View Administration VMware Horizon 6.0 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new edition. To check for more recent editions of this document, see http://www.vmware.com/support/pubs.
View Administration You can find the most up-to-date technical documentation on the VMware Web site at: http://www.vmware.com/support/ The VMware Web site also provides the latest product updates. If you have comments about this documentation, submit your feedback to: docfeedback@vmware.com Copyright © 2014 VMware, Inc. All rights reserved. Copyright and trademark information. VMware, Inc. 3401 Hillview Ave. Palo Alto, CA 94304 www.vmware.com 2 VMware, Inc.
Contents View Administration 11 1 Using View Administrator 13 View Administrator and View Connection Server 13 Log In to View Administrator 13 Tips for Using the View Administrator Interface 14 Troubleshooting the Text Display in View Administrator 16 2 Configuring View Connection Server 17 Configuring vCenter Server and View Composer 17 Create a User Account for View Composer 17 Add vCenter Server Instances to View 18 Configure View Composer Settings 20 Configure View Composer Domains 21 Allow vSpher
View Administration Troubleshooting RSA SecurID Access Denial 44 Troubleshooting RADIUS Access Denial 44 Using Smart Card Authentication 45 Logging In with a Smart Card 45 Configure Smart Card Authentication 45 Prepare Active Directory for Smart Card Authentication 50 Verify Your Smart Card Authentication Configuration 52 Using SAML Authentication for Workspace Integration 53 Configure SAML Authenticators in View Administrator 54 Using Smart Card Certificate Revocation Checking 55 Logging in with CRL Check
Contents Privileges for Managing Persistent Disks 75 Privileges for Managing Users and Administrators 76 Privileges for General Administration Tasks and Commands 76 Best Practices for Administrator Users and Groups 77 5 Configuring Policies in View Administrator and Active Directory 79 Setting Policies in View Administrator 79 Configure Global Policy Settings 80 Configure Policies for Desktop Pools 80 Configure Policies for Users 80 View Policies 81 Using View Group Policy Administrative Template Files
View Administration Cloud Pod Architecture Information Collected by VMware 117 Horizon Client Data Collected by VMware 117 HTML Access Data Collected by VMware 119 7 Managing Linked-Clone Virtual Machines 121 Reduce Linked-Clone Size with Machine Refresh 121 Machine Refresh Operations 122 Update Linked-Clone Desktops 123 Prepare a Parent Virtual Machine to Recompose Linked Clones 123 Recompose Linked-Clone Virtual Machines 124 Updating Linked Clones with Recomposition 125 Correcting an Unsuccessful Recom
Contents Status of Unmanaged Machines 149 Manage Remote Desktop and Application Sessions 150 Export View Information to External Files 150 9 Managing Application Pools, Farms, and RDS Hosts 153 Managing Application Pools 153 Edit an Application Pool 153 Delete an Application Pool 153 Managing Farms 154 Edit a Farm 154 Delete a Farm 154 Disable or Enable a Farm 154 Managing RDS Hosts 155 Edit an RDS Host 155 Remove an RDS Host from a Farm 155 Remove an RDS Host from View 156 Disable or Enable an RDS Host
View Administration Cannot Add ThinApp Applications to View Administrator 173 Cannot Assign a ThinApp Template 173 ThinApp Application Is Not Installed 174 ThinApp Application Is Not Uninstalled 174 MSI Package Is Invalid 175 ThinApp Configuration Example 175 11 Setting Up Clients in Kiosk Mode 177 Configure Clients in Kiosk Mode 177 Prepare Active Directory and View for Clients in Kiosk Mode 178 Set Default Values for Clients in Kiosk Mode 179 Display the MAC Addresses of Client Devices 180 Add Accounts
Contents Reclaiming Disk Space on Virtual Machines Using the -M Option 210 Configuring Domain Filters Using the -N Option 211 Configuring Domain Filters 213 Example of Filtering to Include Domains 214 Example of Filtering to Exclude Domains 215 Displaying the Machines and Policies of Unentitled Users Using the -O and -P Options 216 Configuring Clients in Kiosk Mode Using the -Q Option 218 Displaying the First User of a Machine Using the -R Option 222 Removing the Entry for a View Connection Server Instan
View Administration 10 VMware, Inc.
View Administration ® ® View Administration describes how to configure and administer VMware Horizon with View , including how to configure View Connection Server, create administrators, set up user authentication, configure policies, and manage VMware ThinApp™ applications in View Administrator. This document also describes how to maintain and troubleshoot View components. Intended Audience This information is intended for anyone who wants to configure and administer View.
View Administration 12 VMware, Inc.
Using View Administrator 1 View Administrator is the Web interface through which you configure View Connection Server and manage your remote desktops and applications. For a comparison of the operations that you can perform with View Administrator, View cmdlets, and vdmadmin, see the View Integration document.
View Administration Procedure 1 Open your Web browser and enter the following URL, where server is the host name of the View Connection Server instance. https://server/admin NOTE You can use the IP address if you have to access a View Connection Server instance when the host name is not resolvable. However, the host that you contact will not match the SSL certificate that is configured for the View Connection Server instance, resulting in blocked access or access with reduced security.
Chapter 1 Using View Administrator Table 1‑1. View Administrator Navigation and Display Features View Administrator Feature Description Navigating backward and forward in View Administrator pages Click your browser's Back button to go to the previously displayed View Administrator page. Click the Forward button to return to the current page. If you click the browser's Back button while you are using a View Administrator wizard or dialog box, you return to the main View Administrator page.
View Administration Table 1‑1. View Administrator Navigation and Display Features (Continued) View Administrator Feature Description Selecting View objects and displaying View object details In View Administrator tables that list View objects, you can select an object or display object details. n To select an object, click anywhere in the object's row in the table. At the top of the page, menus and commands that manage the object become active.
Configuring View Connection Server 2 After you install and perform initial configuration of View Connection Server, you can add vCenter Server instances and View Composer services to your View deployment, set up roles to delegate administrator responsibilities, and schedule backups of your configuration data.
View Administration 2 Add the Create Computer Objects, Delete Computer Objects, and Write All Properties permissions to the account in the Active Directory container in which the linked-clone computer accounts are created or to which the linked-clone computer accounts are moved.
Chapter 2 Configuring View Connection Server n Verify that all View Connection Server instances in the replicated group trust the root CA certificate for the server certificate that is installed on the vCenter Server host. Check if the root CA certificate is in the Trusted Root Certification Authorities > Certificates folder in the Windows local computer certificate stores on the View Connection Server hosts. If it is not, import the root CA certificate into the Windows local computer certificate stores.
View Administration n If the vCenter Server instance is configured with a default certificate, you must first determine whether to accept the thumbprint of the existing certificate. See “Accept the Thumbprint of a Default SSL Certificate,” on page 26. If View uses multiple vCenter Server instances, repeat this procedure to add the other vCenter Server instances.
Chapter 2 Configuring View Connection Server 3 If you are using View Composer, select the location of the View Composer host. Option Description View Composer is installed on the same host as vCenter Server. a b Select View Composer co-installed with the vCenter Server. Make sure that the port number is the same as the port that you specified when you installed the VMware Horizon View Composer service on vCenter Server. The default port number is 18443.
View Administration 7 Click Next to display the Storage Settings page. What to do next Enable virtual machine disk space reclamation and configure View Storage Accelerator for View. Allow vSphere to Reclaim Disk Space in Linked-Clone Virtual Machines In vSphere 5.1 and later, you can enable the disk space reclamation feature for View. Starting in vSphere 5.
Chapter 2 Configuring View Connection Server Procedure 1 2 In View Administrator, complete the Add vCenter Server wizard pages that precede the Storage Settings page. a Select View Configuration > Servers. b On the vCenter Servers tab, click Add. c Complete the vCenter Server Information, View Composer Settings, and View Composer Domains pages. On the Storage Settings page, make sure that Enable space reclamation is selected.
View Administration n Verify that the vCenter Server user was assigned the Global > Act as vCenter Server privilege in vCenter Server. See the topics in the View Installation document that describe View and View Composer privileges required for the vCenter Server user. Procedure 1 2 In View Administrator, complete the Add vCenter Server wizard pages that precede the Storage Settings page. a Select View Configuration > Servers. b On the vCenter Servers tab, click Add.
Chapter 2 Configuring View Connection Server Table 2‑1. Concurrent Operations Limits for vCenter Server and View Composer Setting Description Max concurrent vCenter provisioning operations Determines the maximum number of concurrent requests that View Connection Server can make to provision and delete full virtual machines in this vCenter Server instance. The default value is 20. This setting applies to full virtual machines only.
View Administration Logons, and therefore desktop power on operations, typically occur in a normally distributed manner over a certain time window. You can approximate the peak power-on rate by assuming that it occurs in the middle of the time window, during which about 40% of the power-on operations occur in 1/6th of the time window. For example, if users log on between 8:00 AM and 9:00 AM, the time window is one hour, and 40% of the logons occur in the 10 minutes between 8:25 AM and 8:35 AM.
Chapter 2 Configuring View Connection Server 3 Examine the certificate thumbprint that was configured for the vCenter Server or View Composer instance. a On the vCenter Server or View Composer host, start the MMC snap-in and open the Windows Certificate Store. b Navigate to the vCenter Server or View Composer certificate. c Click the Certificate Details tab to display the certificate thumbprint. Similarly, examine the certificate thumbprint for a SAML authenticator.
View Administration Procedure 1 Remove the linked-clone desktop pools that were created by View Composer. a In View Administrator, select Catalog > Desktop Pools. b Select a linked-clone desktop pool and click Delete. A dialog box warns that you will permanently delete the linked-clone desktop pool from View. If the linked-clone virtual machines are configured with persistent disks, you can detach or delete the persistent disks. c Click OK. The virtual machines are deleted from vCenter Server.
Chapter 2 Configuring View Connection Server Backing Up View Connection Server After you complete the initial configuration of View Connection Server, you should schedule regular backups of your View and View Composer configuration data. For information about backing up and restoring your View configuration, see “Backing Up and Restoring View Configuration Data,” on page 85.
View Administration The password must contain between 1 and 128 characters. Follow your organization's best practices for generating secure passwords. Procedure 1 In View Administrator, select View Configuration > Global Settings. 2 In the Security pane, click Change data recovery password. 3 Type and retype the new password. 4 (Optional) Type a password reminder. NOTE You can also change the data recovery password when you schedule your View configuration data to be backed up.
Chapter 2 Configuring View Connection Server Table 2‑2. General Global Settings for Client Sessions (Continued) Setting Description For clients that support applications. If the user stops using the keyboard and mouse, disconnect their applications and discard SSO credentials: Protects application sessions when there is no keyboard or mouse activity on the client device. If set to After ...
View Administration Table 2‑2. General Global Settings for Client Sessions (Continued) Setting Description Enable Windows Server 2008 R2 desktops Determines whether you can select available Windows Server 2008 R2 machines for use as desktops. When this setting is enabled, View Administrator displays all available Windows Server 2008 R2 machines, including machines on which View server components are installed.
Chapter 2 Configuring View Connection Server Table 2‑3. Global Security Settings for Client Sessions and Connections Setting Description Reauthenticate secure tunnel connections after network interruption Determines if user credentials must be reauthenticated after a network interruption when Horizon clients use secure tunnel connections to remote desktops. When you select this setting, if a secure tunnel connection is interrupted, Horizon Client requires the user to reauthenticate before reconnecting.
View Administration Table 2‑4. Message Security Mode Options Option Description Disabled Message security mode is disabled. Mixed Message security mode is enabled but not enforced. You can use this mode to detect components in your View environment that predate View 3.0. The log files generated by View Connection Server contain references to these components. Enabled Message security mode is enabled. Unsigned messages are rejected by View components. Message security mode is enabled by default.
Chapter 2 Configuring View Connection Server Procedure 1 In View Administrator, select View Configuration > Servers. 2 On the Connection Servers tab, select a View Connection Server instance and click Edit. 3 Configure use of the secure tunnel. Option Description Enable the secure tunnel Select Use Secure Tunnel connection to machine. Disable the secure tunnel Deselect Use Secure Tunnel connection to machine. The secure tunnel is enabled by default. 4 Configure use of the PCoIP Secure Gateway.
View Administration 3 Configure use of the Blast Secure Gateway. Option Description Enable the Blast Secure Gateway Select Use Blast Secure Gateway for HTML access to machine Disable the Blast secure Gateway Deselect Use Blast Secure Gateway for HTML access to machine The Blast Secure Gateway is enabled by default. 4 Click OK to save your changes.
Chapter 2 Configuring View Connection Server Set View Server External URLs to Point Clients to SSL Off-loading Servers If SSL is off-loaded to an intermediate server and Horizon Client devices use the secure tunnel to connect to View, you must set the secure tunnel external URL to an address that clients can use to access the intermediate server. You configure the external URL settings on the View Connection Server instance or security server that connects to the intermediate server.
View Administration n If the View server has more than one network interface, and you intend the server to listen for HTTP connections on only one interface, set serverHostNonSSL to the IP address of that network interface. 4 Save the locked.properties file. 5 Restart the View Connection Server service or security server service to make your changes take effect. Example: locked.properties file This file allows non-SSL HTTP connections to a View server.
Chapter 2 Configuring View Connection Server Both the secure tunnel external URL and PCoIP external URL must be the addresses that client systems use to reach this host. For example, if you configure a View Connection Server host, do not specify the secure tunnel external URL for this host and the PCoIP external URL for a paired security server. NOTE You cannot edit the external URLs for a security server that has not been upgraded to View Connection Server 4.5 or later.
View Administration 3 Decide whether to participate in or withdraw from the program by selecting or deselecting the Send anonymous data to VMware checkbox. 4 (Optional) If you participate, you can select the geographic location, type of business, and number of employees in your organization. 5 Click OK. View LDAP Directory View LDAP is the data repository for all View configuration information.
Setting Up Authentication 3 View uses your existing Active Directory infrastructure for user and administrator authentication and management. For added security, you can integrate View with smart card authentication. You can also use two-factor authentication solutions, such as RSA SecurID and RADIUS, to authenticate remote desktop and application users.
View Administration View is certified through the RSA SecurID Ready program and supports the full range of SecurID capabilities, including New PIN Mode, Next Token Code Mode, RSA Authentication Manager, and load balancing. n Logging in Using Two-Factor Authentication on page 42 When a user connects to a View Connection Server instance that has RSA SecurID authentication or RADIUS authentication enabled, a special login dialog box appears in Horizon Client.
Chapter 3 Setting Up Authentication n For RADIUS authentication, follow the vendor's configuration documentation. Make a note of the RADIUS server's host name or IP address, the port number on which it is listening for RADIUS authentication (usually 1812), the authentication type (PAP, CHAP, MS-CHAPv1, or MS-CHAPv2) and the shared secret. You will enter these values in View Administrator. You can enter values for a primary and a secondary RADIUS authenticator.
View Administration What to do next If you have a replicated group of View Connection Server instances and you want to also set up RADIUS authentication on them, you can re-use an existing RADIUS authenticator configuration. Troubleshooting RSA SecurID Access Denial Access is denied when Horizon Client connects with RSA SecurID authentication.
Chapter 3 Setting Up Authentication Using Smart Card Authentication You can configure a View Connection Server instance or security server so that users and administrators can authenticate by using smart cards. Smart cards are sometimes referred to as Common Access Cards (CACs). A smart card is a small plastic card that contains a computer chip. The chip, which is like a miniature computer, includes secure storage for data, including private keys and public key certificates.
View Administration 3 Add the Root Certificate to a Server Truststore File on page 47 You must add root certificates to a server truststore file for all users and administrators that you trust. View Connection Server instances and security servers use this information to authenticate smart card users and administrators.
Chapter 3 Setting Up Authentication 5 On the Certification Path tab, select the certificate at the top of the tree and click View Certificate. If the user certificate is signed as part of a trust hierarchy, the signing certificate might be signed by another higher-level certificate. Select the parent certificate (the one that actually signed the user certificate) as your root certificate. 6 On the Details tab, click Copy to File. The Certificate Export Wizard appears.
View Administration Modify View Connection Server Configuration Properties To enable smart card authentication, you must modify View Connection Server configuration properties on your View Connection Server or security server host. Prerequisites Add the root certificates for all trusted users to a server truststore file. Procedure 1 Create or edit the locked.properties file in SSL gateway configuration folder on the View Connection Server or security server host. For example: install_directory\VMware\VMwa
Chapter 3 Setting Up Authentication 3 To configure smart card authentication for remote desktop and application users, perform these steps. a b On the Authentication tab, select a configuration option from the Smart card authentication for users drop-down menu in the View Authentication section. Option Action Not allowed Smart card authentication is disabled on the View Connection Server instance.
View Administration 6 Restart the View Connection Server service. You must restart the View Connection Server service for changes to smart card settings to take effect, with one exception. You can change smart card authentication settings between Optional and Required without having to restart the View Connection Server service. Currently logged in user and administrators are not affected by changes to smart card settings.
Chapter 3 Setting Up Authentication Procedure 1 On your Active Directory server, start the ADSI Edit utility. 2 In the left pane, expand the domain the user is located in and double-click CN=Users. 3 In the right pane, right-click the user and then click Properties. 4 Double-click the userPrincipalName attribute and type the SAN value of the trusted CA certificate. 5 Click OK to save the attribute setting.
View Administration What to do next If an intermediate certification authority (CA) issues your smart card login or domain controller certificates, add the intermediate certificate to the Intermediate Certification Authorities group policy in Active Directory. See “Add an Intermediate Certificate to Intermediate Certification Authorities,” on page 52.
Chapter 3 Setting Up Authentication n In the locked.properties file on the View Connection Server or security server host, verify that the useCertAuth property is set to true and is spelled correctly. The locked.properties file is located in install_directory\VMware\VMware View\Server\sslgateway\conf. The useCertAuth property is commonly misspelled as userCertAuth.
View Administration Workspace Manager sends the SAML artifact to the Horizon client through Workspace Gateway, which in turn sends the artifact to the View Connection Server instance. The View Connection Server instance uses the SAML artifact to retrieve the SAML assertion from Workspace Manager through Workspace Gateway.
Chapter 3 Setting Up Authentication 3 On the Authentication tab, select a setting from the Delegation of authentication to VMware Horizon (SAML 2.0 Authenticator) drop-down menu to enable or disable the SAML authenticator. Option Description Disabled SAML authentication is disabled. You can launch remote desktops and applications only from Horizon Client. Allowed SAML authentication is enabled. You can launch remote desktops and applications from both Horizon Client and Workspace.
View Administration You can configure certificate revocation checking on a View Connection Server instance or on a security server. When a View Connection Server instance is paired with a security server, you configure certificate revocation checking on the security server. The CA must be accessible from the View Connection Server or security server host. You can configure both CRL and OCSP on the same View Connection Server instance or security server.
Chapter 3 Setting Up Authentication Configure CRL Checking When you configure CRL checking, View reads a CRL to determine the revocation status of a smart card user certificate. Prerequisites Familiarize yourself with the locked.properties file properties for CRL checking. See “Smart Card Certificate Revocation Checking Properties,” on page 58. Procedure 1 Create or edit the locked.properties file in the SSL gateway configuration folder on the View Connection Server or security server host.
View Administration 3 Restart the View Connection Server service or security server service to make your changes take effect. Example: locked.properties File The file shown enables smart card authentication and smart card certificate revocation checking, configures both CRL and OCSP certificate revocation checking, specifies the OCSP Responder location, and identifies the file that contains the OCSP signing certificate. trustKeyfile=lonqa.
Chapter 3 Setting Up Authentication Using the Log In as Current User Feature Available with WindowsBased Horizon Client With Horizon Client for Windows, when users select the Log in as current user check box, the credentials that they provided when logging in to the client system are used to authenticate to the View Connection Server instance and to the remote desktop. No further user authentication is required.
View Administration Prerequisites See the Microsoft TechNet Web site for information on how to use the ADSI Edit utility on your Windows operating system version. Procedure 1 Start the ADSI Edit utility on your View Connection Server host. 2 In the Connection Settings dialog box, select or connect to DC=vdi,DC=vmware,DC=int. 3 In the Computer pane, select or type localhost:389 or the fully qualified domain name (FQDN) of the View Connection Server host followed by port 389.
Configuring Role-Based Delegated Administration 4 One key management task in a View environment is to determine who can use View Administrator and what tasks those users are authorized to perform. With role-based delegated administration, you can selectively assign administrative rights by assigning administrator roles to specific Active Directory users and groups.
View Administration To create administrators, you select users and groups from your Active Directory users and groups and assign administrator roles. Administrators obtain privileges through their role assignments. You cannot assign privileges directly to administrators. An administrator that has multiple role assignments acquires the sum of all the privileges contained in those roles.
Chapter 4 Configuring Role-Based Delegated Administration Table 4‑1. Different Administrators for Different Access Groups Administrator Role Access Group view-domain.com\Admin1 Inventory Administrators /CorporateDesktops view-domain.com\Admin2 Inventory Administrators /DeveloperDesktops In this example, the administrator called Admin1 has the Inventory Administrators role on the access group called CorporateDesktops and the administrator called Admin2 has the Inventory Administrators role on the a
View Administration Table 4‑4. Permissions on the Folders Tab for MarketingDesktops Admin Role Inherited view-domain.com\Admin1 Inventory Administrators view-domain.com\Admin1 Administrators (Read only) Yes The first permission is the same as the first permission shown in Table 4-3. The second permission is inherited from the second permission shown in Table 4-3.
Chapter 4 Configuring Role-Based Delegated Administration n To assign a custom role to the administrator, create the custom role. See “Add a Custom Role,” on page 70. n To create an administrator that can manage specific desktop pools, create an access group and move the desktop pools to that access group. See “Manage and Review Access Groups,” on page 67. Procedure 1 In View Administrator, select View Configuration > Administrators. 2 On the Administrators and Groups tab, click Add User or Group.
View Administration n Delete a Permission on page 66 You can delete a permission that includes a specific administrator user or group, a specific role, or a specific access group. n Review Permissions on page 67 You can review the permissions that include a specific administrator or group, a specific role, or a specific access group. Add a Permission You can add a permission that includes a specific administrator user or group, a specific role, or a specific access group.
Chapter 4 Configuring Role-Based Delegated Administration Procedure 1 In View Administrator, select View Configuration > Administrators. 2 Select the permission to delete. 3 Option Action Delete a permission that applies to a specific administrator or group Select the administrator or group on the Administrators and Groups tab. Delete a permission that applies to a specific role Select the role on the Roles tab.
View Administration n Review the vCenter Virtual Machines in an Access Group on page 69 You can see the vCenter virtual machines in a particular access group in View Administrator. A vCenter virtual machine inherits the access group from its pool. Add an Access Group You can delegate the administration of specific machines, desktop pools, or farms to different administrators by creating access groups. By default, desktop pools, application pools, and farms reside in the root access group.
Chapter 4 Configuring Role-Based Delegated Administration Procedure 1 In View Administrator, select View Configuration > Administrators. 2 On the Access Groups tab, select the access group and click Remove Access Group. 3 Click OK to remove the access group. Review the Desktop Pools, Application Pools, or Farms in an Access Group You can see the desktop pools, the application pools, or the farms in a particular access group in View Administrator.
View Administration Add a Custom Role If the predefined administrator roles do not meet your needs, you can combine specific privileges to create your own roles in View Administrator. Prerequisites Familiarize yourself with the administrator privileges that you can use to create custom roles. See “Predefined Roles and Privileges,” on page 71. Procedure 1 In View Administrator, select View Configuration > Administrators. 2 On the Roles tab, click Add Role.
Chapter 4 Configuring Role-Based Delegated Administration Predefined Roles and Privileges View Administrator includes predefined roles that you can assign to your administrator users and groups. You can also create your own administrator roles by combining selected privileges. n Predefined Administrator Roles on page 71 The predefined administrator roles combine all of the individual privileges required to perform common administration tasks. You cannot modify the predefined roles.
View Administration Table 4‑6. Predefined Roles in View Administrator Role User Capabilities Administrators Perform all administrator operations, including creating additional administrator users and groups. In a Cloud Pod Architecture environment, administrators that have this role can configure and manage a pod federation and manage remote pod sessions.
Chapter 4 Configuring Role-Based Delegated Administration Table 4‑6. Predefined Roles in View Administrator (Continued) Applies to an Access Group Role User Capabilities Local Administrators Perform all local administrator operations, except for creating additional administrator users and groups. In a Cloud Pod Architecture environment, administrators that have this role cannot perform operations on the Global Data Layer or manage sessions on remote pods.
View Administration Object-Specific Privileges Object-specific privileges control operations on specific types of inventory objects. Roles that contain objectspecific privileges can be applied to access groups. Table 4-8 describes the object-specific privileges. The predefined roles Administrators and Inventory Administrators contain all of these privileges. Table 4‑8. Object-Specific Privileges Privilege User Capabilities Object Enable Farms and Desktop Pools Enable and disable desktop pools.
Chapter 4 Configuring Role-Based Delegated Administration Required Privileges for Common Tasks Many common administration tasks require a coordinated set of privileges. Some operations require permission at the root access group in addition to access to the object that is being manipulated. Privileges for Managing Pools An administrator must have certain privileges to manage pools in View Administrator.
View Administration Table 4‑12. Persistent Disk Management Tasks and Privileges Task Required Privileges Detach a disk Manage Persistent Disks on the disk and Manage Farms and Desktop and Application Pools on the pool. Attach a disk Manage Persistent Disks on the disk and Manage Farms and Desktop and Application Pools on the machine. Edit a disk Manage Persistent Disks on the disk and Manage Farms and Desktop and Application Pools on the selected pool.
Chapter 4 Configuring Role-Based Delegated Administration Table 4‑14. Privileges for General Administration Tasks and Commands (Continued) Task Required Privileges Use the vdmadmin and vdmimport commands Must have the Administrators role on the root access group. Use the vdmexport command Must have the Administrators role or the Administrators (Read only) role on the root access group.
View Administration 78 VMware, Inc.
Configuring Policies in View Administrator and Active Directory 5 You can use View Administrator to set policies for client sessions. You can configure Active Directory group policy settings to control the behavior of View Connection Server, the PCoIP display protocol, and View logging and performance alarms. You can also configure Active Directory group policy settings to control the behavior of View Agent, Horizon Client for Windows, View Persona Management, and certain features.
View Administration Configure Global Policy Settings You can configure global policies to control the behavior of all client sessions users. Prerequisites Familiarize yourself with the policy descriptions. See “View Policies,” on page 81. Procedure 1 In View Administrator, select Policies > Global Policies. 2 Click Edit policies in the View Policies pane. 3 Click OK to save your changes. Configure Policies for Desktop Pools You can configure desktop-level policies to affect specific desktop pools.
Chapter 5 Configuring Policies in View Administrator and Active Directory View Policies You can configure View policies to affect all client sessions, or you can apply them to affect specific desktop pools or users. Table 5-1 describes each View policy setting. Table 5‑1. View Policies Policy Description Multimedia redirection (MMR) Determines whether MMR is enabled for client systems.
View Administration View ADM and ADMX Template Files The View ADM and ADMX template files provide group policy settings that let you control and optimize View components. Table 5‑2. View ADM and ADMX Template Files Template Name Template File Description View Agent Configuration vdm_agent.adm Contains policy settings related to the authentication and environmental components of View Agent. See the Setting Up Desktop and Application Pools in View document. Horizon Client Configuration vdm_client.
Chapter 5 Configuring Policies in View Administrator and Active Directory Table 5‑3. View Server Configuration Template Settings Setting Properties Recursive Enumeration of Trusted Domains Determines whether every domain trusted by the domain in which the server resides is enumerated. To establish a complete chain of trust, the domains trusted by each trusted domain are also enumerated and the process continues recursively until all trusted domains are discovered.
View Administration Performance Alarm Settings Table 5-5 describe the performance alarm settings in the View Common Configuration ADM template file. Table 5‑5. View Common Configuration Template: Performance Alarm Settings Setting Properties CPU and Memory Sampling Interval in Seconds Specifies the CPU and memory polling interval CPU. A low sampling interval can result in an high level of output to the log.
Maintaining View Components 6 To keep your View components available and running, you can perform a variety of maintenance tasks.
View Administration You can perform backups in several ways. n Schedule automatic backups by using the View configuration backup feature. n Initiate a backup immediately by using the Backup Now feature in View Administrator. n Manually export View LDAP data by using the vdmexport utility. This utility is provided with each instance of View Connection Server.
Chapter 6 Maintaining View Components View Configuration Backup Settings View can back up your View Connection Server and View Composer configuration data at regular intervals. In View Administrator, you can set the frequency and other aspects of the backup operations. Table 6‑1. View Configuration Backup Settings Setting Description Automatic backup frequency Every Hour. Backups take place every hour on the hour. Every 6 Hours. Backups take place at midnight, 6 am, noon, and 6 pm. Every 12 Hours.
View Administration 2 At the command prompt, type the vdmexport command and redirect the output to a file. For example: vdmexport > Myexport.LDF By default, the exported data is encrypted. You can specify the output file name as an argument to the -f option. For example: vdmexport -f Myexport.LDF You can export the data in plain text format (verbatim) by using the -v option. For example: vdmexport -f Myexport.
Chapter 6 Maintaining View Components If you backed up your View LDAP configuration by using View Administrator or the default vdmexport command, the exported LDIF file is encrypted. You must decrypt the LDIF file before you can import it. If the exported LDIF file is in plain text format, you do not have to decrypt the file. NOTE Do not import an LDIF file in cleansed format, which is plain text with passwords and other sensitive data removed.
View Administration 11 Log in to View Administrator and validate that the configuration is correct. 12 Start the View Composer instances. 13 Reinstall the replica server instances. 14 Start the security server instances. If there is a risk that the security servers have inconsistent configuration, they should also be uninstalled rather than stopped and then reinstalled at the end of the process.
Chapter 6 Maintaining View Components 2 On the computer where View Composer is installed, stop the VMware Horizon View Composer service. 3 Open a Windows command prompt and navigate to the SviConfig executable file. The file is located with the View Composer application. C:\Program Files\VMware\VMware View Composer\sviconfig.exe 4 Run the SviConfig restoredata command.
View Administration Familiarize yourself with the SviConfig exportdata parameters: n DsnName - The DSN that is used to connect to the database. If it is not specified, DSN name, user name and password will be retrieved from server configuration file. n Username - The user name that is used to connect to the database. If this parameter is not specified, Windows authentication is used. n Password - The password for the user that connects to the database.
Chapter 6 Maintaining View Components Monitor View Components You can quickly survey the status of the View and vSphere components in your View deployment by using the View Administrator dashboard. View Administrator displays monitoring information about View Connection Server instances, the event database, security servers, View Composer services, datastores, vCenter Server instances, and domains. NOTE View cannot determine status information about Kerberos domains.
View Administration What to do next You can click a machine name to see details about the machine or click the View Administrator back arrow to return to the Dashboard page. Understanding View Services The operation of View Connection Server instances and security servers depends on several services that run on the system. These systems are started and stopped automatically, but you might sometimes find it necessary to adjust the operation of these services manually.
Chapter 6 Maintaining View Components Services on a View Connection Server Host The operation of View depends on several services that run on a View Connection Server host. Table 6‑4. View Connection Server Host Services Service Name Startup Type Description VMware Horizon View Blast Secure Gateway Automatic Provides secure HTML Access services. This service must be running if clients connect to View Connection Server through the HTML Access Secure Gateway.
View Administration Table 6‑5. Security Server Services (Continued) Service Name Startup Type Description VMware Horizon View PCoIP Secure Gateway Manual Provides PCoIP Secure Gateway services. This service must be running if clients connect to this security server through the PCoIP Secure Gateway. VMware Horizon View Security Gateway Component Manual Provides common gateway services. This service must always be running.
Chapter 6 Maintaining View Components The Highest column on the Product Licensing and Usage page displays the highest number of concurrent desktop sessions and remote application users since your View deployment was first configured or since the Reset Highest setting was last selected. An administrator with the Manage Global Configuration and Policies privilege can select the Reset Highest setting. To restrict access to the Reset Highest setting, give this privilege to designated administrators only.
View Administration n Migrate View Composer with an Existing Database on page 99 When you migrate View Composer to another physical or virtual machine, if you intend to preserve your current linked-clone virtual machines, the new VMware Horizon View Composer service must continue to use the existing View Composer database.
Chapter 6 Maintaining View Components Migrate View Composer with an Existing Database When you migrate View Composer to another physical or virtual machine, if you intend to preserve your current linked-clone virtual machines, the new VMware Horizon View Composer service must continue to use the existing View Composer database.
View Administration If you migrated the database, the DSN and data source information must point to the new location of the database. Whether or not you migrated the database, the new VMware Horizon View Composer service must have access to the original database information about the linked clones. 6 Configure an SSL server certificate for View Composer on the new machine.
Chapter 6 Maintaining View Components c In the View Composer Server Settings pane, click Edit. d Select Do not use View Composer and click OK. 2 Uninstall the VMware Horizon View Composer service from the current machine. 3 Install the VMware Horizon View Composer service on the new machine. During the installation, configure View Composer to connect to the DSN of the original or new View Composer database. 4 Configure an SSL server certificate for View Composer on the new machine.
View Administration Migrate the RSA Key Container to the New View Composer Service To use an existing View Composer database, you must migrate the RSA key container from the source physical or virtual machine on which the existing VMware Horizon View Composer service resides to the machine on which you want to install the new VMware Horizon View Composer service. You must perform this procedure before you install the new VMware Horizon View Composer service. Prerequisites Verify that the Microsoft .
Chapter 6 Maintaining View Components Update the Certificates on a View Connection Server Instance, Security Server, or View Composer When you receive updated server SSL certificates or intermediate certificates, you import the certificates into the Windows local computer certificate store on each View Connection Server, security server, or View Composer host. Typically, server certificates expire after 12 months. Root and intermediate certificates expire after 5 or 10 years.
View Administration 4 For a server certificate that is issued to View Composer, run the SviConfig ReplaceCertificate utility to bind the new certificate to the port used by View Composer. This utility replaces the old certificate binding with the new certificate binding. a Stop the VMware Horizon View Composer service. b In a Windows command prompt, type the SviConfig ReplaceCertificate command.
Chapter 6 Maintaining View Components How VMware Ensures Your Privacy VMware is committed to protecting your privacy and takes several steps to ensure that no data collected by the customer experience improvement program (CEIP) includes sensitive information that could uniquely identify a particular customer or user. The program does not collect any information that can be used to identify you or contact you. No data that identifies your organization or users is collected.
View Administration Additional Information About the Customer Experience Improvement Program After you choose to participate in the CEIP, data is collected on the first View Connection Server instance that starts in a View deployment. Configuration data is collected on a weekly basis. Performance and usage data is collected on an hourly basis.
Chapter 6 Maintaining View Components Table 6‑6.
View Administration Table 6‑8.
Chapter 6 Maintaining View Components Table 6‑9.
View Administration Table 6‑10. Dynamic Usage Data Collected from View Connection Server (Continued) Is This Field Made Anonymous? Example Value Number of times application connections have been launched for a user who is entitled to n number of applications No List of integers Number of times n protocol (such as PCoIP) sessions have been in existence when a user launches another application.
Chapter 6 Maintaining View Components Table 6‑12.
View Administration Table 6‑12.
Chapter 6 Maintaining View Components Table 6‑12.
View Administration Table 6‑13.
Chapter 6 Maintaining View Components Table 6‑14.
View Administration Table 6‑18. ESX Node Information Description Identifier of the vCenter Server that manages a particular ESXi host, along with an identifier for the ESXi host Is This Field Made Anonymous? No Example Value 1234-ADEE-BECF-41AA-4950BCDAhost-14 Table 6‑19.
Chapter 6 Maintaining View Components Cloud Pod Architecture Information Collected by VMware If you join the customer experience improvement program, VMware collects data from certain Cloud Pod Architecture fields. Fields containing sensitive information are made anonymous. Table 6‑21.
View Administration Table 6‑22. Data Collected from Horizon Clients for the Customer Experience Improvement Program Is This Field Made Anonymous ? Example Value Company that produced the Horizon Client application No VMware Product name No VMware Horizon Client Client product version No (The format is x.x.x-yyyyyy, where x.x.x is the client version number and yyyyyy is the build number.
Chapter 6 Maintaining View Components Table 6‑22. Data Collected from Horizon Clients for the Customer Experience Improvement Program (Continued) Description Is This Field Made Anonymous ? MB of memory on the host system No Example Value Examples include the following: 4096 n unknown (for Windows Store) n Number of USB devices connected No 2 (USB device redirection is supported only for Linux, Windows, and Mac OS X clients.
View Administration Table 6‑23. Data Collected from HTML Access Clients for the Customer Experience Improvement Program (Continued) 120 Is This Field Made Anonymous? Description Field name Example Value Browser user agent string No Examples include the following values: n Mozilla/5.0 (Windows NT 6.1; WOW64) n AppleWebKit/703.00 (KHTML, like Gecko) n Chrome/3.0.1750 n Safari/703.
Managing Linked-Clone Virtual Machines 7 With View Composer, you can update linked-clone virtual machines, reduce the size of their operating system data, and rebalance the linked-clone virtual machines among disk drives. You also can manage the View Composer persistent disks associated with linked clones.
View Administration 2 Select the desktop pool to refresh by double-clicking the pool ID in the left column. 3 Choose whether to refresh multiple virtual machines or a single virtual machine. Option Action To refresh all virtual machines in the desktop pool a b c d e To refresh a single virtual machine a b c 4 In View Administrator, select Catalog > Desktop Pools. Select the desktop pool to refresh by double-clicking the pool ID in the left column. On the Inventory tab, click Machines.
Chapter 7 Managing Linked-Clone Virtual Machines n A refresh preserves the unique computer information set up by QuickPrep or Sysprep. You do not need to rerun Sysprep after a refresh to restore the SID or the GUIDs of third-party software installed in the system drive. n After you recompose a linked clone, View takes a new snapshot of the linked clone's OS disk. Future refresh operations restore the OS data to that snapshot, not the one originally taken when the linked clone was first created.
View Administration Procedure 1 In vCenter Server, update the parent virtual machine for the recomposition. n Install OS patches or service packs, new applications, application updates, or make other changes in the parent virtual machine. n Alternatively, prepare another virtual machine to be selected as the new parent during the recomposition. 2 In vCenter Server, power off the updated or new parent virtual machine. 3 In vCenter Server, take a snapshot of the parent virtual machine.
Chapter 7 Managing Linked-Clone Virtual Machines Procedure 1 Choose whether to recompose the whole desktop pool or a single machine. Option Action To recompose all virtual machines in the desktop pool a b c d e To recompose selected virtual machines a b c 2 In View Administrator, select Catalog > Desktop Pools. Select the desktop pool to recompose by double-clicking the pool ID in the left column. On the Inventory tab, click Machines.
View Administration Desktop recompositions do not affect View Composer persistent disks. Apply these guidelines to recompositions: n You can recompose dedicated-assignment and floating-assignment desktop pools. n You can recompose a desktop pool on demand or as a scheduled event. You can schedule only one recomposition at a time for a given set of linked clones. Before you can schedule a new recomposition, you must cancel any previously scheduled task or wait until the previous operation is completed.
Chapter 7 Managing Linked-Clone Virtual Machines 2 Recompose the desktop pool again. View Composer creates a base image from the snapshot and recreates the linked-clone OS disks. View Composer persistent disks that contain user data and settings are preserved during the recomposition. Depending on the conditions of the incorrect recomposition, you might refresh or rebalance the linked clones instead of or in addition to recomposing them.
View Administration Procedure 1 Choose whether to rebalance the whole pool or a single virtual machine. Option Action To rebalance all virtual machines in the pool a b c d e To rebalance a single virtual machine a b c 2 In View Administrator, select Catalog > Desktop Pools. Select the pool to rebalance by double-clicking the pool ID in the left column. On the Inventory tab, click Machines. Use the Ctrl or Shift keys to select multiple all the machine IDs in the left column.
Chapter 7 Managing Linked-Clone Virtual Machines n If you edit a pool and change the host or cluster and the datastores on which linked clones are stored, you can only rebalance the linked clones if the newly selected host or cluster has full access to both the original and the new datastores. All hosts in the new cluster must have access to the original and new datastores. For example, you might create a linked-clone desktop pool on a standalone host and select a local datastore to store the clones.
View Administration An original persistent disk has a filename with a user-disk label: desktop_name-vdm-user-disk-D-ID.vmdk. An original disposable-data disk has a filename with a disposable label: desktop_name-vdm-disposable- ID.vmdk. After a rebalance operation moves a linked clone to a new datastore, vCenter Server uses a common filename syntax for both types of disks: desktop_name_n.vmdk.
Chapter 7 Managing Linked-Clone Virtual Machines 3 Choose where to store the persistent disk. Option Description Use current datastore Store the persistent disk on the datastore where it is currently located. Use the following datastore Select a new datastore on which to store the persistent disk. Click Browse, click the down arrow, and select a new datastore from the Choose a Datastore menu. You cannot select a local datastore to store a detached persistent disk.
View Administration What to do next Make sure that the user of the linked clone has sufficient privileges to use the attached secondary disk. For example, if the original user had certain access permissions on the persistent disk, and the persistent disk is attached as drive D on the new linked clone, the new user of the linked clone must have the original user's access permissions on drive D.
Chapter 7 Managing Linked-Clone Virtual Machines To move a detached persistent disk from non-Virtual SAN to Virtual SAN, you can recreate the disk on a virtual machine that is stored on a non-Virtual SAN datastore and rebalance the virtual machine's desktop pool to a Virtual SAN datastore. Procedure 1 In View Administrator, select Resources > Persistent Disks. 2 On the Detached tab, select the persistent disk and click Recreate Machine.
View Administration Delete a Detached View Composer Persistent Disk When you delete a detached persistent disk, you can remove the disk from View and leave it on the datastore or delete the disk from View and the datastore. Procedure 1 In View Administrator, select Resources > Persistent Disks. 2 On the Detached tab, select the persistent disk and click Delete. 3 Choose whether to delete the disk from the datastore or let it remain on the datastore after it is removed from View.
Managing Desktop Pools, Machines, and Sessions 8 In View Administrator, you can manage desktop pools, virtual machine-based desktops, physical machinebased desktops, desktop sessions, and application sessions.
View Administration Modifying Settings in an Existing Desktop Pool After you create a desktop pool, you can change certain configuration settings. Table 8‑1. Editable Settings in an Existing Desktop Pool 136 Configuration Tab Description General Edit desktop pool-naming options and storage policy management settings. Storage policy management settings determine whether to use a Virtual SAN datastore. If you do not use Virtual SAN, you can select separate datastores for replica and OS disks.
Chapter 8 Managing Desktop Pools, Machines, and Sessions Fixed Settings in an Existing Desktop Pool After you create a desktop pool, you cannot change certain configuration settings. Table 8‑2. Fixed Settings in an Existing Desktop Pool Setting Description Pool type After you create an automated, manual, or RDS desktop pool, you cannot change the pool type. User assignment You cannot switch between dedicated assignments and floating assignments.
View Administration If you decrease the size of a dedicated-assignment pool, unassigned machines are deleted. If more users are assigned to machines than the new maximum, the pool size decreases after you unassign users. NOTE When you decrease the size of a desktop pool, the actual number of machines might be larger than Max number of machines if more users are currently logged in or assigned to machines than the value that is specified in Max number of machines.
Chapter 8 Managing Desktop Pools, Machines, and Sessions 8 Correct invalid machine names. a Place your cursor over an invalid name to display the related error message at the bottom of the page. b Click Back. c Edit the incorrect names and click Next. 9 Click Finish. 10 Click OK. View adds the new machines to the pool. In vCenter Server, you can monitor the creation of the new virtual machines.
View Administration 2 3 Select a desktop pool and change the status of the pool. Option Action Disable provisioning Select Disable Provisioning from the Status drop-down menu. Enable provisioning Select Enable Provisioning from the Status drop-down menu. Click OK. Configure Adobe Flash Quality and Throttling You can set Adobe Flash quality and throttling modes to reduce the amount of bandwidth that is used by Adobe Flash content in remote desktops.
Chapter 8 Managing Desktop Pools, Machines, and Sessions Table 8‑4. Adobe Flash Throttling Settings Throttling Setting Description Disabled No throttling is performed. The timer interval is not modified. Conservative Timer interval is 100 milliseconds. This setting results in the lowest number of dropped frames. Moderate Timer interval is 500 milliseconds. Aggressive Timer interval is 2500 milliseconds. This setting results in the highest number of dropped frames.
View Administration The desktop pool is removed from View. Even if you keep the virtual machines in vCenter Server, View cannot access them. When you delete a desktop pool, linked-clone virtual machines' computer accounts are removed from Active Directory. Full virtual machines' computer accounts remain in Active Directory. To remove these accounts, you must manually delete them from Active Directory.
Chapter 8 Managing Desktop Pools, Machines, and Sessions Procedure 1 In View Administrator, select Resources > Machines or select Catalog > Desktop Pools, double-click a pool ID, and click the Inventory tab. 2 Select the machine. 3 Select Unassign User from the More Commands drop-down menu. 4 Click OK. The machine is available and can be assigned to another user.
View Administration 2 3 In the Machine Status pane, expand a status folder. Option Description Preparing Lists the machine states while the virtual machine is being provisioned, deleted, or in maintenance mode. Problem Machines Lists the machine error states. Prepared for use Lists the machine states when the virtual machine is ready for use. Locate the machine status and click the hyperlinked number next to it. The Machines page displays all virtual machines with the selected status.
Chapter 8 Managing Desktop Pools, Machines, and Sessions Table 8‑5. Status of Virtual Machines That Are Managed by vCenter Server (Continued) Status Description Protocol failure A display protocol did not start before the View Agent startup period expired. NOTE View Administrator can display machines in a Protocol failure state when one protocol failed but other protocols started successfully.
View Administration Table 8‑6. Machine Status Conditions Condition Description Missing The virtual machine is missing in vCenter Server. Typically, the virtual machine was deleted in vCenter Server, but the View LDAP configuration still has a record of the machine. Task halted A View Composer operation such as refresh, recompose, or rebalance was stopped. For details about troubleshooting a recompose operation, see “Correcting an Unsuccessful Recomposition,” on page 126.
Chapter 8 Managing Desktop Pools, Machines, and Sessions 4 Choose how to delete the virtual-machine desktop. Option Description Pool that contains full virtualmachine desktops Choose whether to keep or delete the virtual machines in vCenter Server. If you delete the virtual machines from disk, users in active sessions are disconnected from their desktops.
View Administration Add an Unmanaged Machine to a Manual Pool You can increase the size of a manual desktop pool by adding unmanaged machines to the pool. Prerequisites Verify that View Agent is installed on the unmanaged machine. For information about preparing an unmanaged machine, see "Install View Agent on an Unmanaged Machine" in the Setting up Desktop and Application Pools in View document. Procedure 1 In View Administrator, select Catalog > Desktop Pools.
Chapter 8 Managing Desktop Pools, Machines, and Sessions Prerequisites Verify that the registered machines that you want to remove are not being used in any desktop pool. Procedure 1 In View Administrator, select View Configuration > Registered Machines. 2 Click the Others tab. 3 Select one or more machines and click Remove. You can select only machines that are not being used by a desktop pool. 4 Click OK to confirm.
View Administration Table 8‑7. Status of Unmanaged Machines (Continued) Status Description Unknown The machine is in an unknown state. Available The desktop-source computer is powered on and the desktop is ready for a connection. In a dedicated pool, the desktop is assigned to a user. The desktop starts when the user logs in. Connected The desktop is in a session and has a remote connection to a Horizon Client device.
Chapter 8 Managing Desktop Pools, Machines, and Sessions When you export a View Administrator table, it is saved as a comma-separated value (CSV) file. This feature exports the entire table, not individual pages. Procedure 1 In View Administrator, display the table you want to export. For example, click Resources > Machines to display the machines table. 2 Click the export icon in the upper right corner of the table. When you point to the icon, the Export table contents tooltip appears.
View Administration 152 VMware, Inc.
Managing Application Pools, Farms, and RDS Hosts 9 In View Administrator, you can perform management operations such as configuring or deleting desktop pools, farms, or RDS hosts. This chapter includes the following topics: n “Managing Application Pools,” on page 153 n “Managing Farms,” on page 154 n “Managing RDS Hosts,” on page 155 Managing Application Pools You can add, edit, delete, or entitle application pools in View Administrator.
View Administration Procedure 1 In View Administrator, select Catalog > Application Pools. 2 Select one or more application pools and click Delete. 3 Click OK to confirm. Managing Farms In View Administrator, you can add, edit, delete, enable, and disable farms. To add a farm, see "Creating Farms" in the Setting Up Desktop and Application Pools in View document. For information on access groups, see Chapter 4, “Configuring Role-Based Delegated Administration,” on page 61.
Chapter 9 Managing Application Pools, Farms, and RDS Hosts Procedure 1 In View Administrator, select Resources > Farms. 2 Select one or more farms and click More Commands. 3 Click Enable or Disable. 4 Click OK to confirm. The status of the RDS desktop pools and application pools that are associated with the farm are now Unavailable. You can view the status of the pools by selecting Catalog > Desktop Pools or Catalog > Application Pools.
View Administration Remove an RDS Host from View You can remove an RDS host from View that you no longer plan to use. You can remove only RDS hosts that do not belong to a farm. Prerequisites Verify that the RDS host does not belong to a farm. Procedure 1 In View Administrator, select View Configuration > Registered Machines. 2 Select an RDS host and click Remove. 3 Click OK. After you remove an RDS host, to use it again, you must reinstall View Agent.
Chapter 9 Managing Application Pools, Farms, and RDS Hosts Property Description RDS Host Name of the RDS host. Farm Farm to which the RDS host belongs. Desktop Pool RDS desktop pool associated with the farm. Agent Version Version of ViewView Agent that runs on the RDS host. Sessions Number of client sessions. DNS Name DNS name of the RDS host. Type Version of Windows Server that runs on the RDS host. RDS Farm Farm to which the RDS host belongs.
View Administration Table 9‑1. Status of an RDS Host (Continued) Status Description Unknown RDS host is in an unknown state. Available RDS host is available. If the host is in a farm, and the farm is associated with an RDS or application pool, it will be used to deliver RDS desktops or applications to users.
Managing ThinApp Applications in View Administrator 10 You can use View Administrator to distribute and manage applications packaged with VMware ThinApp. Managing ThinApp applications in View Administrator involves capturing and storing application packages, adding ThinApp applications to View Administrator, and assigning ThinApp applications to machines and desktop pools. You must have a license to use the ThinApp management feature in View Administrator.
View Administration n Make sure that a disjoint namespace does not prevent domain member computers from accessing the network share that hosts the MSI packages. A disjoint namespace occurs when an Active Directory domain name is different from the DNS namespace that is used by machines in that domain. See VMware Knowledge Base (KB) article 1023309 for more information. n To run streamed ThinApp applications on remote desktops, users must have access to the network share that hosts the MSI packages.
Chapter 10 Managing ThinApp Applications in View Administrator Procedure 1 Start the ThinApp Setup Capture wizard and follow the prompts in the wizard. 2 When the ThinApp Setup Capture wizard prompts you for a project location, select Build MSI package. 3 If you plan to stream the application to remote desktops, set the MSIStreaming property to 1 in the package.ini file.
View Administration Procedure 1 In View Administrator, select View Configuration > ThinApp Configuration and click Add Repository. 2 Type a display name for the application repository in the Display name text box. 3 Type the path to the Windows network share that hosts your application packages in the Share path text box. The network share path must be in the form \\ServerComputerName\ShareName where ServerComputerName is the DNS name of the server computer. Do not specify an IP address.
Chapter 10 Managing ThinApp Applications in View Administrator Creating ThinApp templates is optional. NOTE If you add an application to a ThinApp template after assigning the template to a machine or desktop pool, View Administrator does not automatically assign the new application to the machine or desktop pool. If you remove an application from a ThinApp template that was previously assigned to a machine or desktop pool, the application remains assigned to the machine or desktop pool.
View Administration n Assign a ThinApp Application to Multiple Desktop Pools on page 166 You can assign a particular ThinApp application to one or more desktop pools. n Assign Multiple ThinApp Applications to a Desktop Pool on page 166 You can assign one more ThinApp applications to a particular desktop pool.
Chapter 10 Managing ThinApp Applications in View Administrator 2 Select Assign Machines from the Add Assignment drop-down menu. The machines that the ThinApp application is not already assigned to appear in the table. 3 Option Action Find a specific machine Type the name of the machine in the Find text box and click Find. Find all of the machines that follow the same naming convention Type a partial machine name in the Find text box and click Find.
View Administration View Administrator begins installing the ThinApp applications a few minutes later. After the installation is finished, the applications are available to all of the users of the remote desktop that is hosted by the virtual machine. Assign a ThinApp Application to Multiple Desktop Pools You can assign a particular ThinApp application to one or more desktop pools.
Chapter 10 Managing ThinApp Applications in View Administrator Procedure 1 In View Administrator, select Catalog > Desktop Pools and double-click the pool ID. 2 On the Inventory tab, click ThinApps and then click Add Assignment. The ThinApp applications that are not already assigned to the pool appear in the table. 3 To find a particular application, type the name of the ThinApp application in the Find text box and click Find. 4 Select a ThinApp application to assign to the pool and click Add.
View Administration 5 Select an installation type and click OK. Option Action Streaming Installs a shortcut to the application on the machine. The shortcut points to the application on the network share that hosts the repository. Users must have access to the network share to run the application. Full Installs the full application on the machine's local file system. Some ThinApp applications do not support both installation types.
Chapter 10 Managing ThinApp Applications in View Administrator Table 10‑1. ThinApp Application Installation Status Status Description Assigned The ThinApp application is assigned to the machine. Install Error An error occurred when View Administrator attempted to install the ThinApp application. Uninstall Error An error occurred when View Administrator attempted to uninstall the ThinApp application. Installed The ThinApp application is installed.
View Administration n Modify or Delete a ThinApp Template on page 172 You can add and remove applications from a ThinApp template. You can also delete a ThinApp template. n Remove an Application Repository on page 172 You can remove an application repository from View Administrator. Remove a ThinApp Application Assignment from Multiple Machines You can remove an assignment to a particular ThinApp application from one or more machines.
Chapter 10 Managing ThinApp Applications in View Administrator Remove a ThinApp Application Assignment from Multiple Desktop Pools You can remove an assignment to a particular ThinApp application from one or more desktop pools. Prerequisites Notify the users of the remote desktops in the pools that you intend to remove the application. Procedure 1 In View Administrator, select Catalog > ThinApps and double-click the name of the ThinApp application.
View Administration Modify or Delete a ThinApp Template You can add and remove applications from a ThinApp template. You can also delete a ThinApp template. If you add an application to a ThinApp template after assigning the template to a machine or desktop pool, View Administrator does not automatically assign the new application to the machine or desktop pool.
Chapter 10 Managing ThinApp Applications in View Administrator Cause The View Connection Server host cannot access the network share that hosts the application repository. The network share path that you typed in the Share path text box might be incorrect, the network share that hosts the application repository is in a domain that is not accessible from the View Connection Server host, or the network share permissions have not been set up properly.
View Administration Solution If the template contains a ThinApp application that is already assigned to the machine or desktop pool, create a new template that does not contain the application or edit the existing template and remove the application. Assign the new or modified template to the machine or desktop pool. To change the installation type of a ThinApp application, you must remove the existing application assignment from the machine or desktop pool.
Chapter 10 Managing ThinApp Applications in View Administrator You can see the View Agent and View Connection Server log files for more information about the cause of the problem. View Agent log files are located on the machine in drive:\Documents and Settings\All Users\Application Data\VMware\VDM\logs for Windows XP systems and drive:\ProgramData\VMware\VDM\logs for Windows 7 systems. View Connection Server log files are located on the View Connection Server host in the drive:\Documents and Settings\All
View Administration Procedure 1 Download the ThinApp software from http://www.vmware.com/products/thinapp and install it on a clean computer. View supports ThinApp version 4.6 and later. 2 Use the ThinApp Setup Capture wizard to capture and package your applications in MSI format.
Setting Up Clients in Kiosk Mode 11 You can set up unattended clients that can obtain access to their desktops from View. A client in kiosk mode is a thin client or a lock-down PC that runs Horizon Client to connect to a View Connection Server instance and launch a remote session. End users do not typically need to log in to access the client device, although the remote desktop might require them to provide authentication information for some applications.
View Administration n Administrators, Inventory Administrators, or an equivalent role to use View Administrator to entitle users or groups to remote desktops. n Administrators or an equivalent role to run the vdmadmin command. Procedure 1 Prepare Active Directory and View for Clients in Kiosk Mode on page 178 You must configure Active Directory to accept the accounts that you create to authenticate client devices.
Chapter 11 Setting Up Clients in Kiosk Mode 3 Configure the guest operating system so that the clients are not locked when they are left unattended. View suppresses the pre-login message for clients that connect in kiosk mode. If you require an event to unlock the screen and display a message, you can configure a suitable application on the guest operating system. 4 In View Administrator, create the desktop pool that the clients will use and entitle the group to this pool.
View Administration Option Description -noexpirepassword Specifies that passwords on client accounts do not expire. -nogroup Clears the setting for the default group. -ou DN Specifies the distinguished name of the default organizational unit to which client accounts are added. For example: OU=kiosk-ou,DC=myorg,DC=com NOTE You cannot use the command to change the configuration of an organizational unit. The command updates the default values for clients in the View Connection Server group.
Chapter 11 Setting Up Clients in Kiosk Mode Add Accounts for Clients in Kiosk Mode You can use the vdmadmin command to add accounts for clients to the configuration of a View Connection Server group. After you add a client, it is available for use with a View Connection Server instance on which you have enabled authentication of clients. You can also update the configuration of clients, or remove their accounts from the system.
View Administration The command creates a user account in Active Directory for the client in the specified domain and group (if any). Example: Adding Accounts for Clients Add an account for a client specified by its MAC address to the MYORG domain, using the default settings for the group kc-grp. vdmadmin -Q -clientauth -add -domain MYORG -clientid 00:10:db:ee:76:80 -group kc-grp Add an account for a client specified by its MAC address to the MYORG domain, using an automatically generated password.
Chapter 11 Setting Up Clients in Kiosk Mode Example: Enabling Authentication of Clients in Kiosk Mode Enable authentication of clients for the View Connection Server instance csvr-2. Clients with automatically generated passwords can authenticate themselves without providing a password. vdmadmin -Q -enable -s csvr-2 Enable authentication of clients for the View Connection Server instance csvr-3, and require that the clients specify their passwords to Horizon Client.
View Administration Password Required : false Common Name : CONSVR2 Client Authentication Enabled : true Password Required : false What to do next Verify that the clients can connect to their remote desktops. Connect to Remote Desktops from Clients in Kiosk Mode You can run the client from the command line or use a script to connect a client to a remote session. You would usually use a command script to run Horizon Client on a deployed client device.
Chapter 11 Setting Up Clients in Kiosk Mode Procedure u To connect to a remote session, type the appropriate command for your platform. Option Description Windows Enter C:\Program Files (x86)\VMware\VMware Horizon View Client\vmware-view.exe -unattended [-serverURL connection_server] [-userName user_name] [-password password] Linux -password password Specifies the password for the client's account. If you defined a password for the account, you must specify this password.
View Administration Run Horizon Client on a Linux client using an assigned name and password. vmware-view -unattended -s 145.124.24.100 --once -u custom-Terminal21 -p "Secret1!" 186 VMware, Inc.
Troubleshooting View 12 You can use a variety of procedures for diagnosing and fixing problems that you might encounter when using View. You can use troubleshooting procedures to investigate the causes of such problems and attempt to correct them yourself, or you can obtain assistance from VMware Technical Support. For information about troubleshooting desktops and desktop pools, see the Setting Up Desktop and Application Pools in View document.
View Administration Events Provides links to the Events screen filtered for error events and for warning events. System Health Provides links to the Dashboard screen, which displays summaries of the status of View components, vSphere components, domains, desktops, and datastore usage. The system health dashboard displays a numbered link against each item. This value indicates the number of items that the linked report provides details about.
Chapter 12 Troubleshooting View Collecting Diagnostic Information for View You can collect diagnostic information to help VMware Technical Support diagnose and resolve issues with View. You can collect diagnostic information for various components of View. How you collect this information varies depending on the View component.
View Administration 2 Open a command prompt and run the command to generate the DCT bundle. Option Action On View Connection Server, using vdmadmin To specify the names of the output bundle file, desktop pool, and machine, use the -outfile, -d, and -m options with the vdmadmin command. vdmadmin -A [-b authentication_arguments] -getDCT -outfile local_file -d desktop -m machine On the remote desktop Change directories to c:\Program Files\VMware\VMware View\Agent\DCT and run the following command: suppo
Chapter 12 Troubleshooting View Collect Diagnostic Information for View Composer Using the Support Script You can use the View Composer support script to collect configuration data and generate log files for View Composer. This information helps VMware customer support diagnose any issues that arise with View Composer. Prerequisites Log in to the computer on which View Composer is installed.
View Administration 3 When you have collected enough information about the behavior of View Connection Server, select Start > All Programs > VMware > Generate View Connection Server Log Bundle. The support tool writes the log files to a folder called vdm-sdct on the desktop of the View Connection Server instance. 4 File a support request on the Support page of the VMware Web site and attach the output files.
Chapter 12 Troubleshooting View Option Description 7 Selects debug logging for virtual channels (View Agent and Horizon Client only). 8 Selects trace logging for virtual channels (View Agent and Horizon Client only). The script writes the zipped log files to the folder vdm-sdct on the desktop. 3 You can find the View Composer guest agent logs in the C:\Program Files\Common Files\VMware\View Composer Guest Agent svi-ga-support directory.
View Administration Solution If you intend to keep the security server in your View environment, take these steps: 1 In View Administrator, select View Configuration > Servers. 2 On the Security Servers tab, select a security server, select Prepare for Upgrade or Reinstallation from the More Commands drop-down menu, and click OK.
Chapter 12 Troubleshooting View 5 Configure the proxy settings. For example, at the netsh winhttp> prompt, type import proxy source=ie. The proxy settings are imported to the View Connection Server computer. 6 Verify the proxy settings by typing show proxy. 7 Restart the VMware Horizon View Connection Server service. 8 On the View Administrator dashboard, verify that the security server or View Connection Server icon is green.
View Administration 196 VMware, Inc.
Using the vdmadmin Command 13 You can use the vdmadmin command line interface to perform a variety of administration tasks on a View Connection Server instance. You can use vdmadmin to perform administration tasks that are not possible from within the View Administrator user interface or to perform administration tasks that need to run automatically from scripts. For a comparison of the operations that are possible in View Administrator, View cmdlets, and vdmadmin, see the View Integration document.
View Administration n Assigning Dedicated Machines Using the -L Option on page 207 You can use the vdmadmin command with the -L option to assign machines from a dedicated pool to users. n Displaying Information About Machines Using the -M Option on page 209 You can use the vdmadmin command with the -M option to display information about the configuration of virtual machines or physical computers.
Chapter 13 Using the vdmadmin Command vdmadmin Command Usage The syntax of the vdmadmin command controls its operation. Use the following form of the vdmadmin command from a Windows command prompt. vdmadmin command_option [additional_option argument] ... The additional options that you can use depend on the command option. By default, the path to the vdmadmin command executable file is C:\Program Files\VMware\VMware View\Server\tools\bin.
View Administration Table 13‑1. Options for Selecting Output Format (Continued) Option Description -w Display the output using Unicode (UTF-16) characters. This is the default character set for XML output. -xml Formats the output as XML. vdmadmin Command Options You use the command options of the vdmadmin command to specify the operation that you want it to perform. Table 13-2 shows the command options that you can use with the vdmadmin command to control and examine the operation of View.
Chapter 13 Using the vdmadmin Command Configuring Logging in View Agent Using the ‑A Option You can use the vdmadmin command with the -A option to configure logging by View Agent.
View Administration Examples Display the logging level of the Agent for the machine machine1 in the desktop pool dtpool2. vdmadmin -A -d dtpool2 -m machine1 -getloglevel Set the logging level of the View Agent for the machine machine1 in the desktop pool dtpool2 to debug. vdmadmin -A -d dtpool2 -m machine1 -setloglevel debug Display the list of View Agent log files for the machine machine1 in the desktop pool dtpool2.
Chapter 13 Using the vdmadmin Command Table 13‑4. Options for Overriding IP Addresses (Continued) Option Description -m machine Specifies the name of the machine in a desktop pool. -override Specifies an operation for overriding IP addresses. -r Removes an overridden IP address. Examples Override the IP address for the machine machine2 in the desktop pool dtpool2. vdmadmin -A -override -i 10.20.54.
View Administration Return the GUID of the group. vdmadmin -C Updating Foreign Security Principals Using the ‑F Option You can use the vdmadmin command with the -F option to update the foreign security principals (FSPs) of Windows users in Active Directory who are authorized to use a desktop. Syntax vdmadmin -F [-b authentication_arguments] [-u domain\user] Usage Notes If you trust domains outside of your local domains, you allow access by security principals in the external domains to the local domains
Chapter 13 Using the vdmadmin Command Table 13‑5. Health Monitors (Continued) Monitor Description SGMonitor Monitors the health of security gateway services and security servers. VCMonitor Monitors the health of vCenter servers. If a component has several instances, View creates a separate monitor instance to monitor each instance of the component. The command outputs all information about health monitors and monitor instances in XML format.
View Administration Options Table 13-7 shows the options that you can specify to list and display reports and views. Table 13‑7. Options for Listing and Displaying Reports and Views Option Description -enddate yyyy-MM-dd-HH:mm:ss Specifies a upper limit for the date of information to be displayed. -list Lists the available reports and views. -report report Specifies a report. -startdate yyyy-MM-dd-HH:mm:ss Specifies a lower limit for the date of information to be displayed.
Chapter 13 Using the vdmadmin Command Options You can disable or enable the eventSyslog option. You can direct the Syslog output to the local system only or to another location. Direct UDP connection to a Syslog server is supported with View 5.2 or later. See "Configure Event Logging for Syslog Servers" in the View Installation document. Table 13‑8. Options for Generating View Event Log Messages in Syslog Format Option Description -disable Disables Syslog logging. -e|-enable Enables Syslog logging.
View Administration Usage Notes View assigns machines to users when they first connect to a dedicated desktop pool. Under some circumstances, you might want to preassign machines to users. For example, you might want to prepare their system environments in advance of their initial connection. After a user connects to a remote desktop that View assigns from a dedicated pool, the virtual machine that hosts the desktop remains assigned to the user for the life span of the virtual machine.
Chapter 13 Using the vdmadmin Command Displaying Information About Machines Using the ‑M Option You can use the vdmadmin command with the -M option to display information about the configuration of virtual machines or physical computers. Syntax vdmadmin -M [-b authentication_arguments] [-m machine | [-u domain\user][-d desktop]] [-xml | -csv] [-w | -n] Usage Notes The command displays information about a remote desktop's underlying virtual machine or physical computer. n Display name of the machine.
View Administration Display information about the machine machine3 and format the output as comma-separated values. vdmadmin -M -m machine3 -csv Reclaiming Disk Space on Virtual Machines Using the ‑M Option You can use the vdmadmin command with the -M option to mark a linked-clone virtual machine for disk space reclamation.
Chapter 13 Using the vdmadmin Command Configuring Domain Filters Using the ‑N Option You can use the vdmadmin command with the -N option to control the domains that View makes available to end users.
View Administration Table 13‑12. Options for Configuring Domain Filters (Continued) Option Description -s connsvr Specifies that the operation applies to the domain filters on a View Connection Server instance. You can specify the View Connection Server instance by its name or IP address. If you do not specify this option, any change that you make to the search configuration applies to all View Connection Server instances in the group. -search Specifies an operation on a search exclusion list.
Chapter 13 Using the vdmadmin Command Primary Domain: MYDOM Domain: Domain: Domain: Domain: Domain: Domain: MYDOM DNS:mydom.mycorp.com YOURDOM DNS:yourdom.mycorp.com FARDOM DNS:fardom.mycorp.com DEPTX DNS:deptx.mycorp.com DEPTY DNS:depty.mycorp.com DEPTZ DNS:deptz.mycorp.com Display the available domains in XML using ASCII characters. vdmadmin -N -domains -list -active -xml -n Remove the domain NEARDOM from the exclusion list for a View Connection Server group.
View Administration 4 Inclusion list configured for the View Connection Server group View applies only the first list that it selects to the search results. If you specify a domain for inclusion, and its domain controller is not currently accessible, View does not include that domain in the list of active domains. You cannot exclude the primary domain to which a View Connection Server instance or security server belongs.
Chapter 13 Using the vdmadmin Command Example of Filtering to Exclude Domains You can use an inclusion list to specify the domains that View excludes from the results of a domain search. A group of two View Connection Server instances, CONSVR-1 and CONSVR-2, is joined to the primary MYDOM domain and has a trusted relationship with the YOURDOM domain. The YOURDOM domain has a trusted relationship with the DEPTX and FARDOM domains.
View Administration Cluster Settings Include: Exclude: Search : FARDOM DEPTX Broker Settings: CONSVR-1 Include: (*)Exclude: YOURDOM Search : Broker Settings: CONSVR-2 Include: Exclude: Search : View limits the domain search on each View Connection Server host in the group to exclude the domains FARDOM and DEPTX. The characters (*) next to the exclusion list for CONSVR-1 indicates that View excludes the YOURDOM domain from the results of the domain search on CONSVR-1.
Chapter 13 Using the vdmadmin Command Usage Notes If you revoke a user's entitlement to a persistent virtual machine or to a physical system, the associated remote desktop assignment is not automatically revoked. This condition might be acceptable if you have temporarily suspended a user’s account or if the user is on a sabbatical. When you reenable entitlement, the user can continue using the same virtual machine as previously.
View Administration Apply your own stylesheet C:\tmp\unentitled-policies.xsl and redirect the output to the file up- output.html. vdmadmin -P -ld -xml -xsltpath "C:\tmp\unentitled-policies.xsl" > up-output.html Configuring Clients in Kiosk Mode Using the ‑Q Option You can use the vdmadmin command with the -Q option to set defaults and create accounts for clients in kiosk mode, to enable authentication for these clients, and to display information about their configuration.
Chapter 13 Using the vdmadmin Command If you use the -group option to specify a group or you have previously set a default group, View adds the client's account to this group. You can specify the -nogroup option to prevent the account being added to any group. If you enable a View Connection Server instance to authenticate clients in kiosk mode, you can optionally specify that clients must provide a password. If you disable authentication, clients cannot connect to their remote desktops.
View Administration Table 13‑16. Options for Configuring Clients in Kiosk Mode (Continued) Option Description -nogroup When adding an account for a client, specifies that the client's account is not added to the default group. When setting the default values for clients, clears the setting for the default group. -ou DN Specifies the distinguished name of the organizational unit to which client accounts are added.
Chapter 13 Using the vdmadmin Command Remove the account for a kiosk client specified by its MAC address from the MYORG domain. vdmadmin -Q -clientauth -remove -domain MYORG -clientid 00:10:db:ee:54:12 Remove the accounts of all clients without prompting to confirm the removal. vdmadmin -Q -clientauth -removeall -force Enable authentication of clients for the View Connection Server instance csvr-2. Clients with automatically generated passwords can authenticate themselves without providing a password.
View Administration Displaying the First User of a Machine Using the ‑R Option You can use the vdmadmin command with the -R option to find out the initial assignment of a managed virtual machine. For example, in the event of the loss of LDAP data, you might need this information so that you can reassign virtual machines to users. NOTE The vdmadmin command with the -R option works only on virtual machines that are earlier than View Agent 5.1. On virtual machines that run View Agent 5.
Chapter 13 Using the vdmadmin Command 3 On another View Connection Server instance, use the vdmadmin command to remove the entry for the uninstalled View Connection Server instance or security server from the configuration. If you want to reinstall View on the removed systems without replicating the View configuration of the original group, restart all the View Connection Server hosts in the original group before performing the reinstallation.
View Administration Unlocking or Locking Virtual Machines Using the ‑V Option You can use the vdmadmin command with the -V option to unlock or lock virtual machines in the datacenter. Syntax vdmadmin -V [-b authentication_arguments] -e -d desktop -m machine [-m machine] ... vdmadmin -V [-b authentication_arguments] -e -vcdn vCenter_dn -vmpath inventory_path vdmadmin -V [-b authentication_arguments] -p -d desktop -m machine [-m machine] ...
Chapter 13 Using the vdmadmin Command Detecting and Resolving LDAP Entry Collisions Using the -X Option You can use the vdmadmin command with the -X option to detect and resolve colliding LDAP entries on replicated View Connection Server instances in a group. Syntax vdmadmin -X [-b authentication_arguments] -collisions [-resolve] Usage Notes If duplicate LDAP entries are created on two or more View Connection Server instances, this can cause problems with the integrity of LDAP data in View.
View Administration 226 VMware, Inc.
Index A access groups changing, for a desktop pool or a farm 68 creating 62, 63, 68 managing 67 organizing desktops and pools 62 removing 68 reviewing desktop pools, application pools, or farms 69 reviewing vCenter virtual machines 69 root 62 Active Directory preparing for clients in kiosk mode 178 preparing for smart card authentication 50 updating Foreign Security Principals of users 204 updating general user information 97 ADM template files View components 81 View Common Configuration 83 View Server Co
View Administration automated desktop pools adding machines manually 138 changing the pool size 137 B backing up configuration backup settings 87 scheduling backups 86 View configuration data 85 View Connection Server 29 Blast Secure Gateway service 95 C CBRC, configuring for vCenter Server 23 certificate revocation checking enabling 55 troubleshooting for security server 194 certificates accept the thumbprint 26 updating on View Connection Server 103 certutil command 51 client accounts, adding for kiosk
Index diagnostic information collecting 189 collecting for View Composer 191 collecting using the support tool 191 using support scripts 192 direct connections, configuring 34 Direct Interaction privilege 73 disjoint namespaces 159 domain filters configuring 213 displaying 211 example of excluding domains 215 example of including domains 214 domains enumerating trusted 82 filter lists 211 E Enable Farms and Desktop Pools privilege 74 enableOCSP property 57, 58 enableRevocationChecking property 57, 58 encr
View Administration L LDAP entries, detecting and resolving collisions 225 LDAP repository backing up 87 importing 88 licenses adding to View 96 monitoring usage 96 linked-clone desktop management, managing persistent disks 130 linked-clone machine management refresh operation guidelines 122 refreshing 121 linked-clone virtual machine management detaching persistent disks 130 disk filenames after a rebalance 129 managing persistent disks 130 migrating to another datastore 129 preparing a parent virtual mac
Index orphaned machinse, displaying 216 OS disks, machine refresh 121, 122 OUs, creating for kiosk mode clients 178 output formats, vdmadmin command 199 overriding IP addresses for View Agent 202 P passwords 59 pcoip.
View Administration SAML 2.0 Authentication 53 SAML 2.
Index unlocking, machines 224 unmanaged machines adding to a pool 148 managing 147 removing from a pool 148 updating linked-clone virtual machines correcting an unsuccessful recomposition 126 machine recomposition 123 UPNs, smart card users 50 useCertAuth property 48, 52 user authentication, configuring 41 user accounts, View Composer 17 userPrincipalName attribute 50 users displaying information about 223 updating general user information 97 V vCenter Server configuring concurrent operations limits 24 co
View Administration restoring configuration data 88 scheduling backups 86 services 94, 95 setting names of groups 203 View LDAP configuration data 40 View Connection Server configuration, server certificate 103 View LDAP, configuration data 40 View services, stopping and starting 94 ViewPM.
