Archive for the ‘PCoIP’ Category
An Inside Look into the PCoIP® Protocol and Zero Clients
There is a VMUG webcast coming up which sounds very interesting.
An Inside Look into the PCoIP® Protocol and Zero Clients
Presented by Ziad Lammam, Teradici
Date: Wednesday, June 8, 2011
Times: 12:00 p.m. CST (-05:00 GMT) and 6:00 p.m. CST (-05:00 GMT)This session will provide an inside look into the Teradici PC-over-IP® protocol architecture within VMware View™, a detailed breakdown of zero clients, PCoIP technology evolution, and a customer case study. Understand how the PCoIP protocol is optimized to deliver a rich desktop experience over LAN and high-latency WAN networks across the entire enterprise user base from mainstream office workers to 3D/power users.
PCoIP Server Offload Card
Michael Klein (Twitter: @michael__klein) brought a link to Terdici’s website to my attention, which gives an overview of the Teradici PCoIP Server Offload Card. The Server Offload Card features a brand new TERA2800 Processor and is designed to meet the needs of VDI.
There are two videos up on the website which show how to increase the VDI consolidation ratios by 2X.
Link: Teradici
Using the vCenter console for mirroring a PCoIP session
Sometimes, i.e. for support reasons it is necessary that you can mirror a users remote session. There are three ways to do that in VMware View. Windows remote assistent (VMware Knowledge Base article), a remote software like VNC or PC Anywhere or using the vCenter Console. Usually when you try to use the vCenter’s console for mirroring the users desktop, you’ll just see a blank screen, which is the normal behaviour. If you want to see the users screen, just must change/add a value in/to the Windows Registry.
You’ll find that key at: HKLM\SOFTWARE\VMware, Inc.\VMware SVGA DevTap\NoBlankOnAttach : DWORD: 1
Kudos go to my colleague Vincent Wu from China. Here is his blog. (Chinese language)
Teradici releases new maintenance firmware 3.3.1
Teradici released a new firmware for PCoIP zero clients. This release is only a maintenance release, which fixes some issues from version 3.3.0.
Here is an excerpt from the official release notes:
Compatibility Notes:
- VMware View 4.6 or newer is required to use USB enhancements in Firmware 3.3.x.
Resolved Issues:
- Fixed USB audio issue with VMware View guests running Microsoft Windows 7 64-bit host OS
- Fixed an issue where PCoIP Zero Clients could not connect to the VMware View Connection Server through certain load balancers
- Fixed an issue with a Logitech ClearChat wireless headset
- Fixed degraded performance with PCoIP Host cards on networks with packet loss, high latency, and/or low bandwidth
- Fixed password protection default setting
- Fixed CAC PIV endpoint smart card issue
- Fix for invalid OEM VPD (vendor product information) content
- Fixed issue with OSD appearing on the wrong set of monitors in certain quad display PCoIP Zero Clients
- Fixed issue with Power-over-Ethernet failing to power devices if VLAN enabled
- Language translation updates
Known Issues:
- Low Initial Quality for PCoIP Zero Clients connected to PCoIP Host Cards (15134-636)
- CD/DVD drive interoperability
- Refer to the list of CD/DVD drives that have been tested. See What CD/DVD drives have been tested with Firmware 3.3.x? (15134-566).
- Note that a session disconnect may occur occasionally on disc eject/insert
We can expect all vendors to release their proven version of this firmware version soon.
Firewall settings for a VMware View environment
When you have to configure your firewall policies for a VMware View environment it’s sometimes a little bit hard to find a simple overview of all the necessary ports and firewall settings.
To help you doing your job, I provide you here a comprehensive overview of all important communication flows of such an implementation.
This documents is a consolidated aggregation of the information you can find in the following documents:
- VMware View Architecture Planning Guide (View 4.6)
- KB1012382 – TCP and UDP Ports required to access vCenter Server, ESX hosts and other network components
Perimeter Firewall Rules
| Source IP | Source Port | Direction | Destination IP | Transport Protocol | Dest. Port | Application Protocol | Comment | Type |
| <EXTERNALCLIENT> | <CLIENTPORT> | Inbound | <SECURITYSERVER> | TCP | 80 | HTTP | Used if SSL/HTTPS is not used on the Security Server | Optional |
| <EXTERNALCLIENT> | <CLIENTPORT> | Inbound | <SECURITYSERVER> | TCP | 443 | HTTPS | Communication between View Client and View Security Server. Authentication etc. | Mandatory |
| <EXTERNALCLIENT> | <CLIENTPORT> | Inbound | <SECURITYSERVER> | TCP | 4172 | PCoIP | PCoIP Connection Establishment | Mandatory |
| <EXTERNALCLIENT> | <CLIENTPORT> | Both | <SECURITYSERVER> | UDP | 4172 | PCoIP | PCoIP Data Transmission | Mandatory |
DMZ Firewall Rules
| Source IP | Source Port | Direction | Destination IP | Transport Protocol | Dest. Port | Application Protocol | Comment | Type |
| <SECURITYSERVER> | <CLIENTPORT> | Inbound | <CONNECTIONSERVER> | TCP | 8009 | AJP13 | AJP-Data Traffic | Mandatory |
| <SECURITYSERVER> | <CLIENTPORT> | Inbound | <CONNECTIONSERVER> | TCP | 4001 | JMS | Java Messanging | Mandatory |
| <SECURITYSERVER> | <CLIENTPORT> | Inbound | <TRANSFERSERVER> | TCP | 80 | HTTP | Used if SSL/HTTPS is not used on the Transfer Server | HTTPS prefered |
| <SECURITYSERVER> | <CLIENTPORT> | Inbound | <TRANSFERSERVER> | TCP | 443 | HTTPS | Communication with Transfer Server for the Offline Usage of VDIs | |
| <SECURITYSERVER> | <CLIENTPORT> | Both | <VIEWAGENT> | UDP | 4172 | PCoIP | PCoIP Data Transmission | Mandatory |
| <SECURITYSERVER> | <CLIENTPORT> | Inbound | <VIEWAGENT> | TCP | 3389 | RDP | Remote Desktop Protocol | Optional |
| <SECURITYSERVER> | <CLIENTPORT> | Inbound | <VIEWAGENT> | TCP | 4172 | PCoIP | PCoIP Connection Establishment | Mandatory |
| <SECURITYSERVER> | <CLIENTPORT> | Inbound | <VIEWAGENT> | TCP | 32111 | USB-Redirection | Optional | |
| <SECURITYSERVER> | <CLIENTPORT> | Inbound | <VIEWAGENT> | TCP | 9427 | Multi Media Redirection, RDP-Connections only | Optional |
Connection Server Rules
| Source IP | Source Port | Direction | Destination IP | Transport Protocol | Dest. Port | Application Protocol | Comment | Type |
| <CONNECTIONSERVER> | <CLIENTPORT> | Outbound | <ACTIVEDIRECTORYSERVER> | TCP | 389 | LDAP | Active Directory Authentication | Mandatory |
| <CONNECTIONSERVER> | <CLIENTPORT> | Outbound | <ACTIVEDIRECTORYSERVER> | UDP | 389 | LDAP | Active Directory Authentication | Mandatory |
| <CONNECTIONSERVER> | <CLIENTPORT> | Both | <CONNECTIONSERVER> | TCP | 4100 | JMSIR | Inter-Server Communication | Mandatory |
| <CONNECTIONSERVER> | <CLIENTPORT> | Both | <CONNECTIONSERVER> | TCP | 389 | LDAP | ADAM | Mandatory |
| <CONNECTIONSERVER> | <CLIENTPORT> | Both | <CONNECTIONSERVER> | TCP | 636 | LDAPS | AD LDS | Mandatory |
| <CONNECTIONSERVER> | <CLIENTPORT> | Both | <CONNECTIONSERVER> | TCP | 1515 | Microsoft Endpoint Mapper | Mandatory | |
| <CONNECTIONSERVER> | <CLIENTPORT> | Both | <CONNECTIONSERVER> | TCP | 4001 | JMS | Java Messanging | Mandatory |
| <CONNECTIONSERVER> | <CLIENTPORT> | Both | <CONNECTIONSERVER> | TCP | 8009 | AJP13 | AJP-Data Traffic | Mandatory |
| <CONNECTIONSERVER> | <CLIENTPORT> | Both | <TRANSFERSERVER> | TCP | 8009 | AJP13 | AJP-Data Traffic | Mandatory |
| <CONNECTIONSERVER> | <CLIENTPORT> | Outbound | <TRANSFERSERVER> | TCP | 80 | HTTP | Used if SSL/HTTPS is not used on the Transfer Server | HTTPS prefered |
| <CONNECTIONSERVER> | <CLIENTPORT> | Outbound | <TRANSFERSERVER> | TCP | 443 | HTTPS | Communication with Transfer Server for the Offline Usage of VDIs | |
| <CONNECTIONSERVER> | <CLIENTPORT> | Outbound | <TRANSFERSERVER> | TCP | 4001 | JMS | Java Messanging | Mandatory |
| <CONNECTIONSERVER> | <CLIENTPORT> | Outbound | <TRANSFERSERVER> | TCP | 4100 | JMSIR | Inter-Server Communication | Mandatory |
| <CONNECTIONSERVER> | <CLIENTPORT> | Outbound | <TRANSFERSERVER> | TCP | 8009 | AJP13 | AJP-Data Traffic | Mandatory |
| <CONNECTIONSERVER> | <CLIENTPORT> | Outbound | <VCENTERSERVER> | TCP | 18443 | SOAP | View Composer Communication | Mandatory |
| <CONNECTIONSERVER> | <CLIENTPORT> | Outbound | <VCENTERSERVER> | TCP | 443 | HTTPS | vCenter Communication | Mandatory |
| <CONNECTIONSERVER> | <CLIENTPORT> | Both | <VIEWAGENT> | TCP | 4001 | JMS | Java Messanging | Mandatory |
| <CONNECTIONSERVER> | <CLIENTPORT> | Outbound | <RSASERVER> | UDP | 5500 | RSA Secure ID Authentication | Optional | |
| <INTERNALCLIENT> | <CLIENTPORT> | Outbound | <CONNECTIONSERVER> | TCP | 80 | HTTP | Used if SSL/HTTPS is not used on the Connection Server | HTTPS prefered |
| <INTERNALCLIENT> | <CLIENTPORT> | Outbound | <CONNECTIONSERVER> | TCP | 443 | SSL | Communication between View Client and View Connection Server. Authentication etc. | |
| <SECURITYSERVER> | <CLIENTPORT> | Inbound | <CONNECTIONSERVER> | TCP | 8009 | AJP13 | AJP-Data Traffic | Mandatory |
| <SECURITYSERVER> | <CLIENTPORT> | Inbound | <CONNECTIONSERVER> | TCP | 4001 | JMS | Java Messanging | Mandatory |
Transfer Server Rules
| Source IP | Source Port | Direction | Destination IP | Transport Protocol | Dest. Port | Application Protocol | Comment | Type |
| <INTERNALCLIENT> | <CLIENTPORT> | Inbound | <TRANSFERSERVER> | TCP | 80 | HTTP | Used if SSL/HTTPS is not used on the Transfer Server | HTTPS prefered |
| <INTERNALCLIENT> | <CLIENTPORT> | Inbound | <TRANSFERSERVER> | TCP | 443 | HTTPS | Communication with Transfer Server for the Offline Usage of VDIs | |
| <SECURITYSERVER> | <CLIENTPORT> | Inbound | <TRANSFERSERVER> | TCP | 80 | HTTP | Used if SSL/HTTPS is not used on the Transfer Server | HTTPS prefered |
| <SECURITYSERVER> | <CLIENTPORT> | Inbound | <TRANSFERSERVER> | TCP | 443 | HTTPS | Communication with Transfer Server for the Offline Usage of VDIs | |
| <SECURITYSERVER> | <CLIENTPORT> | Inbound | <TRANSFERSERVER> | TCP | 8009 | AJP13 | AJP-Data Traffic | Mandatory |
| <SECURITYSERVER> | <CLIENTPORT> | Inbound | <TRANSFERSERVER> | TCP | 4100 | JMSIR | Inter-Server Communication | Mandatory |
| <SECURITYSERVER> | <CLIENTPORT> | Inbound | <TRANSFERSERVER> | TCP | 4001 | JMS | Java Messanging | Mandatory |
| <CONNECTIONSERVER> | <CLIENTPORT> | Inbound | <TRANSFERSERVER> | TCP | 4001 | JMS | Java Messanging | Mandatory |
| <CONNECTIONSERVER> | <CLIENTPORT> | Inbound | <TRANSFERSERVER> | TCP | 4100 | JMSIR | Inter-Server Communication | Mandatory |
| <CONNECTIONSERVER> | <CLIENTPORT> | Inbound | <TRANSFERSERVER> | TCP | 8009 | AJP13 | AJP-Data Traffic | Mandatory |
| <TRANSFERSERVER> | <CLIENTPORT> | Outbound | <VSPHEREHOST> | TCP | 902 | Used if SSL/HTTPS is not used on the Connection Server | Mandatory |
View Agent Rules
| Source IP | Source Port | Direction | Destination IP | Transport Protocol | Dest. Port | Application Protocol | Comment | Type |
| <INTERNALCLIENT> | <CLIENTPORT> | Inbound | <VIEWAGENT> | TCP | 3389 | RDP | Remote Desktop Protocol | Optional |
| <INTERNALCLIENT> | <CLIENTPORT> | Both | <VIEWAGENT> | UDP | 4172 | PCoIP | PCoIP Data Transmission | Mandatory |
| <INTERNALCLIENT> | <CLIENTPORT> | Inbound | <VIEWAGENT> | TCP | 4172 | PCoIP | PCoIP Connection Establishment | Mandatory |
| <INTERNALCLIENT> | <CLIENTPORT> | Inbound | <VIEWAGENT> | TCP | 9472 | Multi Media Redirection, RDP-Connections only | Optional | |
| <INTERNALCLIENT> | <CLIENTPORT> | Inbound | <VIEWAGENT> | TCP | 32111 | USB-Redirection | Optional | |
| <INTERNALCLIENT> | <CLIENTPORT> | Inbound | <VIEWAGENT> | TCP | 42966 | HP RGS | HP Remote Graphics Server | Optional |
| <VIEWAGENT> | <CLIENTPORT> | Outbound | <CONNECTIONSERVER> | TCP | 4001 | JMS | Java Messanging | Mandatory |
View Client Rules (internal / without using Security Server)
| Source IP |
Source Port | Direction | Destination IP | Transport Protocol | Dest. Port | Application Protocol | Comment | Type |
| <INTERNALCLIENT> | <CLIENTPORT> | Inbound | <VIEWAGENT> | TCP | 3389 | RDP | Remote Desktop Protocol | Optional |
| <INTERNALCLIENT> | <CLIENTPORT> | Both | <VIEWAGENT> | UDP | 4172 | PCoIP | PCoIP Data Transmission | Mandatory |
| <INTERNALCLIENT> | <CLIENTPORT> | Inbound | <VIEWAGENT> | TCP | 4172 | PCoIP | PCoIP Connection Establishment | Mandatory |
| <INTERNALCLIENT> | <CLIENTPORT> | Inbound | <VIEWAGENT> | TCP | 9472 | Multi Media Redirection, RDP-Connections only | Optional | |
| <INTERNALCLIENT> | <CLIENTPORT> | Inbound | <VIEWAGENT> | TCP | 32111 | USB-Redirection | Optional | |
| <INTERNALCLIENT> | <CLIENTPORT> | Inbound | <VIEWAGENT> | TCP | 42966 | HP RGS | HP Remote Graphics Server | Optional |
| <INTERNALCLIENT> | <CLIENTPORT> | Inbound | <CONNECTIONSERVER> | TCP | 80 | HTTP | HTTPS Prefred | |
| <INTERNALCLIENT> | <CLIENTPORT> | Inbound | <CONNECTIONSERVER> | TCP | 443 | HTTPS |
View Client Rules (external / using Security Server)
| Source IP | Source Port | Direction | Destination IP | Transport Protocol | Dest. Port | Application Protocol | Comment | Type |
| <EXTERNALCLIENT> | <CLIENTPORT> | Inbound | <CONNECTIONSERVER> | TCP | 80 | HTTP | HTTPS Prefred | |
| <INTERNALCLIENT> | <CLIENTPORT> | Inbound | <CONNECTIONSERVER> | TCP | 443 | HTTPS | ||
| <INTERNALCLIENT> | <CLIENTPORT> | Both | <CONNECTIONSERVER> | UDP | 4172 | PCoIP | PCoIP Data Transmission | Mandatory |
| <INTERNALCLIENT> | <CLIENTPORT> | Inbound | <CONNECTIONSERVER> | TCP | 4172 | PCoIP | PCoIP Connection Establishment | Mandatory |
HTTP and HTTPS-Traffic can be proxied on the application layer.
Every other protocol should only be proxied using a transparent TCP-/UDP-Proxy.
Teradici PCoIP Demo with VMware at HIMSS2011
Stuart Robinson, Manager of Systems Engineering at Teradici shows how well PCoIP performs over a WAN connection from Orlando to Canada. This video is from this years HIMSS2011 event in Florida.
VMware View Security Server to support PCoIP soon
Mark Benson, a View architect in the VMware End User Computing CTO office published a new article about the VMware View Security Server. In this article Mark explains in detail how the new component works. He says that the new Security Server will be part of the forthcoming View release.
TeradiciLabs published two new PCoIP videos
This week TeradiciLabs published two new videos on Youtube.com. The videos show a comparison between PCoIP and HDX.
Upgrading VMware Tools in a virtual desktop causes PCoIP connections to fail
You may have already read about an issue where upgrading your ESX 4.0 host breaks connections to hosted virtual desktops with the PCoIP protocol. This issue only occurs when you’re using ESX 4.0 with VMWare View 4.0 and you’ve upgraded the host to Update 2. VMware released a permanent fix for that.
You want to tell me PCoIP performance is bad?
Update: I want to clarify that I of course know that network connections all over the world are different in speed, latency and packet loss. My video only shows that my ad-hoc connection from Europe to the West Coast just works well and the video/website mentioned in this article could give the readers/watchers/listeners are wrong impression of PCoIP.
This week I was really surprised about an blog article I saw linked on Twitter. In the article/videos the author shows a virtual desktop connected over PCoIP from San Francisco to Ottawa. For more details on the scenario please check the article and also listen to the speaker in video. He said: “Definitely much much worse than ICA was…”. Well the “real world” scenario as he describes it looks really strange to me. Ok, he’s connecting from a hotel internet connection (which is mostly crap, but in SF?) via VPN to his data centre but only on one continent with a distance of approximately 5100km (Maybe the cable is going a longer way…). I know PCoIP and is has definitely a much better performance on the WAN and I checked it. This is my real world example: My connection is from my home office’s DSL line through the VPN to the data centre in California.
A ping from my local workstation to the View Manager Server looks like that: (Doh! 382ms)
64 bytes from xx.xxx.xx.xx: icmp_seq=2 ttl=242 time=382.313 ms
64 bytes from xx.xxx.xx.xx: icmp_seq=3 ttl=242 time=382.777 ms
64 bytes from xx.xxx.xx.xx: icmp_seq=4 ttl=242 time=382.545 ms
64 bytes from xx.xxx.xx.xx: icmp_seq=5 ttl=242 time=382.215 ms
And the result looks like that:
I think this is great for an overseas connection and watching a video, hah? Sometimes it hangs for a short time but 382ms!
