The Tolly Group has published a new document about VMware View 4.6 vs. Citrix XenDesktop 5. This time, the document describes the implementation and maintenance.

Here’s the abstract:

As Desktop Virtualization technology matures, the latest versions of VMware View and Citrix XenDesktop represent an evolution in the Virtual Desktop Infrastructure (VDI) solutions towards ease of management and workflow efficiency, while aiming to deliver a rich user experience that is closer to using a physical PC. VMware’s PC over Internet Protocol (PCoIP) and Citrix’s HDX technologies make advances towards delivering smoother multimedia experience comparable to a physical PC. While Citrix XenDesktop 5 introduced several improvements – such as Machine Creation Services (MCS) and Desktop Studio – for creating and managing virtual desktops, VMware View 4.6 continues to offer a significantly simpler management and administration workflow using a single management interface. In contrast XenDesktop 5 continues to require the use of multiple interfaces – Desktop Studio, Provisioning Services Console, Active Directory, etc.. Combining these usability advantages with the lower licensing costs for a 1000 user deployment, View 4.6 delivers savings in both acquisition and ongoing administration costs over XenDesktop 5.

Link: Tolly Group

That was a surprise when I watched the VMware Lab Video from Brian Madden’s BriForum 2011 in London. My colleagues already showed a quick demo of the VMware View Client for Android tablets. It has exactly the same gesture recognition like the VMware View Client for iPads.

Link: BriForum 2011 London VMware Lab Video

An SSL certificate could be described as a data container that includes the identity of a computer, the public key and the digital signature of the publisher of the certificate. Certificates are used to confirm the authenticity of a website, or the the public key contained can be used to encrypt the connection between a client and a server.

Making no further action the View Server is using a self-signed certificate. When you open the website of the View Server it gives you a security warning back that states that the certificate comes from an untrusted source.

To use your own certificates that have been signed from a trusted Certification Authority (CA), you can use the keytool that comes with the view installation on the Connection Server. With this tool, you create a trust store on the View Server, where your certificates  can be integrated. Request a certificate from an authorized CA. This may be the CA of your company, or a third party such as thawte, VeriSign and GlobalSign. It is also possible to integrate already-signed certificates for your server. In the next section, you can read the entire process for requesting a certificate from the Microsoft Certification Authority. For certificates from other parties, please refer to their documentation.

Certificates are only used by Connection Servers which are having direct connections with the clients. If you are using the Security Server for connections the certificate is needed only by this server.

Companies that use the Active Directory as their directory service, also often use  the Microsoft Certification Authority for their security certificates. The following example explains the steps needed to apply for a certificate and then to integrate this in a VMware View Server. First, you must apply for a certificate from the CA. Use the Microsoft Internet Explorer on the View Server because only with this browser the  import and export of the certificate works without problems. "Open the Internet Explorer and type the correct address of your certification server in the address bar." This should be <certificatesrevername.fqdn> /certsrv/. Replace the wildcard certificate server name with the computer name of the appropriate server and fqdn with the fully qualified DNS domain name. Apply for a certificate on the website and mark it as exportable. After the newly requested certificate has been approved you revisit the site with Microsoft Internet Explorer and install the issued certificate. The certificate will be stored in the local certificate store now and you can export it in a file from there. In Internet Explorer perform the following action. »Click on the Tools menu and select Internet Options." This will open a window where you can change the properties and options of your Internet Explorer. »Select content from the tab and then click the button labeled Certificates. In the following dialog you have to select the certificate of your server and then export it to a directory on your hard disk. It is important that you export the certificate with the private key in the PFX file format. Name the certificate i.e. as server.pfx. After that you’ve to export the certificate for the CA of your company in the file format X509.

After a successful export of both security certificates, the trust store can be created. You have to use the keytool application. To use the application you should first adjust the environment variables on your computer so that the keytool can run without using long file paths. Open a Windows command line on the View server and type the following command:

set PATH =% PATH%,% Program Files% VMware \ VMware View \ Server \ jre \ bin \

Then switch the command prompt to the  directory where you’ve saved the certificates. Using the exported CA certificate in the keytool you’ll now generate the truststore. Replace <ca-alias name> by the name of the Certification Authority and <ca-certificate name.ce> by the real name of the CA certificate.

keytool-import-alias-file <ca-alias name> <ca-certificate name.ce>-keystore truststore

The newly created trust store and the PFX certificate must be copied to the subdirectory \sslgateway\conf in the program directory of the VMware Server View. If there is no file named locked.properties in the directory you’ve to create it as normal text file with Notepad. Otherwise, you open the existing file and modify it with the following parameters.

keyfile = server.pfx

keypass = <secret>

trustKeyfile = truststore

truststore type = JKS

useCertAuth = true

Please ensure that you’ve the correct password for the certificate in the keypass parameter. Afterwards the View Connection Server service must be restarted. This can be done via the Windows Services Manager. Check the Windows Event Log and the View server log files under c: \documents and settings\all users\application data\ vdm\logs for errors. If the View Connection Server service is not strating, there might be an issue with the certificate or password.

RT @viewgeek: Check VMware View 4.x pool provisioning status with a PS-script and get a mail if it is disabled. Check out: http://3url.de/bj

Again I found a great tweet on Twitter, this time from Joel, the VMware End User Computing Specialist in Sweden. He tweeted a link to a great blog article which can be found here: http://www.vpeeling.com/?p=173. If you are using automatic provisioning together with the option “Stop provisioning on error” in your View environment you may know that provisioning gets stopped if the View Composer encounters an error. Currently it is not possible to get an alert if this happens but the mentioned article gives you a Powershell scripts which helps. Cool stuff.

My colleague Simon Long from PSO published a nice write up on how the View Transfer Server works today. It’s not deep technical, more high-level but definitely a great read. Check it out.

Link: Simon Long

VMware published some new knowledge base articles for VMware View.

VMware View Manager
Cannot log in to the View Admin portal after a fresh installation of View Manager (1037952)
Date Published: 4/25/2011
Accessing the View Security server externally fails with the error: Given final block not properly padded (1037985)
Date Published: 4/25/2011
When using a Wyse R50L Thin client with multiple monitors in the VMware View environment, the Windows cursor becomes corrupted (1038155)
Date Published: 4/27/2011
Unable to update the iOS software on Apple devices in View (1038222)
Date Published: 4/27/2011
View Composer service fails to start with the error: The process terminated unexpectedly (1038380)
Date Published: 4/26/2011
Controlling the client MAC address that is sent to the View desktop volatile environment variables (1038435)
Date Published: 4/27/2011
The Connection Server does not start with the debug log error: Problem with HTTP listener: javax.net.ssl.SSLException: No available certificate or key corresponds to the SSL cipher suites which are enabled (1038438)
Date Published: 4/27/2011
Connecting to the View Connection server fails with the error: A secure connection to the server ‘(null)’ cannot be established (1038334)
Date Published: 4/26/2011

Sometimes, i.e. for support reasons it is necessary that you can mirror a users remote session. There are three ways to do that in VMware View. Windows remote assistent (VMware Knowledge Base article), a remote software like VNC or PC Anywhere or using the vCenter Console. Usually when you try to use the vCenter’s console for mirroring the users desktop, you’ll just see a blank screen, which is the normal behaviour. If you want to see the users screen, just must change/add a value in/to the Windows Registry.

You’ll find that key at: HKLM\SOFTWARE\VMware, Inc.\VMware SVGA DevTap\NoBlankOnAttach : DWORD: 1

Kudos go to my colleague Vincent Wu from China. Here is his blog. (Chinese language)

Teradici released a new firmware for PCoIP zero clients. This release is only a maintenance release, which fixes some issues from version 3.3.0.

Here is an excerpt from the official release notes:

Compatibility Notes:

• VMware View 4.6 or newer is required to use USB enhancements in Firmware 3.3.x.

Resolved Issues:

• Fixed USB audio issue with VMware View guests running Microsoft Windows 7 64-bit host OS
• Fixed an issue where PCoIP Zero Clients could not connect to the VMware View Connection Server through certain load balancers
• Fixed an issue with a Logitech ClearChat wireless headset
• Fixed degraded performance with PCoIP Host cards on networks with packet loss, high latency, and/or low bandwidth
• Fixed password protection default setting
• Fixed CAC PIV endpoint smart card issue
• Fix for invalid OEM VPD (vendor product information) content
• Fixed issue with OSD appearing on the wrong set of monitors in certain quad display PCoIP Zero Clients
• Fixed issue with Power-over-Ethernet failing to power devices if VLAN enabled
• Language translation updates

Known Issues:

• Low Initial Quality for PCoIP Zero Clients connected to PCoIP Host Cards (15134-636)
• CD/DVD drive interoperability
  • Refer to the list of CD/DVD drives that have been tested.  See What CD/DVD drives have been tested with Firmware 3.3.x? (15134-566).
  • Note that a session disconnect may occur occasionally on disc eject/insert

We can expect all vendors to release their proven version of this firmware version soon.

When you have to configure your firewall policies for a VMware View environment it’s sometimes a little bit hard to find a simple overview of all the necessary ports and firewall settings.

To help you doing your job, I provide you here a comprehensive overview of all important communication flows of such an implementation.

This documents is a consolidated aggregation of the information you can find in the following documents:

• VMware View Architecture Planning Guide (View 4.6)
• KB1012382 – TCP and UDP Ports required to access vCenter Server, ESX hosts and other network components

Perimeter Firewall Rules

DMZ Firewall Rules

Connection Server Rules

Transfer Server Rules

View Agent Rules

View Client Rules (internal / without using Security Server)

View Client Rules (external / using Security Server)

HTTP and HTTPS-Traffic can be proxied on the application layer.

Every other protocol should only be proxied using a transparent TCP-/UDP-Proxy.

Thanks to Scott Vessey (on Twitter @vmtraining) who spotted that the VMware VCA4-DT exam is now open for registration at the VUE Pearson website. You can register for the exam via this link: http://www.pearsonvue.com/vmware/schedule.

Via: VMTraining