Home > Blogs > VMware Consulting Blog > Monthly Archives: June 2014

Monthly Archives: June 2014

VMware Horizon 6 (View) Firewall and Network Ports Visualized

Ray Heffer
By Ray Heffer, VCDX#122, VMware EUC Architect

Back in April 2012, I posted on my blog my original Horizon View network firewall ports diagram. Over the past two years, it’s been used widely both internally at VMware and in the community. Since Horizon 6 just recently released, I thought I’d create a brand new full size diagram to include Cloud Pod Architecture. This updated diagram contains a better layout and a new color theme to boot!  This image is 3767 x 2355 pixels, so simply click it to enlarge then ‘Save Image’ to get the full size HD version.

You’ll notice the addition of VIPA (View inter-pod API) and ADLDS port 22389 which are both used for Cloud Pod Architecture. Bear in mind that between your View Pods, you will still require the usual Active Directory ports.

Horizon 6 Firewall Diagram

Key Firewall Considerations for VMware Horizon 6

  • TCP 8472: View interpod API (Cloud Pod Architecture) – NEW
  • TCP 22389: Global ADLDS (Cloud Pod Architecture) – NEW
  • HTTPS (443): Horizon Client access, authentication and RDP tunnel (HTTPS Secure Gateway)
  • HTTPS (8443): Used by HTML Access (Blast)
  • HTTPS (22443): HTML Access (Blast) to Virtual Desktops
  • TCP 9427: Used by Windows multimedia redirection (MMR)
  • TCP 32111: USB Redirection
  • ESP (Protocol 50) used for Security Server and Connection Server IPSEC communication (requires Windows firewall with Advanced Security to be enabled)
  • UDP 500: IPsec negotiation for Security Server and Connection Server communication and pairing.

For a full list of network ports please refer to the latest Horizon 6 documentation: https://www.vmware.com/support/pubs/view_pubs.html


Ray Heffer is an EUC Architect working at VMware and a double VCDX with both VCDX-DCV (Data Center) and VCDX-DT (Desktop). Previously part of the VMware Professional Services team as a Senior Consultant, Ray now works for the Desktop Technical Product Marketing BU at VMware. Ray joined the IT industry in 1997 as a Unix admin, before focusing on end user computing with Citrix MetaFrame and Terminal Services in the early days. In 2004 Ray joined an ISP providing managed hosting and Linux web applications, but soon discovered VMware ESX 2.5 (and GSX!) and passed his first VCP in 2007. Ray has many years of complex infrastructure design and delivery including the integration of VCE Vblock for both EUC and Cloud, and two highly successful 10,000+ user VMware Horizon View design and implementation engagements. This post originally appeared on Ray’s blog. Follow Ray on Twitter @rayheffer.

Horizon View: RDS PCoIP Design Tips

By Dale Carter, Consulting Architect, End-User Computing

With the release of VMware Horizon View has come the ability to not only configure virtual desktops but also virtual applications hosted on Windows RDS servers.

In this post, I will cover a couple of things that you should take into consideration when configuring virtual applications and how they might affect the sizing of your View Cluster and the number of connection servers you will need.

There are many different papers and posts on how to configure RDS servers themselves, so I will not be touching on that in this post. I want to discuss the effects of how the PCoIP connections connect to RDS servers and what you should look out for.

Scenario 1
The following diagram shows my first configuration. This includes a virtual desktop cluster and a single RDS farm. RDS Farm A in this example is hosting five applications: Word, Excel, Power Point, Visio and Lync.

Virtual Desktop Scenario 1

In this scenario if a user launches a virtual desktop and then an application, the user would be using a maximum of two PCoIP connections through the Horizon View infrastructure. It’s important to know that when configuring RDS with just one farm, if a user then launches a second application or all five applications, then all these applications will launch using the same PCoIP connection. This means that all five applications for that user would be running on the same RDS host. In this scenario, you need to make sure that each of your RDS hosts can handle all users opening all applications on each of the hosts.

The Horizon View connection servers do load balance a user’s connection when the user first connects to an RDS host. Users will always be sent to the RDS host with the lowest number of connections; however, once they are connected they will always go to the same RDS host until they completely disconnect from all applications.

In this scenario, if you have 300 users and they all launch Word, each RDS server will have 100 connections all running Word. It is also possible in this scenario that Servers A and B will only be running 100 instances of Word; whereas Server C could be running 100 instances of all five of the different software applications. This is why it is critical that the RDS servers are configured correctly.

Scenario 2
In the second configuration, I split the application across RDS host farms. The following diagram shows two RDS farms. The first, Farm A, is hosting Word, Excel and PowerPoint. The second, Farm B, is hosting Visio and Lync.

Virtual Desktop Scenario 2

 

Now in this scenario, if a user launches a virtual desktop and then the applications Word and Visio, we have managed to lighten the load on the RDS servers. By separating the application into different RDS farms, we now know that each RDS server is not going to get as much load when a user opens these applications. However, instead of a user only using two PCoIP connections the user is now using three PCoIP connections.

Conclusion
Given this information, it becomes more important than ever to know your users’ environment and the applications the users are using. When deploying Horizon View into your environment and taking advantage of the new hosted application functionality you need to ask yourself the following questions:

  • How many applications will be installed on each RDS host?
  • What is the hardware configuration of the RDS host?
  • How many RDS farms will be required?
  • How many PCoIP sessions will each user require?

For larger environments, the question might be: Will one or more View deployments be required? As the environments get larger, it might be a better design to have one View deployment for desktop connections and a separate deployment for hosted applications. In this scenario, VMware Workspace can become that central location for users to access all of their desktops and applications. With VMware Workspace 2.0, it is now possible to configure more that one View environment, giving you the option of multiple View environments that are all accessible from the one Workspace front end.


Dale is a Senior Solutions Architect and member of the CTO Ambassadors. Dale focuses in the End User Compute space, where Dale has become a subject matter expert in a number of the VMware products. Dale has more than 20 years experience working in IT having started his career in Northern England before moving the Spain and finally the USA. Dale currently hold a number of certifications including VCP-DV, VCP-DT, VCAP-DTD and VCAP-DTA.

For updates you can follow Dale on twitter @vDelboy

vCAC 5.2 to 6.x Construct Mappings

By Eiad Al-Aqqad

Eiad Al-AqqadThis post originally appeared on Eiad’s Virtualization Team blog.

vCloud Automation Center (vCAC) 5.x admins and architects might get surprised by vCAC 6.x construct naming, thinking VMware has abandoned the constructs vCAC used in the past. After a closer look, you will notice the construct functionalities are still the same as they used to be in 5.x. They were just renamed to fit the wider audience vCAC is currently addressing, and to be better aligned with broader functionality. The main difference is that a new Tenant Construct that did not exist in 5.2 was introduced in vCAC 6.x, as vCAC 5.2 did not support multi-tenancy.

I get asked quite often about the construct mapping between vCAC 5.2 and 6.x. The longer I deliver just vCAC 6.x engagements, the more I forget the construct mapping between vCloud Automation Center 5.2 and 6.x, so I decided to document it as a reference for myself and anyone else who needs it. Below is the best diagram I was able to find that highlights the construct mapping between vCAC 5.2 and vCAC 6.x:

vCAC Construct Mapping

 

Hope this help those of you familiar with vCAC 5.2 jump on 6.x with confidence.


Eiad Al-Aqqad is a Senior Consultant within the SDDC Professional Services practice. He has been an active consultant using VMware technologies since 2006. He is VMware Certified Design Expert (VCDX#89), as well as an expert in VMware vCloud, vSphere, and SRM. Read more from Eiad at his blog, Virtualization Team, and follow him on Twitter @VirtualizationT.

VMware #1 in IDC Worldwide Datacenter Automation Software Vendor Shares

The VMware Company Blog announces that market research firm IDC has named VMware the leading datacenter automation software vendor based on 2013 software revenues.(1)

IDC’s report, “Worldwide Datacenter Automation Software 2013 Vendor Shares,” determined that VMware’s lead in 2013 jumped 65.6 percent over 2012 results and its market share now stands at 24.1 percent, more than 10 percentage points above the second place vendor. Overall, the worldwide market for datacenter automation grew by 22.1 percent to $1.8 billion in 2013. Download full IDC report here.

(1)   IDC, “Worldwide Datacenter Automation Software 2013 Vendor Shares,” by Mary Johnston Turner, May 2014

Quick Tip: Change the Password on the vCNS Edge

By Martijn Baecke, VMware Senior Consultant

Martijn BaeckeDeploying and managing a vCNS Edge device with vCloud Director is a pretty easy task. You just spin up the appliance, integrate it with vCenter and then hook it up to vCloud Director. Piece of vCAC!

I was trying to dig deeper into the structure of how vCNS Edge devices work and wanted to log in to the Edge device itself. The only problem was fact that I couldn’t log into console of the Edge appliance that was deployed by vCNS manager on my virtual infrastructure. Thankfully, the vCNS Manager interface provides you with the possibility to reset the password.

To reset the password and be able to log into the vCNS Edge device:

1. Log into the vCNS web interface.
2. At “View:” in the left corner, select Edges.
3. Select the Edge Gateway you want to log into.
4. Click Actions and select Change CLI Credentials.

This allows you to set the password for the “admin” account. With these credentials you can login to the vCNS Edge device.


Martijn Baecke is a Senior Consultant for VMware Professional Services in Northern EMEA. He has 10+ years experience in advising and consulting with large enterprise companies around IT infrastructure. He is a VMware Certified Design eXpert (VCDX #103) and you can find more insights on his personal blog, Think©Loud.