Home > Blogs > VMware End-User Computing Blog > Tag Archives: VMware

Tag Archives: VMware

Retiring Old OSes: XP, Vista, Mac OS X 10.6 & 10.7

by Kristina De Nike, Product Management, VMware

Queen Maria Eleonora of Sweden kept her dead husband, King Gustav Adolf, in her bedroom for 18 months before he was finally interred. Microsoft retired XP April 8, 2014. Now, 8 months later, it’s time for VMware® Horizon® to accept that loss and plan a memorial.

We don’t do this lightly; we know that many customers are still using Microsoft XP. But with Microsoft dropping support, it is time for VMware to align with Microsoft’s decision. As Windows XP will not be support, there will be no drivers for new hardware, libraries that our products use will be incompatible and XP will not get the benefits of regular security fixes. For all these reasons, VMware is clearly outlining the support plan for Horizon to give our customers time to plan a transition.

Continue reading

F5′s Username Persistence and Cloud Pod Architecture in VMware Horizon (with View) 6 – What’s the Story?

Guest Blog by Justin Venezia, Sr. Solutions Architect- VMware Alliances at F5 Networks

There’s been a lot that has changed with the release of VMware® Horizon® (with View) in June 2014. Aside from the support for RDS hosted desktops and published applications using PCoIP, there is also a new feature called Cloud Pod Architecture (CPA). CPA enables entitlements to desktops between multiple View pods within or across multiple data centers.

F5’s Local Traffic Manager (LTM), Access Policy Manager (APM), and Global Traffic Manager (GTM) solution has been able to address this challenge for some time. From a 30,000-foot view, here is how today’s integrated VMware/F5 solution works when detecting an existing session without Cloud Pod Architecture:

View-UserNamePersist

  • GTM gets you to a data center based on source IP, geo, least connections, etc.
  • You then land in one of two typical configurations:
    • LTM load-balances you between Horizon Security Servers (external connections)
    • LTM load balances you between Horizon Connection Servers (internal connections)
  • You authenticate…
  • APM can detect an existing user’s session across multiple Horizon pods, and send you to that data center to reconnect to an existing desktop
  • You are reconnected to your session!

With the introduction of Cloud Pod Architecture, how does this impact the F5 solution? What’s different? What value-add does F5 provide in this updated environment?

The beauty of the VMware/F5 relationship is that the solutions COMPLEMENT each other very well. But, a word to the wise – what you need (versus want) should be driven by an organization’s business and technical requirements in concert with the VMware/F5 solution capabilities.

Cloud Pod 101

So, let’s take a quick look at what Cloud Pod Architecture is and how it works. I’m not going to reinvent the wheel explaining this, as Narasimha Krishnakumar (Director of Product Management – EUC @ VMware) does a spot-on job of explaining it – check out this link for more info.

Basically, you can federate multiple “independent” Horizon pods and bring together pools from each Horizon Pod to appear as a “single” global pool (the official term is called Global Entitlement). If a user connects into one Horizon Pod, and their desktop resides in another, the Horizon Pod they connect to authenticates and brokers the connection on behalf of the other – and BAM! you are connected to your desktop.

This graphic – courtesy of VMware’s EUC Technical Enablement team – is the picture that’s worth a thousand words:

CPA-View6

Let’s walk through the flow of a connection to a Cloud Pod-enabled desktop pool:

  1. The user connects with a single namespace URL managed by a load balancer or directly to a Horizon Connection Server.  The user logs into Horizon using the appropriate credentials
  2. Horizon Connection Servers will search the Global AD LDS (where the CPA pool information is stored) and local Horizon Pod’s AD LDS
  3. Horizon Connection Server then checks the state of the desktop using the VIPA protocol and enumerates the desktops in the client.
  4. The user chooses the desktop.
  5. If they chose the desktop pool that is CPA enabled and their desktop is in the other Horizon Pod (in this case, the other data center), the connection is made from the client to the desktop in the remote location.

Even though the desktop is in NYC (in this example), the user connected to the London Connection Servers – these brokers authenticated the user on behalf of NYC, so the user never passes through the brokers in NYC. This same traffic flow would also apply if there were Security Servers – the connection to the NYC data center would be proxied through the Security Servers in London.

So, does this remove the need for the F5 Username Persistence solution or the need for load balancing in general?

Well, the honest answer is “it depends”. You still need to load balance between security servers and connection servers for system resiliency and scalability. Around whether CPA will adequately replace F5’s username persistence solution, you need to do some homework to determine the best approach. Here are some key points on how to determine what you’ll need to address load balancing/connection management and session persistence features when using F5’s APM and/or Horizon’s Cloud Pod Architecture (CPA):

  • You STILL need to route the initial connection to the appropriate data center (in a multiple data center model). CPA doesn’t get the connection to the data center. F5’s Global Traffic Manager (GTM) module is the method used to make this happen.
  • You STILL need to load balance connections between a Horizon Pod’s Connection Servers and Security Servers. CPA doesn’t do this either. F5 Local Traffic Manager (LTM) is the best choice for intelligent load management and monitoring of Connection/Security Server resources..
  • Cloud Pod Architecture supports RDS hosted desktops and traditional hosted desktops – HTML desktops and RDS hosted applications (App Remoting) are not currently supported.
  • Although Cloud Pod Architecture can broker access and proxy the connection to a desktop in another pod, the network connection to the final communication between the client and the desktop (or security server, if external) may not be an optimal path. The connection path may cross an internal network connection that’s constrained for bandwidth or high latency.

If we use the picture above as example, the user is accessing their desktop in the NYC Pod through the London Pod.  Therefore, the path of data flow is over the internal link – which needs to be able to handle PCoIP traffic in addition to handling other inter data center traffic when hauling PCoIP over latency-sensitive connections.

How does F5′s Username Persistence solution complement View’s Cloud Pod Architecture?

F5’s username and session persistence solution can address many of the previously mentioned challenges through the use of GTM, LTM, and/or APM. Here’s some guidance that will help you choose the right path:

  • Leverage F5’s Username/Session Persistence to address these requirements:
    • Ability to detect and reconnect to existing RDS hosted application sessions – F5’s APM can detect existing sessions and route users to that existing data center or Horizon Pod.
    • Requirement to reconnect to HTML-based desktops across multiple Horizon Pods or data centers. Username and session persistence works with HTML Desktops.
    • Provide an option to route the user’s Horizon desktop/application connection across the most optimal connection, rather than traversing an internal or constrained/latent network connection.
  • Use APM’s-integrated PCoIP Proxy feature to keep access simple and secure.
    • It’s a secure and scalable alternative in the DMZ to removing the need for Security Servers in the DMZ.
    • Works OUT OF THE BOX with Horizon’s Cloud Pod Architecture.
    • If you already have an F5 Big-IP device in the DMZ and wish to enhance its functionality and leverage your existing investment.
    • Ability to provide multiple, unique instances of PCoIP Proxy Servers for different access scenarios, all running on a single appliance.

Well, that wraps up this blog post. Our next blog post will focus on understanding and implementing F5’s PCoIP Proxy feature – we’ll cover how it works, when to use it, and how to integrate it with Horizon.

You can also send any topics or ideas to vmwarepartnership@f5.com.

Until next time…

 

Image Management with VMware Mirage: The Wednesday Morning Cure for Patch Tuesday

By Stephane Asselin, End-User Computing Architect, VMware

You have all had that knot in the pit of your stomach. If you, like me, have ever managed an IT environment, you know what I mean. It happens every Wednesday morning after the 2nd Tuesday of the month. What patches did Microsoft release this time? How will it impact your environment? Will you be spending the next few days and nights testing and deploying patches, keeping your fingers crossed that the patches do not break anything?

What IT administrator would not want to manage only one or two Windows images? Everybody would like that, and let me tell you, it is possible!

Utilizing VMware Mirage, you can reduce the number of Windows images you need to manage, with an end goal of managing one image, or two at most (x32 and x64). Before you use Mirage, however, you have some work to do! You need clear processes, a well-defined management and update cycle, and people who can properly assess the level of urgency and relevance of those updates or patches. If you have those in place, then you are ready to implement a technology solution that will support a simplified image management solution. Continue reading

Calling All Citrix XenApp Customers! Make the Move to VMware Horizon 6

By Mark Ewert, End-User Computing Solutions Architect, VMware

This summer we released VMware Horizon 6, the latest version of our leading end-user computing platform. Perhaps the most exciting feature of Horizon 6 is its expanded support for Microsoft Remote Desktop Services, including hosted applications. Whether users need virtual desktops, hosted apps, or shared desktop sessions, VMware Horizon is the only platform you need. This means it is now possible to migrate off your Citrix XenApp infrastructure! Summer 2015 marks both the termination of support for Microsoft Windows Server 2003 and the end of life for XenApp 5.0. If you are still running XenApp 5 on Windows 2003, the timing is perfect for a migration to VMware Horizon. And we are working feverishly to release tools, guidance, and services to provide what you need to make your migration a success. Continue reading

VMware Horizon Client for Mac Is Ready for OS X 10.10

By Kristina De Nike, Product Line Manager, End-User Computing, VMware

No need to be alarmed. Apple has announced that Mac OS X 10.10 is available. But if you are running the latest Horizon Client for Mac, version 3.1, you do not need to change anything. The current client works beautifully with Yosemite and looks beautiful doing it.

Horizon_Client_for_Mac

Figure 1: Horizon Client for Mac in Front of Seamless Horizon Hosted Application (Windows Chrome)

For weeks, we have been testing the Horizon Client 3.1 with the OS X Yosemite beta. Now that OS X 10.10 has shipped, we can confirm that the Horizon Client for Mac that we shipped in September is fully compatible.

If you are not running the latest Horizon Client, download the Mac client from the Horizon Client download page.

For more information about the Horizon Client and View virtual desktops, see Horizon with View.

Alarms in Mirage 5.0

By Sachin Sharma, Product Marketing Manager, End-User Computing, VMware

It has been a few months since we released Horizon 6, yet it feels like it was just yesterday! With all the activities since the release (webinars, workshops, road shows, and so on), I have had little time to blog about one of my favorite aspects of the Horizon 6 release—Mirage 5.0.  Mirage 5.0 introduced several new features, including Windows 8.1 support and enhancements to the Mirage Gateway. I would like to tell you about one of the cool new features that might have gone unnoticed, but which can help desktop administrators in a big way—alarms. Continue reading

Hear from your industry peers at VMworld Europe!

 Untitled

VMworld US has been a resounding success this year and we are carrying the energy and momentum to VMworld Europe, set to kick-off on October 13th in Barcelona. While there will be multiple product sessions to talk about the latest advances in our technology, we also recognize that our customers want to see how others in their industry have deployed our products and the benefits they achieved. To showcase our customers and to share industry best practices, we have a series of industry-oriented panel discussions at VMworld that will cover Healthcare, Education, Financial Services, Government, and Manufacturing/3D.

In these sessions, we will have customers come in and share their decision making process, business drivers, deployment details, and benefits they achieved through deployment of VMware’s end-user computing solutions, products, and technologies. This will be your chance to get firsthand information from peers in your industry:

In addition to sharing best practices, this will be a wonderful opportunity to network with your peers in the industry! We look forward to seeing you at the event.

You can follow us live throughout the show and drop us a comment on Twitter or Facebook using the #vmworld hashtag!

New View Security Overview Now Available

By Gary Sloane, VMware End-User-Computing Consultant

Do you remember the guy from Los Alamos who lost a laptop full of weapon plans? How about that database of veterans’ names and social security numbers accidentally left in an airport? Losses like these could all have been prevented by VDI solutions, such as VMware Horizon with View. Enforcement of policies on taking sensitive material off-premises would have been useful, too, but the use of View desktops instead of physical PCs would have been sufficient.

Ah, the good old days!

Today, the breaches are more numerous, frequent, and complex, with more mobile devices at risk and more serious and sophisticated forms of attack. From Stuxnet to Heartbleed to Backoff to less dramatic incidents—like the theft of a billion usernames and passwords—new threats are emerging all the time.

So, if you are a system or network administrator, or a security officer, the good news is: There are ways to reduce your attack vectors. The bad news is that these suggestions are often ignored.

The new VMware Horizon with View Security Hardening Overview provides a broad discussion of the security issues facing VDI administrators. It includes both general advice about the evolving threat landscape and specific recommendations for hardening Horizon 6 with View and implementing a defense-in-depth strategy.

The advice is good. Do not ignore it.

NVIDIA Recap from VMworld 2014

By Geoff Murase, Solutions Marketing, End-User Computing, VMware

Now that you’ve hopefully recovered from the hustle and bustle of VMworld in late August, let’s review the plethora of activity that NVIDIA was involved in at VMworld in the U.S. First, there was a press release that announced a collaborative effort between VMware, Google, and NVIDIA to deliver high-performance virtual desktops and workstation-class graphics to Google Chromebooks. Watch a quick demo of this technology in action here.  This press release not only highlighted this joint collaboration but also invited customers to apply for an early access program to experience NVIDIA vGPU technology on VMware vSphere. A short animated video explaining the benefits of GRID vGPU can be found here.

2

Continue reading

Horizon Clients 3.1 is here!

By Kristina De Nike, Senior Product Manager, End-User Computing, VMware

Originally, we thought this client release would include some small fixes to the hosted applications we launched last quarter. But we’ve gotten such a positive reaction to Horizon 6, the team was excited to add even more features. When the dust settled, we realized there’s a lot in this release. We have features that improve the usability of hosted application and we added some features sure to make all users happy.

Continue reading