horizon implementation. If you are joining existing Horizon pods to a pod federation, your Cloud Pod Architecture topology is typically based on your existing network topology.
Administering Cloud Pod Architecture in Horizon 7 Entitling Users and Groups in the Pod Federation In a traditional Horizon environment, you use Horizon Administrator to create local entitlements. These local entitlements entitle users and groups to a specific desktop or application pool on a Connection Server instance. In a Cloud Pod Architecture environment, you create global entitlements to entitle users or groups to multiple desktops and applications across multiple pods in the pod federation.
Chapter 2 Designing a Cloud Pod Architecture Topology Understanding the Scope Policy When you create a global desktop entitlement or global application entitlement, you must specify its scope policy. The scope policy determines the scope of the search when Horizon looks for desktops or applications to satisfy a request from the global entitlement.
Administering Cloud Pod Architecture in Horizon 7 Global homes sites are useful for controlling where roaming users receive desktops and applications. For example, if a user has a home site in New York but is visiting London, Horizon begins looking in the New York site to satisfy the user's desktop request rather than allocating a desktop closer to the user. Global home site assignments apply for all global entitlements. Important Global entitlements do not recognize home sites by default.
Chapter 2 Designing a Cloud Pod Architecture Topology Global Entitlement Example In this example, NYUser1 is a member of the global desktop entitlement called My Global Pool. My Global Pool provides an entitlement to three floating desktop pools, called pool1, pool2, and pool3. pool1 and pool2 are in a pod called NY Pod in the New York datacenter and pool3 and pool4 are in a pod called LDN Pod in the London datacenter. Figure 2‑1.
Administering Cloud Pod Architecture in Horizon 7 Table 2-1 shows how tag matching determines when a Connection Server instance can access a global entitlement. Table 2‑1. Tag Matching Rules Connection Server Global Entitlement Access Permitted? No tags No tags Yes No tags One or more tags No One or more tags No tags Yes One or more tags One or more tags Only when tags match The restricted global entitlements feature only enforces tag matching.
Chapter 2 Designing a Cloud Pod Architecture Topology External users cannot see the global entitlements that are tagged as Internal because they log in through the Connection Server instances that are tagged as External. Internal users cannot see the global entitlements that are tagged as External because they log in through the Connection Server instances that are tagged as Internal. In the following diagram, User1 connects to the Connection Server instance called CS1.
Administering Cloud Pod Architecture in Horizon 7 Cloud Pod Architecture Topology Limits A typical Cloud Pod Architecture topology consists of two or more pods, which are linked together in a pod federation. Pod federations are subject to certain limits. Table 2‑2.
Setting Up a Cloud Pod Architecture Environment 3 Setting up a Cloud Pod Architecture environment involves initializing the Cloud Pod Architecture feature, joining pods to the pod federation, and creating global entitlements. You must create and configure at least one global entitlement to use the Cloud Pod Architecture feature. You can optionally create sites and assign home sites.
Administering Cloud Pod Architecture in Horizon 7 3 When the Initialize dialog box appears, click OK to begin the initialization process. Horizon Administrator shows the progress of the initialization process. The initialization process can take several minutes. After the Cloud Pod Architecture feature is initialized, the pod federation contains the initialized pod and a single site. The default pod federation name is Horizon Cloud Pod Federation.
Chapter 3 Setting Up a Cloud Pod Architecture Environment 6 Click OK to join the pod to the pod federation. Horizon Administrator shows the progress of the join operation. The default pod name is based on the host name of the Connection Server instance. For example, if the host name is CS1, the pod name is Cluster-CS1. 7 When Horizon Administrator prompts you to reload the client, click OK.
Administering Cloud Pod Architecture in Horizon 7 Create and Configure a Global Entitlement You use global entitlements to entitle users and groups to desktops and applications in a Cloud Pod Architecture environment. Global entitlements provide the link between users and their desktops and applications, regardless of where those desktops and applications reside in the pod federation.
Chapter 3 Setting Up a Cloud Pod Architecture Environment d If you are configuring a global desktop entitlement, select a user assignment policy. The user assignment policy specifies the type of desktop pool that a global desktop entitlement can contain. You can select only one user assignment policy. e Option Description Floating Creates a floating desktop entitlement. A floating desktop entitlement can contain only floating desktop pools. Dedicated Creates a dedicated desktop entitlement.
Administering Cloud Pod Architecture in Horizon 7 k (Global desktop entitlement only) Select whether to allow users to initiate separate desktop sessions from different client devices. When you enable the multiple sessions per user policy, users that connect to the global entitlement from different client devices receive different desktop sessions. To reconnect to an existing desktop session, users must use the same device from which that session was initiated.
Chapter 3 Setting Up a Cloud Pod Architecture Environment If you add multiple application pools to a global application entitlement, you must add the same application. For example, do not add Calculator and Microsoft Office PowerPoint to the same global application entitlement. If you add different applications to the same global application entitlement, entitled users might receive different applications at different times.
Administering Cloud Pod Architecture in Horizon 7 2 Create the site. a In Horizon Administrator, select View Configuration > Sites and click Add. b Type a name for the site in the Name text box. The site name can contain between 1 and 64 characters. c (Optional) Type a description of the site in the Description text box. The site name can contain between 1 and 1024 characters. d 3 Click OK to create the site. Add a pod to the site. Repeat this step for each pod to add to the site.
Chapter 3 Setting Up a Cloud Pod Architecture Environment 6 Select the home site to assign to the user or group from the Home Site drop-down menu and click Finish. Create a Home Site Override You can associate a global entitlement with a home site so that the global entitlement's home site overrides a user's own home site when the user selects the global entitlement. To create a home site override, you associate a home site with a global entitlement and a particular user or group.
Administering Cloud Pod Architecture in Horizon 7 2 Connect to any Connection Server instance in the pod federation by using the credentials of a user in one of your new global entitlements. After you connect to the Connection Server instance, the global entitlement name appears in the list of available desktops and applications. 3 Select the global entitlement and connect to a desktop or application. The desktop or application starts successfully.
Chapter 3 Setting Up a Cloud Pod Architecture Environment 6 Creating a URL for the Example Configuration on page 29 The insurance company uses a single URL and employs a DNS service to resolve sales.example to the nearest pod in the nearest data center. With this arrangement, sales agents do not need to remember different URLs for each pod and are always directed to the nearest data center, regardless of where they are located.
Administering Cloud Pod Architecture in Horizon 7 Joining Pods in the Example Configuration The Horizon administrator uses Horizon Administrator to join Central Pod 1 and Central Pod 2 to the pod federation.
Chapter 3 Setting Up a Cloud Pod Architecture Environment The Horizon administrator adds the Sales Agents group to the global desktop entitlement. The Sales Agent group is defined in Active Directory and contains all sales agent users. Adding the Sales Agent group to the Agent Sales global desktop entitlement enables sales agents to access the Sales A and Sales B desktop pools on the pods in the Eastern and Central regions.
Administering Cloud Pod Architecture in Horizon 7 30 VMware, Inc.
Managing a Cloud Pod Architecture Environment 4 You use Horizon Administrator and the lmvutil command to view, modify, and maintain your Cloud Pod Architecture environment. You can also use Horizon Administrator to monitor the health of pods in the pod federation.
Administering Cloud Pod Architecture in Horizon 7 n To list the users or groups associated with a global entitlement, in Horizon Administrator, select Catalog > Global Entitlements, double-click the global entitlement, and click the Users and Groups tab. You can use the Horizon Administrator user interface for any Connection Server instance in the pod federation. n To see the global entitlements that are assigned to a specific user, use the Horizon Help Desk Tool.
Chapter 4 Managing a Cloud Pod Architecture Environment 2 In Horizon Administrator, select Inventory > Dashboard. The Remote Pods section in the System Health pane lists all pods, their member Connection Server instances, and the known health status for each Connection Server instance. A green health icon indicates that the Connection Server instance is online and available for the Cloud Pod Architecture feature.
Administering Cloud Pod Architecture in Horizon 7 3 Select the site that currently contains the pod to add to the site. The names of the pods in the site appear in the lower pane. 4 Select the pod to add to the site and click Edit. 5 Select the site from the Site drop-down menu and click OK. Modifying Global Entitlements You can add and remove pools, users, and groups from global entitlements. You can also delete global entitlements and modify global entitlement attributes and policies.
Chapter 4 Managing a Cloud Pod Architecture Environment 2 In Horizon Administrator, select Catalog > Global Entitlements and double-click the global entitlement. 3 On the Users and Groups tab, select the user or group to delete and click Delete. You can press Ctrl or Shift to select multiple users and groups. 4 Click OK in the confirmation dialog box.
Administering Cloud Pod Architecture in Horizon 7 7 Policy Description Automatically clean up redundant sessions Logs off extra user sessions for the same entitlement.. This option is available only for floating desktop entitlements and application entitlements. Multiple sessions can occur when a pod that contains a session goes offline, the user logs in again and starts another session, and the problem pod comes back online with the original session.
Chapter 4 Managing a Cloud Pod Architecture Environment 4 Click OK in the confirmation dialog box. Managing Home Site Assignments You can modify and delete home site assignments. You can also display the effective home site for each global entitlement to which a user belongs. Modify a Home Site Assignment You can change an existing home site assignment for a specific user or group.
Administering Cloud Pod Architecture in Horizon 7 6 Click Look Up. Horizon Administrator displays the effective home site for each global entitlement to which the user belongs. Only global entitlements that have the Use home site policy enabled are displayed. The home site that is in effect appears in the Home Site Resolution column. If a user has multiple home sites, a folder icon appears next to the global entitlement name in the Entitlement column.
Chapter 4 Managing a Cloud Pod Architecture Environment Remove a Pod From the Pod Federation You can use Horizon Administrator to remove a pod that was previously joined to the pod federation. You might want to remove a pod from the pod federation if it is being recommissioned for another purpose or if it was wrongly configured. To remove the last pod in the pod federation, you uninitialize the Cloud Pod Architecture feature. See “Uninitialize the Cloud Pod Architecture Feature,” on page 39.
Administering Cloud Pod Architecture in Horizon 7 40 VMware, Inc.
lmvutil Command Reference 5 You use the lmvutil command-line interface to configure and manage a Cloud Pod Architecture implementation. Note You can use the vdmutil command-line interface to perform the same operations as lmvutil.
Administering Cloud Pod Architecture in Horizon 7 lmvutil Command Authentication To use the lmvutil command to configure and manage a Cloud Pod Architecture environment, you must run the command as a user who has the Administrators role. You can use Horizon Administrator to assign the Administrators role to a user. See the View Administration document. The lmvutil command includes options to specify the user name, domain, and password to use for authentication. Table 5‑1.
Chapter 5 lmvutil Command Reference Table 5‑2. lmvutil Command Options (Continued) Option Description --addPoolAssociation Associates a desktop pool with a global desktop entitlement or an application pool with a global application entitlement. See “Adding a Pool to a Global Entitlement,” on page 55. --addUserEntitlement Associates a user with a global entitlement. See “Adding a User or Group to a Global Entitlement,” on page 57 --assignPodToSite Assigns a pod to a site.
Administering Cloud Pod Architecture in Horizon 7 Table 5‑2. lmvutil Command Options (Continued) Option Description --listPods Lists the pods in a Cloud Pod Architecture topology. See “Listing the Pods or Sites in a Cloud Pod Architecture Topology,” on page 64. --listSites Lists the sites in a Cloud Pod Architecture topology. See “Listing the Pods or Sites in a Cloud Pod Architecture Topology,” on page 64.
Chapter 5 lmvutil Command Reference Usage Notes Run this command only once, on one Connection Server instance in the pod. You can run the command on any Connection Server instance in the pod. You do not need to run this command for additional pods. All other pods join the initialized pod. This command returns an error message if the Cloud Pod Architecture feature is already initialized or if the command cannot complete the operation.
Administering Cloud Pod Architecture in Horizon 7 Joining a Pod to the Pod Federation Use the lmvutil command with the --join option to join a pod to the pod federation. Syntax lmvutil --join joinServer serveraddress --userName domain\username --password password Usage Notes You must run this command on each pod that you want to join to the pod federation. You can run the command on any Connection Server instance in a pod.
Chapter 5 lmvutil Command Reference These commands return an error message if the Cloud Pod Architecture feature is not initialized, the pod is not joined to a pod federation, or if the commands cannot perform specified operations. Options When you use the --ejectPod option, you use the --pod option to identify the pod to remove from the pod federation.
Administering Cloud Pod Architecture in Horizon 7 n Changing a Site Name or Description on page 49 Use the lmvutil command with the --editSite option to edit the name or description of a site. n Deleting a Site on page 49 Use the lmvutil command with the --deleteSite option to delete a site. Creating a Site Use the lmvutil command with the --createSite option to create a site in a Cloud Pod Architecture topology.
Chapter 5 lmvutil Command Reference Table 5‑6. Options for Assigning a Pod to a Site Option Description --podName Name of the pod to assign to the site. --siteName Name of the site. You can use the lmvutil command with the --listPods option to list the names of the pods in a Cloud Pod Architecture topology. See “Listing the Pods or Sites in a Cloud Pod Architecture Topology,” on page 64.
Administering Cloud Pod Architecture in Horizon 7 Options You use the --sitename option to specify the name of the site to delete. Example lmvutil --authAs adminEast --authDomain domainEast --authPassword "*" --deleteSite --sitename "Eastern Region" Managing Global Entitlements You can use lmvutil command options to create, modify, and list global desktop entitlements and global application entitlements in a Cloud Pod Architecture environment.
Chapter 5 lmvutil Command Reference Syntax lmvutil --createGlobalEntitlement --entitlementName name --scope scope {--isDedicated | --isFloating} [--description text] [--disabled] [--fromHome] [--multipleSessionAutoClean] [--requireHomeSite] [--defaultProtocol value] [--preventProtocolOverride] [--allowReset] [--htmlAccess] [--multipleSessionsPerUser] [--tags tags] lmvutil --createGlobalApplicationEntitlement --entitlementName name --scope scope [--description text] [--disabled] [--fromHome] [--multipleSess
Administering Cloud Pod Architecture in Horizon 7 Table 5‑8. Options for Creating Global Entitlements (Continued) Option Description --multipleSessionAutoClean (Optional) Logs off extra user sessions for the same entitlement. Multiple sessions can occur when a pod that contains a session goes offline, the user logs in again and starts another session, and the problem pod comes back online with the original session. When multiple sessions occur, Horizon Client prompts the user to select a session.
Chapter 5 lmvutil Command Reference Modifying a Global Entitlement To modify a global desktop entitlement, use the lmvutil command with the --updateGlobalEntitlement option. To modify a global application entitlement, use the lmvutil command with the --updateGlobalApplicationEntitlement option.
Administering Cloud Pod Architecture in Horizon 7 Table 5‑9. Options for Modifying Global Entitlements (Continued) 54 Option Description --multipleSessionAutoClean (Optional) Logs off extra user sessions for the same entitlement. Multiple sessions can occur when a pod that contains a session goes offline, the user logs in again and starts another session, and the problem pod comes back online with the original session. When multiple sessions occur, Horizon Client prompts the user to select a session.
Chapter 5 lmvutil Command Reference Table 5‑9. Options for Modifying Global Entitlements (Continued) Option Description --preLaunch (Optional) Enables the pre-launch policy, which launches the application session before a user opens the global application entitlement in Horizon Client. When you enable the pre-launch policy, users can launch the global application entitlement more quickly.
Administering Cloud Pod Architecture in Horizon 7 Usage Notes You must use this command on a Connection Server instance in the pod that contains the pool. For example, if pod1 contains a desktop pool to associate with a global desktop entitlement, you must run the command on a Connection Server instance that resides in pod1. Repeat this command for each pool to become part of the global entitlement. You can add a particular pool to only one global entitlement.
Chapter 5 lmvutil Command Reference Table 5‑11. Options for Removing a Pool from a Global Entitlement Option Description --entitlementName Name of the global entitlement. --poolID ID of the pool to remove from the global entitlement. The pool ID must match the pool name as it appears on the pod.
Administering Cloud Pod Architecture in Horizon 7 Removing a User or Group From a Global Entitlement To remove a user from a global entitlement, use the lmvutil command with the --removeUserEntitlement option. To remove a group from a global entitlement, use the lmvutil command with the --removeGroupEntitlement option. Syntax lmvutil --removeUserEntitlement --userName domain\username --entitlementName name lmvutil --removeGroupEntitlement --groupName domain\groupname --entitlementName name Usage Notes Th
Chapter 5 lmvutil Command Reference Configuring a Home Site To create a home site for a user, use the lmvutil command with the --createUserHomeSite option. To create a home site for a group, use the lmvutil command with the --createGroupHomeSite option. You can also use these options to associate a home site with a global desktop entitlement or global application entitlement. Syntax lmvutil --createUserHomeSite --userName domain\username --siteName name [--entitlementName name] lmvutil --createGroupHomeSi
Administering Cloud Pod Architecture in Horizon 7 Deleting a Home Site To remove the association between a user and a home site, use the lmvutil command with the --deleteUserHomeSite option. To remove the association between a group and a home site, use the lmvutil command with the --deleteGroupHomeSite option. Syntax lmvutil --deleteUserHomeSite --userName domain\username [--entitlementName name] lmvutil --deleteGroupHomeSite --groupName domain\groupname [--entitlementName name] Usage Notes These comman
Chapter 5 lmvutil Command Reference n Listing the Home Sites for a User or Group on page 62 To list all the configured home sites for a specific user, use the lmvutil command with the --showUserHomeSites option. To list all the configured home sites for a specific group, use the lmvutil command with the --showGroupHomeSites option.
Administering Cloud Pod Architecture in Horizon 7 Options You use the --entitlementName option to specify the name of the global entitlement for which to list the associated desktop or application pools.
Chapter 5 lmvutil Command Reference Usage Notes These commands return an error message if the Cloud Pod Architecture feature is not initialized or if the specified user, group, or global entitlement does not exist. Options You can specify these options when you list the home sites for a user or group. Table 5‑17. Options for Listing the Home Sites for a User or Group Option Description --userName Name of a user. Use the format domain\username. --groupName Name of a group. Use the format domain\groupn
Administering Cloud Pod Architecture in Horizon 7 Listing Dedicated Desktop Pool Assignments Use the lmvutil command with the --listUserAssignments option to to list the dedicated desktop pool assignments for a user and global entitlement combination. Syntax lmvutil --listUserAssignments {--userName domain\username | --entitlementName name | --podName name | --siteName name} Usage Notes The data produced by this command is managed internally by the Cloud Pod Architecture brokering software.
Chapter 5 lmvutil Command Reference Example lmvutil --authAs adminEast --authDomain domainEast --authPassword "*" --listPods lmvutil --authAs adminEast --authDomain domainEast --authPassword "*" --listSites Managing SSL Certificates You can use lmvutil command options to create and activate pending SSL certificates in a Cloud Pod Architecture environment. The Cloud Pod Architecture feature uses signed certificates for bidirectional SSL to protect and validate the VIPA communication channel.
Administering Cloud Pod Architecture in Horizon 7 Usage Notes You must use the lmvutil command with the --createPendingCertificate option to create a pending certificate before you can use this command. Wait for the Global Data Layer replication process to distribute the certificate to all Connection Server instances before you activate the pending certificate.
Index A allocating desktops 10 architectural overview of Cloud Pod Architecture 7 assigning tags 19 C configuration tasks 17 viewing 31, 60 D desktop sessions 33 E example of a basic configuration 26 G global entitlements adding desktop pools 22 adding pools 55 adding users and groups 34, 57 creating 20, 28, 50 deleting 36, 55 introduction 10 listing 61 listing pools 61 listing users and groups 62 managing 50 modifying 34, 53 modifying attributes and policies 35 removing desktop pools 34 removing pools
Administering Cloud Pod Architecture in Horizon 7 introduction 9 managing 47 SSL certificates 65 T tag matching 13 TCP port requirements 16 testing 25 topology designing 9, 27 limits 16 viewing 64 U unauthenticated users 12 uninitializing 39, 45 V VIPA communication channel 8 W Workspace ONE mode 15 68 VMware, Inc.
