Home > Blogs > VMware Consulting Blog

VMware User Environment Manager and ADMX Settings

JeffSmallby Jeffrey Davidson

In this blog entry, I will walk through how to configure ADMX settings within the VMware® User Environment Manager™ Management Console. Additionally, I will discuss how User Environment Manager ADMX settings work together with existing Group Policy configurations.

In this example, I will be setting Google Chrome as the default browser using the ADMX settings.

Continue reading

Supporting Always On Availability Groups (SQL Server) with App Volumes

Ma_Mark2By Mark Ma

With the recent release of App Volumes 2.12, we officially support Microsoft SQL Server Always On Availability Groups.

SQL Always On Availability Groups is a great way to provide high availability and disaster recovery because live copies of your databases reside on secondary servers. By integrating SQL Always On with App Volumes, we ensure the most popular application layering product can be enjoyed by users in any situation.

Continue reading

vRO Architecture Considerations When Digitally Signing Packages

Spas KaloferovBy Spas Kaloferov

In this blog post we will take a look at how digitally signing packages in VMware vRealize® Orchestrator™ (vRO) may affect the way you deploy vRO in your environment.

In some use cases, digitally signing workflow packages may affect your vRO architecture and deployment. Let’s consider a few examples.

Use Case 1 (Single Digital Signature Issuer)

Let’s say you have vRO ServerA and vRO ServerB in your environment. You’ve performed the steps outlined in How to Change the Package Signing Certificate of a vRO Appliance (SKKB1029) to change the PSC on vRO ServerA , export the keystore, and import it on vRO ServerB. This will allow the following:

  • vRO ServerA can digitally sign workflow packages, and vRO ServerB can read packages digitally signed by vRO ServerA.
  • vRO ServerB can digitally sign workflow packages, and vRO ServerA can read packages digitally signed by vRO ServerB.

Now what happens when you add vRO ServerC?

Continue reading

Securing Your PowerShell Execution and Password in VMware vRealize Orchestrator

Spas Kaloferovby Spas Kaloferov

In this blog post we will look at how to secure your end-to-end PowerShell Execution from VMware vRealize® Orchestrator™ (vRO)—including how not to show passwords when using the Credential Security Support Provider (CredSSP) protocol in a double-hop authentication scenario.

Let’s look at a few common use cases regarding the configuration of vRO, the PowerShell host, the Windows Remote Management (WinRM) protocol, and the PowerShell script/command, and how we can best secure all of them.

Web Services (WS)-Management encrypts all traffic by default, and this is controlled by the AllowUnencrypted client and server WinRM configuration parameter—even if you only work with HTTP (the default configuration) and not with HTTPS. Prior to Windows Server 2003 R2, WinRM in an HTTP session was not encrypted.

Continue reading

Mini Post; How to Change the Package Signing Certificate of a vRO Appliance for update

Spas Kaloferov


By Spas Kaloferov

Importing Digitally Signed Packages to a Different Destination vRO (vRealize Orchestrator) Server

What we did in the previous changer was to change the PSC certificate on a vRO server to match our company requirements. The certificate will be used to digitally sign packages we export from vRO.

If you will import digitally signed workflow packages only to their original vRO, no further steps are required.

If you will import digitally signed workflow packages to a different vRO, additional configuration steps are required on the destination vRO. Continue reading

Hybrid Cloud Manager Deployment Considerations

by Michael Francis

VMware Hybrid Cloud Manager™ is VMware’s management extension for VMware vSphere® and VMware vCloud® Air™. Hybrid Cloud Manager aims to simplify the implementation of a true hybrid cloud.

My Definition of Hybrid Cloud

What is hybrid cloud? In my mind, hybrid cloud means extending my on-premises estate into a data center facility owned and provided by a third party. The key to this definition is in the word “extension.” A true extension means I can retain my existing operating model, security model, and provisioning systems and seamlessly migrate applications from my on-premises environment to my provider’s platform, just as I do within my on-premises environment.

Continue reading

How to Configure vRealize Orchestrator to Use SSL to Connect to a SQL Server Database

Spas Kaloferovby Spas Kaloferov

Microsoft® SQL Server® can use Secure Sockets Layer (SSL) to encrypt data that is transmitted across a network between an instance of SQL Server and a client application.

SSL can be used for server validation when a client connection requests encryption. If the instance of SQL Server is running on a computer that has been assigned a certificate from a public certification authority, identity of the computer and the instance of SQL Server is vouched for by the chain of certificates that lead to the trusted root authority. Such server validation requires that the computer on which the client application is running be configured to trust the root authority of the certificate that is used by the server.

For the purposes of this article, the client application that will be configured with an encrypted connection to the database is VMware® vRealize® Orchestrator™. I will show you how to configure vRealize Orchestrator Appliance™ to use an SSL connection when communicating with a Microsoft SQL Server database.

Continue reading

VMware Named 2016 STAR Award Winner for Innovation in Enabling Customer Outcomes

VMware’s global Professional Services organization has played an important role in enabling customer successes. Over the last five years, as VMwaretsia-award-2-233x300 has evolved from a single product company to a multi-product solutions provider, the maturation, innovation and transformation of its professional services business has driven new and higher levels of business success and customer satisfaction.

The Technology Services Industry Association (TSIA) announced the 2016 STAR Award winners at the Technology Services World Conference held in Las Vegas. VMware Professional Services was named the 2016 STAR Award winner for Innovation in Enabling Customer Outcomes.

Now in its 26th year, the STAR Awards have become one of the highest honors in the technology services industry. The selection process is rigorous, consisting of a thorough evaluation followed by a vote by TSIA’s service discipline advisory board members.

Read the full article on the VMware Radius Blog.

VMware Horizon 7 Instant Clones Best Practices

Dale CarterBy Dale Carter

Recently, I have been working with Instant Clones in my lab. Although I have found this easy to get up and running (for more information, see my blog here), it hasn’t been easy to find best practices around configuring Instant Clones, as they are so new.

I reached out to the engineering team, and they provided me with the following best practices for using Instant Clones in VMware Horizon 7.0.2.

Check OS Support for Instant Clones

The following table shows what desktop operating systems are supported when using Instant Clones.

Guest Operating System Version Edition Service Pack
Windows 10 64-Bit and 32-Bit Enterprise None
Windows 7 64-Bit and 32-Bit Enterprise and Professional SP1

For more information, see the architecture planning guide.

Remote Monitor Limitations

If you use Instant Clone desktop pools, the maximum number of monitors that you can use to display a remote desktop is two, with a resolution of up to 2560 X 1600. If your users require more monitors or a higher resolution, I recommend using a Linked Clone desktop pools for these users.

For more information, see the architecture planning guide.

Instant Clones on vSAN

When running Instant Clones on vSAN it is recommended to the R5 configuration that will have the following settings

Name Checksum Rain Level Duplication and Compression Client Cache Sparse Swap
R5 Yes 5 No Enabled Disabled

For more information, see the VMware Horizon 7 on VMware Virtual SAN 6.2 All-Flash, Reference Architecture.

Unsupported Features when using Instant Clones

The following features are currently not supported when using Instant Clones.

View Persona Management

The View Persona Management feature is not supported with Instant Clones. I recommend the User Environment Manager for managing the user’s environment settings.

For more information, see the architecture planning guide.

3D Graphics Features

The software and hardware accelerated graphics features available with the Blast Extreme or PCoIP display protocol are currently not supported with Instant Clones desktops. If your users require this feature, I recommend you use a Linked Clone desktop for them.

For more information, see the architecture planning guide.

Virtual Volumes

VMware vSphere Virtual Volumes Datastores are currently not supported for Instant clone desktop pools. For Instant Clone desktop pools, you can use other storage options, such as VMware Virtual SAN.

For more information, see the architecture planning guide.

Persistent User Disk

Instant Clone pools do not support the creation of a persistent virtual disk. If you have a requirement to store a user’s profile and application data on a separate disk, you can use the writeable disk feature of VMware App Volumes to store this data. The App Volumes writeable volume can also be used to store user installed applications.

For more information, see the architecture planning guide.

Disposable Virtual Disk

Instant Clone pools do not support configuration of a separate, disposable virtual disk for storing the guest operating system’s paging and temp files. Each time a user logs out of an instant clone desktop, Horizon View automatically deletes the clone and provisions and powers on another instant clone based on the latest OS image available for the pool. Any guest operating systems paging and temp files are automatically deleted during the logo operation.

For more information, see the architecture planning guide.

Hopefully, this information will help you configure Instant Clones in your environment. I would like to thank the VMware Engineering team for helping me put this information together.


Dale Carter is a Senior Solutions Architect and member of the CTO Ambassadors. Dale focuses in the End User Compute space, where Dale has become a subject matter expert in a number of the VMware products. Dale has more than 20 years’ experience working in IT having started his career in Northern England before moving the Spain and finally the USA. Dale currently holds a number of certifications including VCP-DV, VCP-DT, VCAP-DTD and VCAP-DTA. For more blog post from Dale visit his website athttp://vdelboysview.com

Architecting an Internet-of-Things (IoT) Solution

Andrea SivieroBy Andrea Siviero

When Luke Skywalker asks Obi-Wan Kenobi, “What is The Force,” the answer was, “It’s an energy field created by all living things. It surrounds us and penetrates us; it binds the galaxy together.”

According to Intel, there are 15 billion devices on the Internet today. In 2020 the number will grow to 200 billion. In order to meet the demand for connectivity, cities are spending $41 trillion dollars to create the infrastructure to accommodate it.

What I want to talk about in this short article is how to architect an IoT solution, and the challenges in this area.

asiveiro_iot-solution

In a nutshell, connecting “things” to a “platform,” where business apps can consume information, is achieved two ways:

  • Simple “direct” connection (2-Tiered approach)
  • Using a “gateway” (3-Tiered approach)

The 3-Tier Approach: Introducing IoT Gateways

You may now be wondering, “what exactly are the reasons behind introducing a gateway into your IoT architecture?”

The answer is in the challenges introduced by the simple connection:

  • Security threat; the more “they” that are out there, the more “doors” that can be opened
  • Identity management; huge amount of devices and configuration changes
  • Configurations/updates can become a complex problem

What Is/Isn’t an IoT Gateway?

An IoT Gateway:

  • Is a function, not necessarily a physical device
  • Is not just a dumb proxy that forwards data from sensors to backend services (because that would be highly ineffective in terms of performance and network utilization).
  • Performs pre-processing of information in the field—including message filtering and aggregation—before being sent to the data center.

asiveiro_filtering-aggregation

Where is All This Leading?

As enterprises transform into digital businesses, they need to find ways to:

  • Improve efficiencies
  • Generate new forms of revenue
  • Deliver new and exciting customer experiences

These will be the tipping points for enterprise IoT to really take off.

For organizations that want to deploy IoT apps across multiple gateway vendors—and those that wish to buy solutions that are not locked into a single silo—IoT can bring problems and frustration.

VMware has taken the first steps in the IoT journey, making the IoT developer’s life easier, and introducing Liota (Little IoT Agent). Liota is a vendor-neutral open source software development kit (SDK) for building secure IoT gateway data and controlling orchestration that resides primarily on IoT gateways.

Liota is available to developers for free now at https://github.com/vmware/liota, and it works with any gateway or operating system that supports Python.

If you are attending VMworld, make a point to visit the Internet of Things Experience zone. Within this pavilion, we will have several pods showing live demos with augmented reality experiences that bring life to workflows across a variety of industries.

May the force be with you.


Andrea Siviero is an ten-year veteran of VMware and a senior solutions architect member of Professional Services Engineering (PSE) for the Software-Defined Datacenter (SDDC), a part of the Global Technical Solutions (GTS) team. Prior to PSE, Andrea spent three years as pre-sales system engineer and three years as a post-sales consultant architect for cloud computing and desktop virtualization solutions focusing on very large and complex deployments, especially for service providers in the finance and telco sectors.