Subscribe RSS Feed | Follow on Twitter

Archive for the ‘View Composer’ Category

Using Symantec Endpoint Protection with Linked Clones

with 4 comments

If you’re using Linked Clone based desktop pools in your VMware View environment you might already ran into an issue with some security products. I’m talking about network access control or antivirus solutions which need a unique local SID (Security Identifier) of the Windows operating system to work properly. Just a few days ago I’ve published an article about Sysprep vs. Quickprep where I  mentioned that challenge.

An example of such an application is Symantec’s Endpoint protection but Matt Gildenhorn, one of my colleagues from the SE organization in the US came up with a solution.

If you’re interested in it please download the ZIP archive from the link below. The ZIP file includes a Post Syncronisation and a logoff script and also a Word document with the instructions.

 

Download the file here.

Written by Christoph Harding

May 18th, 2011 at 8:43 pm

6 rules you should consider when using View Composer

with one comment

The View Composer is a component which helps you to save time and money but from a technical view it does add more complexity to your IT environment. Due to that there are some rules you should consider when using the View Composer.

  1. If you’ve created the folder for the Linked Clones in your vCenter don’t edit it with the vCenter Client afterwards! All actions should be done via the View Administrator Console. Additionally you should manage all administrative task in the View Administrator whenever possible. This will safe you from unwanted errors due to accidental configuration changes in the vCenter Client. For example if you delete objects/folders in the vCenter, this could affect the View installation.
  2. If you’re using more than 120 Linked Clones you’ve to change the vSwitch configuration on your ESX server. A vSwitch does have 120 ports configured by default.
  3. The View Composer supports a maximum of 8 vSphere Hosts in a cluster. This is a limitation of the VMFS filesystem depending caused by the LUN locking. Please check the VMware View Reference Architecture for more information. If you need more then 8 vSphere Hosts you should setup more clusters.
  4. Depending on the frequency in which you’re using the View Composer functions Refresh, Recompose and Rebalance, you should decrease the lease time for IP addresses on your DHCP server. If the lease time is configured to high it’s likely that you run out DHCP leases. This could affect the creation/recreation of the Linked Clones. Also make sure that DNS is working properly because this is essential for the View Composer.
  5. If you’re using the Distributed Switch instead of the standard vSwitch you should consider the following information. All Linked Clones in a pool are based on the same master image. This master image had have a network port assigned on the Distributed Switch what means that also the copies (the Linked Clones) are configured with the same port. This behaviour is correct because the Distributed Switch is configured to use static bindings by default. The resolution is easy! Just configure the port group policy to use ephemeral/no port binding. This allows the VM’s to use a free port of the vDS and prevents them from conflicts.
  6. The last important point is the licensing. Whenever you use Linked Clones you should also use a volume license and Key Management Service (KMS) for your Windows 7 client operating system. This helps you to activate the desktops when needed and prevents you from connection errors.

If you have more tips, please send me your comment and I’ll add the information to this article. Thanks!

Written by Christoph Harding

May 17th, 2011 at 9:00 am

Posted in View Composer

Sysprep vs. Quickprep

with 6 comments

In a VMware View environment you can either use Microsoft Sysprep or VMware Quickprep for the personalization of your Linked Clone desktop pools, while you can only use Sysprep for the personalization of traditional desktop pools based on VM templates.

Every Windows operating system is generating a unique SID (Security Identifier) during the first installation of the system. This SID is used to clearly identify the operating system in a network environment. But this local SID is only used until the computer is a member is a Windows Workgroup only. As soon as you add the computer to a Active Directory domain a new SID for the computer account will be created and the local SID is no longer in use. The Microsoft Sysprep tool does change the SID for the operating system as the SID should be unique for each OS instance. The Sysprep operation needs several minutes to change the SID on a Windows OS as it needs to change all files on the hard disk drive.

The VMware Quickprep tools which comes with VMware View is used for the same reason but only with Linked Clone desktop pools. Quickprep is faster compared to Sysprep as is does not change all files on the hard disk. It does change the SID in the Active Directory which is only used as described above.

Also other software vendors use their own tools to change the SID on Windows instances, especially companies from the software deployment, like Altiris.

The Quickprep process is started by the View Composer during the creation of the Linked Clones. After the View Composer has created the replica disk and the Linked Clone own OS disk is mounted, the View Composer communicated with the Active Directory and creates a new computer account for the Linked Clone desktop and sets a random password. This process uses the standard Windows API interface and also the user account you’ve configured for the View Composer in the View Administrator GUI. If the configured user account does not have sufficient permissions the action will fail. If the action is successful, a configuration file which includes information about the desktop (hostname, domain and more) is created on the OS disk of the Linked Clone. After the file is written the desktops gets restarted. During the next boot process the View Agent hooks in. It does that in two modes. Firstly it runs in the native mode just before the Win32 subsystem is started. During that time it can still access system files which are usually locked. Secondly it starts the Service Agent which does the most tasks i.e. the communication with the View Server or writing to the Windows Registry. The native part of the agent reads the information which is written in the configuration file by the View Composer before and sets the hostname for the Windows operating system before the system comes up. After that the Service Agent writes the needed Windows domain information into the Registry.

Both applications, Sysprep and Quickprep give you the same result: A Windows desktops with a unique SID.

It’s a good decision to choose Quickprep for the Linked Clone pools because the personalization process is faster but there are also reasons for choosing Sysprep. Sometimes software products i.e. Antivirus software or network access control need a unique local SID. But anyway using vShield Endpoint is better than having a anti virus scanner in each desktop.

If you’re choosing Sysprep for your Linked Clone desktops please consider the following points.

  • All vSphere servers in your cluster must run a 4.0 or 4.1 version.
  • A recompose does force the system to create a new SID. (That takes a long time depending on the number of files in the VM)
  • The View Agent on the VM needs the View Composer component to be installed. (Usually this is the standard)
  • The Active Directory controllers must be reachable  from all the desktops.

Written by Christoph Harding

May 16th, 2011 at 9:00 am

How to reduce the provisioning time of linked clone pools in View 4.5

with one comment

Since View 4.5 it is possible to use several settings to get more speed into the provisioning tasks of View Composer. Even if the changes speed up your VDI environment please bear in mind that manual changes in the ADAM are not supported.

Read the rest of this entry »

Written by Valentin Allert

October 25th, 2010 at 2:24 pm

What’s the SviInternalDisk?

without comments

People on the forums were asking what the SviInternalDisk is and to be honest I didn’t have a clue. After some researching and talking to the right people I finally got the answer. When using linked clones from View Composer version 2.0 on there are three hard disks created. The OSDisk, SviDataDisk and the SviInternalDisk. We know the first two from previous versions but what about the SviInternalDisk?

Read the rest of this entry »

Written by Christoph Harding

December 25th, 2009 at 10:35 pm

Posted in View Composer

View Composer 2.0 on x64 Windows

without comments

On the VMware forums some people report issues during the database setup for View Composer 2.0 when using teh component on a x64 Windows operating system. The installation drops a message saying: Database not found. User vBaw now posted a workaround which helps to install the Composer on a x64 vCenter Server.

Read the rest of this entry »

Written by Christoph Harding

November 29th, 2009 at 4:14 pm

Posted in View Composer

Tagged with , , , ,

New features in View 4

without comments

VMware View 4 with vSphere for Desktops is the leading desktop virtualization solution on the market. It includes several of new features but the main highlight is the software PCoIP integration which offers a great user experience on LAN and WAN networks. See this article for the complete new feature list.

Read the rest of this entry »

Written by Christoph Harding

November 21st, 2009 at 11:04 am

View 4 available for download

with one comment

Written by Joel Lindberg

November 21st, 2009 at 2:38 am

VMware View 3.1.2 available now

without comments

VMware View 3.1.2 download

Release notes

What’s New in View Manager 3.1.2

VMware View Manager 3.1.2 is a maintenance release that resolves some known issues in the previous releases. Refer the Resolved Issues section for more details.

This release also includes one new feature.
Virtual Printing Multi Session Support

In this release, the virtual printing (ThinPrint) feature is updated to provide support to the users connected to multiple virtual desktops. With this update, the ThinPrint client enables users to map the printers on each virtual desktop that you are connected to.

Resolved Issues

The resolved issues are grouped as follows:

* Install and Upgrade
* View Administrator
* View Client
* View Composer
* Miscellaneous

Install and Upgrade

* When creating and preparing the guest system, you must install View Agent, after all other third-party applications are installed. If you uninstall View Agent after installing additional third-party applications, certain registry entries for the third-party applications might be lost. After installing View Agent, if you want to install additional third-party applications on the guest, you must first uninstall the View Agent. Applications known to be affected by the installation order include Microsoft AppV, vmSight ConnectorID, and Citrix XenApp.
This issue is resolved in this release.
* Effect of stopping VMwareVDMDS service on View 3.1 upgrade (KB 1012990)
* Upgrading View 3.1 to 3.1.1 clears View Connection Server settings from LDAP (KB 1013300)

View Administrator

* On rare occasions, View Administrator might display IllegalStateException errors (KB 1011392)
* View displays incorrect backup-time of View server (KB 1011390).

View Client

Desktop connections become slow when a View Client is running in a Citrix ICA session
When you connect virtual desktops using a View Client that is running in a Citrix ICA session, the virtual desktop connections are very slow compared to the connections using native RDP (mstsc.exe). This issue occurs because when the View Client runs in full-screen mode, it does not use the native full-screen mode of RDP ActiveX controls, and non full-screen mode does not function properly with Citrix ICA session.
This issue is resolved in this release.
View Composer

* View fails to automatically delete virtual machines in a multi-broker environment

In a multi-broker environment, when the Power off and delete virtual machine after first use option is enabled for non persistent pool, and many users log out of the virtual machines at the same time, View Manager sometimes fails to delete the virtual machines due to a race condition.
The issue is resolved in this release.
* View takes more time to delete virtual machines from a non-persistent pool if you enable Power off and delete virtual machine after first use (KB 1013760)
Miscellaneous

* If the Power off and delete virtual machine after first use option is enabled, virtual machines in non-persistent pools are disabled when accessed through direct Windows RDP/VI Client
When an administrator accesses a virtual machine through a direct Windows RDP client or VI Client console and then logs out, View Agent disables the virtual machine. Due to this issue, the virtual machine becomes inaccessible, and the number of unusable virtual machines in the desktop pool increases. When a desktop user tries to log in to that pool using View Client or Web Access, the following message might appear on the Connection Server even if some of the virtual machines in that desktop pool is in a Ready state:
All connections are busy, please try again
This issue occurs when you use RDP to access a virtual machine on which the Power off and delete virtual machine after first use option is enabled.
The issue is resolved in this release.
* In full-screen mode Windows special key combinations are not redirected to virtual desktops
In full-screen mode, View Client does not redirect Windows special key combinations (Windows+<Key>) to the remote desktop. This issue is inconsistent with the direct RDP.
The issue is resolved in this release.
* The vdmadmin.exe -L option does not remove existing pool assignments (KB 1008838)
* Each time a user logs in to a virtual machine that is deployed from a template on which the View 3.1 Agent is installed, a Windows Explorer window opens in the host machine.
This issue is resolved in this release.
* Network vulnerability scan shows View Manager accepting weak cipher
A network vulnerability scan shows that a pair of weak cipher-suites are being accepted by View Connection Servers. The two weak cipher-suites are now excluded from the list of enabled cipher-suites.

Written by Joel Lindberg

September 6th, 2009 at 1:16 pm

Reset, Refresh, Recompose, Rebalance?

with 2 comments

Today I’ve found an question in the VMware Enterprise Desktop online community forums where a member asked if someone could explain the difference between the terms Reset, Refresh, Recompose and Rebalance in context of VMware View. Some of you are familiar with that but I think it’s worth to explain.

Read the rest of this entry »

Written by Christoph Harding

July 7th, 2009 at 1:39 pm