6.0

ManualsBrandsVMware ManualsApplicationsHorizon View

Table Of Contents

Administering View Cloud Pod Architecture

Administering View Cloud Pod

Architecture

VMware Horizon 6.0

This document supports the version of each product listed and

supports all subsequent versions until the document is

replaced by a new edition. To check for more recent editions

of this document, see http://www.vmware.com/support/pubs.

EN-001464-00

Summary of content (68 pages)

PAGE 1
Administering View Cloud Pod Architecture VMware Horizon 6.0 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new edition. To check for more recent editions of this document, see http://www.vmware.com/support/pubs.
PAGE 2
Administering View Cloud Pod Architecture You can find the most up-to-date technical documentation on the VMware Web site at: http://www.vmware.com/support/ The VMware Web site also provides the latest product updates. If you have comments about this documentation, submit your feedback to: docfeedback@vmware.com Copyright © 2014 VMware, Inc. All rights reserved. Copyright and trademark information. VMware, Inc. 3401 Hillview Ave. Palo Alto, CA 94304 www.vmware.com 2 VMware, Inc.
PAGE 3
Contents Administering View Cloud Pod Architecture 5 1 Introduction to Cloud Pod Architecture 7 Understanding Cloud Pod Architecture 7 Configuring and Managing a Cloud Pod Architecture Environment Cloud Pod Architecture Limitations 8 8 2 Designing a Cloud Pod Architecture Topology 9 Creating Cloud Pod Architecture Sites 9 Entitling Users and Groups in a Pod Federation 10 Finding and Allocating Desktops in a Pod Federation 10 Global Entitlement Example 12 Cloud Pod Architecture Topology Limits 12 Cloud
PAGE 4
Administering View Cloud Pod Architecture Managing Pod Federations 47 Managing Sites 49 Managing Global Entitlements 52 Managing Home Sites 58 Viewing a Cloud Pod Architecture Configuration Managing SSL Certificates 65 Index 4 60 67 VMware, Inc.
PAGE 5
Administering View Cloud Pod Architecture Administering View Cloud Pod Architecture describes how to configure and administer a Cloud Pod Architecture environment in VMware Horizon™ with View™, including how to plan a Cloud Pod Architecture topology and set up, monitor, and maintain a Cloud Pod Architecture configuration. Intended Audience This information is intended for anyone who wants to set up and maintain a Cloud Pod Architecture environment.
PAGE 6
Administering View Cloud Pod Architecture 6 VMware, Inc.
PAGE 7
1 Introduction to Cloud Pod Architecture The Cloud Pod Architecture feature uses standard View components to provide cross-datacenter administration, global and flexible user-to-desktop mapping, high availability desktops, and disaster recovery capabilities.
PAGE 8
Administering View Cloud Pod Architecture Sharing Key Data in the Global Data Layer View Connection Server instances in a pod federation use the Global Data Layer to share key data. Shared data includes information about the pod federation topology, user and group entitlements, policies, and other Cloud Pod Architecture configuration information. In a Cloud Pod Architecture environment, shared data is replicated on every View Connection Server instance in a pod federation.
PAGE 9
Designing a Cloud Pod Architecture Topology 2 Before you begin to configure the Cloud Pod Architecture feature, you must make decisions about your Cloud Pod Architecture topology. Cloud Pod Architecture topologies can vary, depending on your goals, the needs of your users, and your existing View implementation. If you are joining existing View pods to a pod federation, your Cloud Pod Architecture topology is typically based on your existing network topology.
PAGE 10
Administering View Cloud Pod Architecture Entitling Users and Groups in a Pod Federation In a traditional View environment, you use View Administrator to create entitlements. These local entitlements entitle users and groups to a specific desktop pool on a View Connection Server instance. In a Cloud Pod Architecture environment, you create global entitlements to entitle users or groups to multiple desktops across multiple pods in the pod federation.
PAGE 11
Chapter 2 Designing a Cloud Pod Architecture Topology For information about configuring the scope policy for a global entitlement, see “Create and Configure a Global Entitlement,” on page 18. Configuring Home Sites to Control Desktop Placement A home site is the affinity between a user and a Cloud Pod Architecture site. With home sites, you can ensure that a user always receives desktops from a specific site rather than receiving desktops based on the user's current location.
PAGE 12
Administering View Cloud Pod Architecture Global Entitlement Example The following diagram is a conceptual example of a global entitlement. In this example, NYUser1 is a member of the global entitlement called My Global Pool. My Global Pool provides an entitlement to three floating desktop pools, called pool1, pool2, and pool3. pool1 and pool2 are in a pod called NY Pod in the New York datacenter and pool3 and pool4 are in a pod called LDN Pod in the London datacenter.
PAGE 13
Chapter 2 Designing a Cloud Pod Architecture Topology Cloud Pod Architecture Port Requirements Certain network ports must be opened on the Windows firewall for the Cloud Pod Architecture feature to work. When you install View Connection Server, the installation program can optionally configure the required firewall rules for you. These rules open the ports that are used by default.
PAGE 14
Administering View Cloud Pod Architecture 14 VMware, Inc.
PAGE 15
Setting Up a Cloud Pod Architecture Environment 3 Setting up a Cloud Pod Architecture environment involves initializing the Cloud Pod Architecture feature, joining pods to the pod federation, and creating global entitlements. You can optionally create sites and assign home sites.
PAGE 16
Administering View Cloud Pod Architecture Procedure u On any View Connection Server instance in the pod, run the lmvutil command with the --initialize option. lmvutil --initialize For example: lmvutil --authAs adminEast --authDomain domainEast --authPassword "*" --initialize In this example, the user is authenticating as adminEast in the domain domainEast. Because the user types "*" instead of an actual password, the command prompts the user for a password.
PAGE 17
Chapter 3 Setting Up a Cloud Pod Architecture Environment Procedure u On a View Connection Server instance in the pod that you are joining to the pod federation, run the lmvutil command with the --join option. Repeat this command for each pod that you want to join to the pod federation. IMPORTANT You must run this command on a View Connection Server instance in the pod that you are joining to the pod federation. lmvutil --join --joinServer serveraddress --userName domain\username --password password Optio
PAGE 18
Administering View Cloud Pod Architecture Procedure 1 Run the lmvutil command with the --listPods option to list the names of the pods in your Cloud Pod Architecture topology. You can run this command on any View Connection Server in the pod federation. lmvutil --listPods For example: lmvutil --authAs adminEast --authDomain example --authPassword "*" --listPods The command lists the pod name, pod description (if any), and the site to which the pod belongs.
PAGE 19
Chapter 3 Setting Up a Cloud Pod Architecture Environment n Initialize the Cloud Pod Architecture feature. See “Initialize the Cloud Pod Architecture Feature,” on page 15. Procedure 1 Run the lmvutil command with the --createGlobalEntitlement option to create the global entitlement. You can run this command on any View Connection Server in the pod federation.
PAGE 20
Administering View Cloud Pod Architecture Option Description --preventProtocolOverride (Optional) When this option is specified, users cannot override the default display protocol for desktops in the global entitlement. If you do not specify this option, users can override the default display protocol. --allowReset (Optional) When this option is specified, users can reset desktops in the global entitlement. If you do not specify this option, users cannot reset desktops.
PAGE 21
Chapter 3 Setting Up a Cloud Pod Architecture Environment 4 To add a group to the global entitlement, run the lmvutil command with the --addGroupEntitlement option. You can run this command on any View Connection Server instance in the pod federation. Repeat the command for each group that you want to add to the global entitlement. lmvutil --addGroupEntitlement --groupName domain\groupname --entitlementName name Option Description --groupName Specifies the name of a group to add to the global entitleme
PAGE 22
Administering View Cloud Pod Architecture Procedure 1 On any View Connection Server instance in the pod federation, run the lmvutil command with the --createSite option. lmvutil --createSite --siteName sitename [--description text] Option Description --siteName Specifies the name of the new site. The site name can contain between 1 and 64 characters. --description (Optional) Provides a description of the site. The description can contain between 1 and 1024 characters.
PAGE 23
Chapter 3 Setting Up a Cloud Pod Architecture Environment Procedure n To create a home site for a user, run the lmvutil command with the --createUserHomeSite option. You can run the command on any View Connection Server instance in the pod federation. lmvutil --createUserHomeSite --userName domain\username --siteName name [--entitlementName name] Option Description --userName Specifies the name of the user. Use the format domain\username.
PAGE 24
Administering View Cloud Pod Architecture 3 Select the global entitlement and connect to a desktop. A desktop should launch successfully. Exactly which desktop launches depends on the individual configuration of the global entitlement, pods, and desktop pools. As a general rule, the Cloud Pod Architecture feature attempts to allocate a desktop from the pod to which you are connected.
PAGE 25
Chapter 3 Setting Up a Cloud Pod Architecture Environment Designing the Cloud Pod Architecture Topology The insurance company designs a Cloud Pod Architecture topology that includes two sites, one for each region. Figure 3‑1. Sample Scenario Cloud Pod Architecture Topology Eastern Region Central Region East Pod 1 Central Pod 1 east1.example central1.example Sales A east2.example east3.example central2.example central3.example central4.example central5.example Sales B east4.
PAGE 26
Administering View Cloud Pod Architecture After the first Central region pod is joined to the pod federation, the View administrator joins the second Central region pod to the pod federation. In this example, the View administrator runs the command for the second pod on central6.example. lmvutil --authAs adminCentral --authDomain example --authPassword secret456 --join --joinServer east1.example --userName example\adminEast --password secret123 After the second command finishes, all 10 View Connection Ser
PAGE 27
Chapter 3 Setting Up a Cloud Pod Architecture Environment This command adds the Central Pod 1 pod to the Central Region site: lmvutil --authAs adminEast --authDomain example --authPassword "*" --assignPodToSite -podName "Central Pod 1" --siteName "Central Region" This command adds the Central Pod 2 pod to the Central Region site: lmvutil --authAs adminEast --authDomain example --authPassword "*" --assignPodToSite -podName "Central Pod 2" --siteName "Central Region" The pod federation site topology now re
PAGE 28
Administering View Cloud Pod Architecture A View administrator can run this command on any View Connection Server instance in the pod federation. In this example, the View administrator runs the command on central6.example. lmvutil --authAs adminCentral --authDomain example --authPassword "*" --addGroupEntitlement --entitlementName "Agent Sales" --groupName example\Sales Using a Single View URL The insurance company uses a single View URL and employs a DNS service to resolve sales.
PAGE 29
Managing a Cloud Pod Architecture Environment 4 You use lmvutil commands to view, modify, and maintain your Cloud Pod Architecture environment. You can use View Administrator to monitor the health of pods in the pod federation.
PAGE 30
Administering View Cloud Pod Architecture n To list the desktop pools in a global entitlement, run the lmvutil command with the --listAssociatedPools option. The --entitlementName option specifies the name of the global entitlement for which to list the associated desktop pools.
PAGE 31
Chapter 4 Managing a Cloud Pod Architecture Environment n To list the home sites for a group, run the lmvutil command with the --showGroupHomeSites option. lmvutil --showGroupHomeSites --groupName domain\groupname [--entitlementName name] Option Description --groupName Specifies the name of the group for which to list home sites. Use the format domain\groupname. --entitlementName (Optional) Specifies the name of a global entitlement.
PAGE 32
Administering View Cloud Pod Architecture Procedure 1 In View Administrator, select Inventory > Search Sessions. 2 Select search criteria and begin the search. Option Action Search by user a b c d Select User from the drop-down menu. Click in the text box. Select search criteria in the Find User dialog box and click OK. Click Search to begin the search. Search by pod a Select Pod from the drop-down menu and select a pod from the list of pods that appears. Click Search to begin the search.
PAGE 33
Chapter 4 Managing a Cloud Pod Architecture Environment Add a Pod to a Site You can use the lmvutil command with the --assignPodToSite option to add a pod to an existing site. Prerequisites Become familiar with the lmvutil command authentication options and requirements and verify that you have sufficient privileges to run the lmvutil command. See “lmvutil Command Authentication,” on page 43.
PAGE 34
Administering View Cloud Pod Architecture Procedure n If the pod is available, run the lmvutil comand with the --unjoin option. You must run this command on a View Connection Server instance in the pod that you want to remove from the pod federation. lmvutil --unjoin For example: lmvutil --authAs adminEast --authDomain domainEast --authPassword "*" --unjoin n If the pod is not available (for example, in the case of a hardware failure), run the lmvutil command with the --ejectPod option.
PAGE 35
Chapter 4 Managing a Cloud Pod Architecture Environment Procedure u On the View Connection Server instance in the pod that contains the desktop pool to add to the global entitlement, run the lmvutil command with the --addPoolAssociation option. Repeat the command for each desktop pool that you want to add to the global entitlement. IMPORTANT You must run this command on a View Connection Server instance in the pod that contains the desktop pool to add to the global entitlement.
PAGE 36
Administering View Cloud Pod Architecture Procedure u On any View Connection Server instance in the pod federation, run the lmvutil command with the --removePoolAssociation option. lmvutil --removePoolAssociation -entitlementName name --poolID poolid Option Description --entitlementName Specifies the name of the global entitlement to modify. --poolID Specifies the pool ID of the desktop pool to remove from the global entitlement.
PAGE 37
Chapter 4 Managing a Cloud Pod Architecture Environment n To add a group to the global entitlement, run the lmvutil command with the --addGroupEntitlement option. You can run this command on any View Connection Server instance in the pod federation. Repeat the command for each group that you want to add to the global entitlement. lmvutil --addGroupEntitlement --groupName domain\groupname --entitlementName name Option Description --groupName Specifies the name of a group to add to the global entitlement
PAGE 38
Administering View Cloud Pod Architecture n To remove a group from a global entitlement, run the lmvutil command with the --removeGroupEntitlement option. You can run this command on any View Connection Server instance in the pod federation. lmvutil --removeGroupEntitlement --groupName domain\groupname --entitlementName name Option Description --groupName Specifies the name of the group to remove from the global entitlement. Use the format domain\groupname.
PAGE 39
Chapter 4 Managing a Cloud Pod Architecture Environment Option Description --multipleSessionAutoClean (Optional) Logs off extra user sessions for the same entitlement. Multiple floating desktop sessions can occur when a pod that contains a session goes offline, the user logs in again and starts another session, and the problem pod comes back online with the original session. When multiple sessions occur, Horizon Client prompts the user to select a session.
PAGE 40
Administering View Cloud Pod Architecture Remove a Home Site Association You can use lmvutil commands to remove associations between a user or group and a home site. You can also remove the association between a home site and a global entitlement for a specified user or group. Prerequisites Become familiar with the lmvutil command authentication options and requirements and verify that you have sufficient privileges to run the lmvutil command. See “lmvutil Command Authentication,” on page 43.
PAGE 41
Chapter 4 Managing a Cloud Pod Architecture Environment Disable the Cloud Pod Architecture Feature You can use the lmvutil command with the --uninitialize option to disable the Cloud Pod Architecture feature. You need to run this command on only one pod in the pod federation. When you disable the Cloud Pod Architecture feature, your entire Cloud Pod Architecture configuration, including sites, home sites, and global entitlements, is deleted.
PAGE 42
Administering View Cloud Pod Architecture 42 VMware, Inc.
PAGE 43
lmvutil Command Reference 5 You use the lmvutil command line interface to configure and manage a Cloud Pod Architecture implementation.
PAGE 44
Administering View Cloud Pod Architecture Table 5‑1. lmvutil Command Authentication Options Option Description --authAs Specifies the user name of a View administrator user. Do not use domain\username or user principal name (UPN) format. --authDomain Specifies the fully qualified domain name for the View administrator user specified in the --authAs option. --authPassword Specifies the password for the View administrator user specified in the --authAs option.
PAGE 45
Chapter 5 lmvutil Command Reference Table 5‑2. lmvutil Command Options (Continued) Option Description --createPendingCertificate Creates a pending SSL certificate. See “Creating a Pending Certificate,” on page 65. --createUserHomeSite Associates a user with a home site. See “Configuring a Home Site,” on page 59. --deleteGlobalEntitlement Deletes a global entitlement. See “Deleting a Global Entitlement,” on page 55. --deleteSite Deletes a site. See “Deleting a Site,” on page 51.
PAGE 46
Administering View Cloud Pod Architecture Table 5‑2. lmvutil Command Options (Continued) Option Description --showGroupHomeSites Shows all of the home sites for a group. See “Listing the Home Sites for a User or Group,” on page 62. --showUserHomeSites Shows all of the home sites for a user. See “Listing the Home Sites for a User or Group,” on page 62. --uninitialize Disables the Cloud Pod Architecture feature. See “Disabling the Cloud Pod Architecture Feature,” on page 47.
PAGE 47
Chapter 5 lmvutil Command Reference Disabling the Cloud Pod Architecture Feature You can use the lmvutil command with the --uninitialize option to disable the Cloud Pod Architecture feature. Syntax lmvutil --uninitialize Usage Notes You must use the lmvutil command with the --unjoin option to remove any other pods in the pod federation before you run this command. You need to run this command on only one View Connection Server instance in a pod.
PAGE 48
Administering View Cloud Pod Architecture Options You must specify several options when you join a pod to a pod federation. Table 5‑3. Options for Joining a Pod to a Pod Federation Option Description --joinServer Specifies the DNS name or IP address of any View Connection Server instance in any pod that has been initialized or is already part of the pod federation. --userName Specifies the name of a View administrator user on the already initialized pod. Use the format domain\username.
PAGE 49
Chapter 5 lmvutil Command Reference Changing a Pod Name or Description You can use the lmvutil command with the --updatePod option to update or modify the name or description of a pod. Syntax lmvutil --updatePod --podName podname [--newPodName podname] [--description text] Usage Notes This command returns an error message if the Cloud Pod Architecture feature is not initialized or if the command is unable to find or update the pod.
PAGE 50
Administering View Cloud Pod Architecture Creating a Site You can use the lmvutil command with the --createSite option to create a site in a Cloud Pod Architecture topology. Syntax lmvutil --createSite --siteName sitename [--description text] Usage Notes This command returns an error message if the Cloud Pod Architecture feature is not initialized, the specified site already exists, or the command cannot create the site. Options You can specify these options when you create a site. Table 5‑5.
PAGE 51
Chapter 5 lmvutil Command Reference Example lmvutil --authAs adminEast --authDomain domainEast --authPassword "*" --assignPodToSite --podName "East Pod 1" --siteName "Eastern Region" Changing a Site Name or Description You can use the lmvutil command with the --editSite option to edit the name or description of a site.
PAGE 52
Administering View Cloud Pod Architecture Managing Global Entitlements You can use lmvutil command options to create, modify, and list global entitlements in a Cloud Pod Architecture environment. Global entitlements link users to desktops, regardless of where the desktops are located in the pod federation. They also determine how the Cloud Pod Architecture feature allocates desktops to those users.
PAGE 53
Chapter 5 lmvutil Command Reference This command returns an error message if the global entitlement already exists, the scope is invalid, the Cloud Pod Architecture feature is not initialized, or the command cannot create the global entitlement. Options You can specify these options when you create a global entitlement. Table 5‑8. Options for Creating Global Entitlements Option Description --entitlementName Specifies the name of the global entitlement. The name can contain between 1 and 64 characters.
PAGE 54
Administering View Cloud Pod Architecture Example lmvutil --authAs adminEast --authDomain domainEast --authPassword "*" --createGlobalEntitlement entitlementName "Agent Sales" --scope LOCAL --isDedicated Modifying a Global Entitlement You can use the lmvutil command with the --updateGlobalEntitlement option to modify the scope, description, and other attributes of a global entitlement.
PAGE 55
Chapter 5 lmvutil Command Reference Table 5‑9. Options for Modifying Global Entitlements (Continued) Option Description --multipleSessionAutoClean (Optional) Logs off extra user sessions for the same entitlement. Multiple floating desktop sessions can occur when a pod that contains a session goes offline, the user logs in again and starts another session, and the problem pod comes back online with the original session. When multiple sessions occur, Horizon Client prompts the user to select a session.
PAGE 56
Administering View Cloud Pod Architecture Adding a Desktop Pool to a Global Entitlement You can use the lmvutil command with the --addPoolAssociation option to add a desktop pool to a global entitlement. Syntax lmvutil --addPoolAssociation --entitlementName name --poolId poolid Usage Notes You must perform this command on a View Connection Server instance in the pod that contains the desktop pool.
PAGE 57
Chapter 5 lmvutil Command Reference Table 5‑11. Options for Removing a Desktop Pool from a Global Entitlement Option Description --entitlementName Specifies the name of the global entitlement. --poolID Specifies the ID of the desktop pool to remove from the global entitlement. The pool ID must match the desktop pool name as it appears on the pod.
PAGE 58
Administering View Cloud Pod Architecture Removing a User or Group From a Global Entitlement You can use the lmvutil command with the --removeUserEntitlement or --removeGroupEntitlement option to remove a user or group from a global entitlement. Syntax lmvutil --removeUserEntitlement --userName domain\username --entitlementName name lmvutil --removeGroupEntitlement --groupName domain\groupname --entitlementName name Usage Notes These commands return an error message if the Cloud Pod Architecture feature
PAGE 59
Chapter 5 lmvutil Command Reference Configuring a Home Site You can use the lmvutil command with the --createUserHomeSite or --createGroupHomeSite option create a home site for a user or group. You can also use these options to associate a home site with a global entitlement. Syntax lmvutil --createUserHomeSite --userName domain\username --siteName name [--entitlementName name] lmvutil --createGroupHomeSite --groupName domain\groupname --siteName name [--entitlementName name] Usage Notes You must create
PAGE 60
Administering View Cloud Pod Architecture Usage Notes These commands return an error message if the specified user or group does not exist, the specified entitlement does not exist, or if the command cannot delete the home site setting. Options You can specify these options when you remove the association between a user or group and a home site. Table 5‑15. Options for Deleting a Home Site Option Description --userName Specifies the name of a user. Use the format domain\username.
PAGE 61
Chapter 5 lmvutil Command Reference n Listing the Pods or Sites in a Cloud Pod Architecture Topology on page 64 You can use the lmvutil command with the --listPods or --listSites option to view the pods or sites in your Cloud Pod Architecture topology. Listing Global Entitlements You can use the lmvutil command with the --listGlobalEntitlements option to list all global entitlements.
PAGE 62
Administering View Cloud Pod Architecture Usage Notes This command returns an error message if the Cloud Pod Architecture feature is not initialized or if the specified user, group, or entitlement does not exist. Options You can specify these options when you list global entitlement associations. Table 5‑16. Options for Listing Global Entitlement Associations Option Description --userName Specifies the name of the user for whom you want to list global entitlements. Use the format domain\username.
PAGE 63
Chapter 5 lmvutil Command Reference Example lmvutil --authAs adminEast --authDomain domainEast --authPassword "*" --showUserHomeSites -userName example\adminEast lmvutil --authAs adminEast --authDomain domainEast --authPassword "*" --showGroupHomeSites -groupName example\adminEastGroup Listing the Effective Home Site for a User Because you can assign home sites to users and groups and to global entitlements, it is possible to configure more than one home site for a specific user.
PAGE 64
Administering View Cloud Pod Architecture Usage Notes The data produced by this command is managed internally by the Cloud Pod Architecture brokering software. This command returns an error if the Cloud Pod Architecture feature is not initialized or if the command cannot find the specified user, global entitlement, pod, or site. Options You must specify one of the following options when you list user assignments. Table 5‑19.
PAGE 65
Chapter 5 lmvutil Command Reference Managing SSL Certificates You can use lmvutil command options to create and activate pending SSL certificates in a Cloud Pod Architecture environment. The Cloud Pod Architecture feature uses signed certificates for bidirectional SSL to protect and validate the VIPA interpod communication channel. The certificates are distributed in the Global Data Layer. The Cloud Pod Architecture feature replaces these certificates every seven days.
PAGE 66
Administering View Cloud Pod Architecture Usage Notes You must use the lmvutil command with the --createPendingCertificate option to create a pending certificate before you can use this command. Wait for the Global Data Layer replication process to distribute the certificate to all View Connection Server instances before you activate the pending certificate.
PAGE 67
Index A L allocating desktops 10 architectural overview 7 configuration tasks 15 viewing 29, 60 limitations 8 lmvutil command authenticating 43 command options 44 introduction 43 output 44 syntax 43 D M C desktop sessions 31 desktop pools in global entitlements 34, 35 G global entitlements adding a desktop pool 56 adding a user or group 57 creating 18, 27, 52 deleting 39, 55 introduction 10 listing 61 listing desktop pools 61 listing users and groups 61 managing 52 modifying 38, 54 removing a desk
PAGE 68
Administering View Cloud Pod Architecture limits 12 viewing 64 U unitializing 41, 47 users in global entitlements 36, 37 V View URL 28 VIPA interpod communication channel 8 68 VMware, Inc.