VMware Horizon View Administration View 5.2 View Manager 5.2 View Composer 5.2 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new edition. To check for more recent editions of this document, see http://www.vmware.com/support/pubs.
VMware Horizon View Administration You can find the most up-to-date technical documentation on the VMware Web site at: http://www.vmware.com/support/ The VMware Web site also provides the latest product updates. If you have comments about this documentation, submit your feedback to: docfeedback@vmware.com Copyright © 2013 VMware, Inc. All rights reserved. This product is protected by U.S. and international copyright and intellectual property laws.
Contents VMware Horizon View Administration 9 1 Configuring View Connection Server 11 Using View Administrator 11 Configuring vCenter Server and View Composer 14 Backing Up View Connection Server 26 Configuring Settings for Client Sessions 26 Disable or Enable View Connection Server 35 Edit the External URLs 35 Join or Withdraw from the Customer Experience Program 36 View LDAP Directory 36 2 Configuring Role-Based Delegated Administration 39 Understanding Roles and Privileges 39 Using Folders to Delegat
VMware Horizon View Administration 5 Creating Desktop Pools 87 Automated Pools That Contain Full Virtual Machines 88 Linked-Clone Desktop Pools 92 Manual Desktop Pools 119 Microsoft Terminal Services Pools 123 Provisioning Desktop Pools 125 Setting Power Policies for Desktop Pools 140 Configure View Storage Accelerator for Desktop Pools 145 Deploying Large Desktop Pools 147 6 Entitling Users and Groups 149 Add Entitlements to Desktop Pools 149 Remove Entitlements from a Desktop Pool 149 Review Desktop P
Contents 11 Managing Desktops and Desktop Pools 265 Managing Desktop Pools 265 Reducing Adobe Flash Bandwidth 271 Managing Virtual-Machine Desktops 272 Export View Information to External Files 278 12 Managing Physical Computers and Terminal Servers 281 Add an Unmanaged Desktop Source to a Pool 281 Remove an Unmanaged Desktop Source from a Pool 282 Delete a Pool That Contains Unmanaged Desktops 282 Unregister an Unmanaged Desktop Source 283 Desktop Status of Physical Computers and Terminal Servers 283 13
VMware Horizon View Administration Display Desktops with Suspected Problems 381 Troubleshoot a Problem Desktop Virtual Machine Using the vSphere Web Client 382 Manage Desktops and Policies for Unentitled Users 383 Collecting Diagnostic Information for VMware Horizon View 383 Update Support Requests 387 Troubleshooting Network Connection Problems 388 Troubleshooting Desktop Pool Creation Problems 391 Troubleshooting an Unsuccessful Security Server Pairing with View Connection Server 395 Troubleshooting Vi
Contents Index 449 VMware, Inc.
VMware Horizon View Administration 8 VMware, Inc.
VMware Horizon View Administration VMware Horizon View Administration describes how to configure and administer VMware Horizon View™, including how to configure View Connection Server, create administrators, provision and deploy View desktops, set up user authentication, configure policies, and manage VMware ThinApp™ applications in View Administrator. This information also describes how to maintain and troubleshoot VMware Horizon View components.
VMware Horizon View Administration 10 VMware, Inc.
Configuring View Connection Server 1 After you install and perform initial configuration of View Connection Server, you can add vCenter Server instances and View Composer services to View Manager, set up roles to delegate administrator responsibilities, and schedule backups of your configuration data.
VMware Horizon View Administration You also use View Administrator to manage security servers and View Transfer Server instances associated with View Connection Server. n Each security server is associated with one View Connection Server instance. n Each View Transfer Server instance can communicate with any View Connection Server instance in a group of replicated instances. Log In to View Administrator To perform initial configuration tasks, you must log in to View Administrator.
Chapter 1 Configuring View Connection Server Tips for Using the View Administrator Interface You can use View Administrator user-interface features to navigate View Pages and to find, filter, and sort View objects. View Administrator includes many common user interface features. For example, the navigation pane on the left side of each page directs you to other View Administrator pages. The search filters let you select filtering criteria that are related to the objects you are searching for.
VMware Horizon View Administration Table 1-1. View Administrator Navigation and Display Features (Continued) View Administrator Feature Description Selecting View objects and displaying View object details In View Administrator tables that list View objects, you can select an object or display object details. n To select an object, click anywhere in the object's row in the table. At the top of the page, menus and commands that manage the object become active.
Chapter 1 Configuring View Connection Server Create a User Account for View Composer If you use View Composer, you must create a user account in Active Directory to use with View Composer. View Composer requires this account to join linked-clone desktops to your Active Directory domain. To ensure security, you should create a separate user account to use with View Composer. By creating a separate account, you can guarantee that it does not have additional privileges that are defined for another purpose.
VMware Horizon View Administration Prerequisites n Install the View Connection Server product license key. n Prepare a vCenter Server user with permission to perform the operations in vCenter Server that are necessary to support View Manager. To use View Composer, you must give the user additional privileges. To manage desktops that are used in local mode, you must give the user privileges in addition to those that are required for View Manager and View Composer.
Chapter 1 Configuring View Connection Server 9 Click Next to display the View Composer Settings page. What to do next Configure View Composer settings. n If the vCenter Server instance is configured with a signed SSL certificate, and View Connection Server trusts the root certificate, the Add vCenter Server wizard displays the View Composer Settings page.
VMware Horizon View Administration 3 If you are using View Composer, select the location of the View Composer host. Option Description View Composer is installed on the same host as vCenter Server. a b Select View Composer co-installed with the vCenter Server. Make sure that the port number is the same as the port that you specified when you installed the View Composer service on vCenter Server. The default port number is 18443. View Composer is installed on its own separate host.
Chapter 1 Configuring View Connection Server 7 Click Next to display the Storage Settings page. What to do next Enable virtual machine disk space reclamation and configure View Storage Accelerator for View. Allow vSphere to Reclaim Disk Space in Linked-Clone Virtual Machines In vSphere 5.1 and later, you can enable the disk space reclamation feature for View. Starting in vSphere 5.
VMware Horizon View Administration Procedure 1 2 In View Administrator, complete the Add vCenter Server wizard pages that precede the Storage Settings page. a Select View Configuration > Servers. b In the vCenter Servers tab, click Add. c Complete the vCenter Server Information, View Composer Settings, and View Composer Domains pages. On the Storage Settings page, make sure that Enable space reclamation is selected.
Chapter 1 Configuring View Connection Server Prerequisites n Verify that your vCenter Server and ESXi hosts are version 5.0 or later. In an ESXi cluster, verify that all the hosts are version 5.0 or later. n Verify that the vCenter Server user was assigned the Global > Act as vCenter Server privilege in vCenter Server. See the topics in the VMware Horizon View Installation documentation that describe View Manager and View Composer privileges required for the vCenter Server user.
VMware Horizon View Administration Table 1-2. Concurrent Operations Limits for vCenter Server and View Composer Setting Description Max concurrent vCenter provisioning operations Determines the maximum number of concurrent requests that View Manager can make to provision and delete full virtual machines in this vCenter Server instance. The default value is 20. This setting applies to full virtual machines only.
Chapter 1 Configuring View Connection Server View waits a maximum of five minutes for a desktop to start. If the start time takes longer, other errors are likely to occur. To be conservative, you can set a concurrent power operations limit of 5 times the peak poweron rate. With a conservative approach, the default setting of 50 supports a peak power-on rate of 10 desktops per minute.
VMware Horizon View Administration 3 Examine the certificate thumbprint that was configured for the vCenter Server or View Composer instance. a On the vCenter Server or View Composer host, start the MMC snap-in and open the Windows Certificate Store. b Navigate to the vCenter Server or View Composer certificate. c Click the Certificate Details tab to display the certificate thumbprint. Similarly, examine the certificate thumbprint for a SAML 2.0 authenticator.
Chapter 1 Configuring View Connection Server Procedure 1 Remove the linked-clone pools that were created by View Composer. a In View Administrator, click Inventory > Pools. b Select a linked-clone pool and click Delete. A dialog box warns that you will permanently delete the linked-clone pool from View Manager. If the linked-clone desktops are configured with persistent disks, you can detach or delete the persistent disks. c Click OK. The virtual machines are deleted from vCenter Server.
VMware Horizon View Administration Backing Up View Connection Server After you complete the initial configuration of View Connection Server, you should schedule regular backups of your View Manager and View Composer configuration data. For information about backing up and restoring your View configuration, see “Backing Up and Restoring View Configuration Data,” on page 351.
Chapter 1 Configuring View Connection Server Procedure 1 In View Administrator, click View Configuration > Global Settings. 2 In the Security pane, click Change data recovery password. 3 Type and retype the new password. 4 (Optional) Type a password reminder. NOTE You can also change the data recovery password when you schedule your View configuration data to be backed up. See “Schedule View Manager Configuration Backups,” on page 352.
VMware Horizon View Administration Global Settings for Client Sessions General global settings determine session timeout lengths, SSO enablement and timeout limits, status updates in View Administrator, and whether prelogin and warning messages are displayed. Table 1-3. General Global Settings for Client Sessions Setting Description Session timeout Determines how long a user can keep a session open after logging in to View Connection Server. The value is set in minutes. You must type a value.
Chapter 1 Configuring View Connection Server Table 1-3. General Global Settings for Client Sessions (Continued) Setting Description Display a pre-login message Displays a disclaimer or another message to View Client users when they log in. Type your information or instructions in the text box in the Global Settings dialog window. To display no message, leave the check box unselected.
VMware Horizon View Administration Table 1-4. Global Security Settings for Client Sessions and Connections Setting Description Reauthenticate secure tunnel connections after network interruption Determines if user credentials must be reauthenticated after a network interruption when View clients use secure tunnel connections to View desktops. When you select this setting, if a secure tunnel connection ends during a desktop session, View Client requires the user to reauthenticate before reconnecting.
Chapter 1 Configuring View Connection Server Table 1-5 shows the options you can select to configure the message security mode. To set an option, select it from the Message security mode list in the Global Settings dialog window. Table 1-5. Message Security Mode Options Option Description Disabled Message security mode is disabled. Mixed Message security mode is enabled but not enforced. You can use this mode to detect components in your View environment that predate View Manager 3.0.
VMware Horizon View Administration Procedure 1 In View Administrator, click View Configuration > Servers. 2 In the View Connection Servers panel, select a View Connection Server instance and click Edit. 3 Configure use of the secure tunnel. Option Description Enable the secure tunnel Select Use secure tunnel connection to desktop. Disable the secure tunnel Deselect Use secure tunnel connection to desktop. The secure tunnel is enabled by default. 4 Configure use of the PCoIP Secure Gateway.
Chapter 1 Configuring View Connection Server 3 Configure use of the Blast Secure Gateway. Option Description Enable the Blast Secure Gateway Select Use Blast Secure Gateway for HTML access to desktop Disable the Blast secure Gateway Deselect Use Blast Secure Gateway for HTML access to desktop The Blast Secure Gateway is enabled by default. 4 Click OK to save your changes.
VMware Horizon View Administration Set View Server External URLs to Point Clients to SSL Off-loading Servers If SSL is off-loaded to an intermediate server and View Clients use the secure tunnel to connect to View, make sure to set the secure tunnel external URL to an address that clients can use to access the intermediate server. If View Clients use the PCoIP Secure Gateway, set the secure tunnel external URL and PCoIP external URL to addresses that allow clients to connect to the intermediate server.
Chapter 1 Configuring View Connection Server Disable or Enable View Connection Server You can disable a View Connection Server instance to prevent users from logging in to their View desktops. After you disable an instance, you can enable it again. When you disable a View Connection Server instance, users who are currently logged in to View desktops are not affected. Your View Manager deployment determines how users are affected by disabling an instance.
VMware Horizon View Administration 2 Type the secure tunnel external URL in the External URL text box. The URL must contain the protocol, client-resolvable host name and port number. For example: https://view.example.com:443 NOTE You can use the IP address if you have to access a View Connection Server instance or security server when the host name is not resolvable.
Chapter 1 Configuring View Connection Server n Access control lists (ACLs) View LDAP contains directory entries that represent View Manager objects. n View desktop entries that represent each accessible desktop. Each entry contains references to the Foreign Security Principal (FSP) entries of Windows users and groups in Active Directory who are authorized to use the desktop.
VMware Horizon View Administration 38 VMware, Inc.
Configuring Role-Based Delegated Administration 2 One key management task in a View environment is to determine who can use View Administrator and what tasks those users are authorized to perform. With role-based delegated administration, you can selectively assign administrative rights by assigning administrator roles to specific Active Directory users and groups.
VMware Horizon View Administration To create administrators, you select users and groups from your Active Directory users and groups and assign administrator roles. Administrators obtain privileges through their role assignments. You cannot assign privileges directly to administrators. An administrator that has multiple role assignments acquires the sum of all the privileges contained in those roles.
Chapter 2 Configuring Role-Based Delegated Administration Different Administrators for the Same Folder You can create different administrators to manage the same folder. For example, if your corporate desktop pools are in one folder, you can create one administrator that can view and modify those pools and another administrator that can only view them. Table 2-2 shows an example of this type of configuration. Table 2-2. Different Administrators for the Same Folder Administrator Role Folder view-domain.
VMware Horizon View Administration Table 2-5. Permissions on the Role Tab for Inventory Administrators Administrator Folder view-domain.com\Admin1 /MarketingDesktops Manage Administrators Users who have the Administrators role can use View Administrator to add and remove administrator users and groups. The Administrators role is the most powerful role in View Administrator. Initially, members of the View Administrators account are given the Administrators role.
Chapter 2 Configuring Role-Based Delegated Administration 5 Select a role to assign to the administrator user or group. The Apply to Folder column indicates whether a role applies to folders. Only roles that contain objectspecific privileges apply to folders. Roles that contain only global privileges do not apply to folders. 6 Option Action The role you selected applies to folders Select one or more folders and click Next.
VMware Horizon View Administration 2 Create the permission. Option Action Create a permission that includes a specific administrator user or group a b c d Create a permission that includes a specific role a On the Roles tab, select the role, click Permissions, and clickAdd Permission. b Click Add, select one or more search criteria, and click Find to find administrator users or groups that match your search criteria. Select an administrator user or group to include in the permission and click OK.
Chapter 2 Configuring Role-Based Delegated Administration Review Permissions You can review the permissions that include a specific administrator or group, a specific role, or a specific folder. Procedure 1 Select View Configuration > Administrators. 2 Review the permissions. Option Action Review the permissions that include a specific administrator or group Select the administrator or group on the Administrators and Groups tab.
VMware Horizon View Administration 3 Type a name and description for the folder and click OK. The description is optional. What to do next Move one or more desktop pools to the folder. Move a Desktop Pool to a Different Folder After you create a folder to subdivide your desktop pools, you must manually move desktop pools to the new folder. If you decide to change the way your desktop pools are subdivided, you can move desktops pools from one folder to another.
Chapter 2 Configuring Role-Based Delegated Administration 2 Select the folder from the Folder drop-down menu. The Desktops page shows the pools in the folder that you selected. Manage Custom Roles You can use View Administrator to add, modify, and delete custom roles. n Add a Custom Role on page 47 If the predefined administrator roles do not meet your needs, you can combine specific privileges to create your own roles in View Administrator.
VMware Horizon View Administration Remove a Custom Role You can remove a custom role if it is not included in a permission. You cannot remove the predefined administrator roles. Prerequisites If the role is included in a permission, delete the permission. See “Delete a Permission,” on page 44. Procedure 1 In View Administrator, select View Configuration > Administrators. 2 On the Roles tab, select the role and click Remove Role.
Chapter 2 Configuring Role-Based Delegated Administration Table 2-6. Predefined Roles in View Administrator Role User Capabilities Applies to a Folder Administrators Perform all administrator operations, including creating additional administrator users and groups. Administrators that have the Administrators role on the root folder are super administrators because they have full access to all of the inventory objects in the system.
VMware Horizon View Administration Table 2-7. Global Privileges Privilege User Capabilities Predefined Roles Console Interaction Log in to and use View Administrator. Administrators Administrators (Read only) Inventory Administrators Inventory Administrators (Read only) Global Configuration and Policy Administrators Global Configuration and Policy Administrators (Read only) Direct Interaction Run all PowerShell commands and command line utilities, except for vdmadmin and vdmimport.
Chapter 2 Configuring Role-Based Delegated Administration Internal Privileges Some of the predefined administrator roles contain internal privileges. You cannot select internal privileges when you create custom roles. Table 2-9 describes the internal privileges and lists the predefined roles that contain each privilege. Table 2-9. Internal Privileges Privilege Description Predefined Roles Full (Read only) Grants read-only access to all settings.
VMware Horizon View Administration Table 2-11. Desktop Management Tasks and Privileges Task Required Privileges Remove a virtual machine Manage Pool on the pool. Reset a virtual machine Manage Reboot Operation on the desktop. Cancel, pause, or resume a task Manage Composer Pool Image Assign or remove user ownership Manage Desktop on the desktop. Enter or exit maintenance mode Manage Desktop on the desktop. Roll back or initiate replications Manage Local Sessions on the desktop.
Chapter 2 Configuring Role-Based Delegated Administration Privileges for General Administration Tasks and Commands An administrator must have certain privileges to perform general administration tasks and run command line utilities. Table 2-14 shows the privileges that are required to perform general administration tasks and run command line utilities. Table 2-14.
VMware Horizon View Administration 54 VMware, Inc.
Preparing Unmanaged Desktop Sources 3 Users can access View desktops delivered by machines that are not managed by vCenter Server. These unmanaged desktop sources can include physical computers, terminal servers, and virtual machines running on VMware Server and other virtualization platforms. You must prepare an unmanaged desktop source to deliver View desktop access.
VMware Horizon View Administration Prerequisites n Verify that you have administrative rights on the unmanaged desktop source. n Familiarize yourself with the View Agent custom setup options for unmanaged desktop sources. See “View Agent Custom Setup Options for Unmanaged Desktop Sources,” on page 57. n Familiarize yourself with the TCP ports that the View Agent installation program opens on the firewall. See the VMware Horizon View Architecture Planning document for more information.
Chapter 3 Preparing Unmanaged Desktop Sources View Agent Custom Setup Options for Unmanaged Desktop Sources When you install View Agent on an unmanaged desktop source, you can select certain custom setup options. Table 3-1. View Agent Custom Setup Options for Unmanaged Desktop Sources Option Description USB Redirection Gives users access to locally connected USB devices on their desktops. Windows 2003 and Windows 2008 do not support USB redirection.
VMware Horizon View Administration 58 VMware, Inc.
Creating and Preparing Virtual Machines 4 You can use virtual machines managed by vCenter Server to provision and deploy View desktops. You can use a virtual machine managed by vCenter Server as a template for an automated pool, a parent for a linkedclone pool, or a desktop source in a manual pool. You must prepare virtual machines to deliver View desktop access.
VMware Horizon View Administration n Familiarize yourself with the custom configuration parameters for virtual machines. See “Virtual Machine Custom Configuration Parameters,” on page 60. Procedure 1 In vSphere Client, log in to the vCenter Server system. 2 Select File > New > Virtual Machine to start the New Virtual Machine wizard. 3 Select Custom and configure custom configuration parameters.
Chapter 4 Creating and Preparing Virtual Machines Table 4-1. Custom Configuration Parameters (Continued) Parameter Description and Recommendations CPUs The number of virtual processors in the virtual machine. For most guest operating systems, a single processor is sufficient. Memory The amount of memory to allocate to the virtual machine. In most cases, 512MB is sufficient. Network The number of virtual network adapters (NICs) in the virtual machine. One NIC is usually sufficient.
VMware Horizon View Administration n If you are installing Windows XP and you selected the LSI Logic adapter for the virtual machine, download the LSI20320-R controller driver from the LSI Logic Web site, create a floppy image (.flp) file that contains the driver, and upload the file to a datastore on your ESX server. Procedure 1 In vSphere Client, log in to the vCenter Server system where the virtual machine resides.
Chapter 4 Creating and Preparing Virtual Machines Procedure 1 In vSphere Client, log in to the vCenter Server system where the virtual machine resides. 2 Right-click the virtual machine, select Power, and select Power On to start the virtual machine. 3 Right-click the virtual machine, select Guest, and select Install/Upgrade VMware Tools to install the latest version of VMware Tools. 4 Use the VMware Tools time synchronization function to ensure that the virtual machine is synchronized to ESX.
VMware Horizon View Administration 14 (Optional) Disable Hot Plug PCI devices. This step prevents users from accidentally disconnecting the virtual network device (vNIC) from the virtual machine. 15 (Optional) Configure user customization scripts. What to do next Install View Agent. See “Install View Agent on a Virtual Machine,” on page 64.
Chapter 4 Creating and Preparing Virtual Machines 6 If you selected the USB redirection option, restart the virtual machine to enable USB support. In addition, the Found New Hardware wizard might start. Follow the prompts in the wizard to configure the hardware before you restart the virtual machine. The VMware View Agent service is started on the virtual machine. If you selected the View Composer Agent option, the VMware View Composer Guest Agent Server service is started on the virtual machine.
VMware Horizon View Administration Install View Agent Silently You can use the silent installation feature of the Microsoft Windows Installer (MSI) to install View Agent on several Windows virtual machines or physical computers. In a silent installation, you use the command line and do not have to respond to wizard prompts. With silent installation, you can efficiently deploy View components in a large enterprise. Prerequisites n Prepare the guest operating system for View desktop deployment.
Chapter 4 Creating and Preparing Virtual Machines If Windows Media Player is not installed, the View Agent installation program does not install the multimedia redirection (MMR) feature. If you install Windows Media Player after installing View Agent, you can install the MMR feature by running the View Agent installation program again and selecting the Repair option. What to do next If the virtual machine has multiple NICs, configure the subnet that View Agent uses.
VMware Horizon View Administration Table 4-4. MSI Command-Line Options and MSI Properties MSI Option or Property Description /qn Instructs the MSI installer not to display the installer wizard pages. For example, you might want to install View Agent silently and use only default setup options and features: VMware-viewagent-y.y.y-xxxxxx.exe /s /v"/qn" Alternatively, you can use the /qb option to display the wizard pages in a noninteractive, automated installation.
Chapter 4 Creating and Preparing Virtual Machines Table 4-5. MSI Properties for Silently Installing View Agent MSI Property Description Default Value INSTALLDIR The path and folder in which the View Agent software is installed. For example: INSTALLDIR=""D:\abc\my folder"" %ProgramFiles %\VMware\VMware View\Agent The sets of two double quotes that enclose the path permit the MSI installer to ignore the space in the path. This MSI property is optional.
VMware Horizon View Administration Table 4-6. View Agent Silent Installation Features and Interactive Custom Setup Options (Continued) Silent Installation Feature Custom Setup Option in an Interactive Installation ThinPrintPCoIP Virtual Printing with PCoIP PCoIP PCoIP Protocol USB USB Redirection VPA View Persona Management VmVideo In an interactive installation, this feature is not a separate custom setup option.
Chapter 4 Creating and Preparing Virtual Machines n Select a high-performance power option and do not specify a sleep timer. n Disable the Indexing Service component. NOTE Indexing improves searches by cataloging files. Do not disable this feature for users who search often. n Remove or minimize System Restore points. n Turn off system protection on C:\. n Disable any unnecessary services. n Set the sound scheme to No Sounds. n Set visual effects to Adjust for best performance.
VMware Horizon View Administration Procedure 1 Uninstall Tablet PC Components, unless this feature is needed. 2 Disable IPv6, unless it is needed. 3 Use the File System Utility (fsutil) command to disable the setting that keeps track of the last time a file was accessed. For example: fsutil behavior set disablelastaccess 1 4 Start the Registry Editor (regedit.exe) and change the TimeOutValue REG_DWORD in HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Disk to 0x000000be(190).
Chapter 4 Creating and Preparing Virtual Machines Optimizing Windows 7 and Windows 8 for Linked-Clone Desktops By disabling certain Windows 7 or Windows 8 services and tasks, you can reduce the growth of View Composer linked-clone desktops. Disabling certain services and tasks can also result in performance benefits for full virtual machines.
VMware Horizon View Administration Table 4-7. Impact of Windows 7 and Windows 8 Services and Tasks on OS Disk Growth and IOPS When OS Is Left Idle Default Occurrence or Startup Impact on LinkedClone OS Disks Description Windows Hibernation Provides a powersaving state by storing open documents and programs in a file before the computer is powered off. The file is reloaded into memory when the computer is restarted, restoring the state when the hibernation was invoked.
Chapter 4 Creating and Preparing Virtual Machines Table 4-7. Impact of Windows 7 and Windows 8 Services and Tasks on OS Disk Growth and IOPS When OS Is Left Idle (Continued) Default Occurrence or Startup Impact on LinkedClone OS Disks Impact on IOPS Turn Off This Service or Task? Service or Task Description Windows Registry Backup (RegIdleBackup) Automatically backs up the Windows registry when the system is idle. Every 10 days at 12:00 am Medium.
VMware Horizon View Administration As a best practice, defragment the parent virtual machine one time, before you take a snapshot and create the pool. The linked clones benefit from the defragmentation because they share the replica's optimized, read-only disk. Prerequisites n Verify that the applications that you intend to deploy to the linked clones are installed on the virtual machine. n Verify that View Agent with View Composer Agent is installed on the virtual machine.
Chapter 4 Creating and Preparing Virtual Machines Disable the Diagnostic Policy Service on Windows 7 and Windows 8 Virtual Machines Disabling the Windows Diagnostic Policy Service can minimize the number of system writes and reduce the growth of linked-clone desktops. Do no disable the Windows Diagnostic Policy Service if your users require the diagnostic tools on their desktops. Procedure 1 In vSphere Client, select the parent virtual machine and select Open Console.
VMware Horizon View Administration Disable Windows Registry Backup on Windows 7 and Windows 8 Virtual Machines Disabling the Windows registry backup feature, RegIdleBackup, can minimize the number of system writes and reduce the growth of linked-clone desktops. Procedure 1 In vSphere Client, select the parent virtual machine and select Open Console. 2 Log in to the Windows 7 or Windows 8 guest operating system as an administrator.
Chapter 4 Creating and Preparing Virtual Machines Procedure 1 In vSphere Client, select the parent virtual machine and select Open Console. 2 Log in to the Windows 7 or Windows 8 guest operating system as an administrator. 3 Click Start and type Windows Defender in the Search programs and files box. 4 Click Tools > Options > Administrator. 5 Deselect Use this program and click Save.
VMware Horizon View Administration n Keep a Record of the Parent Virtual Machine's Paging-File Size on page 84 When you create a linked-clone pool, you can redirect the linked clones' guest OS paging and temp files to a separate disk. You must configure this disk to be larger than the paging file in the guest OS. n Increase the Timeout Limit of QuickPrep Customization Scripts on page 84 View Composer terminates a QuickPrep post-synchronization or power-off script that takes longer than 20 seconds.
Chapter 4 Creating and Preparing Virtual Machines n If the parent virtual machine runs Windows 7 or Windows 8, verify that you followed the best practices for optimizing the operating system. See “Optimizing Windows 7 and Windows 8 for Linked-Clone Desktops,” on page 73. n Familiarize yourself with the procedure for disabling searching Windows Update for device drivers. See the Microsoft Technet article, "Disable Searching Windows Update for Device Drivers" at http://technet.microsoft.
VMware Horizon View Administration Activating Windows on Linked-Clone Desktops To make sure that View Composer properly activates Windows 8, Windows 7, and Windows Vista operating systems on linked-clone desktops, you must use Microsoft volume activation on the parent virtual machine. The volume-activation technology requires a volume license key. To activate Windows 8, Windows 7 or Windows Vista with volume activation, you use Key Management Service (KMS), which requires a KMS license key.
Chapter 4 Creating and Preparing Virtual Machines 3 Disable the hibernation option. Operating System Action Windows 8, Windows 7 or Windows Vista a Click Start and type cmd in the Start Search box. b e In the search results list, right-click Command Prompt and click Run as Administrator. At the User Account Control prompt, click Continue. At the command prompt, type powercfg.exe /hibernate off and press Enter. Type exit and press Enter. a b Click Start > Run. Type cmd and click OK.
VMware Horizon View Administration Keep a Record of the Parent Virtual Machine's Paging-File Size When you create a linked-clone pool, you can redirect the linked clones' guest OS paging and temp files to a separate disk. You must configure this disk to be larger than the paging file in the guest OS.
Chapter 4 Creating and Preparing Virtual Machines Alternatively, you can use your customization script to launch another script or process that performs the longrunning task. NOTE Most QuickPrep customization scripts can finish running within the 20-second limit. Test your scripts before you increase the limit. Prerequisites n Install View Agent with the View Composer Agent option on the parent virtual machine. n Verify that the parent virtual machine is prepared to create a linked-clone pool.
VMware Horizon View Administration Creating Customization Specifications Customization specifications are optional, but they can greatly expedite automated pool deployments by providing configuration information for general properties such as licensing, domain attachment, and DHCP settings. With customization specifications, you can customize View desktops as they are created in View Administrator.
Creating Desktop Pools 5 With View Manager, you create pools of desktops that deliver View desktop access to clients. View Manager deploys pools from desktop sources, which can be virtual machines that are managed by vCenter Server, virtual machines that run on another virtualization platform, or physical computers, terminal servers, or blade PCs. You can create several types of desktop pools. You can also provision an individual desktop by deploying a manual pool with a single desktop source.
VMware Horizon View Administration n Deploying Large Desktop Pools on page 147 When many users require the same desktop image, you can create one large automated pool from a single template or parent virtual machine. By using a single base image and pool name, you can avoid dividing the desktops arbitrarily into smaller groups that must be managed separately. This strategy simplifies your View deployment and administration tasks.
Chapter 5 Creating Desktop Pools Table 5-1. Worksheet: Configuration Options for Creating an Automated Pool That Contains Full Virtual Machines (Continued) Option Description View Folder Select a View Folder in which to place the pool or leave the pool in the default root folder. If you use a View Folder, you can delegate managing the pool to an administrator with a specific role. For details, see “Using Folders to Delegate Administration,” on page 40.
VMware Horizon View Administration Table 5-1. Worksheet: Configuration Options for Creating an Automated Pool That Contains Full Virtual Machines (Continued) Option Description Minimum number of desktops If you use a naming pattern and provision desktops on demand, specify a minimum number of desktops in the pool. View Manager creates the minimum number of desktops when you create the pool.
Chapter 5 Creating Desktop Pools n Verify that you have a sufficient number of ports on the ESX virtual switch that is used for desktop virtual machines. The default value might not be sufficient if you create large desktop pools. The number of virtual switch ports on the ESX host must equal or exceed the number of desktop virtual machines multiplied by the number of virtual NICs per virtual machine. n Gather the configuration information you must provide to create the pool.
VMware Horizon View Administration Table 5-2.
Chapter 5 Creating Desktop Pools Table 5-3. Worksheet: Configuration Options for Creating a Linked-Clone Desktop Pool (Continued) Option Description Pool ID The unique name that identifies the pool in View Administrator. If multiple View Connection Server configurations are running in your environment, make sure that another View Connection Server configuration is not using the same pool ID.
VMware Horizon View Administration Table 5-3. Worksheet: Configuration Options for Creating a Linked-Clone Desktop Pool (Continued) 94 Option Description Max number of desktops If you use a naming pattern, specify the total number of desktops in the pool. You can also specify a minimum number of desktops to provision when you first create the pool.
Chapter 5 Creating Desktop Pools Table 5-3. Worksheet: Configuration Options for Creating a Linked-Clone Desktop Pool (Continued) Option Description Redirect Windows profile to persistent disks If you select dedicated user assignments, choose whether to store Windows user-profile data on a separate View Composer persistent disk or the same disk as the OS data. Separate persistent disks let you preserve user data and settings.
VMware Horizon View Administration Table 5-3. Worksheet: Configuration Options for Creating a Linked-Clone Desktop Pool (Continued) 96 Option Description Select separate datastores for replica and OS disks You can store the replica (master) virtual machine disk on a high performance datastore and the linked clones on separate datastores. For details, see “Storing View Composer Replicas and Linked Clones on Separate Datastores,” on page 113.
Chapter 5 Creating Desktop Pools Table 5-3. Worksheet: Configuration Options for Creating a Linked-Clone Desktop Pool (Continued) Option Description Select Datastores Select one or more datastores on which to store the desktop pool. A table on the Select Datastores page of the Add Pool wizard provides high-level guidelines for estimating the pool's storage requirements. These guidelines can help you determine which datastores are large enough to store the linkedclone disks.
VMware Horizon View Administration Table 5-3. Worksheet: Configuration Options for Creating a Linked-Clone Desktop Pool (Continued) Option Description Use native NFS snapshots (VAAI) - Tech Preview If your deployment includes NAS devices that support the vStorage APIs for Array Integration (VAAI), you can use native snapshot technology to clone virtual machines. NOTE Native NFS snapshot technology (VAAI) is a Tech Preview feature.
Chapter 5 Creating Desktop Pools Table 5-3. Worksheet: Configuration Options for Creating a Linked-Clone Desktop Pool (Continued) Option Description Active Directory domain Select the Active Directory domain and user name. View Composer requires certain user privileges to create a linked-clone pool. The domain and user account are used by QuickPrep or Sysprep to customize the linked-clone desktops. For details, see “Create a User Account for View Composer,” on page 15.
VMware Horizon View Administration Table 5-3. Worksheet: Configuration Options for Creating a Linked-Clone Desktop Pool (Continued) Option Description Post synchronization script QuickPrep can run a customization script on linked-clone desktops after they are created, recomposed, and refreshed. Provide the path to the script on the parent virtual machine.
Chapter 5 Creating Desktop Pools n Gather the configuration information you must provide to create the pool. See “Worksheet for Creating a Linked-Clone Desktop Pool,” on page 92. n Decide how to configure power settings, display protocol, Adobe Flash quality, and other settings. See “Desktop and Pool Settings,” on page 132.
VMware Horizon View Administration What to do next Entitle users to access the pool. See “Add Entitlements to Desktop Pools,” on page 149. Desktop Settings for Linked-Clone Desktop Pools You must specify desktop and pool settings when you configure automated pools that contain linked-clone desktops created by View Composer. Different settings apply to pools with dedicated user assignments and floating user assignments.
Chapter 5 Creating Desktop Pools 3 n If you use QuickPrep, no new SID is generated. The parent virtual machine's SID is replicated on all provisioned linked-clone desktops in the pool. n Some applications generate a GUID during customization. View Manager creates a snapshot of the linked clone. The snapshot contains the unique SID generated with Sysprep or common SID generated with QuickPrep. 4 View Manager powers on the desktop according to the settings you select when you create the pool.
VMware Horizon View Administration Table 5-6. Comparing QuickPrep and Microsoft Sysprep QuickPrep Customization Specification (Sysprep) Designed to work with View Composer. For details, see “Customizing Linked-Clone Desktops with QuickPrep,” on page 104. Can be created with the standard Microsoft Sysprep tools. Uses the same local computer security identifier (SID) for all linked clones in the pool. Generates a unique local computer SID for each linked clone in the pool.
Chapter 5 Creating Desktop Pools For guidelines and rules for using QuickPrep customization scripts, see “Running QuickPrep Customization Scripts,” on page 105. NOTE View Composer requires domain user credentials to join linked-clone desktops to an Active Directory domain. For details, see “Create a User Account for View Composer,” on page 15. Running QuickPrep Customization Scripts With the QuickPrep tool, you can create scripts to customize the linked-clone desktops in a pool.
VMware Horizon View Administration QuickPrep Process Privileges For security reasons, certain Windows operating system privileges are removed from the View Composer Guest Agent process that invokes QuickPrep customization scripts. A QuickPrep customization script cannot perform any action that requires a privilege that is removed from the View Composer Guest Agent process.
Chapter 5 Creating Desktop Pools The formulas that View Manager uses can only provide a general estimate of storage use.
VMware Horizon View Administration For OS disks, your sizing estimates depend on how frequently you refresh and recompose the pool. If you refresh your linked-clone pool between once a day and once a week, make sure that the Selected Free Space can accommodate storage use between the Min Recommended and 50% Utilization estimates. If you rarely refresh or recompose the pool, the linked-clone disks continue to grow.
Chapter 5 Creating Desktop Pools Sizing Formulas for Linked-Clone Pools Storage-sizing formulas can help you estimate the size of linked-clone disks relative to the free space on the datastores that you select for OS disks, View Composer persistent disks, and replicas. Storage Sizing Formulas Table 5-8 shows the formulas that calculate the estimated sizes of linked-clone disks when you create a pool and as the linked-clone desktops grow over time.
VMware Horizon View Administration In these cases, View Manager does not include space for replicas when it calculates storage recommendations for linked-clone disks. Table 5-10 shows the formulas that calculate the estimated sizes of linked-clone disks when you edit a pool or store replicas on a separate datastore. Table 5-10.
Chapter 5 Creating Desktop Pools 2 3 When you create a new desktop pool or edit an existing pool, navigate to the Select Datastores page. Option Action New desktop pool a b Click Add. Proceed through the Add Pool wizard until the Select Datastores page is displayed. Existing desktop pool a b Select the linked-clone pool and click Edit. Click the vCenter Settings tab. On the Select Datastores page, select the storage overcommit level. Option Description None Storage is not overcommitted.
VMware Horizon View Administration For example, it would make sense to set an aggressive overcommit level for a floating-assignment desktop pool in which the desktops are set to delete or refresh after logoff. You can vary storage overcommit levels among different types of datastores to address the different levels of throughput in each datastore. For example, a NAS datastore can have a different setting than a SAN datastore.
Chapter 5 Creating Desktop Pools Storing View Composer Replicas and Linked Clones on Separate Datastores You can place View Composer replicas and linked clones on separate datastores with different performance characteristics. This flexible configuration can speed up intensive operations such as provisioning many linked clones at once or running antivirus scans. For example, you can store the replica virtual machines on a solid-state disk-backed datastore.
VMware Horizon View Administration Using View Composer Array Integration with Native NFS Snapshot Technology (VAAI) If your deployment includes NAS devices that support the vStorage APIs for Array Integration (VAAI), you can enable the View Composer Array Integration feature on linked-clone pools. This feature uses native NFS snapshot technology to clone virtual machines. NOTE Native NFS snapshot technology (VAAI) is a Tech Preview feature.
Chapter 5 Creating Desktop Pools Reclaim Disk Space on Linked-Clone Desktops In vSphere 5.1 and later, you can configure the disk space reclamation feature for linked-clone desktop pools. Starting in vSphere 5.1, View creates linked-clone virtual machines in an efficient disk format that allows ESXi hosts to reclaim unused disk space on the linked clones, reducing the total storage space required for linked clones.
VMware Horizon View Administration Procedure 1 In View Administrator, display the Advanced Storage Options page. Option Description New desktop pool Start the Add Pool wizard to begin creating an automated desktop pool. Follow the wizard configuration prompts until you reach the Advanced Storage Options page. Existing desktop pool Select the existing pool, click Edit, and click the Advanced Storage Options tab.
Chapter 5 Creating Desktop Pools 2 Check the blackout days and specify the starting and ending times. The time selector uses a 24-hour clock. For example, 10:00 is 10:00 a.m., and 22:00 is 10:00 p.m. 3 Click OK. 4 To add another blackout period, click Add and specify another period. 5 To modify or remove a blackout period, select the period from the Blackout times list and click Edit or Remove.
VMware Horizon View Administration With this option enabled, when a linked clone is provisioned, View Composer checks if an existing AD computer account name matches the linked clone desktop name. If a match exists, View Composer uses the existing AD computer account. If View Composer does not find a matching AD computer account name, View Composer generates a new AD computer account for the linked clone.
Chapter 5 Creating Desktop Pools Linked-Clone Desktop Data Disks View Composer creates more than one data disk to store the components of a linked-clone desktop. OS Disk View Composer creates an OS disk for each linked clone. This disk stores the system data that the clone needs to remain linked to the base image and to function as a unique desktop. QuickPrep Configuration-Data Disk View Composer creates a second disk with the OS disk.
VMware Horizon View Administration Worksheet for Creating a Manual Desktop Pool When you create a manual desktop pool, the View Administrator Add Pool wizard prompts you to configure certain options. Use this worksheet to prepare your configuration options before you create the pool. You can print this worksheet and write down the values you want to specify when you run the Add Pool wizard. NOTE In a manual pool, you must prepare each desktop source to deliver View desktop access.
Chapter 5 Creating Desktop Pools Create a Manual Desktop Pool You can create a manual desktop pool that provisions desktops from existing virtual machines, physical computers, and HP Blade PCs. You must select the desktop sources that make up View desktops in the pool. For manual pools with desktops that are managed by vCenter Server, View Manager ensures that a spare desktop is powered on so that users can connect to it. The spare desktop is powered on no matter which power policy is in effect.
VMware Horizon View Administration Prerequisites n Prepare the desktop source to deliver View desktop access. View Agent must be installed and running on the desktop source. To prepare a virtual machine managed by vCenter Server, see Chapter 4, “Creating and Preparing Virtual Machines,” on page 59. To prepare an unmanaged virtual machine, physical computer, or Blade PC, see Chapter 3, “Preparing Unmanaged Desktop Sources,” on page 55.
Chapter 5 Creating Desktop Pools Table 5-14.
VMware Horizon View Administration Create a Microsoft Terminal Services Pool You can create a Microsoft Terminal Services pool that provisions desktops from terminal server desktop sources. You must select the desktop sources that make up View desktops in the pool. Prerequisites n Prepare the terminal server desktop sources to deliver View desktop access. View Agent must be installed and running on each desktop source. See Chapter 3, “Preparing Unmanaged Desktop Sources,” on page 55.
Chapter 5 Creating Desktop Pools Table 5-15. Settings for Terminal Services Pools (Continued) Setting Microsoft Terminal Services Pool Adobe Flash quality Yes Adobe Flash throttling Yes Configure Adobe Flash Throttling with Internet Explorer in Terminal Services Sessions To ensure that Adobe Flash throttling works with Internet Explorer in Terminal Services sessions, users must enable third-party browser extensions. Procedure 1 Start View Client and log in to a user's desktop.
VMware Horizon View Administration User Assignment in Desktop Pools You can configure a desktop pool so that users have dedicated assignments or floating assignments to the desktops in the pool. You must choose a user assignment for automated pools that contain full virtual machines, automated linked-clone pools, and manual pools. With a dedicated assignment, View Manager assigns each entitled user to one desktop in the pool. When a user connects to the pool, the user always logs in to the same desktop.
Chapter 5 Creating Desktop Pools Table 5-16. Naming Desktops Manually or Providing a Desktop-Naming Pattern (Continued) Feature Providing a Desktop-Naming Pattern Naming Desktops Manually On-demand provisioning Available. View Manager dynamically creates and provisions the specified minimum and spare number of desktops as users first log in or as you assign desktops to users. View Manager can also create and provision all the desktops when you create the pool. Not available.
VMware Horizon View Administration Specify a List of Desktop Names You can provision an automated desktop pool by manually specifying a list of desktop names. This naming method lets you use your company's naming conventions to identify the desktops in a pool. When you explicitly specify desktop names, users can see familiar names based on their company's organization when they log in to their desktops.
Chapter 5 Creating Desktop Pools View Manager creates a desktop for each name in the list. When an entry includes a desktop and user name, View Manager assigns the desktop to that user. After the pool is created, you can add desktops by importing another list file that contains additional desktop names and users. Using a Naming Pattern for Automated Desktop Pools You can provision the desktops in a pool by providing a naming pattern and the total number of desktops you want in the pool.
VMware Horizon View Administration Desktop-Naming Example This example shows how to create two automated desktop pools that use the same desktop names, but different sets of numbers. The strategies that are used in this example achieve a specific user objective and show the flexibility of the desktop-naming methods. The objective is to create two pools with the same naming convention such as VDIABC-XX, where XX represents a number. Each pool has a different set of sequential numbers.
Chapter 5 Creating Desktop Pools Second pool: VDIABC-101 VDIABC-102 VDIABC-103 For details about naming patterns and tokens, see “Using a Naming Pattern for Automated Desktop Pools,” on page 129. Manually Customizing Desktops After you create an automated pool, you can customize particular desktops without reassigning ownership.
VMware Horizon View Administration 7 Use the filter tool to select specific desktops to release to your users. 8 Click More Commands > Exit Maintenance Mode. What to do next Notify your users that they can log in to their desktops. Desktop and Pool Settings You must specify desktop and pool settings when you configure automated pools that contain full virtual machines, linked-clone desktop pools, manual desktop pools, and Microsoft Terminal Services pools.
Chapter 5 Creating Desktop Pools Table 5-19. Desktop and Pool Setting Descriptions (Continued) Setting Options Allow users to reset their desktops Allow users to reset their own desktops without administrative assistance. Allow multiple sessions per user Allow a user to connect to multiple desktops in the pool at the same time. Delete desktop after logoff Select whether to delete floating-assignment, full virtual machine desktops. n No.
VMware Horizon View Administration Table 5-19. Desktop and Pool Setting Descriptions (Continued) 134 Setting Options Default display protocol Select the display protocol that you want View Connection Server to use to communicate with View clients. PCoIP The default option wherever it is supported. PCoIP is supported as the display protocol for virtual-machine desktops and physical machines that have Teradici hardware.
Chapter 5 Creating Desktop Pools Table 5-19. Desktop and Pool Setting Descriptions (Continued) Setting Options Max number of monitors If you use PCoIP as the display protocol, you can select the Maximum number of monitors on which users can display the desktop. When the 3D Renderer setting is not selected, the Max number of monitors setting affects the amount of VRAM that is assigned to desktops in the pool. When you increase the number of monitors, more memory is consumed on the associated ESXi hosts.
VMware Horizon View Administration Table 5-19. Desktop and Pool Setting Descriptions (Continued) Setting Options Adobe Flash quality Determines the quality of Adobe Flash content that is displayed on Web pages. n Do not control. Quality is determined by Web page settings. n Low. This setting results in the most bandwidth savings. If no quality level is specified, the system defaults to Low. n Medium. This setting results in moderate bandwidth savings. n High.
Chapter 5 Creating Desktop Pools n GPU graphics cards and the associated vSphere Installation Bundles (VIBs) must be installed on the ESXi hosts. For a list of supported GPU hardware, see the VMware Hardware Compatibility List at http://www.vmware.com/resources/compatibility/search.php. n Windows 7 desktops must be virtual hardware version 8 or later. Windows 8 desktops must be virtual hardware version 9 or later.
VMware Horizon View Administration Table 5-20. 3D Renderer Options for Pools Running on vSphere 5.1 or Later (Continued) Option Description Hardware 3D rendering is enabled. The ESXi host reserves GPU hardware resources on a first-come, first-served basis as virtual machines are powered on. The ESXi host allocates VRAM to a virtual machine based on the value that is set in the Configure VRAM for 3D Guests dialog box.
Chapter 5 Creating Desktop Pools Select the Software option if you have ESXi 5.0 hosts only, or the ESXi 5.1 hosts do not have GPU graphics cards, or your users only run applications, such as AERO and Microsoft Office, that do not require hardware graphics acceleration. Configuring Desktop Settings to Manage GPU Resources You can configure other desktop settings to ensure that GPU resources are not wasted when users are not actively using them.
VMware Horizon View Administration Procedure 1 Select PCoIP as the display protocol that you want View Connection Server to use to communicate with View clients. Option Description Create a desktop pool a b In View Administrator, start the Add Pool wizard. On the Desktop Settings page, select PCoIP as the default display protocol. Edit an existing desktop pool a b In View Administrator, select the desktop pool and click Edit.
Chapter 5 Creating Desktop Pools Table 5-22. Power Policies Power Policy Description Take no power action View Manager does not enforce any power policy after a user logs off. This setting has two consequences. n View Manager does not change the power state of the virtual machine after a user logs off. n For example, if a user shuts down the virtual machine, the virtual machine remains powered off. If a user logs off without shutting down, the virtual machine remains powered on.
VMware Horizon View Administration Table 5-23. When View Manager Applies the Power Policy Desktop Pool Type The power policy is applied ... Manual pool that contains one desktop (vCenter Servermanaged virtual machine) Power operations are initiated by session management. The virtual machine is powered on when a user requests the desktop and powered off or suspended when the user logs off.
Chapter 5 Creating Desktop Pools 6 Select OU=Global and select CN=Common in the right pane 7 Select Action > Properties, and under the pae-NameValuePair attribute, add the new entry suspendOnDisconnect=1. 8 Restart View Connection Server. How Power Policies Affect Automated Pools How View applies the configured power policy to automated pools depends on whether a View desktop is available.
VMware Horizon View Administration Table 5-25. Desktop Pool Settings for Automated Pool with Floating Assignments Example 2 Desktop Pool Setting Value Number of desktops (minimum) 5 Number of desktops (maximum) 5 Number of spare, powered-on desktops 2 Remote desktop power policy Power off When this desktop pool is provisioned, five desktops are created, two desktops are powered on and immediately available, and three desktops are powered off.
Chapter 5 Creating Desktop Pools In this configuration, both View Connection Server and the guest operating system can suspend the virtual machine. The guest operating system power option might cause the virtual machine to be unavailable when View Connection Server expects it to be powered on. Configure View Storage Accelerator for Desktop Pools You can configure desktop pools to enable ESXi hosts to cache virtual machine disk data.
VMware Horizon View Administration Procedure 1 2 In View Administrator, display the Advanced Storage Options page. Option Description New desktop pool Start the Add Pool wizard to begin creating an automated desktop pool. Follow the wizard configuration prompts until you reach the Advanced Storage Options page. Existing desktop pool Select the existing pool, click Edit, and click the Advanced Storage Options tab.
Chapter 5 Creating Desktop Pools Procedure 1 On the Advanced Storage Options page in the Add Pool wizard, go to Blackout Times and click Add. If you are editing an existing pool, click the Advanced Storage Options tab. 2 Check the blackout days and specify the starting and ending times. The time selector uses a 24-hour clock. For example, 10:00 is 10:00 a.m., and 22:00 is 10:00 p.m. 3 Click OK. 4 To add another blackout period, click Add and specify another period.
VMware Horizon View Administration In View 5.2 and later releases, you can assign network labels that are available in vCenter Server for all the ESXi hosts in the cluster where the desktop pool is deployed. By configuring multiple network labels for the pool, you greatly expand the number of IP addresses that can be assigned to the virtual machines in the pool. You must use View PowerCLI cmdlets to assign multiple network labels to a pool. You cannot perform this task in View Administrator.
Entitling Users and Groups 6 You configure desktop pool entitlements to control which View desktops your users can access. You can also configure the restricted entitlements feature to control desktop access based on the View Connection Server instance that users connect to when they select desktops.
VMware Horizon View Administration 3 Select the user or group whose entitlement you want to remove and click Remove. 4 Click OK to save your changes. Review Desktop Pool Entitlements You can review the desktop pools that a user or group is entitled to. Procedure 1 In View Administrator, select Users and Groups and click the name of the user or group. 2 Select the Summary tab. The Pool Entitlements pane lists the pools that the user or group is currently entitled to.
Chapter 6 Entitling Users and Groups n Assign the "External" tag to the desktop pools that should be accessible only to external users. External users cannot see the desktop pools tagged as Internal because they log in through the View Connection Server tagged as External, and internal users cannot see the desktop pools tagged as External because they log in through the View Connection Server tagged as Internal. Figure 6-1 illustrates this configuration. Figure 6-1.
VMware Horizon View Administration Table 6-1. Tag Matching Rules (Continued) View Connection Server Desktop Pool Access Permitted? One or more tags No tags Yes One or more tags One or more tags Only when tags match The restricted entitlements feature only enforces tag matching. You must design your network topology to force certain clients to connect through a particular View Connection Server instance.
Chapter 6 Entitling Users and Groups Assign a Tag to a Desktop Pool When you assign a tag to a desktop pool, only users who connect to a View Connection Server instance that has a matching tag can access the desktops in that pool. You can assign a tag when you add or edit a desktop pool. Prerequisites Assign tags to one or more View Connection Server instances. Procedure 1 In View Administrator, select Inventory > Pools. 2 Select the pool that you want to assign a tag to. 3 4 5 VMware, Inc.
VMware Horizon View Administration 154 VMware, Inc.
Setting Up User Authentication 7 View uses your existing Active Directory infrastructure for user authentication and management. For added security, you can integrate View with smart card authentication and two-factor authentication solutions such as RSA SecurID and RADIUS. This chapter includes the following topics: n “Using SAML 2.
VMware Horizon View Administration Configure SAML 2.0 Authenticators in View Administrator To configure a SAML Server to perform authentication tasks, you must add a SAML authenticator and specify a label, Metadata URL, Administration URL, and other settings. Prerequisites n Verify that the SAML 2.0 Authenticator is installed and available for inclusion in the Horizon service and View Connection Server. For installation and configuration information, see https://www.vmware.com/support/pubs/horizon_pubs.
Chapter 7 Setting Up User Authentication 10 Click SAML 2.0 Authenticators. 11 Select the SAML server that you modified or added, verify the details, and click OK. The View dashboard now displays the SAML 2.0 authenticator in a Healthy condition, which is indicated by a green icon. You can configure each View Connection Server instance with a Required, Allowed, or Disabled authentication setting, depending on specific customer requirements.
VMware Horizon View Administration The most recent value of the smart card removal policy is enforced during offline smart card authentication. The smart card removal policy determines whether users must reauthenticate to gain access to their desktops after removing their smart cards. If the policy is set to disconnect user sessions on smart card removal, when users remove a smart card, the guest operating system in the View desktop is locked.
Chapter 7 Setting Up User Authentication 2 Select a certificate to use for smart card authentication. The signing chain lists a series a signing authorities. The best certificate to select is usually the intermediate authority above the user certificate. 3 Verify that the authority does not sign other certificates on the card. What to do next Add the root certificate to a server truststore file. See “Add the Root Certificate to a Server Truststore File,” on page 159.
VMware Horizon View Administration Procedure 1 On your View Connection Server or security server host, use the keytool utility to import the root certificate into the server truststore file. For example: keytool -import -alias alias -file root_certificate -keystore truststorefile.key In this command, alias is a unique case-insensitive name for a new entry in the truststore file, root_certificate is the root certificate that you obtained or exported, and truststorefile.
Chapter 7 Setting Up User Authentication Configure Smart Card Settings in View Administrator You can use View Administrator to specify settings to accommodate different smart card authentication scenarios. When you configure these settings on a View Connection Server instance, the settings are also applied to paired security servers. Prerequisites n Modify View Connection Server configuration properties on your View Connection Server host.
VMware Horizon View Administration For users who run View desktops locally on their client systems, if the policy is set to disconnect user sessions on smart card removal, when users remove a smart card, the guest operating system in the View desktop is locked. The View Client window remains open, and users can select Options > Send Ctrl-AltDelete to reauthenticate. 5 Click OK. 6 Restart the View Connection Server service.
Chapter 7 Setting Up User Authentication Prerequisites n Obtain the SAN contained in the root certificate of the trusted CA by viewing the certificate properties. n If the ADSI Edit utility is not present on your Active Directory server, download and install the appropriate Windows Support Tools from the Microsoft Web site. Procedure 1 On your Active Directory server, start the ADSI Edit utility. 2 In the left pane, expand the domain the user is located in and double-click CN=Users.
VMware Horizon View Administration All of the systems in the domain now have a copy of the root certificate in their trusted root store. What to do next If an intermediate certification authority (CA) issues your smart card login or domain controller certificates, add the intermediate certificate to the Intermediate Certification Authorities group policy in Active Directory. See “Add an Intermediate Certificate to Intermediate Certification Authorities,” on page 164.
Chapter 7 Setting Up User Authentication n In the locked.properties file on the View Connection Server or security server host, verify that the useCertAuth property is set to true and is spelled correctly. The locked.properties file is located in install_directory\VMware\VMware View\Server\sslgateway\conf. The useCertAuth property is commonly misspelled as userCertAuth.
VMware Horizon View Administration n Logging in with OCSP Certificate Revocation Checking on page 166 When you configure OCSP certificate revocation checking, View sends a request to an OCSP Responder to determine the revocation status of a specific user certificate. View uses an OCSP signing certificate to verify that the responses it receives from the OCSP Responder are genuine.
Chapter 7 Setting Up User Authentication 2 3 Add the enableRevocationChecking and crlLocation properties to the locked.properties file. a Set enableRevocationChecking to true to enable smart card certificate revocation checking. b Set crlLocation to the location of the CRL. The value can be a URL or a file path. Restart the View Connection Server service or security server service to make your changes take effect. Example: locked.
VMware Horizon View Administration Smart Card Certificate Revocation Checking Properties You set values in the locked.properties file to enable and configure smart card certificate revocation checking. Table 7-1 lists the locked.properties file properties for certificate revocation checking. Table 7-1. Properties for Smart Card Certificate Revocation Checking Property Description enableRevocationChecking Set this property to true to enable certificate revocation checking.
Chapter 7 Setting Up User Authentication To use two-factor authentication, each user must have a token, such as an RSA SecurID token, that is registered with its authentication manager. A two-factor authentication token is a piece of hardware or software that generates an authentication code at fixed intervals. Often authentication requires knowledge of both a PIN and an authentication code.
VMware Horizon View Administration Enable Two-Factor Authentication in View Administrator You enable a View Connection Server instance for RSA SecurID authentication or RADIUS authentication by modifying View Connection Server settings in View Administrator. Prerequisites Install and configure the two-factor authentication software, such as the RSA SecurID software or the RADIUS software, on an authentication manager server. n For RSA SecurID authentication, export the sdconf.
Chapter 7 Setting Up User Authentication 6 For RADIUS authentication, complete the rest of the fields: a Select Use the same username and password for RADIUS and Windows authentication if the initial RADIUS authentication uses Windows authentication that triggers an out-of-band transmission of a token code, and this token code is used as part of a RADIUS challenge.
VMware Horizon View Administration 5 On the computer that is running RSA Authentication Manager, select Start > Programs > RSA Security > RSA Authentication Manager Host Mode. 6 Select Agent Host > Edit Agent Host. 7 Select View Connection Server from the list and deselect the Node Secret Created check box. Node Secret Created is selected by default each time you edit it. 8 Click OK.
Chapter 7 Setting Up User Authentication The Log in as current user feature has the following limitations and requirements: n When smart card authentication is set to Required on a View Connection Server instance, authentication fails for users who select the Log in as current user check box when they connect to the View Connection Server instance. These users must reauthenticate with their smart card and PIN when they log in to View Connection Server.
VMware Horizon View Administration 174 VMware, Inc.
Configuring Policies 8 You can configure policies to control the behavior of View components, desktop pools, and desktop users. You use View Administrator to set policies for client sessions and you use Active Directory group policy settings to control the behavior of View components and certain features.
VMware Horizon View Administration n View Policies on page 177 You can configure View policies to affect all client sessions, or you can apply them to affect specific desktops or users. n Local Mode Policies on page 178 You can configure local mode policies to affect all client sessions, or you can apply them to specific desktops or users. Configure Global Policy Settings You can configure global policies to control the behavior of all client sessions users.
Chapter 8 Configuring Policies Configure Policies for Desktop Users You can configure user-level policies to affect specific users. User-level policy settings always take precedence over their equivalent global and desktop-level policy settings. Prerequisites Familiarize yourself with the policy descriptions. See “View Policies,” on page 177. Procedure 1 In View Administrator, select Inventory > Pools. 2 Double-click the ID of the desktop pool and click the Policies tab.
VMware Horizon View Administration Table 8-1. View Policies (Continued) Policy Description Remote mode Determines whether users can connect to and use desktops running on vCenter Server instances. If set to Deny, users must check out the desktop on their local computers and run the desktop only in local mode. Restricting users to running desktops only in local mode reduces the costs associated with CPU, memory, and network bandwidth requirements of running the desktop on a back-end server.
Chapter 8 Configuring Policies Table 8-2. Local Mode Policies (Continued) Policy Description Target replication frequency Specifies the interval in days, hours, or minutes between the start of one replication and the start of the next replication. A replication copies any changes in local desktop files to the corresponding remote desktop or View Composer persistent disk in the datacenter. The default value is the No replication setting.
VMware Horizon View Administration You use the Microsoft Windows Group Policy Object Editor to manage group policy settings. The Group Policy Object Editor is a Microsoft Management Console (MMC) snap-in. The MMC is part of the Microsoft Group Policy Management Console (GPMC). See the Microsoft TechNet Web site for information on installing and using the GPMC. Creating an OU for View Desktops You should create an organizational unit (OU) in Active Directory specifically for your View desktops.
Chapter 8 Configuring Policies View ADM Template Files The View ADM template files are installed in the install_directory\VMware\VMware View\Server\extras\GroupPolicyFiles directory on your View Connection Server host. Table 8-3. View ADM Template Files Template Name Template File Description VMware View Agent Configuration vdm_agent.adm Contains policy settings related to the authentication and environmental components of View Agent. VMware View Client Configuration vdm_client.
VMware Horizon View Administration Table 8-4. View Agent Configuration Template Settings Setting Computer AllowDirectRDP X User Properties Determines whether non-View clients can connect directly to View desktops with RDP. When this setting is disabled, View Agent permits only View-managed connections through View Client. When connecting to a virtual desktop from View Client for Mac OS X, do not disable the AllowDirectRDP setting.
Chapter 8 Configuring Policies Table 8-4. View Agent Configuration Template Settings (Continued) Setting Computer User Properties Disable Time Zone Synchronization X X Determines whether the time zone of the View desktop is synchronized with the time zone of the connected client. An enabled setting applies only if the Disable time zone forwarding setting of the View Client Configuration policy is not set to disabled. This setting is disabled by default.
VMware Horizon View Administration Table 8-5. View Agent Configuration Template: Device-Splitting Settings Setting Properties Allow Auto Device Splitting Allows the automatic splitting of composite USB devices. The default value is undefined. Exclude Vid/Pid Device From Split Excludes a composite USB device specified by vendor and product IDs from splitting. The format of the setting is {m|o}:vid-xxx1_pid-yyy2[;vid-xxx2_pid-yyy2]... You must specify ID numbers in hexadecimal.
Chapter 8 Configuring Policies Table 8-6. View Agent Configuration Template: Agent-Enforced Settings (Continued) Setting Properties Exclude Vid/Pid Device Excludes devices with specified vendor and product IDs from being forwarded. The format of the setting is {m|o}:vid-xxx1_pid-yyy2[;vid-xxx2_pid-yyy2]... You must specify ID numbers in hexadecimal. You can use the wildcard character (*) in place of individual digits in an ID.
VMware Horizon View Administration C:\Scripts\myscript.cmd To run scripts that require console access, prepend the -C or -c option followed by a space. For example: -c C:\Scripts\Cli_clip.cmd -C e:\procexp.exe Supported file types include .CMD, .BAT, and .EXE. .VBS files will not run unless they are parsed with cscript.exe or wscript.exe. For example: -C C:\WINDOWS\system32\wscript.exe C:\Scripts\checking.
Chapter 8 Configuring Policies Table 8-8. Client System Information (Continued) Registry Key Description Client Systems Supported ViewClient_Broker_DNS_Name The DNS name of the View Connection Server instance. Windows Linux Mac ViewClient_Broker_URL The URL of the View Connection Server instance. Windows Linux Mac ViewClient_Broker_Tunneled The status of the tunnel connection for the View Connection Server, which can be either true (enabled) or false (disabled).
VMware Horizon View Administration Table 8-9. View Client Configuration Template: Scripting Definitions (Continued) Setting Description DesktopLayout Specifies the layout of the View Client window that a user sees when logging into a View desktop. The layout choices are as follows: n Full Screen n Multimonitor n Window - Large n Window - Small This setting is available only when the DesktopName to select setting is also set.
Chapter 8 Configuring Policies Table 8-10. View Client Configuration Template: Security Settings Setting Computer User Description Allow command line credentials X Determines whether user credentials can be provided with View Client command line options. If this setting is enabled, the smartCardPIN and password options are not available when users run View Client from the command line. This setting is enabled by default.
VMware Horizon View Administration Table 8-10. View Client Configuration Template: Security Settings (Continued) Setting Computer Certificate verification mode X User Description Configures the level of certificate checking that is performed by View Client. You can select one of these modes: n No Security. View does not perform certificate checking. n Warn But Allow.
Chapter 8 Configuring Policies Table 8-10. View Client Configuration Template: Security Settings (Continued) Setting Computer User Description Default value of the 'Log in as current user' checkbox X X Specifies the default value of the Log in as current user check box on the View Client connection dialog box. This setting overrides the default value specified during View Client installation.
VMware Horizon View Administration Table 8-10. View Client Configuration Template: Security Settings (Continued) Setting Computer User Description Ignore incorrect SSL certificate common name (host name field) X Determines whether errors that are associated with incorrect server certificate common names are ignored. These errors occur when the common name on the certificate does not match the hostname of the server that sends it. This setting applies to View 4.6 and earlier releases only.
Chapter 8 Configuring Policies Table 8-11. View Client Configuration Administrative Template: RDP Settings (Continued) Setting Description Bitmap cache file size in unit for number bpp bitmaps Specifies the size of the bitmap cache, in kilobytes or megabytes, to use for specific bits per pixel (bpp) bitmap color settings.
VMware Horizon View Administration Table 8-11. View Client Configuration Administrative Template: RDP Settings (Continued) Setting Description Font smoothing (Windows Vista or later) Determines whether antialiasing is applied to the fonts on the View desktop. Menu and window animation Determines whether animation for menus and windows is enabled when clients connect to a View desktop.
Chapter 8 Configuring Policies Table 8-12. View Client Configuration Template: General Settings Setting Computer User Description Always on top X Determines whether the View Client window is always the topmost window. Enabling this setting prevents the Windows taskbar from obscuring a full-screen View Client window. This setting is enabled by default. Default Exit Behavior For Local Mode Desktops X Controls the default exit behavior of desktops that are running in local mode.
VMware Horizon View Administration Table 8-12. View Client Configuration Template: General Settings (Continued) Setting Computer User Redirect smart card readers in Local Mode X Determines whether smart card readers are redirected to local desktops. The readers are shared with the client system. This setting is enabled by default. Tunnel proxy bypass address list X Specifies a list of tunnel addresses. The proxy server is not used for these addresses.
Chapter 8 Configuring Policies Table 8-14 describes each policy setting for filtering USB devices in the View Client Configuration ADM template file. The settings apply at computer level. View Client preferentially reads the settings from the GPO at computer level, and otherwise from the registry at HKLM\Software\Policies\VMware, Inc.\VMware VDM\Client\USB. For a description of how View applies the policies for filtering USB devices, see “Configuring Filter Policy Settings for USB Devices,” on page 201.
VMware Horizon View Administration Table 8-14. View Client Configuration Template: USB Filtering Settings (Continued) Setting Properties Exclude Vid/Pid Device Excludes devices with specified vendor and product IDs from being redirected. The format of the setting is vid-xxx1_pid-yyy2[;vid-xxx2_pid-yyy2]... You must specify ID numbers in hexadecimal. You can use the wildcard character (*) in place of individual digits in an ID.
Chapter 8 Configuring Policies Table 8-15. Compatibility of USB Policy Settings View Agent Version View Client Version 5.1 or later 5.1 or later USB policy settings are applicable to both View Agent and View Client. You can use View Agent USB policy settings to block USB devices from being forwarded to a desktop. View Agent can send device splitting and filtering policy settings to View Client.
VMware Horizon View Administration View applies the device splitting policy settings before it applies any filter policy settings. If you have enabled automatic splitting and do not explicitly exclude a composite USB device from being split by specifying its vendor and product IDs, View examines each interface of the composite USB device to decide which interfaces should be excluded or included according to the filter policy settings.
Chapter 8 Configuring Policies Examples of Setting Policies to Split Composite USB Devices Set splitting policies for desktops to exclude devices with a specific vendor and product IDs from redirection after automatic splitting and pass these policies to client computers. Table 8-19. Use View Agent Policies to Specify Device Splitting Policy Settings USB Splitting Policies on View Agent USB Splitting Policies on View Client Exclude VidPid From Split set to o:vid-xxxx_pid-yyyy.
VMware Horizon View Administration Table 8-22.
Chapter 8 Configuring Policies Table 8-25.
VMware Horizon View Administration n Include Device Family n Agent-enforced Exclude All Devices policy set to exclude or include all USB devices View Agent enforces this limited set of filter policy settings on its side of the connection. By defining filter policy settings for View Agent, you can create a filtering policy for non-managed client computers.
Chapter 8 Configuring Policies Table 8-29. USB Device Families (Continued) Device Family Name Description keyboard Keyboard device. mouse Pointing device such as a mouse. other Family not specified. pda Personal digital assistants. physical Force feedback devices such as force feedback joysticks. printer Printing devices. security Security devices such as fingerprint readers. smart-card Smart-card devices. storage Mass storage devices such as flash drives and external hard disk drives.
VMware Horizon View Administration View Common Configuration ADM Template Settings The View Common Configuration ADM template file (vdm_common.adm) contains policy settings common to all View components. This template contains only Computer Configuration settings. Log Configuration Settings Table 8-31 describes the log configuration policy setting in the View Common Configuration ADM template file. Table 8-31.
Chapter 8 Configuring Policies Table 8-32. View Common Configuration Template: Performance Alarm Settings (Continued) Setting Properties Process memory usage percentage to issue log info Specifies the threshold at which the memory usage of any individual process is logged. Process to check, comma separated name list allowing wild cards and exclusion Specifies a comma-separated list of queries that correspond to the name of one or more processes to be examined.
VMware Horizon View Administration n View PCoIP General Session Variables on page 208 The View PCoIP Session Variables ADM template file contains group policy settings that configure general session characteristics such as PCoIP image quality, USB devices, and network ports. n View PCoIP Session Bandwidth Variables on page 214 The View PCoIP Session Variables ADM template file contains group policy settings that configure PCoIP session bandwidth characteristics.
Chapter 8 Configuring Policies Table 8-34. View PCoIP General Session Variables (Continued) Setting Description Configure PCoIP image quality levels Controls how PCoIP renders images during periods of network congestion. The Minimum Image Quality, Maximum Initial Image Quality, and Maximum Frame Rate values interoperate to provide fine control in network-bandwidth constrained environments. Use the Minimum Image Quality value to balance image quality and frame rate for limited-bandwidth scenarios.
VMware Horizon View Administration Table 8-34. View PCoIP General Session Variables (Continued) Setting Description Configure PCoIP USB allowed and unallowed device rules Specifies the USB devices that are authorized and not authorized for PCoIP sessions that use a zero client that runs Teradici firmware. USB devices that are used in PCoIP sessions must appear in the USB authorization table. USB devices that appear in the USB unauthorization table cannot be used in PCoIP sessions.
Chapter 8 Configuring Policies Table 8-34. View PCoIP General Session Variables (Continued) Setting Description Configure PCoIP virtual channels Specifies the virtual channels that can and cannot operate over PCoIP sessions. This setting also determines whether to disable clipboard processing on the PCoIP host. Virtual channels that are used in PCoIP sessions must appear on the virtual channel authorization list.
VMware Horizon View Administration Table 8-34. View PCoIP General Session Variables (Continued) Setting Description Configure the PCoIP transport header Configures the PCoIP transport header and sets the transport session priority. The PCoIP transport header is a 32-bit header that is added to all PCoIP UDP packets (only if the transport header is enabled and supported by both sides).
Chapter 8 Configuring Policies Table 8-34. View PCoIP General Session Variables (Continued) Setting Description Enable access to a PCoIP session from a vSphere console Determines whether to allow a vSphere Client console to display an active PCoIP session and send input to the desktop. By default, when a client is attached through PCoIP, the vSphere Client console screen is blank and the console cannot send input.
VMware Horizon View Administration View PCoIP Session Bandwidth Variables The View PCoIP Session Variables ADM template file contains group policy settings that configure PCoIP session bandwidth characteristics. Table 8-35. View PCoIP Session Bandwidth Variables 214 Setting Description Configure the maximum PCoIP session bandwidth Specifies the maximum bandwidth, in kilobits per second, in a PCoIP session. The bandwidth includes all imaging, audio, virtual channel, USB, and control PCoIP traffic.
Chapter 8 Configuring Policies Table 8-35. View PCoIP Session Bandwidth Variables (Continued) Setting Description Configure the PCoIP session audio bandwidth limit Specifies the maximum bandwidth that can be used for audio (sound playback) in a PCoIP session. The audio processing monitors the bandwidth used for audio. The processing selects the audio compression algorithm that provides the best audio possible, given the current bandwidth utilization.
VMware Horizon View Administration View PCoIP Session Variables for the Keyboard The View PCoIP Session Variables ADM template file contains group policy settings that configure PCoIP session characteristics that affect the use of the keyboard. Table 8-36.
Chapter 8 Configuring Policies Table 8-36. View PCoIP Session Variables for the Keyboard (Continued) Setting Description Use alternate key for sending Secure Attention Sequence Specifies an alternate key, instead of the Insert key, for sending a Secure Attention Sequence (SAS). You can use this setting to preserve the Ctrl+Alt+Ins key sequence in virtual machines that are launched from inside a View desktop during a PCoIP session.
VMware Horizon View Administration n Maintains responsiveness by reducing screen update latency n Resumes maximum image quality when the network is no longer congested The PCoIP protocol is efficient enough to provide the build-to-lossless feature in all conditions, which allows this feature to stay on by default. You can disable the build-to-lossless feature by setting the Turn off Build-to-Lossless feature group policy setting. See “View PCoIP Session Bandwidth Variables,” on page 214.
Chapter 8 Configuring Policies Procedure 1 Copy the appropriate version of TPVMGPoACmap.dll to your Active Directory server or to the domain computer that you use to configure group policies. 2 Use the regsvr32 utility to register the TPVMGPoACmap.dll file. For example: regsvr32 "C:\TPVMGPoACmap.dll" What to do next Configure the group policy setting for location-based printing.
VMware Horizon View Administration 4 Select Enabled to enable the group policy setting. The translation table headings and buttons appear in the group policy window. IMPORTANT Clicking Disabled deletes all table entries. As a precaution, save your configuration so that you can import it later. 5 Add the printers that you want to map to View desktops and define their associated translation rules. 6 Click OK to save your changes.
Chapter 8 Configuring Policies Table 8-37. Translation Table Columns and Values (Continued) Column Description IP Port/ThinPrint Port For network printers, the IP address of the printer prepended with IP_. For example: IP_10.114.24.1 Indicates whether the printer is the default printer. Default You use the buttons that appear above the column headings to add, delete, and move rows and save and import table entries. Each button has an equivalent keyboard shortcut.
VMware Horizon View Administration Table 8-39. General Terminal Services Policy Settings Setting Description Enforce Removal of Remote Desktop Wallpaper Enabling this setting enforces the removal of wallpaper during a remote session, enhancing the user experience over lowbandwidth connections. Limit maximum color depth Enabling this setting lets you specify the color depth of View desktop sessions.
Chapter 8 Configuring Policies 2 Create GPOs for View Group Policies on page 223 Create GPOs to contain group policies for View components and location-based printing and link them to the OU for your View desktops. 3 Add View ADM Templates to a GPO on page 224 To apply View component group policy settings to your View desktops, add their ADM template files to GPOs.
VMware Horizon View Administration Procedure 1 On the Active Directory server, navigate to the OU and open the GPO editor. AD Version Navigation Path Windows 2003 a b c d Windows 2008 2 a b Select Start > All Programs > Administrative Tools > Active Directory Users and Computers. Right-click the OU that contains your View desktops and select Properties. On the Group Policy tab, click Open to open the Group Policy Management plug-in. Right-click the OU and select Create and Link a GPO Here.
Chapter 8 Configuring Policies 2 On the Active Directory server, edit the GPO. AD Version Navigation Path Windows 2003 a b c d Windows 2008 a b Select Start > All Programs > Administrative Tools > Active Directory Users and Computers. Right-click the OU that contains your View desktops and select Properties. On the Group Policy tab, click Open to open the Group Policy Management plug-in. In the right pane, right-click the GPO that you created for the group policy settings and select Edit.
VMware Horizon View Administration Procedure 1 On the Active Directory server, edit the GPO. AD Version Navigation Path Windows 2003 a b c d Windows 2008 a b Select Start > All Programs > Administrative Tools > Active Directory Users and Computers. Right-click the OU that contains your View desktops and select Properties. On the Group Policy tab, click Open to open the Group Policy Management plug-in.
Configuring User Profiles with View Persona Management 9 With View Persona Management, you can configure user profiles that are dynamically synchronized with a remote profile repository. This feature gives users access to a personalized desktop experience whenever they log in to a desktop. View Persona Management expands the functionality and improves the performance of Windows roaming profiles, but does not require Windows roaming profiles to operate.
VMware Horizon View Administration A user profile comprises a variety of user-generated information: n User-specific data and desktop settings n Application data and settings n Windows registry entries configured by user applications Also, if you provision desktops with ThinApp applications, the ThinApp sandbox data can be stored in the user profile and roamed with the user. View Persona Management minimizes the time it takes to log in to and log off of desktops.
Chapter 9 Configuring User Profiles with View Persona Management Migrating User Profiles with View Persona Management With View Persona Management, you can migrate existing user profiles in a variety of settings to View desktops. When users log in to their View desktops after a profile migration is complete, they are presented with the personal settings and data that they used on their legacy systems.
VMware Horizon View Administration Table 9-1. User Profile Migration Scenarios If This Is Your Original Deployment... And This Is Your Destination Deployment... Windows XP physical computers Windows 7 View desktops or Windows 8 View desktops Perform These Tasks: 1 2 3 Windows XP physical computers or virtual machines that use a roaming user profile solution.
Chapter 9 Configuring User Profiles with View Persona Management Table 9-1. User Profile Migration Scenarios (Continued) If This Is Your Original Deployment... And This Is Your Destination Deployment... Perform These Tasks: Windows XP physical computers or virtual machines. The legacy systems cannot have View Agent 5.x installed. Windows XP View desktops 1 2 3 4 Windows 7 or Windows 8 physical computers or virtual machines. The legacy systems cannot have View Agent 5.x installed.
VMware Horizon View Administration Configuring a View Persona Management Deployment To configure View Persona Management, you set up a remote repository that stores user profiles, install View Agent with the View Persona Management setup option on virtual machine desktops, add and configure View Persona Management group policy settings, and deploy desktop pools. You can also configure View Persona Management for a non-View deployment.
Chapter 9 Configuring User Profiles with View Persona Management Prerequisites Familiarize yourself with the guidelines for creating a user profile repository. See “Creating a Network Share for View Persona Management,” on page 233. Procedure 1 2 Determine whether to use an existing Active Directory user profile path or configure a user profile repository on a network share.
VMware Horizon View Administration n You must create the full profile path under which the user profile folders will be created. If part of the path does not exist, Windows creates the missing folders when the first user logs in and assigns the user's security restrictions to those folders. Windows assigns the same security restrictions to every folder it creates under that path. For example, for user1 you might configure the View Persona Management path \\server\VPRepository\profiles\user1.
Chapter 9 Configuring User Profiles with View Persona Management What to do next Add the View Persona Management ADM Template file to your Active Directory server or the Local Computer Policy configuration on the virtual machine itself. See “Add the View Persona Management ADM Template File,” on page 236.
VMware Horizon View Administration What to do next Add the View Persona Management ADM Template file to your Active Directory or local group policy configuration. Add the View Persona Management ADM Template File The View Persona Management Administrative (ADM) Template file contains group policy settings that allow you to configure View Persona Management. Before you can configure the policies, you must add the ADM Template file to the local systems or Active Directory server.
Chapter 9 Configuring User Profiles with View Persona Management 5 Browse to the directory that contains the ADM Template file, ViewPM.adm. Installation Type Directory View Agent with the View Persona Management setup option install_directory\VMware\VMware View\Agent\bin The ViewPM.adm file is also installed with the other View ADM Template files in the install_directory\VMware\VMware View\Server\extras\GroupPolicyFiles directory on the View Connection Server host.
VMware Horizon View Administration 6 Click Add, browse to the ViewPM.adm file, and click Open. 7 Click Close to apply the policy settings in the ADM Template file to the GPO. The name of the template appears in the left pane under Administrative Templates. What to do next Configure the View Persona Management group policy settings on your Active Directory server.
Chapter 9 Configuring User Profiles with View Persona Management 5 Type the profile upload interval, in minutes, and click OK. The profile upload interval determines how often View Persona Management copies user profile changes to the remote repository. The default upload interval is 10 minutes. 6 Double-click Persona repository location and click Enabled. If you have an existing Windows roaming profiles deployment, you can use an Active Directory user profile path for the remote profile repository.
VMware Horizon View Administration NOTE After you deploy View Persona Management on your View desktops, if you remove the View Persona Management setup option on the desktops, or uninstall View Agent altogether, the local user profiles are removed from the desktops of users who are not currently logged in. For users who are currently logged in, the user profiles are downloaded from the remote profile repository during the uninstall process.
Chapter 9 Configuring User Profiles with View Persona Management If %username% is the last subfolder in the path, the user's name appears as the folder name. For example, instead of seeing a My Videos folder on the desktop, the user JDoe sees a folder named JDoe and cannot easily identify the folder. Additional Best Practices You can also follow these recommendations: n By default, many antivirus products do not scan offline files.
VMware Horizon View Administration Configuring View Composer Persistent Disks with View Persona Management With View Composer persistent disks, you can preserve user data and settings while you manage linked-clone OS disks with refresh, recompose, and rebalance operations. Configuring persistent disks can enhance the performance of View Persona Management when users generate a large amount of persona information. You can configure persistent disks only with dedicated-assignment, linked-clone desktops.
Chapter 9 Configuring User Profiles with View Persona Management 2 For standalone laptops, you must use a non-View method to notify users when they log in. For example, you might distribute this message: Your personal data is dynamically downloaded to your laptop after you log in. Make sure your personal data has finished downloading before you disconnect your laptop from the network. A "Background download complete" notice pops up when your personal data finishes downloading.
VMware Horizon View Administration Roaming and Synchronization Group Policy Settings The roaming and synchronization group policy settings turn View Persona Management on and off, set the location of the remote profile repository, determine which folders and files belong to the user profile, and control how to synchronize folders and files.
Chapter 9 Configuring User Profiles with View Persona Management Group Policy Setting Files and folders to preload Description Specifies a list of files and folders that are downloaded to the local user profile when the user logs in. Changes in the files are copied to the remote repository as they occur. In some situations, you might want to preload specific files and folders into the locally stored user profile. Use this setting to specify these files and folders.
VMware Horizon View Administration Group Policy Setting Description Folders to background download The selected folders are downloaded in the background after a user logs in to the desktop. In certain cases, you can optimize View Persona Management by downloading the contents of specific folders in the background. With this setting, users do not have to wait for large files to download when they start an application.
Chapter 9 Configuring User Profiles with View Persona Management n Folder redirection applies only to applications that use the Windows shell APIs to redirect common folder paths. For example, if an application writes a file to %USERPROFILE%\AppData\Roaming, the file is written to the local profile and not redirected to the network location. You can specify folder paths that are excluded from folder redirection. See Table 9-3.
VMware Horizon View Administration Table 9-3. Folders Excluded from Folder Redirection Group Policy Setting Description Files and Folders excluded from Folder Redirection The selected file and folder paths are not redirected to a network share. In some scenarios, specific files and folders must remain in the local user profile. To add a folder path to the Files and Folders excluded from Folder Redirection list, enable this setting, click Show, type the path name, and click OK.
Chapter 9 Configuring User Profiles with View Persona Management Logging Group Policy Settings The logging group policy settings determine the name, location, and behavior of the View Persona Management log files. Group Policy Setting Logging filename Description Specifies the full pathname of the local View Persona Management log file. On Windows 8 and Windows 7 computers, the default path is ProgramData\VMware\VDM\logs\filename. On Windows XP computers, the default path is All Users\Application Data\VMw
VMware Horizon View Administration 250 VMware, Inc.
Managing Linked-Clone Desktops 10 With View Composer, you can update linked-clone desktops, reduce the size of their operating system data, and rebalance the linked-clone virtual machines among disk drives. You also can manage the View Composer persistent disks associated with linked clones. n Reduce Linked-Clone Size with Desktop Refresh on page 251 A desktop refresh operation restores the operating system disk of each linked clone to its original state and size, reducing storage costs.
VMware Horizon View Administration If you force users to log off, View Manager notifies users before they are disconnected and allows them to close their applications and log off. If you force users to log off, the maximum number of concurrent refresh operations on desktops that require logoffs is half the value of the Max concurrent View Composer maintenance operations setting.
Chapter 10 Managing Linked-Clone Desktops n You cannot refresh desktops that are running local sessions. n A refresh can only occur when users are disconnected from their View desktops. n A refresh preserves the unique computer information set up by QuickPrep or Sysprep. You do not need to rerun Sysprep after a refresh to restore the SID or the GUIDs of third-party software installed in the system drive.
VMware Horizon View Administration Procedure 1 In vCenter Server, update the parent virtual machine for the recomposition. n Install OS patches or service packs, new applications, application updates, or make other changes in the parent virtual machine. n Alternatively, prepare another virtual machine to be selected as the new parent during the recomposition. 2 In vCenter Server, power off the updated or new parent virtual machine. 3 In vCenter Server, take a snapshot of the parent virtual machine.
Chapter 10 Managing Linked-Clone Desktops Procedure 1 In View Administrator, click Inventory > Pools. 2 Select the pool to recompose by double-clicking the pool ID in the left column. 3 Choose whether to recompose the whole pool or selected desktops. Option Action To recompose all desktops in the pool On the selected pool's page, click the Settings tab. To recompose selected desktops a b On the selected pool's page, click the Inventory tab. Select the desktops to recompose.
VMware Horizon View Administration 2 Initiate the recompose operation. The recompose operation ignores desktops that are in local mode. 3 Publish the recomposed base image to the Transfer Server repository. The linked-clone desktops are updated with the new base image. The next time users check out their linked-clone desktops, View Transfer Server downloads the updated base image from the Transfer Server repository to the client computers.
Chapter 10 Managing Linked-Clone Desktops n You can set a minimum number of ready, provisioned desktops that remain available for users to connect to during the recompose operation. See “Keeping Linked-Clone Desktops Provisioned and Ready During View Composer Operations,” on page 117. NOTE If you used a Sysprep customization specification to customize the linked clones when you created the desktop pool, new SIDs might be generated for the recomposed virtual machines.
VMware Horizon View Administration n Decide when to schedule the rebalance operation. By default, View Composer starts the operation immediately. You can schedule only one rebalance operation at a time for a given set of linked clones. You can schedule multiple rebalance operations if they affect different linked clones. n Decide whether to force all users to log off as soon as the operation begins or wait for each user to log off before rebalancing that user's desktop.
Chapter 10 Managing Linked-Clone Desktops n You can rebalance selected linked clones or all clones in a pool. n You can rebalance a desktop pool on demand or as a scheduled event. You can schedule only one rebalance operation at a time for a given set of linked clones. If you start a rebalance operation immediately, the operation overwrites any previously scheduled task. You can schedule multiple rebalance operations if they affect different linked clones.
VMware Horizon View Administration Filenames of Linked-Clone Disks After a Rebalance Operation When you rebalance linked-clone desktops, vCenter Server changes the filenames of View Composer persistent disks and disposable-data disks in linked clones that are moved to a new datastore. The original filenames identify the disk type. The renamed disks do not include the identifying labels. An original persistent disk has a filename with a user-disk label: desktop_name-vdm-user-disk-D-ID.vmdk.
Chapter 10 Managing Linked-Clone Desktops Detach a View Composer Persistent Disk When you detach a View Composer persistent disk from a linked-clone desktop, the disk is stored and the linked clone is deleted. By detaching a persistent disk, you can store and reuse user-specific information with another desktop. Procedure 1 In View Administrator, click Inventory > Persistent disks. 2 Select the persistent disk to detach. 3 Click Detach. 4 Choose where to store the persistent disk.
VMware Horizon View Administration What to do next Make sure that the user of the linked-clone desktop has sufficient privileges to use the attached secondary disk. For example, if the original user had certain access permissions on the persistent disk, and the persistent disk is attached as drive D on the new desktop, the new desktop user must have the original user's access permissions on drive D.
Chapter 10 Managing Linked-Clone Desktops 3 Select the persistent disk. You can select multiple persistent disks to recreate a linked-clone desktop for each disk. 4 Click Recreate Desktop. 5 Click OK. View Manager creates a linked-clone desktop for each persistent disk you select and adds the desktop to the original pool. The persistent disks remain on the datastore where they were stored.
VMware Horizon View Administration 2 Click the Detached tab. 3 Select the persistent disk. 4 Click Delete. 5 Choose whether to delete the disk from the datastore or let it remain on the datastore after it is removed from View Manager. 6 264 Option Description Delete from disk After the deletion, the persistent disk no longer exists. Delete from View Manager only After the deletion, the persistent disk is no longer accessible in View Manager but remains on the datastore. Click OK.
Managing Desktops and Desktop Pools 11 In View Administrator, you can manage desktop pools, virtual-machine desktops, and desktop sessions. This chapter includes the following topics: n “Managing Desktop Pools,” on page 265 n “Reducing Adobe Flash Bandwidth,” on page 271 n “Managing Virtual-Machine Desktops,” on page 272 n “Export View Information to External Files,” on page 278 Managing Desktop Pools You can edit, disable, and delete desktop pools in View Administrator.
VMware Horizon View Administration Modifying Settings in an Existing Desktop Pool After you create a desktop pool, you can change certain configuration settings. Table 11-1. Editable Settings in an Existing Desktop Pool Configuration Tab Description General Edit pool-naming options. Pool Settings Edit desktop settings such as the remote desktop power policy, display protocol, and Adobe Flash settings. Provisioning Settings Edit pool-provisioning options and add desktops to the pool.
Chapter 11 Managing Desktops and Desktop Pools Table 11-2. Fixed Settings in an Existing Desktop Pool (Continued) Setting Description Type of virtual machine You cannot switch between full desktops and linked-clone desktops. Pool ID You cannot change the pool ID. Desktop-naming and provisioning method To add desktops to a pool, you must use the provisioning method that was used to create the pool. You cannot switch between specifying desktop names manually and using a naming pattern.
VMware Horizon View Administration Add Desktops to an Automated Pool Provisioned by a List of Names To add desktops to an automated pool provisioned by manually specifying desktop names, you provide another list of new desktop names. This feature lets you expand a desktop pool and continue to use your company's naming conventions. Follow these guidelines for manually adding desktop names: n Type each desktop name on a separate line. n A desktop name can have up to 15 alphanumeric characters.
Chapter 11 Managing Desktops and Desktop Pools In vCenter Server, you can monitor the creation of the new virtual machines. In View Administrator, you can view the desktops as they are added to the pool by clicking Inventory > Pools or Inventory > Desktops. Disable or Enable a Desktop Pool When you disable a desktop pool, the pool is no longer presented to users and pool provisioning is stopped. Users have no access to the pool. After you disable a pool, you can enable it again.
VMware Horizon View Administration With linked-clone desktops, vCenter Server always deletes the virtual machines from disk. IMPORTANT Do not delete the virtual machines in vCenter Server before you delete a desktop pool with View Administrator. This action could put View components into an inconsistent state. Procedure 1 In View Administrator, click Inventory > Pools. 2 Select a desktop pool and click Delete. 3 Choose how to delete the pool.
Chapter 11 Managing Desktops and Desktop Pools Reducing Adobe Flash Bandwidth You can reduce the amount of bandwidth used by Adobe Flash content that runs in View desktop sessions. This reduction can improve the overall browsing experience and make other applications that run in the desktop more responsive. Configure Adobe Flash Quality and Throttling You can set Adobe Flash quality and throttling modes to reduce the amount of bandwidth that is used by Adobe Flash content in View desktops.
VMware Horizon View Administration Table 11-4. Adobe Flash Throttling Settings Throttling Setting Description Disabled No throttling is performed. The timer interval is not modified. Conservative Timer interval is 100 milliseconds. This setting results in the lowest number of dropped frames. Moderate Timer interval is 500 milliseconds. Aggressive Timer interval is 2500 milliseconds. This setting results in the highest number of dropped frames.
Chapter 11 Managing Desktops and Desktop Pools 3 Select a desktop. If you intend to send a message to users, you can select mutiple desktops. You can perform the other operations on only one desktop at a time. 4 Choose whether to disconnect, log off, restart the session, or send a message. Option Description Disconnect Session Disconnects the user from the desktop. The session remains active.
VMware Horizon View Administration 5 Select the user or group name and click OK. Unassign a User from a Dedicated Desktop In a dedicated-assignment pool, you can remove a desktop assignment to a user. You can also use the vdmadmin command to remove a desktop assignment to a user. See “Assigning Dedicated Desktops Using the -L Option,” on page 418. Prerequisites Verify that the desktop is not checked out for use in local mode.
Chapter 11 Managing Desktops and Desktop Pools Procedure 1 In View Administrator, click Dashboard. 2 In the Desktop Status pane, expand a status folder. 3 Option Description Preparing Lists the desktop states while the virtual machine is being provisioned, deleted, or in maintenance mode. Problem Desktops Lists the desktop error states. Prepared for use Lists the desktop states when the desktop is ready for use. Locate the desktop status and click the hyperlinked number next to it.
VMware Horizon View Administration Table 11-5. Status of Virtual-Machine Desktops That Are Managed by vCenter Server (Continued) 276 Status Type of State Description Agent disabled Agent state This state can occur in two cases. First, in a desktop pool with the Delete or refresh desktop on logoff or Delete desktop after logoff setting enabled, a desktop session is logged out, but the virtual machine is not yet refreshed or deleted.
Chapter 11 Managing Desktops and Desktop Pools Table 11-5. Status of Virtual-Machine Desktops That Are Managed by vCenter Server (Continued) Status Type of State Description Checking in Local mode A virtual machine that is checked out for use in local mode is being checked in to the vCenter Server virtual machine in the datacenter. Replicating Local mode The virtual machine is checked out for use in local mode and is replicating data to the vCenter Server virtual machine in the datacenter.
VMware Horizon View Administration Procedure 1 In View Administrator, click Inventory > Desktops. 2 Select one or more desktops and click Remove. 3 Choose how to delete the desktops. Option Description Pool that contains full virtualmachine desktops Choose whether to keep or delete the virtual machines in vCenter Server. If you delete the virtual machines from disk, users in active sessions are disconnected from their desktops.
Chapter 11 Managing Desktops and Desktop Pools 2 Click the Export icon in the upper right corner of the table. When you point your mouse at the icon, it displays the Export table contents tooltip. 3 Type a filename for the csv file in the Select location for download dialog. The default filename is global_table_data_export.csv. 4 Browse to a location to store the file. 5 Click Save. What to do next Open a spreadsheet or another tool to view the csv file. VMware, Inc.
VMware Horizon View Administration 280 VMware, Inc.
Managing Physical Computers and Terminal Servers 12 In View Administrator, you can add, remove, and unregister View desktops that are not managed by vCenter Server. Unmanaged desktop sources include virtual machines that are not managed by vCenter Server, physical computers, blade PCs, and Microsoft Terminal Services sources. NOTE When you reconfigure a setting that affects an unmanaged desktop source, it can take up to 10 minutes for the new setting to take effect.
VMware Horizon View Administration Remove an Unmanaged Desktop Source from a Pool You can reduce the size of a manual desktop pool that uses unmanaged desktop sources by removing desktop sources from the pool. Procedure 1 In View Administrator, click Inventory > Pools. 2 Double-click a pool ID and select the Inventory tab. 3 Select the desktop sources to remove. 4 Click Remove.
Chapter 12 Managing Physical Computers and Terminal Servers Unregister an Unmanaged Desktop Source All desktop sources that vCenter Server manages are registered when you install View Agent. You can unregister only unmanaged desktop sources. Unmanaged desktop sources include virtual machines that are not managed by vCenter Server, physical computers, blade PCs, and Terminal Services sources. When you unregister a desktop source, it becomes unavailable in View Manager.
VMware Horizon View Administration 284 VMware, Inc.
Managing ThinApp Applications in View Administrator 13 You can use View Administrator to distribute and manage applications packaged with VMware ThinApp™. Managing ThinApp applications in View Administrator involves capturing and storing application packages, adding ThinApp applications to View Administrator, and assigning ThinApp applications to desktops and pools. You must have a license to use the ThinApp management feature in View Administrator.
VMware Horizon View Administration n Make sure that a disjoint namespace does not prevent domain member computers from accessing the network share that hosts the MSI packages. A disjoint namespace occurs when an Active Directory domain name is different from the DNS namespace that is used by machines in that domain. See VMware Knowledge Base (KB) article 1023309 for more information.
Chapter 13 Managing ThinApp Applications in View Administrator Procedure 1 Start the ThinApp Setup Capture wizard and follow the prompts in the wizard. 2 When the ThinApp Setup Capture wizard prompts you for a project location, select Build MSI package. 3 If you plan to stream the application to View desktops, set the MSIStreaming property to 1 in the package.ini file.
VMware Horizon View Administration 2 Type a display name for the application repository in the Display name text box. 3 Type the path to the Windows network share that hosts your application packages in the Share path text box. The network share path must be in the form \\ServerComputerName\ShareName where ServerComputerName is the DNS name of the server computer. Do not specify an IP address. For example: \\server.domain.com\MSIPackages 4 Click Save to register the application repository with View Ad
Chapter 13 Managing ThinApp Applications in View Administrator Creating ThinApp templates is optional. NOTE If you add an application to a ThinApp template after assigning the template to a desktop or pool, View Administrator does not automatically assign the new application to the desktop or pool. If you remove an application from a ThinApp template that was previously assigned to a desktop or pool, the application remains assigned to the desktop or pool.
VMware Horizon View Administration n Assign Multiple ThinApp Applications to a Pool on page 293 You can assign one more ThinApp applications to a particular pool. n Assign a ThinApp Template to a Desktop or Pool on page 293 You can streamline the distribution of multiple ThinApp applications by assigning a ThinApp template to a desktop or pool.
Chapter 13 Managing ThinApp Applications in View Administrator Procedure 1 Select Inventory > ThinApps and select the ThinApp application. 2 From the Add Assignment drop-down menu, select Desktops. The desktops that the ThinApp application is not already assigned to appear in the table. Option 3 Action Find a specific desktop Type the name of the desktop in the Find text box and click Find.
VMware Horizon View Administration 5 Select an installation type and click OK. Option Action Streaming Installs a shortcut to the application on the desktop. The shortcut points to the application on the network share that hosts the repository. Users must have access to the network share to run the application. Full Installs the full application on the local file system. Some ThinApp applications do not support both installation types.
Chapter 13 Managing ThinApp Applications in View Administrator Assign Multiple ThinApp Applications to a Pool You can assign one more ThinApp applications to a particular pool. If you assign a ThinApp application to a linked-clone pool and later refresh, recompose, or rebalance the pool, View Administrator reinstalls the application for you. You do not have to manually reinstall the application. Prerequisites Scan an application repository and add selected ThinApp applications to View Administrator.
VMware Horizon View Administration 3 From the Add Assignment drop-down menu, select Desktops or Pools. All desktops or pools appear in the table. Option 4 Action Find a specific desktop or pool Type the name of the desktop or pool in the Find text box and click Find. Find all of the desktops or pools that follow the same naming convention Type a partial desktop or pool name in the Find text box and click Find.
Chapter 13 Managing ThinApp Applications in View Administrator Procedure u Select the ThinApp application assignments that you want to review. Option Action Review all of the desktops and pools that a particular ThinApp application is assigned to Select Inventory > ThinApps and double-click the name of the ThinApp application. The Assignments tab shows the desktops and pools that the application is currently assigned to, including the installation type.
VMware Horizon View Administration 4 Click Package Info to see detailed information about the MSI package. Maintaining ThinApp Applications in View Administrator Maintaining ThinApp applications in View Administrator involves tasks such as removing ThinApp application assignments, removing ThinApp applications and application repositories, and modifying and deleting ThinApp templates.
Chapter 13 Managing ThinApp Applications in View Administrator Remove Multiple ThinApp Application Assignments from a Desktop You can remove assignments to one or more ThinApp applications from a particular desktop. Prerequisites Notify the users of the desktop that you intend to remove the applications. Procedure 1 Select Inventory > Desktops and double-click the name of the desktop in the Desktop column.
VMware Horizon View Administration Remove a ThinApp Application from View Administrator When you remove a ThinApp application from View Administrator, you can no longer assign the application to desktops and pools. You might need to remove a ThinApp application if your organization decides to replace it with a different vendor's application. NOTE You cannot remove a ThinApp application if it is already assigned to a desktop or pool or if it is in the Pending Uninstall state.
Chapter 13 Managing ThinApp Applications in View Administrator Monitoring and Troubleshooting ThinApp Applications in View Administrator View Administrator logs events that are related to ThinApp application management to the Events and Reporting database. You can view these events on the Events tab in View Administrator. An event appears on the Events tab when the following situations occur.
VMware Horizon View Administration Solution n Verify that the application packages in the application repository are in MSI format. n Verify that the network share meets View requirements for ThinApp applications. See “View Requirements for ThinApp Applications,” on page 285 for more information. n Verify that the directories in the network share have the proper permissions. See “Cannot Register an Application Repository,” on page 299 for more information.
Chapter 13 Managing ThinApp Applications in View Administrator View Connection Server log files are located on the View Connection Server host in the drive:\Documents and Settings\All Users\Application Data\VMware\VDM\logs directory. Solution 1 In View Administrator, select Inventory > ThinApps. 2 Click the name of the ThinApp application. 3 On the Desktops tab, select the desktop and click Retry Install to reinstall the ThinApp application.
VMware Horizon View Administration n The MSI file was not created with ThinApp. n The MSI file was created or repackaged with an unsupported version of ThinApp. You must use ThinApp version 4.6 or later. Solution See the ThinApp User's Guide for information on troubleshooting problems with MSI packages.
Managing Local Desktops 14 To manage desktops that are used in local mode, you must set up the environment so that data is transferred when users check View desktops out to their local systems. You must also manage other tasks where data transfer occurs, such as desktop check-in, rollback, and backup, and set policies for which of these actions users can initiate.
VMware Horizon View Administration View desktops in local mode behave in the same way as their remote desktop equivalents, yet can take advantage of local resources. Latency is eliminated, and performance is enhanced. Users can disconnect from their local View desktop and log in again without connecting to the View Connection Server. After network access is restored, or when the user is ready, the checked-out virtual machine can be backed up, rolled back, or checked in.
Chapter 14 Managing Local Desktops The data on each local system is encrypted with AES. 128-bit encryption is the default, but you can configure 192-bit or 256-bit encryption. The desktop has a lifetime controlled through policy. If the client loses contact with View Connection Server, the maximum time without server contact is the period in which the user can continue to use the desktop before the user is refused access.
VMware Horizon View Administration 7 If you plan to use linked-clone desktops, publish the desktops' View Composer base image as a package in the Transfer Server repository. You can publish the base image when you create a pool or after the pool is created. 8 Verify that the Local Mode policy is set to Allow for the desktop pool. In View Administrator, go to the Policies tab for that pool.
Chapter 14 Managing Local Desktops 2 Set the Remote Mode View policy to Deny. Option Action All desktops and pools or a single pool In the Edit View Policies dialog box, set Remote Mode to Deny and click OK. Single user Complete the Add User wizard to specify the user and set Remote Mode to Deny. The desktop now requires a download and check out. What to do next If you want to prevent end users from checking the desktop in again, set the User-initiated check in policy to Deny.
VMware Horizon View Administration Best Practices for Deploying Local Desktops Best-practice recommendations address questions about the memory, processing power, and number of the various components that affect a local mode deployment. General Recommendations for Most Deployments Virtual machine configuration Desktops that run in local mode automatically adjust the amount of memory and processing power they use based on that available from the client computer.
Chapter 14 Managing Local Desktops Small Deployment with Minimal Capital Expenditure You can reduce the number of ESX/ESXi servers required for your deployment if you increase the number of virtual machines on each server. Use the following recommendations to reduce the amount of bandwidth and I/O operations required by each virtual machine and maximize the number of virtual machines on an ESX/ESXi host. n Set a View policy so that end users must use their View desktops in local mode only.
VMware Horizon View Administration Add View Transfer Server to View Manager View Transfer Server works with View Connection Server to transfer files and data between local desktops and the datacenter. Before View Transfer Server can perform these tasks, you must add it to your View Manager deployment. You can add multiple View Transfer Server instances to View Manager. The View Transfer Server instances access one common Transfer Server repository.
Chapter 14 Managing Local Desktops Remove View Transfer Server from View Manager When you remove all instances of View Transfer Server from View Manager, you cannot check out, check in, or replicate data for local desktops. When you remove a View Transfer Server instance that is actively performing transfers, the active transfer operations are paused. Local desktop sessions show the transfer status as paused.
VMware Horizon View Administration 4 If transfers are currently active, choose whether to cancel the active transfers or wait until active transfers are completed before placing View Transfer Server in maintenance mode. If you cancel active transfers, View Transfer Server enters maintenance mode immediately. If you allow active transfers to finish, View Transfer Server enters a Maintenance Mode Pending state. When the current disk transfer is completed, View Transfer Server enters maintenance mode.
Chapter 14 Managing Local Desktops Table 14-2. View Transfer Server Error States Status Description Bad Transfer Server repository The Transfer Server repository that View Transfer Server is configured to connect to differs from the Transfer Server repository that is currently configured in View Connection Server. Repository connection error View Transfer Server cannot connect to the configured Transfer Server repository. Bad health check View Transfer Server failed the View Manager health check.
VMware Horizon View Administration If a base image is recomposed, View Transfer Server downloads the updated image from the Transfer Server repository to the local computers the next time users check out their desktops. For details, see “Recompose Linked-Clone Desktops That Can Run in Local Mode,” on page 255. IMPORTANT A linked-clone desktop that was created from a base image must be checked into the datacenter before you can recompose it.
Chapter 14 Managing Local Desktops n Verify that View Transfer Server is added to View Manager. See “Add View Transfer Server to View Manager,” on page 310. NOTE Adding View Transfer Server to View Manager before you configure the Transfer Server repository is a best practice, not a requirement. n Determine how large the Transfer Server repository must be to store your View Composer base images. A base image can be several gigabytes in size.
VMware Horizon View Administration Publish Package Files in the Transfer Server Repository Before a user can check out a linked-clone desktop, you must publish its View Composer base image as a package in the Transfer Server repository. When a user checks out a linked-clone desktop, View Transfer Server downloads the clone's base-image package files from the Transfer Server repository to the local computer. You can publish packages from the Transfer Server repository page in View Administrator.
Chapter 14 Managing Local Desktops n Verify that a Transfer Server repository is configured. See “Configure the Transfer Server Repository,” on page 314. Procedure 1 In View Administrator, click View Configuration > Servers. 2 Click the Transfer Server tab. 3 In the Transfer Server Repository panel, click the Contents tab and select a package file. 4 Click Delete. A dialog warns you if linked-clone desktops are using the base image from which the selected package file was published.
VMware Horizon View Administration 2 Manually copy the Transfer Server repository root directory to the destination location. You must copy the entire root directory, not only the package files that reside under the root directory. 3 In View Administrator, click View Configuration > Servers. 4 Put all View Transfer Server instances into maintenance mode. a Click the Transfer Servers tab and select a View Transfer Server instance. b Click Enter Maintenance Mode and click OK.
Chapter 14 Managing Local Desktops 2 Configure a new path and folder for a network share or local drive. Follow the same procedure you use when you create a new Transfer Server repository. 3 Add the View Transfer Server instances to View Manager. 4 Place the View Transfer Server instances in maintenance mode. 5 Configure the Transfer Server repository in View Manager, specifying the new network share or local path. View Transfer Server validates the new Transfer Server repository path.
VMware Horizon View Administration n Delete a Local Desktop on page 322 When you roll back a local desktop or uninstall View Client, the files that make up a local desktop on that client computer are not deleted or cleaned up. To remove a local desktop, you must manually delete its files. Set Replication Policies Replication synchronizes local desktops with their corresponding remote desktops by sending user-generated changes to the datacenter.
Chapter 14 Managing Local Desktops Initiate Replications of Local Desktops You can initiate replications for desktops that run in local mode. Your request can start a replication before the next scheduled replication. If the client policy allows it, an end user who has checked out a local desktop can also initiate a replication from within View Client.
VMware Horizon View Administration Prerequisites If an administrator wants to retain most recent data from the local desktop, perform a replication operation. See “Initiate Replications of Local Desktops,” on page 321. IMPORTANT If you perform a replication, you must wait until the replication is complete before initiating a rollback operation. Rollback operations are not queued behind other operations.
Chapter 14 Managing Local Desktops Procedure u On the client computer, select and delete the folder that contains the files that make up the local desktop that you want to delete. The folder resides in the local desktop check-out directory. When you downloaded your first local desktop, if you did not click Options and change the directory where the local desktops are stored, they are stored in the default check-out directory.
VMware Horizon View Administration Table 14-3. Deduplication and Compression Settings for Data Transfers Setting Description Use deduplication for Local Mode operations Prevents redundant data from being sent from client computers to the datacenter. Deduplication operates on transfers from the client computer to the datacenter, including replications and desktop check-ins. Deduplication does not take place when desktops are checked out.
Chapter 14 Managing Local Desktops Table 14-4. Using Secure, Tunneled Connection and SSL for Local Desktop Operations Setting Description Use secure tunnel connection for Local Mode operations Determines whether local desktops use tunneled communications. If this setting is enabled, network traffic is routed through View Connection Server or a security server if one is configured. If this setting is disabled, data transfers take place directly between local desktops and View Transfer Server.
VMware Horizon View Administration Change the Encryption Key Cipher for an Existing Local Desktop To change the encryption key cipher for an existing local desktop, you edit the pae-VM record for the local desktop in View LDAP on your View Connection Server host. You use the ADSI Edit utility to modify View LDAP. The ADSI Edit utility is installed with View Connection Server.
Chapter 14 Managing Local Desktops Table 14-5. Location of View Client with Local Mode Logs Operating System Path Windows 8, Windows 7 and Windows Vista C:\Users\user name\AppData\Local\VMware\VDM\Logs\ Windows XP C:\Documents and Settings\user name\Local Settings\Application Data\VMware\VDM\Logs\ When a local desktop is checked in or replicated, View Transfer Server transfers the data that was generated on the local desktop since the last check out or replication.
VMware Horizon View Administration In this example, the local desktop displayed a message such as "Transferring 871MB". However, this amount of data was reduced by deduplication. Although the remaining data could not be compressed, only 2.198MB of data was transferred over the network. Guest File System Optimization of Data Transfers During transfer operations, View Transfer Server reduces the amount of data that must be sent over the network by taking advantage of guest file system optimization.
Chapter 14 Managing Local Desktops Similarly, the local View desktop can use up to two CPUs available on the client host if the View desktop is running a Windows Vista or later operating system. You can change the defaults and specify the scope of the setting. The setting can apply to all local desktops on the client or, depending on the setting, it can apply to a specific desktop or to all desktops from a specific View Connection Server instance that a specific user is entitled to use on the client.
VMware Horizon View Administration n To set a specific amount of memory that the View desktop can use when running locally, create and deploy a GPO to add one of the following registry keys that specify the number in megabytes, up to 32GB. Scope of Setting Path Client-wide HKCU\Software\VMware, Inc.\VMware VDM\Client\offlineDesktopDefaultMemoryScaleupValue Server specific HKCU\Software\VMware, Inc.\VMware VDM\Client\broker_guid\offlineDesktopDefaultMemoryScaleupVa lue Server and user specific HKCU\
Chapter 14 Managing Local Desktops n To override the default behavior so that the local desktop uses only the number of CPUs configured in vCenter Server, create and deploy a GPO to add one of the following registry keys and set the key to 1. Scope of Setting Path Client-wide HKCU\Software\VMware, Inc.\VMware VDM\Client\disableOfflineDesktopCPUScaleup Server and user specific HKCU\Software\VMware, Inc.\VMware VDM\Client\broker_guid\remote_user_sid\disableOfflineDeskto pCPUScaleup The value 1 indicat
VMware Horizon View Administration Prerequisites n Because in many cases you can specify the scope of the setting, determine the IDs you will need to specify. Table 14-8. Identifiers Used in Registry Settings for Local Mode Resource Usage Scope Variable Name Server specific broker_guid Description Globally unique identifier for the View Connection Server instance or group. Use the vdmadmin -C command to determine the GUID.
Chapter 14 Managing Local Desktops To complete a check-out operation, View Transfer Server still must transfer each user's linked-clone OS disk and persistent disk from the datacenter over the WAN, but these disks are a fraction of the size of the base image.
VMware Horizon View Administration 4 If you do not set the caching proxy server to use the HTTP CONNECT method, select Use SSL for Local Mode operations. This setting affects transfers of all other local-desktop data. 5 Click OK. Limit the Size of Base-Image Package Files to Allow Caching A View Composer base-image package can contain files that are larger than a gigabyte, too large for many proxy servers to cache.
Chapter 14 Managing Local Desktops 2 In the left pane, expand the registry path. Processor Description 64-bit HKEY_LOCAL_MACHINE, SOFTWARE, Wow6432Node, VMware Inc., VMware VDM 32-bit HKEY_LOCAL_MACHINE, SOFTWARE, VMware Inc., VMware VDM 3 Click Edit > New > String Value and type useProxyForTransfer in the new value entry. 4 Right-click the useProxyForTransfer entry, click Modify, type true, and click OK. The entry is added to the registry. 5 Exit the Windows Registry Editor.
VMware Horizon View Administration Configuring the Heartbeat Interval for Local Desktop Client Computers Client computers that host local desktops send heartbeat messages to View Connection Server at regular intervals to read the status of their checked-out desktops. The default heartbeat interval for all client computers is five minutes. You can change the heartbeat interval for all client computers. You can also set a different heartbeat interval for a specific client computer.
Chapter 14 Managing Local Desktops Set the Heartbeat Interval for a Specific Local Desktop Client Computer To set the heartbeat interval for a specific client computer that hosts a local desktop, you use the Windows Registry Editor to edit the system registry on that computer. View does not use the heartbeat interval set on the client computer if the value is greater than the heartbeat interval set on the View Connection Server host. View always uses the lesser of the two values.
VMware Horizon View Administration 2 Copy the Base-Image Files to the Client Computer on page 338 To download a desktop manually to a client computer to use in local mode, you must copy the baseimage package files from a portable device to the client computer.
Chapter 14 Managing Local Desktops 2 Copy the package files to a specified check-out directory on the client computer. Copy the files to a subdirectory in the check-out directory that uses the display name of the desktop pool. For example, to download files from a desktop pool with the display name LocalPool, copy the files to check_out_directory\LocalPool. Check-Out Directory Description Default directory on Windows 8, Windows 7, and Windows Vista C:\Users\User Name\AppData\Local\VMware\VDM\Local Desk
VMware Horizon View Administration n Verify that you set permissions to use the package files that were copied to the client computer. See “Set Permissions to Allow View to Use the Copied Package Files,” on page 339. Procedure 1 On the client computer, start View Client, connect to View Connection Server, log in to View Connection Server, and select a desktop pool. 2 Click the down-arrow button next to the desktop pool and click Check out.
Chapter 14 Managing Local Desktops n View Transfer Server Fails the Health Check on page 345 In View Administrator, View Transfer Server displays a status of Bad Health Check. The View Administrator dashboard displays View Transfer Server with a red down arrow. n The Transfer Server Repository Is Not Configured on page 345 In View Administrator, View Transfer Server displays a status of No Transfer Server Repository Configured.
VMware Horizon View Administration n If you cannot migrate the View Transfer Server virtual machine, recreate View Transfer Server on another virtual machine on an ESX host with access to the datastores. a In View Administrator, remove the View Transfer Server instance from View Manager. b In vSphere Client, uninstall View Transfer Server or remove the View Transfer Server virtual machine. c Create a new virtual machine on the destination ESX host.
Chapter 14 Managing Local Desktops Cause If View Client uses an IP address for View Connection Server, this problem occurs if you have a network connection but View Connection Server is not reachable. For example, you might see this problem if you attempt to log in to a local desktop from home when you have an Internet connection but do not have a VPN connection that would allow access to View Connection Server.
VMware Horizon View Administration Solution Wait for active data transfers and publish operations to be completed. When all operations are completed, View Transfer Server enters maintenance mode. The Transfer Server Repository Is Invalid In View Administrator, View Transfer Server displays a status of Bad Transfer Server repository. Problem You cannot perform transfer operations for linked-clone desktops or publish packages while View Transfer Server is in this state.
Chapter 14 Managing Local Desktops View Transfer Server Fails the Health Check In View Administrator, View Transfer Server displays a status of Bad Health Check. The View Administrator dashboard displays View Transfer Server with a red down arrow. Problem In a Bad Health Check state, View Transfer Server cannot function properly. You cannot perform transfer operations or publish packages in the Transfer Server repository.
VMware Horizon View Administration 3 Click Edit and configure the Transfer Server repository. View Transfer Server verifies that the Transfer Server repository is valid. View Transfer Server Instances Have Conflicting Transfer Server Repositories In View Administrator, View Transfer Server instances display a status of Transfer Server Repository Conflict. Problem You cannot perform transfer operations for linked-clone desktops or publish packages in the Transfer Server repository.
Chapter 14 Managing Local Desktops If this problem occurs during a replication, the status of the operation changes to Wait to resume backup. The error message, This desktop has been modified at the datacenter. Please contact your system administrator., is not displayed to the user. Cause When a View desktop is checked out, a snapshot is taken in vCenter Server to preserve the state of the virtual machine. The vCenter Server version of the desktop is locked so that no other users can access it.
VMware Horizon View Administration Recover Data from a Local Desktop View secures the virtual machine of a local desktop by encrypting all of its virtual disks. If the virtual machine's checkout identifier is deleted from the configuration, or the session or policy files become corrupted, you might not be able to power on or check in the local desktop. You can decrypt the local desktop's virtual machine so that you can recover data from it.
Chapter 14 Managing Local Desktops List the files that are available for the scsi00 disk of a local desktop's virtual machine. J:\Temp\LMDT_Recovery>dir /b *scsi00* 52e52b7c26a2f683-42b945f934e0fbb2-scsi00-000001.vmdk 52e52b7c26a2f683-42b945f934e0fbb2-scsi00-000001-s001.vmdk 52e52b7c26a2f683-42b945f934e0fbb2-scsi00-000001-s002.vmdk 52e52b7c26a2f683-42b945f934e0fbb2-scsi00-000001-s003.vmdk 52e52b7c26a2f683-42b945f934e0fbb2-scsi00-000001-s004.vmdk 5215df4df635a14d-caf14c8dbbb14a3d-scsi00.
VMware Horizon View Administration 350 VMware, Inc.
Maintaining View Components 15 To keep your View components available and running, you can perform a variety of maintenance tasks.
VMware Horizon View Administration n Initiate a backup immediately by using the Backup Now feature in View Administrator. n Manually export View LDAP data by using the vdmexport utility. This utility is provided with each instance of View Connection Server. The vdmexport utility can export View LDAP data as encrypted LDIF data, plain text, or plain text with passwords and other sensitive data removed. NOTE The vdmexport tool backs up the View LDAP data only.
Chapter 15 Maintaining View Components View Manager Configuration Backup Settings View Manager can back up your View Connection Server and View Composer configuration data at regular intervals. In View Administrator, you can set the frequency and other aspects of the backup operations. Table 15-1. View Manager Configuration Backup Settings Setting Description Automatic backup frequency Every Hour. Backups take place every hour on the hour. Every 6 Hours.
VMware Horizon View Administration You can specify the output file name as an argument to the -f option. For example: vdmexport -f Myexport.LDF You can export the data in plain text format (verbatim) by using the -v option. For example: vdmexport -f Myexport.LDF -v You can export the data in plain text format with passwords and sensitive data removed (cleansed) by using the -c option. For example: vdmexport -f Myexport.
Chapter 15 Maintaining View Components If the exported LDIF file is in plain text format, you do not have to decrypt the file. NOTE Do not import an LDIF file in cleansed format, which is plain text with passwords and other sensitive data removed. If you do, critical configuration information will be missing from the restored View LDAP repository. For information about backing up the View LDAP repository, see “Backing Up View Connection Server and View Composer Data,” on page 351.
VMware Horizon View Administration Backup-YearMonthDayCount-vCenter Server Name_Domain Name.svi For example: Backup-20090304000010-foobar_test_org.svi Familiarize yourself with the SviConfig restoredata parameters: n DsnName - The DSN that is used to connect to the database. The DsnName parameter is mandatory and cannot be an empty string. n Username - The user name that is used to connect to the database. If this parameter is not specified, Windows authentication is used.
Chapter 15 Maintaining View Components Table 15-2. Restoredata Result Codes (Continued) Code Description 2 Invalid database administrator credentials were provided. 3 The driver for the database is not supported. 4 An unexpected problem occurred and the command failed to complete. 14 Another application is using the View Composer service. Shut down the service before executing the command. 15 A problem occurred during the restore process. Details are provided in the onscreen log output.
VMware Horizon View Administration What to do next For export result codes for the SviConfig exportdata command, see “Result Codes for Exporting the View Composer Database,” on page 358. Result Codes for Exporting the View Composer Database When you export a View Composer database, the SviConfig exportdata command displays an exit code. Table 15-3. Exportdata ExitStatus Codes Code Description 0 Exporting data ended successfully. 1 The supplied DSN name can not be found.
Chapter 15 Maintaining View Components Procedure 1 In View Administrator, click Dashboard. 2 In the Desktop Status pane, expand a status folder. 3 Option Description Preparing Lists the desktop states while the virtual machine is being provisioned, deleted, or in maintenance mode. Problem Desktops Lists the desktop error states. Prepared for use Lists the desktop states when the desktop is ready for use. Locate the desktop status and click the hyperlinked number next to it.
VMware Horizon View Administration Services on a View Connection Server Host The operation of View Manager depends on several services that run on a View Connection Server host. If you want to adjust the operation of these services, you must first familiarize yourself with them. Table 15-4. View Connection Server Host Services Service Name Startup Type Description VMware View Connection Server Automatic Provides connection broker services.
Chapter 15 Maintaining View Components Services on a View Transfer Server Host Transfer operations for local desktops depend on services that run on a View Transfer Server host. If you want to adjust the operation of these services, you must first familiarize yourself with them. All of the services that are installed with View Transfer Server must be running for the correct operation of local desktops in View Manager. Table 15-6.
VMware Horizon View Administration You can also use the vdmadmin command to update user and domain information. See “Updating Foreign Security Principals Using the -F Option,” on page 414. Prerequisites Verify that you can log in to View Administrator as an administrator with the Manage Global Configuration and Policies privilege. Procedure 1 In View Administrator, click Users and Groups. 2 Choose whether to update information for all users or an individual user.
Chapter 15 Maintaining View Components Guidelines for Migrating View Composer The steps you take to migrate the View Composer service depend on whether you intend to preserve existing linked-clone desktops. To preserve the linked-clone desktops in your deployment, the View Composer service that you install on the new computer must continue to use the existing View Composer database. The View Composer database contains data that is required to create, provision, maintain, and delete the linked clones.
VMware Horizon View Administration n Familiarize yourself with configuring an SSL certificate for View Composer. See "Configuring SSL Certificates for View Servers" in the VMware Horizon View Installation document. n Familiarize yourself with configuring View Composer in View Administrator. See “Configure View Composer Settings,” on page 17 and “Configure View Composer Domains,” on page 18.
Chapter 15 Maintaining View Components Migrate View Composer Without Linked-Clone Desktops If the current View Composer service does not manage any linked-clone desktops, you can migrate View Composer to a new computer without migrating the RSA keys to the new computer. The migrated View Composer service can connect to the original View Composer database, or you can prepare a new database for View Composer. Prerequisites n Familiarize yourself with installing the View Composer service.
VMware Horizon View Administration Prepare a Microsoft .NET Framework for Migrating RSA Keys To use an existing View Composer database, you must migrate the RSA key container between computers. You migrate the RSA key container by using the ASP.NET IIS registration tool provided with the Microsoft .NET Framework. Prerequisites Download the .NET Framework and read about the ASP.NET IIS registration tool from the following locations: n http://www.microsoft.com/net n http://msdn.microsoft.
Chapter 15 Maintaining View Components The -exp option creates an exportable key pair. If a future migration is required, the keys can be exported from this computer and imported to another computer. If you previously migrated the keys to this computer without using the -exp option, you can import the keys again using the -exp option so that you can export the keys in the future. The registration tool imports the key pair data into the local key container.
VMware Horizon View Administration 3 4 For View Connection Server or security server, add the certificate Friendly name, vdm, to the new certificate that is replacing the previous certificate. a Right-click the new certificate and click Properties b On the General tab, in the Friendly name field, type vdm. c Click Apply and click OK. For a server certificate that is issued to View Composer, run the SviConfig ReplaceCertificate utility to bind the new certificate to the port used by View Composer.
Chapter 15 Maintaining View Components Table 15-7. Global Data Collected for the Customer Experience Improvement Program (Continued) Description Is This Field Made Anonymous? Example Value The domain is an NT4-style domain. No True or false The name of the domain Yes None The status of the domain No OK The type of trust relationship with the domain No Primary domain, Two way, Two way forest, and so on.
VMware Horizon View Administration Table 15-8.
Chapter 15 Maintaining View Components Table 15-8. Data Collected from View Connection Server for the Customer Experience Improvement Program (Continued) Is This Field Made Anonymous? Example Value The maximum number of View Composer sessions on this View Connection Server instance No Integer The version of the View Connection Server instance No 5.1.
VMware Horizon View Administration Table 15-10.
Chapter 15 Maintaining View Components Table 15-12.
VMware Horizon View Administration Table 15-12.
Chapter 15 Maintaining View Components Table 15-12.
VMware Horizon View Administration Table 15-13. Data Collected from View Desktops for the Customer Experience Improvement Program (Continued) Is This Field Made Anonymous? Example Value Timeout value. The period of time before the desktop is disconnected.
Chapter 15 Maintaining View Components Table 15-14.
VMware Horizon View Administration View Transfer Server and Transfer Server Repository Data Collected by VMware If you join the customer experience improvement program, VMware collects data from View Transfer Server fields and fields that describe the Transfer Server repository. Fields containing sensitive information are made anonymous. Table 15-17.
Troubleshooting View Components 16 You can use a variety of procedures for diagnosing and fixing problems that you might encounter when using View Manager, View Composer, and View Client. Administrators might encounter unexpected behavior when using View Manager and View Composer, and users might experience difficulty when using View Client to access their desktops.
VMware Horizon View Administration n “Further Troubleshooting Information,” on page 405 Monitoring System Health You can use the system health dashboard in View Administrator to quickly see problems that might affect the operation of View or access to desktops by end users.
Chapter 16 Troubleshooting View Components View Manager Event Messages View Manager reports events whenever the state of the system changes or it encounters a problem. You can use the information in the event messages to take the appropriate action. Table 16-1 shows the types of events that View Manager reports. Table 16-1.
VMware Horizon View Administration What to do next The action that you should take depends on the problem that View Administrator reports for a desktop. n If the View Desktops plug-in was added to the vSphere Web Client, you can use the vSphere Web Client to search for a View user, display the desktops that are associated with that user, and troubleshoot the underlying virtual machines in vCenter Server. See “Troubleshoot a Problem Desktop Virtual Machine Using the vSphere Web Client,” on page 382.
Chapter 16 Troubleshooting View Components 3 Select the username from the search results. 4 Select a desktop from the list of desktops that is associated with the user. 5 Navigate to the Virtual Machines page to see details about the underlying desktop virtual machine. Manage Desktops and Policies for Unentitled Users You can display the desktops that are allocated to users whose entitlement has been removed, and you can also display the policies that have been applied to unentitled users.
VMware Horizon View Administration n Collect Diagnostic Information for View Agent, View Client, or View Connection Server from the Console on page 386 If you have direct access to the console, you can use the support scripts to generate log files for View Connection Server, View Client, or desktops that are running View Agent. This information helps VMware Technical Support diagnose any issues that arise with these components.
Chapter 16 Troubleshooting View Components Save Diagnostic Information for View Client If you encounter problems using View Client, and cannot resolve the problems using general network troubleshooting techniques, you can save a copy of the log files and information about the configuration. You can attempt to resolve connection problems for View Client before saving the diagnostic information and contacting VMware Technical Support .
VMware Horizon View Administration Collect Diagnostic Information for View Connection Server Using the Support Tool You can use the support tool to set logging levels and generate log files for View Connection Server. The support tool collects logging data for View Connection Server. This information helps VMware Technical Support diagnose any issues that arise with View Connection Server. The support tool is not intended to collect diagnostic information for View Client or View Agent.
Chapter 16 Troubleshooting View Components Procedure 1 Open a command prompt window and change to the appropriate directory for the View component that you want to collect diagnostic information for. Option Description View Agent Change to the C:\Program Files\VMware View\Agent\DCT directory. View Client Change to the C:\Program Files\VMware View\Client\DCT directory. View Connection Server Change to the C:\Program Files\VMware View\Server\DCT directory.
VMware Horizon View Administration 3 Update the support request and attach the output that you obtained by running the support or svisupport script. Troubleshooting Network Connection Problems You can use a variety of procedures for diagnosing and fixing problems with network connections with desktops, View Clients and View Connection Server instances.
Chapter 16 Troubleshooting View Components Connection Problems Between View Client and the PCoIP Secure Gateway You might experience connection problems between View Client and a security server or View Connection Server host when the PCoIP Secure Gateway is configured to authenticate external users that communicate over PCoIP. Problem View clients that use PCoIP cannot connect to or display View desktops.
VMware Horizon View Administration c Select Use PCoIP Secure Gateway for PCoIP connections to desktop. The PCoIP Secure Gateway is disabled by default. d In the PCoIP External URL text box, make sure that the URL contains the external IP address for the security server or View Connection Server instance that View clients can access over the Internet. Specify port 4172. Do not include a protocol name. For example: 10.20.30.
Chapter 16 Troubleshooting View Components n At a command prompt on the desktop, verify that TCP port 4001, which View Agent uses to establish JMS communication with the View Connection Server host, is working by typing the telnet command. telnet CS_FQDN 4001 If the telnet connection is established, network connectivity for JMS is working.
VMware Horizon View Administration n If the customization specification no longer exists because it has been renamed or deleted, choose a different specification. Pool Creation Fails Because of a Permissions Problem You cannot create a desktop pool if there is a permissions problem with an ESX/ESXi host, ESX/ESXi cluster, or datacenter. Problem You cannot create a desktop pool in View Administrator because the templates, ESX/ESXi host, ESX/ESXi cluster, or datacenter are not accessible.
Chapter 16 Troubleshooting View Components Pool Provisioning Fails Due to a View Connection Server Instance Being Unable to Connect to vCenter If a Connection Server is not able to connect to vCenter, provisioning of a desktop pool can fail. Problem Provisioning of a desktop pool fails, and you see one of the following error messages in the event database.
VMware Horizon View Administration Pool Provisioning Fails Due to vCenter Server Being Overloaded If vCenter Server is overloaded with requests, provisioning of a desktop pool can fail. Problem Provisioning of a desktop pool fails, and you see the following error message in the event database. Provisioning error occurred on Pool Desktop_ID because of a timeout while customizing Cause vCenter is overloaded with requests.
Chapter 16 Troubleshooting View Components Troubleshooting an Unsuccessful Security Server Pairing with View Connection Server A security server might not be working if it failed to pair successfully with a View Connection Server instance. Problem The following security server issues might occur if a security server failed to pair with View Connection Server: n When you try to install the security server a second time, the security server cannot connect to View Connection Server.
VMware Horizon View Administration A View Connection Server instance performs certificate revocation checking on its own certificate and on those of the security servers paired to it. By default, the VMware View Connection Server Service is started with the LocalSystem account. When it runs under LocalSystem, a View Connection Server instance cannot use the proxy settings configured in Internet Explorer to access the CRL DP URL or OCSP responder to determine the revocation status of the certificate.
Chapter 16 Troubleshooting View Components Solution 1 Create your own (manual) procedure for downloading an up-to-date CRL from the CA website you use to a path on your View server. 2 Create or edit the locked.properties file in the SSL gateway configuration folder on the View Connection Server or security server host. For example: install_directory\VMware\VMware View\Server\sslgateway\conf\locked.properties 3 Add the enableRevocationChecking and crlLocation properties in the locked.
VMware Horizon View Administration n A redirected USB device stops working if you reconnect a desktop session even if the desktop shows that the device is available. n USB redirection is disabled in View Administrator. n Missing or disabled USB redirection drivers on the guest. n For View Client from View 5.0.x or earlier, missing or disabled drivers for the device that is being redirected on the client. View Client from View 5.0.
Chapter 16 Troubleshooting View Components For linked clones, resolve errors in the parent virtual machine and take a new snapshot. n If many desktops are in an Error state, use the new snapshot or template to recreate the pool. n If most desktops are healthy, select the desktop pool in View Administrator, click Edit, select the vCenter Settings tab, select the new snapshot as a default base image, and save your edits. New linked-clone desktops are created using the new snapshot.
VMware Horizon View Administration n Determine if the account under which the script runs has appropriate permissions to perform script tasks. QuickPrep runs the scripts under the account under which the VMware View Composer Guest Agent Server service is configured to run. By default, this account is Local System. Do not change this log on account. If you do, the linked clones do not start.
Chapter 16 Troubleshooting View Components Table 16-2. View Composer Provisioning Errors (Continued) Error Description 15 The computer name that View Composer read from configuration-policy file does not match the current system name after the linked clone is initially powered on. 16 The View Composer agent did not start because the volume license for the guest OS was not activated. 17 The View Composer agent did not start. The agent timed out while waiting for Sysprep to start.
VMware Horizon View Administration The SviConfig utility is located on the computer on which View Composer is installed in the following location: n 32-bit computers: Install_drive\Program Files\VMware\VMware View Composer n 64-bit computers: Install_drive\Program Files (x86)\VMware\VMware View Composer IMPORTANT Only experienced View Composer administrators should use the SviConfig utility. This utility is intended to resolve issues relating to the View Composer service.
Chapter 16 Troubleshooting View Components The SviConfig utility is located in the following location on the computer on which View Composer is installed: n 32-bit computers: Install_drive\Program Files\VMware\VMware View Composer n 64-bit computers: Install_drive\Program Files (x86)\VMware\VMware View Composer Before you begin, verify that no linked clones are associated with the replica. Familiarize yourself with the SviConfig FindUnusedReplica parameters: n DsnName.
VMware Horizon View Administration Windows XP Linked Clones Fail to Join the Domain Windows XP linked-clone desktops can fail to join the domain if your Active Directory runs on Windows Server 2008. Problem When linked-clone desktops are provisioned, the linked clones fail to join the domain. View Administrator displays View Composer provisioning error messages.
Chapter 16 Troubleshooting View Components If you did not install any software that chains to a different GINA, the default is msgina.dll, which is located at %systemroot%\system32\msgina.dll on the virtual machine. Solution 1 Log in to the parent virtual machine, template virtual machine, or View desktop. 2 Click Start > Run, type Regedit, and press Enter. 3 Navigate to the following Windows registry key: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\Current Version\Winlogon\GinaDLL 4 Ensure tha
VMware Horizon View Administration 406 VMware, Inc.
Using the vdmadmin Command 17 You can use the vdmadmin command line interface to perform a variety of administration tasks on a View Connection Server instance. You can use vdmadmin to perform administration tasks that are not possible from within the View Administrator user interface or to perform administration tasks that need to run automatically from scripts.
VMware Horizon View Administration n Displaying Information About Machines Using the -M Option on page 419 You can use the vdmadmin command with the -M option to display information about the configuration of virtual machines or physical computers. n Reclaiming Disk Space on Virtual Machines Using the -M Option on page 420 You can use the vdmadmin command with the -M option to mark a linked-clone virtual machine for disk space reclamation.
Chapter 17 Using the vdmadmin Command n Recovering a Local Desktop by Using the -V Option When the Desktop Was Modified in the Datacenter on page 435 When a local mode operation such as a check-out, check-in, or replication is performed, View validates that the View desktop's virtual machine in vCenter Server was not modified since the last synchronization with the local View desktop.
VMware Horizon View Administration If you are logged in as a user with insufficient privileges, you can use the -b option to run the command as a user who has been assigned the Administrators role, if you know that user's password. You can specify the -b option to run the vdmadmin command as the specified user in the specified domain. The following usage forms of the -b option are equivalent. -b username domain [password | *] -b username@domain [password | *] -b domain\username [password | *] If you speci
Chapter 17 Using the vdmadmin Command Table 17-2. Vdmadmin Command Options (Continued) Option Description -N Configures the domains that a View Connection Server instance or group makes available to View Clients. See “Configuring Domain Filters Using the -N Option,” on page 421. -O Displays the desktops that are assigned to users who are no longer entitled to those desktops. See “Displaying the Desktops and Policies of Unentitled Users Using the -O and -P Options,” on page 427.
VMware Horizon View Administration Table 17-3. Options for Configuring Logging in View Agent Option Description -d desktop Specifies the desktop pool. -getDCT Creates a Data Collection Tool (DCT) bundle and saves it to a local file. -getlogfile logfile Specifies the name of the log file to save a copy of. -getloglevel Displays the current logging level of View Agent. -getstatus Displays the status of View Agent. -getversion Displays the version of View Agent.
Chapter 17 Using the vdmadmin Command Overriding IP Addresses Using the -A Option You can use the vdmadmin command with the -A option to override the IP address reported by a View Agent.
VMware Horizon View Administration Setting the Name of a View Connection Server Group Using the -C Option You can use the vdmadmin command with the -C option to set the name of a View Connection Server group. The Microsoft System Center Operations Manager (SCOM) console displays this name to help you identify the group within SCOM.
Chapter 17 Using the vdmadmin Command Examples Update the FSP of the user Jim in the EXTERNAL domain. vdmadmin -F -u EXTERNAL\Jim Update the FSPs of all users in Active Directory. vdmadmin -F Listing and Displaying Health Monitors Using the -H Option You can use the vdmadmin command -H to list the existing health monitors, to monitor instances for View Manager components, and to display the details of a specific health monitor or monitor instance.
VMware Horizon View Administration Examples List all existing health monitors in XML using Unicode characters. vdmadmin -H -list -xml List all instances of the vCenter monitor (VCMonitor) in XML using ASCII characters. vdmadmin -H -list -monitorid VCMonitor -xml -n Display the health of a specified vCenter monitor instance.
Chapter 17 Using the vdmadmin Command Display a list of user events that occurred since August 1, 2010 as comma-separated values using ASCII characters. vdmadmin -I -report events -view user_events -startdate 2010-08-01-00:00:00 -csv -n Generating View Event Log Messages in Syslog Format Using the -I Option You can use the vdmadmin command with the -I option to record View event messages in Syslog format in event log files.
VMware Horizon View Administration Examples Disable generating View events in Syslog format. vdmadmin -I -eventSyslog -disable Direct Syslog output of View events to the local system only. vdmadmin -I -eventSyslog -enable -localOnly Direct Syslog output of View events to a specified path. vdmadmin -I -eventSyslog -enable -path path Direct Syslog output of View events to a specified path that requires access by an authorized domain user. vdmadmin -I -eventSyslog -enable -path \\logserver\share\ViewEvents
Chapter 17 Using the vdmadmin Command Table 17-9. Options for Assigning Dedicated Desktops Option Description -d desktop Specifies the name of the desktop pool. -m machine Specifies the name of the virtual machine. -r Removes an assignment to a specified user, or all assignments to a specified machine. -u domain\user Specifies the login name and domain of the user. Examples Assign the machine machine2 in the desktop pool dtpool1 to the user Jo in the CORP domain.
VMware Horizon View Administration n URL of the vCenter Server (if applicable). Options Table 17-10 shows the options that you can use to specify the machine whose details you want to display. Table 17-10. Options for Displaying Information About Machines Option Description -d desktop Specifies the name of the desktop pool. -m machine Specifies the name of the virtual machine. -u domain\user Specifies the login name and domain of the user.
Chapter 17 Using the vdmadmin Command Options Table 17-11. Options for Reclaiming Disk Space on Virtual Machines Option Description -d desktop Specifies the name of the desktop pool. -m machine Specifies the name of the virtual machine. -MarkForSpaceReclamation Marks the virtual machine for disk space reclamation. Example Marks the virtual machine machine3 in the desktop pool pool1 for disk space reclamation.
VMware Horizon View Administration Table 17-12. Options for Configuring Domain Filters (Continued) Option Description -domains Specifies a domain filter operation. -exclude Specifies an operation on a exclusion list. -include Specifies an operation on an inclusion list. -list Displays the domains that are configured in the search exclusion list, exclusion list, and inclusion list on each View Connection Server instance and for the View Connection Server group.
Chapter 17 Using the vdmadmin Command View Manager limits the domain search on each View Connection Server host in the group to exclude the domains FARDOM and DEPTX. The characters (*) next to the exclusion list for CONSVR-1 indicates that View Manager excludes the YOURDOM domain from the results of the domain search on CONSVR-1. Display the domain filters in XML using ASCII characters.
VMware Horizon View Administration Table 17-13. Types of Domain List Domain List Type Description Search exclusion list Specifies the domains that View Manager can traverse during an automated search. The search ignores domains that are included in the search exclusion list, and does not attempt to locate domains that the excluded domain trusts. You cannot exclude the primary domain from the search. Exclusion list Specifies the domains that View Manager excludes from the results of a domain search.
Chapter 17 Using the vdmadmin Command Display the currently active domains after including the YOURDOM and DEPTX domains. C:\ vdmadmin -N -domains -list -active Domain Information (CONSVR) =========================== Primary Domain: MYDOM Domain: MYDOM DNS:mydom.mycorp.com Domain: YOURDOM DNS:yourdom.mycorp.com Domain: DEPTX DNS:deptx.mycorp.com View Manager applies the include list to the results of a domain search.
VMware Horizon View Administration Domain: Domain: Domain: Domain: YOURDOM DNS:yourdom.mycorp.com DEPTX DNS:deptx.mycorp.com DEPTY DNS:depty.mycorp.com DEPTZ DNS:deptz.mycorp.com Extend the search exclusion list to exclude the DEPTX domain and all its trusted domains from the domain search for all View Connection Server instances in a group. Also, exclude the YOURDOM domain from being available on CONSVR-1.
Chapter 17 Using the vdmadmin Command Primary Domain: MYDOM Domain: MYDOM DNS:mydom.mycorp.com Domain: YOURDOM DNS:yourdom.mycorp.com Displaying the Desktops and Policies of Unentitled Users Using the -O and -P Options You can use the vdmadmin command with the -O and -P options to display the desktops and policies that are assigned to users who are no longer entitled to use the system.
VMware Horizon View Administration Examples Display the desktops that are assigned to unentitled users, grouped by desktop in text format. vdmadmin -O -ld Display desktops that are assigned to unentitled users, grouped by user, in XML format using ASCII characters. vdmadmin -O -lu -xml -n Apply your own stylesheet C:\tmp\unentitled-users.xsl and redirect the output to the file uu-output.html. vdmadmin -O -lu -xml -xsltpath "C:\tmp\unentitled-users.xsl" > uu-output.
Chapter 17 Using the vdmadmin Command When you add a client in kiosk mode, View Manager creates a user account for the client in Active Directory. If you specify a name for a client, this name must start with the characters "custom-" or with one of the alternate strings that you can define in ADAM, and it cannot be more than 20 characters long. You should use each specified name with no more than one client device.
VMware Horizon View Administration Table 17-16. Options for Configuring Clients in Kiosk Mode (Continued) Option Description -expirepassword Specifies that the expiry time for the password on client accounts is the same as for the View Connection Server group. If no expiry time is defined for the group, passwords do not expire. -force Disables the confirmation prompt when removing the account for a client in kiosk mode. -genpassword Generates a password for the client's account.
Chapter 17 Using the vdmadmin Command Get the current default values for clients in XML format. vdmadmin -Q -clientauth -getdefaults -xml Add an account for a client specified by its MAC address to the MYORG domain, and use the default settings for the group kc-grp. vdmadmin -Q -clientauth -add -domain MYORG -clientid 00:10:db:ee:76:80 -group kc-grp Add an account for a client specified by its MAC address to the MYORG domain, and use an automatically generated password.
VMware Horizon View Administration Password Generated: false Client Authentication Connection Servers ======================================== Common Name : CONSVR1 Client Authentication Enabled : false Password Required : false Common Name : CONSVR2 Client Authentication Enabled : true Password Required : false Displaying the First User of a Desktop Using the -R Option You can use the vdmadmin command with the -R option to find out the initial assignment of a managed desktop.
Chapter 17 Using the vdmadmin Command You can also use the vdmadmin command with the -S option to remove a security server from your View environment. You do not have to use this option if you intend to upgrade or reinstall a security server without removing it permanently. To make the removal permanent, perform these tasks: 1 Uninstall the View Connection Server instance or security server from the Windows Server computer by running the View Connection Server installer.
VMware Horizon View Administration Display the current split limit. vdmadmin -T Displaying Information About Users Using the -U Option You can use the vdmadmin command with the -U option to display detailed information about users. Syntax vdmadmin -U [-b authentication_arguments] -u domain\user [-w | -n] [-xml] Usage Notes The command displays information about a user obtained from Active Directory and View Manager. n Details from Active Directory about the user's account.
Chapter 17 Using the vdmadmin Command The vdmadmin command writes the decrypted files to a subfolder named rescued. The decryption fails if the correct authentication key is not available in the View LDAP configuration, or if any of the required virtual machine files are corrupted or missing. Options Table 17-17 shows the options that you must specify to decrypt a full virtual machine or one of its disks. Table 17-17.
VMware Horizon View Administration When a local mode operation is initiated or resumed, View uses the virtual machine disk's content ID (CID) to track whether a vCenter Server disk was modified since the last synchronization between a vCenter Server disk and the corresponding local desktop disk.
Chapter 17 Using the vdmadmin Command Examples Recover a local desktop virtual machine that resides on a client system. vdmadmin -V -recoverClientVM -d lmdtpool -m machine1 Recover a vCenter Server virtual machine and roll back the virtual machine. vdmadmin -V -recoverServerVM -d lmdtpool -m machine2 Unlocking or Locking Virtual Machines Using the -V Option You can use the vdmadmin command with the -V option to unlock or lock virtual machines in the datacenter.
VMware Horizon View Administration Examples Unlock the virtual machines machine 1 and machine2 in desktop pool dtpool3. vdmadmin -V -e -d dtpool3 -m machine1 -m machine2 Unlock the virtual machine for a View Transfer Server instance on a vCenter Server. vdmadmin -V -e -vcdn "CN=f1060058dde2-4940-947b-5d83757b1787,OU=VirtualCenter,OU=Properties,DC=myorg,DC=com" -vmpath "/DataCenter1/vm/Desktops/LocalMode/LDwin7" Lock the virtual machine machine3 in desktop pool dtpool3.
Setting Up Clients in Kiosk Mode 18 You can set up unattended clients that can obtain access to their desktops from VMware Horizon View. A client in kiosk mode is a thin client or a lock-down PC that runs View Client to connect to a View Connection Server instance and launch a remote session. End users do not typically need to log in to access the client device, although the desktop might require them to provide authentication information for some applications.
VMware Horizon View Administration n Administrators, Inventory Administrators, or an equivalent role to use View Administrator to entitle users or groups to desktops. n Administrators or an equivalent role to run the vdmadmin command. Procedure 1 Prepare Active Directory and View Manager for Clients in Kiosk Mode on page 440 You must configure Active Directory to accept the accounts that you create to authenticate client devices.
Chapter 18 Setting Up Clients in Kiosk Mode 3 Configure the guest virtual machine so that the clients are not locked when they are left unattended. View suppresses the pre-login message for clients that connect in kiosk mode. If you require an event to unlock the screen and display a message, you can configure a suitable application on the guest virtual machine. 4 In View Administrator, create the desktop pool that the clients will use and entitle the group to this pool.
VMware Horizon View Administration Option Description -nogroup Clears the setting for the default group. -ou DN Specifies the distinguished name of the default organizational unit to which client accounts are added. For example: OU=kiosk-ou,DC=myorg,DC=com NOTE You cannot use the command to change the configuration of an organizational unit. The command updates the default values for clients in the View Connection Server group.
Chapter 18 Setting Up Clients in Kiosk Mode Add Accounts for Clients in Kiosk Mode You can use the vdmadmin command to add accounts for clients to the configuration of a View Connection Server group. After you add a client, it is available for use with a View Connection Server instance on which you have enabled authentication of clients. You can also update the configuration of clients, or remove their accounts from the system.
VMware Horizon View Administration Example: Adding Accounts for Clients Add an account for a client specified by its MAC address to the MYORG domain, using the default settings for the group kc-grp. vdmadmin -Q -clientauth -add -domain MYORG -clientid 00:10:db:ee:76:80 -group kc-grp Add an account for a client specified by its MAC address to the MYORG domain, using an automatically generated password.
Chapter 18 Setting Up Clients in Kiosk Mode Enable authentication of clients for the View Connection Server instance csvr-3, and require that the clients specify their passwords to View Client. Clients with automatically generated passwords cannot authenticate themselves. vdmadmin -Q -enable -s csvr-3 -requirepassword What to do next Verify the configuration of the View Connection Server instances and the clients.
VMware Horizon View Administration What to do next Verify that the clients can connect to their desktops. Connect to Desktops from Clients in Kiosk Mode You can run View Client from the command line or use a script to connect a client to a remote session. You would usually use a command script to run View Client on a deployed client device. For an example of a script that runs View Client on a Windows system, examine the file C:\Program Files\VMware\VMware View\Client\bin\kiosk_mode.cmd.
Chapter 18 Setting Up Clients in Kiosk Mode Procedure u To connect to a remote session, type the appropriate command for your platform. Option Description Windows Enter C:\Program Files\VMware\VMware View\Client\bin\wswc unattended [-serverURL connection_server] [-userName user_name] [-password password] Linux -password password Specifies the password for the client's account. If you defined a password for the account, you must specify this password.
VMware Horizon View Administration Run View Client on a Linux client using an assigned name and password. vmware-view -unattended -s 145.124.24.100 --once -u custom-Terminal21 -p "Secret1!" 448 VMware, Inc.
Index Numerics 3D renderer best practices 138 configuring 136 options 137 A Active Directory preparing for clients in kiosk mode 440 preparing for smart card authentication 162 troubleshooting linked clones failing to join the domain 404 updating Foreign Security Principals of users 414 updating general user information 361 using existing computer accounts for linked clones 117 active sessions disconnecting 272 restarting 272 sending messages 272 viewing 272 ADM Template file adding to a local system 236
VMware Horizon View Administration removing 298 scanning 288 ASP.
Index Console Interaction privilege 49 credentials 173 credentials, user 172 CRL checking configuring 166 logging in 166 crlLocation property 166, 168 CSV output, vdmadmin command 410 Ctrl+Alt for ungrabbing the mouse pointer 307 custom administrator roles creating 39 managing 47 modifying 47 removing 48 custom setup options, View Agent 57, 65 customer experience program collecting data 368 desktop data 375 desktop pool data 372 global data 368 joining or withdrawing 36 security server data 372 Transfer Se
VMware Horizon View Administration preparing a parent virtual machine 253 Sysprep 106 desktop refresh, linked clones 252 desktop sessions disconnecting 272 restarting 272 viewing 272 desktop settings automated desktop pools 91, 132 linked-clone desktops 102 manual desktop pools 122, 132 Terminal Server desktop pools 124, 132 desktop sources adding to a pool 281 preparing for desktop deployment 59 removing from a pool 282 unregistering 283 desktop status locating desktops 274, 358 physical computers 283 ter
Index Full (Read only) privilege 51 G GINA chaining 3rd-party software dlls 404 View Agent dll 404 Global Configuration and Policy Administrators (Read only) role 48 Global Configuration and Policy Administrators role 48 global policies, configuring 176 global settings client sessions 26, 28 message security mode 30 glossary 9 GPOs creating for desktops 223 creating for View component policies 179 gpuvm utility, examining GPU resources 139 graphics, 3D renderer 136 group policies ADM template files 181 ap
VMware Horizon View Administration KMS license keys, volume action on linked clones 82 Knowledge Base articles, where to find 405 L laptops installing View Persona Management 228 Persona Management configuration 242 LDAP entries, detecting and resolving collisions 438 LDAP repository backing up 353 importing 354 licenses, adding to VMware Horizon View 361 linked-clone desktop creation choosing a naming pattern 129 choosing QuickPrep or Sysprep 103 customizing 103 data disk creation 119 desktop settings 10
Index setting permissions on manually copied desktop files 339 SSO timeout limits 29 suspending data transfers 311 understanding management tasks 303 local desktop troubleshooting 340 local desktop use benefits 303 checking out 307 checking out after a manual download 339 deleting local desktops 322 logging in with smart cards 157 rolling back a checked-out desktop 321 local memory usage, overriding 328 local mode, See local desktop local mode only desktops 306 local mode policies 178 local sessions privil
VMware Horizon View Administration MSI packages creating 286 invalid 301 multiple NICs, configuring for View Agent 70 N naming desktop pools example 130 manually specifying names 126, 128 providing a naming pattern 126 naming patterns, linked-clone desktops 129 NAS devices, native NFS snapshots 114 NAT on local desktops 331 NET Framework, migrating RSA key container 366 network connections manually downloading desktops 337 troubleshooting 388 network labels, configuring for a pool 147 network share, guide
Index enabling 238 migrating user profiles 229 setting the repository location 238 standalone installation 235 standalone laptops 242 standalone systems 228 View Agent installation option 234 View Composer persistent disks 242 Windows roaming profiles 231 with View Manager 227 persona repository location, group policy settings 244 physical computers adding to a pool 281 desktop status 283 displaying information about 419 installing View Agent 55 managing 281 preparing for desktop delivery 55 removing from
VMware Horizon View Administration USB redirection problems 397 user-initiated rollback setting 178 remote repository, configuring 232 remote sessions privileges for managing 50, 51 viewing 380 replication configuring policies 319 deduplication and compression 323 initiating a request 321 reports, displaying 416 resolving LDAP entry collisions 438 restoredata, result codes 356 restoring, View configuration data 351, 354 restricted entitlements assigning tags to desktop pools 153 configuring 152 examples 15
Index using to authenticate 157 using with local desktops 157 solid-state disks, storing View Composer replicas 113 sparse disks configuring for desktop pools 115 configuring for vCenter Server 19 split limit, displaying and setting for View Transfer Server 433 splitting composite USB devices 199 SSL accept a certificate thumbprint 23 enabling for client connections 26, 29 importing certificates to View servers 33 local desktop operations 323, 324 off-loading to intermediate servers 33 setting external URL
VMware Horizon View Administration trustStoretype property 160 tunneled connections, local desktops 324 two-factor authentication 168, 172 U unassigning users, dedicated-assignment pools 274 unentitled users displaying 383 displaying desktops 427 Unix systems, using with View Administrator 14 Unknown username or bad password 428, 444 unlocking remote desktops 437 View Transfer Server instances 437 unmanaged desktop sources adding to a pool 281 defined 55 installing View Agent 55 preparing for desktop deli
Index View components, maintaining 351 View Composer Agent View Agent custom option 65 View Agent custom setup option 65 View Composer Array Integration, enabling for desktop pools 114 View Composer configuration concurrent operations limits 21 configuring settings for vCenter Server 17 creating a user account 15 deleting base images 316 domains 18 publishing base images 313 removing the service from vCenter Server 24 support for unique SIDs 102 volume activation 82 View Composer maintenance backing up con
VMware Horizon View Administration setting the split limit for publishing packages 433 synchronizing local desktops 309 understanding the Transfer Server repository 313 View Transfer Server management managing the repository 313 migrating the repository 317 placing in maintenance mode 311 services on a View Transfer Server host 361 status values 312 View Transfer Server troubleshooting bad health check 345 bad Transfer Server repository 344 checking out desktops 341 maintenance mode pending 343 missing Tra
