Home > Blogs > VMware Consulting Blog

Analyzing Virtual Desktop Login Time

By Gourav Bhardwaj with Matt Larson

GouravMatt LarsonOften when performing health checks a discussion arises about the login time and what constitutes login time. This article covers some of the common ways to look at login time and its underlying components.  You can look at login time using vCOps for View or a third-party user experience monitoring solution. In this example the login time is demonstrated using Stratusphere™ UX. Experienced system administrators can also use this process to troubleshoot slow login times.

 

 

Review Virtual Desktop login times using Stratusphere UX™

  1. First, ensure you are in the Stratusphere UX Interface.
    Stratusphere UX screen 1
  2. On the Inspector tab, choose Machine Diagnostic Summary, and then click Go.
    Stratusphere UX screen 2
  3. In the Date Range drop-down menu, select Last 24 Hours.Stratusphere UX screen 3
  4. In the results list, sort by Login Delay.Stratusphere UX screen 4
  5. Click the down-arrow next to the name of the machine. Click Drill-down to see machine inspection history.
    Stratusphere UX screen 5
  6. Select the down-arrow next to the hour that contains the slow login time. Click Drill-down to see inspection report details.
    Stratusphere UX screen 6

A lot of information will be provided, including the username of the user experiencing the issues, as well as information regarding processes. One important piece of information used to find what may be causing the slow logins is the CPU System Time(s) field. The graphic below shows VMWVvpsvc running long. This metric indicates some login slowness resulting from the profile being copied from the profile location using VMware’s persona management. This may be the result of a file server being in a location local to the user, but not local to the View environment.

Stratusphere UX screen 7

This information is helpful, as it says that the VMWVvpsvc was running for 94 seconds. We can assume this is mostly during login, but that only accounts for 94 seconds of a 351 second login delay. Clearly, more information is necessary. While turning to logs can be helpful (such as persona management, the system event log, the application event log, and various View and PCoIP logs), they can be time consuming to review, and often the information these logs provide is insufficient.

Using the Windows Performance Toolkit
The Windows Performance Toolkit is a set of tools provided in the Windows SDKs for both Windows 7 and Windows 8. It consists of two high level toolsets: A toolset to gather information, and a toolset to analyze information. Once users and systems have been found to have slow login times, the toolsets provided with the Windows Performance Toolkit can be employed to further ascertain what exactly is causing the slow logins.

Installation
This section details the installation process to get the tools on the system that is experiencing slow login times. This process assumes the use of the Windows 7 SDK. Below are the steps:

  1. Remove Visual C# 2010 – this may or may not be necessary. If the C# version of the vSphere Client is installed on the workstation, then that existing installation of Visual C# 2010 will need to be removed. Not to worry, the SDK puts C# back on there, and there is no impact to the vSphere client or other applications that may use Visual C# 2010.
  2. Install the Windows 7 SDK – this can be done HERE. Launch the winsdk_web.exe file and ensure that at least the Windows Performance Toolkit is selected, and then click Next. Once the installation has completed, move on to the next step.Windows SDK screenNote: In order to analyze Windows crash dumps (AKA BSOD) I keep the Debugging Tools for Windows installed as well.
  3. Install .NET 4.0 – this can be done from HERE. Again, this depends upon whether or not it is installed on the workstation in question.

This completes the installation. The installation can be verified by confirming that the program group exists on the Start Menu, or navigating to the installation directory, which defaults to C:\Program Files\Microsoft Windows Performance Toolkit, and confirm the existence of xbootmgr.exe and xperf.exe as seen in the images below.

Windows Screen 2Windows Screen 3

Using XPERF
The process to use XPERF to gather information regarding slow logins is as follows:

  1. Enable fast user switching in the registry or GPO.
  2. Create a local user account named Test, and add to the local administrators group. (Using an administrative user that is not the problematic user will also work.)
  3. From the console of the problematic workstation, log in as the user with administrative privileges.
  4. Launch a command line with elevated privileges, and navigate to C:\Program Files\Microsoft Windows Performance Toolkit.
  5. Launch the XPERF command:
    1. XPERF Command: xperf -on base+latency+dispatcher+NetworkTrace+Registry+FileIO -stackWalk CSwitch+ReadyThread+ThreadCreate+Profile -BufferSize 128 -start UserTrace -on “Microsoft-Windows-Shell-Core+Microsoft-Windows-Wininit+Microsoft-Windows-Folder Redirection+Microsoft-Windows-User Profiles Service+Microsoft-Windows-GroupPolicy+Microsoft-Windows-Winlogon+Microsoft-Windows-Security-Kerberos+Microsoft-Windows-User Profiles General+e5ba83f6-07d0-46b1-8bc7-7e669a1d31dc+63b530f8-29c9-4880-a5b4-b8179096e7b8+2f07e2ee-15db-40f1-90ef-9d7ba282188a” -BufferSize 1024 -MinBuffers 64 -MaxBuffers 128 -MaxFile 1024
  6. Using fast user switching, switch users, and login as the problematic user.
    1. Once the login has completed, stop the trace using the following command:
      xperf -stop UserTrace -d merged.etl
  7. Gather the merged.etl trace file for analysis.

Using XBOOTMGR
In some cases, it may not be possible to switch users using fast user switching. In many cases, it may be easier to have the user run XBOOTMGR. This tool, when run, reboots the system and tracks both the startup time and the login time. The analysis ends after a set period of time. Gather an XBOOTMGR analysis by performing the following:

  1. Launch a command line with elevated privileges, and navigate to C:\Program Files\Microsoft Windows Performance Toolkit.
  2. Run the following command:
    1. XBOOTMGR Command: xbootmgr -trace boot -traceflags base+latency+dispatcher -stackwalk profile+cswitch+readythread -notraceflagsinfilename -postbootdelay 120
  3. The system will prompt that it is being rebooted. Allow the reboot to occur.
  4. When the VM is started, have the user connect to the View desktop using the View client.
  5. When the user logs in, XBOOTMGR will present the user with a countdown of 120 seconds. Allow XBOOTMGR to collect data.
  6. Once complete, gather the *.etl trace file for analysis. It may take some time to merge the file.

Analysis
The trace file has been created, and now it is time to analyze the results. The analysis toolset available in the Windows 7 Performance Toolkit is slightly different than what is available in the Windows 8 Performance Toolkit.

Performance Analyzer from Windows 7 Performance Toolkit

Open with Performance Analyzer (From the Windows 7 Performance Toolkit)
Windows Performance Analyzer
The graph below shows the processes occurring during the Winlogon Init process. It is easy to see that VMWVvpsvc is running for approximately two minutes.
Windows Performance Analyzer Screen 1

By right clicking on the graph, one can Overlay Graphs from other categories. This graph shows the Winlogon process, as well as the overlay graphs for Boot Phases and CPU Usage. This can be helpful to see which boot phase the processes are running. Additionally, the CPU graph will show whether the process is running long because it has maxed out the available CPU capacity.
Windows Performance Analyzer Screen 2

These overlays can be tweaked by selecting the CheckPoints box in the top right corner of the graph.

CheckPoints Dialog
Windows Performance Analyzer from Windows 8 Performance Toolkit

Open with Performance Analyzer (From the Windows 8 Performance Toolkit).  The icon is shown below:

Windows8

Windows Screen

When looking at the same trace file as before, the graphs show that VMWVvpsvc was running for over 2 minutes. Moving the user files closer (from a network perspective) to the View desktop will help reduce the login time.

References
http://social.technet.microsoft.com/wiki/contents/articles/10128.tools-for-troubleshooting-slow-boots-and-slow-logons-sbsl.aspx

http://www.liquidwarelabs.com/products/stratusphere-ux


Gourav Bhardwaj is a VMware consulting architect who has created virtualized infrastructure designs across various verticals. He has assisted IT organizations of various Fortune 500 and Fortune 1000 companies, by creating designs and providing implementation oversight. His experience includes system architecture, analysis, solution design and implementation.

Matt Larson is an experienced, independent VMware consultant working in design, implementation and operation of VMware technologies. His interests lie in enterprise architecture related to datacenter and end user computing.

EUC Datacenter Design Series — EVO:RAIL VDI Scalability Reference

By TJ Vatsa with Fred Schimscheimer and Todd Dayton

End User Computing (EUC) has come of age and is continuing to mature by leaps and bounds. Customers are no longer considering virtual desktop infrastructure (VDI) as a tactical project but are looking at EUC holistically as an enterprise solution that accelerates EUC transformation. You can refer to the EUC Design 101 series here (Part 1, Part 2, and Part 3) or a consolidated perspective here (EUC Enterprise Solution). Having collaborated with my fellow colleagues Fred Schimscheimer and Todd Dayton (bios below) during the last few weeks, I intend to share the game changing revolution that VMware’s hyper-converged infrastructure solution is bringing to the EUC domain.

The Challenge
People familiar with VDI are well aware of the fact that a scalable production deployment requires systematic and thorough planning of the infrastructure, namely compute, storage and networking. This can be a daunting task for customers that are either chasing tight deadlines or do not have the available infrastructure or people resources. We have noticed this to be a perpetual challenge for many of our customers across different industry domains including healthcare, financial, insurance services, manufacturing and others.

The Panacea
During the last few years, hyper-converged appliances have been taking the industry by storm. By design these systems follow a modular, building block approach that scales out horizontally and is very quick to deploy. From the EUC infrastructure perspective, it has become necessary to acknowledge the efficiency of hyper-converged appliances. While there are vendors that have hyper-converged infrastructure that runs on VMware’s vSphere hypervisor, VMware’s foray into this domain, EVO:RAIL, was released for general availability during VMworld 2014 in San Francisco in September.

EVO:RAIL has been optimized for VMware’s vSphere and Virtual SAN technology with compute, storage and networking resources in a simple, integrated deployment, configuration, and management solution. EVO:RAIL is the next generation EUC building block for a Software Defined Data Center (SDDC).

Numbers Don’t Lie
During the last few months, our teams have been diligently testing and scaling EVO:RAIL for a variety of use cases such as EUC, Business Continuity and Disaster Recovery (BCDR) and X-in-a-box. The next few paragraphs will focus on our findings for Horizon 6 View desktops scalability.

You may be having lots of questions by now. So let’s take it one by one!

Q: What did the hardware configuration look like?
A: The test bed hardware infrastructure configuration was as follows:

EVO:RAIL Appliance

  • 4 x nodes
  • Each node
    • 2 x Intel E5-2620 @ 2.1 GHz
    • 192GB memory (12 x 16GB)
    • 3 x Hitachi SAS 10K 1.2TB MD
    • 1 x 400GB Intel S3700 SSD

Q: What did the software configuration look like?
A: The test bed View software configuration was as follows:

  • vSphere 5.5 + VSAN
  • Horizon View 6.0 (H6)

Table 1: Horizon 6 Configuration

Horizon 6 Configuration TableNote: vCSA=vCenter Server Appliance

Q: What did the VDI image configuration look like?
A: The test bed image configuration was as follows:

Table 2: Desktop Image Configuration

Desktop Image Configuration Table

Q: What types of View desktops did we test?
A: Horizon View 6, linked clone virtual desktops with floating assignments.

Q: What Horizon 6 configurations did we test?
A: The following configurations were tested using Reference Architecture Workload Code (RAWC):

Table 3: Load Test Configurations

Load Test Configurations

These configurations are pictorially represented in the following schematics:

Management Cluster and Desktop Cluster

 

Figure 1: Configurations #1a/#1b

The figure above represents EVO:RAIL appliances with separate Horizon 6 Management and Desktop clusters.

VDI-in-a-Box

Figure 2: Configuration #2

The figure above represents the EVO:RAIL appliance with both Horizon 6 Management and Desktop clusters in the same appliance. It also illustrates an N+1 configuration to support one node failure within the EVO:RAIL appliance.

Q: What did the results look like?
A: The following results were obtained after the configurations were stress tested using RAWC.

Test Category Results
RAWC Virtual SAN Observer
Config #1a Configuration 1a-RAWC Configuration 1a - VSAN
Config #1b Configuration 1b - RAWC Configuration 1b-VSAN
Config #2 Configuration 2 - RAWC Configuration 2 - VSAN

 

Note: Click the thumbnail images above to drill down into graph details.

Results Summary
The table below summarizes different test configurations and the tested consolidation ratios of numbers of virtual desktops to the EVO:RAIL appliance.

Table 4: Test Configuration Findings

Test Configuration Findings

We hope you will find this information to be useful and motivating. We are looking forward to you bravely adopting and implementing a VDI-in-a-box solution using VMware’s EVO:RAIL hyper-converged appliance in your Software Defined Data Center (SDDC).

Until next time, Go VMware!


Author

TJ VatsaTJ Vatsa is a Principal Architect and CTO Ambassador at VMware, representing the Professional Services organization. TJ has been working at VMware since 2010 and has over 20 years of experience in the IT industry. At VMware, TJ has focused on enterprise architecture and applied his extensive experience to cloud computing, virtual desktop infrastructure, SOA planning and implementation, functional/solution architecture, enterprise data services and technical project management. Catch TJ on Twitter, Facebook or LinkedIn.

Contributors

Fred SchimscheimerFred Schimscheimer has worked at VMware since 2007 and is currently a Staff Engineer in the EUC Office of the CTO. In his role, he helps out with prototyping, validating advanced development projects as well as doing product evaluations for potential acquisitions. He is the architect and author of RAWC – VMware’s first Reference Architecture Workload Simulator.

 

Todd DaytonTodd Dayton joined VMware in 2005 as the first field “Desktop Specialist” working on ACE (precursor to VDI). In his current role as a Principal Systems Engineer and CTO Ambassador, he continues to evangelize End User Computing (EUC) initiatives and opportunities for VMware’s customers.

vCAC 6 Custom Properties, Build Profiles and Property Dictionary Simplified

By Eiad Al-Aqqad

Eiad Al-AqqadThis post originally appeared on Eiad’s Virtualization Team blog.

vCloud Automation Center offers a lot of built-in extensibility features to help you achieve your desired result while minimizing the amount of coding required. Using vCAC custom properties, build profiles, property dictionary is just one example of how you can customize the product, minimize coding, and customize the input form. As property dictionary seems to be the most missed or misunderstood feature of vCAC, followed by build profiles and custom properties, I will try to simplify the explanation of these great features as much as possible. At the end of the article, I will point out more resources for in-depth information on each of these features.

vCAC Custom Properties
Custom properties is the building block for build profiles and property dictionary. VMware documentation defines custom properties as:

“VMware vCloud Automation Center™ custom properties allow you to add attributes of the machines your site provisions, or to override their standard attributes.”

What that means is that vCloud Automation Center utilizes particular variables (custom properties) that contain values that vCAC uses during machine provisioning (such as machine name, machine IP address, port group to use, and so on). vCAC exposes this information as custom properties that you can query or edit to overwrite the default values by a specific value or by a user input. This is a very powerful tool, as you can shape out the request form to ask the user for input (not required by the default request form) and execute upon it without requiring you to do any coding. You can also create your own custom properties to use with your own custom workflows.

Let’s look at a quick example of using vCAC custom properties. The image below shows the default blueprint/VM request form in vCAC:

Default Blueprint Request Form

As you can see, the default VM request form does not ask for a machine hostname or IP address. What if you wanted to allow the user to choose the VM hostname or IP address? You can do that using custom properties, and your request form will look like the screen below:

VCAC Custom Properties

In the above screenshot, I have used the Hostname and VirtualMachine.NetworkN.Address custom properties to allow the user to provide the desired VM hostname and IP address that vCAC will use when creating the VM. I did this by going to Infrastructure ==> Blueprint ==> Properties, then adding the two custom properties as shown in the image below.

VCAC Custom Hostname Property

While the above is using existing vCAC custom properties that vCAC uses when deploying a VM, you can always create your own custom properties to pass to your own workflow or just to track information within the request. For a list of custom properties available in vCAC 6, see: vCloud Automation Center 6 Custom Property Reference.

vCAC Build Profiles
Build profiles is simply a collection of the custom properties under a single title. Imagine if you have 20 different custom properties that you need to include with every Windows blueprint. It would be nice to bundle them all in a build profile then go to these blueprints and assign a single build profile instead of assigning 20 different custom properties to every Windows blueprint. This will save work and provide better consistency. You can create a build profile by going to Infrastructure => Blueprints => Build Profiles => New Build Profile, then add the desired custom properties to that build profile as shown in the image below.

Creating a Build Profile

The next step is to add that build profile to your blueprint as per the image below.

Add Build Profile to Blueprint

vCAC Property Dictionary
I am not sure why property dictionary seems to be the most misunderstood or missed feature of vCAC. It’s quite simple to use and can unleash a lot of power. Allowing users to provide values to custom properties as shown in previous examples is quite useful, but most of the time you want to limit the user choices using drop down menus or check boxes. Property dictionary is all about enabling you to do just that.

vCAC property dictionary lets you define characteristics of custom properties to tailor their display in the user interface. You can customize the property display in the user interface, as in the following examples:

  • Associate a property name with a user control, such as a check box or drop-down menu.
  • Specify constraints such as minimum and maximum values or validation against a regular expression.
  • Provide descriptive display names for properties or add label text.
  • Group sets of property controls together and specify the order in which they appear.
  • Create a relationship between different controls, where for example a location drop down menu can update the storage and network drop down menus to show only values that is valid for that location.

To see how useful property dictionaries can be, let’s take an example where we want to create the drop down menus as illustrated in the below diagram:

Drop Down Menu Sample

The goal of this exercise is to create three drop down menus that will ask the user for location, storage path, and network path to use. Let’s ignore the relationship between the different drop down menus for now and try to focus on just creating these drop down menus. To create the property dictionary required to create these drop down menus, go to: Infrastructure => Blueprints => Property Dictionary.

For each drop down menu you want to create, repeat the steps below. In this example I will create the location drop down menu:

  1. Click New Property Definition, then fill the information as shown in the below screenshot. Please note the name must match the custom property name you want to use.

Location Property Definition

  1. Click the green check mark to save your property definition.
  2. Under Property Attributes, click Edit.
  3. Click New Property Attributes, and then fill in the Property Attributes as shown in the image below.

Property Attribute Drop Down

  1. Repeat the above steps for storage and network as shown in the images below.

Property Definitions

Network Property

Storage Property Attribute

  1. Now that you have all the required property definitions and property attributes created, let’s create a property layout, which is a way of organizing how these drop-down boxes will be ordered when shown to the user. I wanted the drop boxes to be ordered as follows: Location, Storage, Network. To do this, I had to click New Property Layout and fill the information as shown in the below screenshot:

New Property Dictionary Layout

  1. Under Property Layout > Property Instances, click Edit, and organize your property instances as shown in the image below.

Organize Property Instances

  1. Let’s create a build profile that includes all the custom properties involved in our property dictionary example as shown in the image below.

Build Profile Property Dictionary Sample

  1. Now all you are left with is adding this build profile to your blueprint as shown below.

15vcac-adding-property-dictionary-build-profile-to-blueprint-470x232

  1. Now let’s check how the input of our blueprint looks:

16 vCAC-Property-Dictionary-in-action-470x324

Notice in the above example, the three drop-down menus that were created for location, storage, and network are operating independently. There is no relationship between them. In other words, choosing a particular location does not filter which options you have for storage or network. The capability of doing such filtering is part of the property dictionary relationship, which I cover in the following two posts:


Eiad Al-Aqqad is a consulting architect within the SDDC Professional Services practice. He has been an active consultant using VMware technologies since 2006. He is a VMware Certified Design Expert (VCDX#89), as well as an expert in VMware vCloud, vSphere, and SRM. Read more from Eiad at his blog, Virtualization Team, and follow him on Twitter @VirtualizationT.

Look Mom, No Mouse! (Automating the Management of the Management Portal)

By Andrea Siviero, VMware Senior Solutions Architect

Andrea Siviero

The concept of a Software-Defined Data Center (SDDC) has impressed me since the first time I deployed it.

vRealize Automation’s purpose-built infrastructure and application service delivery capabilities combined with its Advanced Service Designer and library of vCenter Orchestrator plugins and workflows make automating almost anything as a service relatively easy.

During my work consulting for enterprise-level customers, I’m frequently exposed to new challenges. One customer engagement inspired my fantasy: how to automate the management of the management portal. This looks like a tongue-twister joke, but actually is an interesting question.

 

SDDC Service Catalog

As soon as you start exploring this sweet idea you find yourself with a REST client opened to interact with your SDDC using APIs, and you can do almost anything!

REST Client

However, there is some downside to this approach, which I would like to simplify with a simple phrase: IT Admins don’t “naturally” talk API. :-)

Not long ago, I was sitting in a VMware CTO Ambassador session, and suddenly a bright light appeared in front of my eyes: The CloudClient.

Cloud Client

CloudClient is a plugin based architecture with a “command line interface” for traditional provisioning and day two operation support, eliminating the challenges of dealing with SSO / CAFE API and no need to speak JSON (unless you want to).

Providing higher-level “verbs” instead of dealing with myriad of JSON / URIs, makes my job supporting customers a little easier and allows a centralized point to talk not only with vRealize Automation but with the other SDDC components like vCenter Orchestrator/Site Recovery Manager and Application Director.

Moreover, CloudClient provides a Java SDK so it can be easily integrated within a third-party solution, without slowing down the SDDC adoption in the stellar complexity of an enterprise customer.

For instance, you can browse catalog items like in the picture below and request them by simply saying “vcac catalog list.” More interestingly, with the admin account, you can create a new tenant — and adding items to the catalog as easy as chatting with your SDDC.

Cloud Client Catalog View

Before you get too excited about it, bear in mind that at this stage CloudClient is a Limited Availability Feature Pack which is only currently available through VMware’s Professional Services organization to clients under specific conditions.

A Fool With a Tool is Still a Fool

Getting a tool for doing a project is the beginning, not the end, of your journey. Any time a discussion goes toward tools, any tools really, it’s a good idea to challenge the tool itself.

What I mean is that solutions, not tools, help you achieve your business needs,. It’s important to have the right team in place to develop solutions, which will ensure you implement the right tools for your needs.


Andrea Siviero is an eight-year veteran of VMware and a senior solutions architect member of Professional Services Engineering (PSE) for the Software-Defined Datacenter (SDDC), a part of the Global Technical Solutions (GTS) team. Prior to PSE, Andrea spent three years as pre-sales system engineer and three years as a post-sales consultant architect for cloud computing and desktop virtualization solutions focusing on very large and complex deployments, especially for service providers in the finance and telco sectors. 

How-to: Create a vCOPS for View At-A-Glance High-Level VDI Dashboard

By Anand Vaneswaran

Anand VaneswaranVDI environments are complex because there are so many moving parts. As a result, there is a real need for architects, admins, managers, or operations professionals to see a high-level breakdown of the most important stats—stats that are especially important when we receive that escalated phone call about an issue that could potentially affect a large number of users.

In this first post of a three-part blog series, I’ll provide details about a high-level VDI custom dashboard in vCenter Operations Manager for View that was renamed vCenter Operations Manager for Horizon when Horizon 6.0 was released. (I’ll also assume you’re all well versed in VDI.)

To start, some of the stats or information I deeply care about in my test environment are as follows:

Download

Download the Step-by-Step

  1. Viewing the number of tunneled connections that are coming in through my security servers.
  2. Viewing the overall health of my connection servers.
  3. Keeping tabs on the resources (CPU, RAM, Disk) of my most critical VDI servers (Connection and security servers, vCenter server, View Composer, etc.).
  4. Monitoring resources (CPU and RAM) on my ESXi hosts running VDI workloads. (I will go one step further and break it down into hosts for my full clone pools, and linked clone pools.)
  5. Finally, looking at my LUNs and keep tabs on a number of metrics, but most importantly VM-to-LUN densities.

When compiled together, the information listed above comprises the end-state dashboard I want to achieve. The dashboard will have two generic scoreboard widgets on either side to depict the number of user connections through my security servers and the workload percentage of my connection servers. In addition, two Health-Workload scoreboard widgets on either side will depict the health of security and connection servers. The scoreboard is set up so that when you click a particular object in the Generic Scoreboard widget, the scoreboard is automatically populated with the health of that relevant object.

Finally, I want four Heat Map widgets: one to provide information about critical server resources, two to give me updates on ESXi host resources, and one to give me details about VM-to-LUN densities. I chose to populate my dashboard with an assortment of these built-in Generic Scoreboard, Health-Workload, and Heat Map widgets because I find that these types of widgets provide the most efficient means of graphically conveying the state of an environment, in essence, a point-in-time snapshot of your environment at any given time.

Now, if you’re ready to build, get detailed, step-by-step instructions for creating the dashboard.


Anand Vaneswaran is a senior technology consultant with the End User Computing group at VMware. He is an expert in VMware Horizon (with View), VMware ThinApp, VMware vCenter Operations Manager, VMware vCenter Operations Manager for Horizon, and VMware Horizon Workspace. Outside of technology, his hobbies include filmmaking, sports, and traveling.

How-to: Find Composer Certificate in VMware Horizon View Administrator

By Gourav Bhardwaj with Matt Larson

GouravMatt LarsonWhile performing a Health Check on a customer’s VMware View 5.2 environment, one item that came up was to verify that the SSL certificate was configured appropriately. VMware recommends the replacement of self-signed certificates with certificates that are signed by a Certificate Authority.

When entering a new environment, or performing a health check, the most well-known approach to determining the certificate used by View Composer is using the sviconfig command referenced here, which is also used to replace the certificate.  During the replacement process, the existing certificate will be listed.  That being said, running this command requires stopping the Composer service. If there are any Composer downtime constraints; the following alternate process can be used to determine the current certificate.

In VMware Horizon View Administrator, you can determine whether the certificate is signed by a well-known certificate authority.  In the case below, the certificate is self-signed.

Composer1Block

Looking at the Certificates Management Console, multiple certificates are listed, but how do you know which one is in use?

Screen shot

To find which certificate is in use, check the registry to see the thumbprint of the certificate bound to the port used by Composer.  Find this by navigating to \HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\HTTP\Parameters\SslBindingInfo\0.0.0.0:18443 key in the registry, and noting the SslCertHash.

Screen Shot

Match the hash listed in the registry to the hash listed on one of the certificates listed in the Certificates Management Console.  The match is the certificate currently used by Composer.

Composer_4

As seen in the console, this certificate is the self-signed certificate that was created during the Composer installation process.  It is also expired.  To change the certificate, follow the article listed earlier in reference to sviconfig.

Stay tuned for more posts about evaluating the health of the virtual desktop environment.


Gourav Bhardwaj is a VMware consulting architect who has created virtualized infrastructure designs across various verticals. He has assisted IT organizations of various Fortune 500 and Fortune 1000 companies, by creating designs and providing implementation oversight. His experience includes system architecture, analysis, solution design and implementation.

Matt Larson is an experienced, independent VMware consultant working in design, implementation and operation of VMware technologies. His interests lie in enterprise architecture related to datacenter and end user computing.

Running Microsoft SharePoint FAST Search on vSphere

By Girish Manmadkar

Girish-ManmadkarI recently worked with an enterprise customer to resolve end user reports of performance issues related to Microsoft SharePoint 2010 and FAST Search deployed on vSphere 5.1. The end users were reporting problems with initial page response and file upload and download. The customer requested architecture guidance, including a performance health check across the entire infrastructure stacks. The result of this engagement is the following architectural guidance, designed to help customers with similar deployments achieve maximum performance for Microsoft FAST Search on the VMware platform.

Specifics
The customer deployed the SharePoint FAST Search Farm with the following key components:

Software Resources

  • VMware vSphere 5.1 Update 2
  • Windows 2008 R2
  • SharePoint 2010
  • Microsoft SQL server 2008 protected with MSCS in 3 node cluster

Hardware (Virtual) Resources

Role

RAM

Local Disk

#CPU

NIC

Total VMs

Total #CPU

Total Mem (GB)

SQL
2012 Cluster Node A, B & C

32

C: 80
GB

4

2

3

 

 

E: 100
GB

12

96

WebFront End
Server

8

C: 80
GB

2

2

5

 

 

E: 50
GB

10

40

Application
Server

16

C: 80
GB

4

2

4

 

 

E: 50 GB

16

64

Services
Application Servers

16

C: 80
GB

4

2

2

 

 

E: 50
GB

8

32

Fast
Administration Server

16

C: 80
GB

4

2

1

 

 

E: 50
GB

4

16

Query
Indexer

16

C: 80
GB

4

2

5

 

 

E: 50
GB

20

80

Allocated Total Memory = 328 Gig
Allocated Total vCPU = 70

Sample FAST Servers Architecture

Discovery
During discussions and white board sessions with the customer, we encountered following issues with the deployment:

  • Storage
    • The virtual machines running query and index services were sharing the LUN and the data stores.
    • Thin provisioning was being deployed at the vSphere and EMC storage array layer.
    • The RDMs used for the SQL server MSCS environment were configured with incorrect (MRU/fixed) multi-pathing options.
  • Virtual machines had no lock pages for SQL and no memory reservations.
  • Various SQL server databases were being deployed as shared SQL instances for the entire FAST Search environment.
  • The networking configurations were set incorrectly for certain SCSI adapters.
  • Typical traffic within the guest operating systems, VMotion, and backup were not channeled properly.
  • There were no anti-affinity rules in place for the application servers within the vSphere farm.
  • The CPU subscriptions across the overall farm seemed unbalanced.

Approach/Recommendations
Throughout a series of discussions we learned more about the architecture and identified the following steps to improve performance:

  1. Reconfigure multi-pathing per EMC’s recommendations for vSphere5.1 to round robin. (This change showed immediate performance improvement.)
  2. Enable memory reservations with “Lock Pages in Memory” for SQL workloads.
  3. For a write-intensive application like FAST Search, use four (4) vSCSI controllers to separate volumes for operating systems, binaries, data, LOG and TEMPDB disks with window full format option to avoid additional write penalty.
  4. Absolutely avoid CPU over commitment in the production environment.
  5. Adopt best practices on vSphere to separate various networking traffic, including dedicated backup, which in this case was previously sharing VM traffic.

Conclusion
For any business-critical application to run with optimum performance, you must put performance ahead of consolidation and avoid over commitment of CPU and memory. Once you implement these principals for the production environment, any performance issues for business-critical applications on vSphere will be alleviated.


Girish Manmadkar is a veteran VMware SAP Virtualization Architect with extensive knowledge and hands-on experience with various SAP and VMware products, including various databases. He focuses on SAP migrations, architecture designs, and implementation, including disaster recovery.

Success Factors for Deploying EUC

By Ken Copas

Ken Copas

Building out an end-user computing (EUC) environment right means the infrastructure is nearly invisible to end users. But as with anything that appears easy and elegant on its surface, there are quite a few complexities underneath the hood.

While there are many factors to consider, here are a few questions to ask before building out your EUC environment.

Is the Tail Wagging the Dog?

This scenario happens very frequently: The supporting infrastructure is purchased and implemented before a plan and design is performed to determine the appropriate hardware requirements. Best practice is to understand what you’re trying to accomplish from a business perspective first, architect the required supporting infrastructure and design the blueprint with professional services, and then purchase and implement the gear.

Take that same concept and apply it to a proof-of-concept (POC) environment, whether it’s the full Horizon Suite or individual View, Workspace (our unified application publishing platform), or Mirage (our physical and virtual image management solution) components. While it can be fast and easy to install and set up a working POC of these VMware products, this temporary environment is only for the purpose of “kicking the tires.” These POC environments should never be exposed to production users and expected to perform and scale appropriately in a production environment. To use VMware products correctly, again there needs to be a plan and design in place, which requires a great deal of up-front assessment, current environment analysis, and due diligence around your business use cases.

You’ll need absolute subject matter expertise to determine what storage to use (by the way, getting storage right is a key success factor), what’s the aggregate I/O throughput, CPU and memory requirements–all of these decisions play a huge part in how the production environment will perform and scale.

Why Not Pick and Choose?

Here’s a good one: what would happen if you only deployed VDI with Horizon View (our virtual desktop solution) without Horizon Workspace or Mirage?

While in addition to your standard production VDI environment, you would have the capability to run full desktop OS images on a variety of mobile devices such as laptops, tablets or even smartphones, users will most likely encounter issues with screen real estate and experience interface frustrations with mouse and keyboard options.

As I’m sure you are aware, the desktop OS itself can require significant compute, memory, and disk resources that can cause performance issues when using VDI on mobile devices. There are many other factors that can cause performance degradation as well. Adding Horizon Workspace to your EUC environment may give you access to applications in an environment that’s native to your device with improved response time and it can provide an overall better user experience.

How you address questions like these will have a profound impact on user satisfaction with your EUC environment, which at the end of the day is ultimately the key measure of success. So again, be sure to allow the time and attention required for proper plan and design.

What’s your Roadmap?

This is a great question. VMware has a unique holistic view of this space, as well as a comprehensive roadmap, which I have yet to see from any other company. The completeness of vision, in my mind, is huge for customers to consider as they think through potential EUC solutions.

Even if you don’t go with VMware, you need to understand where your vendors are taking you. How does their roadmap address your needs? Look at where that vendor is going to be in two to three years and make sure you fully understand how that company will help you get where you want to go.

Who are your people?

One last piece of the equation is something you shouldn’t take for granted: talent. Standing up an EUC solution incorrectly can mean longer project timetables, missed deadlines, frustrated users, and business disruption. This technology has its own set of potential pitfalls and nuances. Make sure you have genuine subject matter expertise in place, whether in-house or professional services sourced from your trusted advisors.


Ken Copas currently serves as a practice manager for End User Computing Professional Services at VMware. Prior to joining VMware, Ken’s corporate experience includes serving as the practice director of cloud computing and IT services management for GlassHouse Technologies, as a business development executive for IBM and as an IT executive for NetJets, Inc. Ken holds a degree in Computer & Information Science from the College of Engineering at The Ohio State University, as well as a Master’s in Business Administration from the Fisher College of Business at The Ohio State University.

End User Computing 101: Tying It Together with Mobility, BYOD, and Proper Methodology

By TJ Vatsa, Principal Architect, VMware Professional Services

TJ Vatsa

In the first two posts in this End User Computing (EUC) series (End User Computing 101 and Tips for Successful Deployments and End User Computing 101: Network and Security) I delved into EUC infrastructure, server power, network and security, devices, and appliances. Today, I’ll wrap up this three-post series by covering mobility and BYOD, application and image management, and touch on EUC project scenario and methodology.

First, let’s take a closer look at the mobility and Bring-Your-Own-Device (BYOD) space. If this is not well planned, deploying a mobility and BYOD policy (and the infrastructure to handle the influx of personal devices) can be a harrowing journey. With users today demanding anytime, anywhere access to business productivity applications, mobile devices, and data on personal devices, not having a policy in place can be even more detrimental.

Enterprise Mobility Management Platform

Components and framework to consider for managing mobility at the enterprise level

(For additional design considerations and tips for establishing a secure, manageable, and scalable enterprise Mobility & BYOD policy, read How to Set Up a BYOD/Mobility Policy.)

Applications and Image Management

These days, it’s not enough for users to have access inside the four walls of an office building. Users need anytime and anywhere access to their applications and associated data. While this may sound like a business and mobility use case, IT directors and managers need to analyze this requirement from the perspective of a unified application launch-pad a.k.a. a follow-me virtual workspace. This can mean virtualized applications, Software-as-a-Service (SaaS) applications, application publishing, web pages, virtual desktops, RDSH (Remote Desktop Session Host) desktops, to name a few.

Applications

When you look from the perspective of applications and data entitlement and policy management, it’s important to have a single source of truth—essentially, a repository for enterprise policy. This repository should not only facilitate one-stop-shop for policy definition, entitlement, and management, but also for operational excellence and auditing. VMware’s Workspace Portal provides these capabilities and a lot more.

Image Management

For desktop operational excellence in terms of swift provisioning, efficient management and centralized security, using VMware’s Horizon View means you won’t have to deal with “application and desktop image sprawl.”

As such, whether you use VMware or not, it’s imperative for enterprises to deploy a platform that provides centralized image management, image recovery, integrated PC break-fix and troubleshooting, and automated OS migration (to name a few).

It’s important to use desktop image management, not only for physical, but for virtual desktops as well. (VMware’s Horizon Mirage is one option to help make this happen.)

Weaving it together: EUC Project Methodology

Now that we’ve covered key EUC details, bringing it together with VMware’s Professional Services (PS) organization and our approved partner network is the best route to an agile methodology. It’s important that the methodology takes business and IT initiatives into consideration and turns them into successful business outcomes. This approach is composed of multiple iterative sequences.

Project Methodology

Each iteration focuses on requirements and vision, analysis, design, inventory details of implementations, and operational excellence. This approach not only enables early feedback, risk mitigation, and effective progress management, it also enables effective scope management and the perpetual enforcement of IT governance.

This iterative process begins with an analysis and assessment initiative that helps define the baseline by categorizing and prioritizing business and technical requirements. These requirements become part of detailed use cases that may also have business specific pre- and post-execution contingencies.

The use cases are then abstracted into a logical enterprise architecture design that is mapped to the available physical infrastructure. Once the physical design is ready, the pilot/blueprint implementation is initiated. This ensures compliance with business outcomes as defined by business sponsors. Upon successful user acceptance testing (UAT), VMware’s PS organization and partners test blueprints that are then rolled into the production environment with accompanying knowledge transfer (KT) sessions and role-based user training.

TJEUC img 8

 

By conforming to proper EUC infrastructure considerations, creating appropriate mobility and BYOD policies, adhering to best application and image management practices, and using a typical EUC project scenario that follows VMware’s iterative architecture methodology, you will set yourself up for success and effectively transform EUC and mobility initiatives within your organizations.


TJ has worked at VMware for the past four years, with over 20 years of experience in the IT industry. During this time he has focused on enterprise architecture and applied his extensive experience in professional services and R&D to cloud computing, VDI infrastructure, SOA architecture planning and implementation, functional/solution architecture, enterprise data services and technical project management. TJ holds a Bachelor of Engineering (BE) degree in Electronics and Communications from Delhi University, India and has attained industry and professional certifications in enterprise architecture and technology platforms. He has also been a speaker and a panelist at industry conferences such as VMworld, VMware’s PEX (Partner Exchange) and BEAworld. He is an avid blogger who likes to write on real-life application of technology that drives successful business outcomes.

End User Computing 101: Network and Security

By TJ Vatsa, Principal Architect, VMware Professional Services

TJ Vatsa

In my first post on the topic of End User Computing (EUC), I provided a few digestible tidbits around infrastructure, desktop and server power, and storage. In this post, we’ll go a bit further into the infrastructure components that affect user experience and how users interact with the VDI infrastructure. We’ll cover network and security, devices, converged appliances, and desktop as a service.

Let’s look a bit more closely at network and security first.

Network and Security

To ensure acceptable VDI user experience, monitor the bandwidth and latency or jitter of the network. This means performing the appropriate network assessment by deploying monitoring tools to first establish a baseline. Once that’s completed, you’ll need to monitor the network resources against those baselines. As with any network, high latency can negatively affect performance, though some components are more sensitive to high latency than others.

When deploying Horizon View desktops using the PC-over-IP (PCoIP) remote display protocol in a WAN environment, consider the Quality of Service (QOS) aspect. Ensure that the round-trip network latency is less than 250 ms. And know that PCoIP is a real-time protocol, so it operates just like VoIP, IPTV, and other UDP-based streaming protocols.

To make sure that PCoIP is properly delivered, it needs to be tagged in QoS so that it can compete fairly across the network with other real-time protocols. To achieve this objective, PCoIP must be prioritized above other non-critical and latency tolerant protocols (for example, file transfers and print jobs). Failure to tag PCoIP properly in a congested network environment leads to PCoIP packet loss and a poor user experience, as PCoIP adapts down in response. For instance, tag and classify PCoIP as interactive real-time traffic. (Classify PCoIP just below VoIP, but above all other TCP-based traffic.)

For optimizing network bandwidth, ensure that you’ve got a full-duplex end-to-end network link. Consider segmenting PCoIP traffic via IP Quality of Service (QoS) Differentiated Services Code Point (DSCP) or a layer 2 Class of Service (CoS) or virtual LAN (VLAN). While using VPN, ensure that UDP traffic is supported.

Enterprise security for corporate virtual desktops is of paramount importance for the successful rollout of VDI infrastructure. It is highly recommended that an enterprise scale, policy-based management security solution be used to define and enforce security policies within the enterprise.

Based on typical customer requirements, secure access to the VDI infrastructure is provisioned via the following user access modes:

  1. LAN Users: VDI users accessing virtual desktop infrastructure via the corporate LAN network.
  2. VPN Users: VDI users accessing corporate virtual desktop infrastructure via the VPN tunnel.
  3. Public Network Users: VDI users accessing virtual desktop infrastructure via the public network.

Use Case: VDI User Secure Access Modes

Enforcing authentication and authorization policies is a domain by itself, and is influenced by industry verticals. For instance, many hospitals prefer “tap-‘n’-go” solutions to authenticate and authorize their clinical staff to access devices and Electronic Medical Record (EMR) applications. The regulatory compliance perspective should not be ignored either when it comes to industry verticals, such as HIPAA for healthcare industry and PCI for the financial industry.

Note: The scenario depicted below is that of a typical public network user.

Infrastructure scenario

Horizon View infrastructure can be easily optimized to support any combination of secure VDI user access modes.

Devices

Based on security policies and regulatory compliance standards that are prevalent within the enterprise, I highly recommended doing a thorough end user devices/endpoints assessment. You’ll want to categorize your users based on desktop communities that support one or more types of endpoints. VMware’s Horizon View client supports a variety of endpoints, whether they’re desktops, laptops, thin clients, zero clients, mobile devices, or tablets that support iOS, Android, Mac OS X, Linux, Windows, HTML Access—just to name a few.

Converged Appliances

The converged appliances industry is rapidly and effectively maturing as more and more customers prefer converged appliances because they enable faster infrastructure deployment times. From an EUC infrastructure perspective, it’s important to evaluate available converged appliance solutions available for your business scenarios.

Vendors are and will be providing customized and optimized solutions for EUC, business continuity and disaster recovery (BCDR) as x-in-a-box, wherein the required infrastructure components, hardware and software have been validated and optimized to cater to specific business scenarios.

Desktop as a Service (DaaS)

Some customers worry about EUC datacenter planning, infrastructure procurement, and deployment.

DaaS scenario

Look to hosted desktop services, such as Horizon DaaS, to address business requirements and use cases that revolve around development, testing, seasonal bursts, and even BCDR. DaaS can even provide a more economical alternative to traditional datacenter deployment. For instance, DaaS reduces your up-front costs and lowers your desktop TCO with predictable cloud economics that enable you to move from CapEx to OpEx in a predictable way.

Plus, users can access Windows desktops and applications from the cloud on any device, including tablets, smartphones, laptops, PCs, thin clients, and zero clients. DaaS solutions like Horizon DaaS desktops can also be tailored to meet the simplest or most demanding workloads, from call center software to CAD and 3D graphics packages.

In these first two posts, we’ve gotten a good handle on infrastructure, devices, and security. In my next post, I’ll cover mobility and BYOD along with applications and image management, and weave it all together with EUC project methodology.


TJ has worked at VMware for the past four years, with over 20 years of experience in the IT industry. At VMware TJ has focused on enterprise architecture and applied his extensive experience to Cloud Computing, Virtual Desktop Infrastructure, SOA planning and implementation, functional/solution architecture, enterprise data services and technical project management.

TJ holds a Bachelor of Engineering degree in Electronics and Communications from Delhi University and has attained multiple industry and professional certifications in enterprise architecture and technology platforms. TJ is a speaker and a panelist at industry conferences such as VMworld, VMware’s PEX (Partner Exchange) and BEAworld. His passion is the real-life application of technology to drive successful user experiences and business outcomes.