Home > Blogs > VMware Consulting Blog > Tag Archives: Cloud Pod Architecture

Tag Archives: Cloud Pod Architecture

Configuring VMware Identity Manager and VMware Horizon 7 Cloud Pod Architecture

Dale CarterBy Dale Carter

With the release of VMware Horizon® 7 and VMware Identity Manager™ 2.6, it is now possible to configure VMware Identity Manager to work with Horizon Cloud Pod Architecture when deploying your desktop and application pools over multiple data centers or locations.

Using VMware Identity Manager in front of your VMware Horizon deployments that are using Cloud Pod Architecture makes it much easier for users to get access to their desktops and applications. The user has just one place to connect to, and they will be able to see all of their available desktops and applications. Identity Manager will direct the user to the application hosted in the best datacenter for their location. This can also include SaaS applications as well as the applications that are available through VMware Horizon 7.

The following instructions show you how to configure VMware Identity Manager to work with VMware Horizon 7 when using Cloud Pod Architecture.

Configure view on the first connector

  1. From the VMware Identity Manager Admin Portal select Catalog, Managed Desktop Appliances, View Application.

DCarter_View Application

  1. Choose the first Identity Manager Connector. This will redirect you to the connector View setup page.
  2. Select the check box to enable View Pools. Add the correct information to the first View Pod, and click Save.

DCarter_View Pools

  1. If there is an Invalid SSL Cert warning, click the warning and Accept.

DCarter_Invalid SSL Cert

  1. Scroll down the page and select Add View Pool.

DCarter_Add View Pool

  1. Add the correct information to the first View Pod and click Save.

DCarter_View Pod

  1. If there is an Invalid SSL Cert warning, click the warning and Accept.
  2. You will now see both View Pods configured for this connector.

DCarter_Remove View Pod

  1. Scroll to the top of the page.
  2. Select Federation.
  3. Check the Enable CPA Federation check box. Fill out the correct information, and add all of the Pods within the Federation.
    DCarter_View Pools Federation
  4. Click Save.
  5. From the Pods and Sync tab, click Sync Now.

DCarter_View Pool Sync

Configure view on all other connectors

  1. From the VMware Identity Manager Admin Portal, select Catalog, Managed Desktop Appliances, View Application.
  2. Select the next connector and follow the instructions above.
  3. Do this for every connector.

Configure network ranges

Once the VMware Horizon View setup is complete, you will need to configure Network Ranges.

  1. From the Identity Manager Admin page, select the Identity & Access Management Tab and click Setup.
  2. Select Network Ranges and click Add Network Range.

DCarter_Add Network Range

  1. Enter the required information and click Save.

DCarter_Add Network Range View Site

  1. This will need to be repeated for all network ranges, usually for each site and external access.

Dale is a Senior Solutions Architect and member of the CTO Ambassadors. Dale focuses in the End User Compute space, where Dale has become a subject matter expert in a number of the VMware products. Dale has more than 20 years’ experience working in IT having started his career in Northern England before moving the Spain and finally the USA. Dale currently holds a number of certifications including VCP-DV, VCP-DT, VCAP-DTD and VCAP-DTA. For more blog post from Dale visit his website at http://vdelboysview.com

VMware Horizon 7 New Features

Dale CarterBy Dale Carter

With the release of VMware Horizon 7, I thought I would highlight some of the new features that have been added with this release.

Blast Extreme Protocol

With the update to Blast Extreme, VMware has upgraded the Blast Extreme protocol to the same level as PCoIP and RDP. Now you will be able to use the Blast Extreme protocol when connecting via HTML5, and also when you connect to a virtual desktop or RDSH app using your VMware Horizon client on any device.

DCarter_Edit LocalA

Just as with PCoIP and RDP, VMware Horizon Administrators will be able to configure the Blast Extreme protocol as the default protocol for both desktop and application pools.

DCarter_Edit Global Entitlement

Blast Extreme will not only be available for standard desktop and application pools but also global pools when configured with Cloud Pod Architecture.

VMware Instant Clone Technology

VMware Instant Clone is the long awaited technology built on VMware Fork technology that was previewed at VMworld. VMware has been working on it for some time. VMware Instant Clone helps to create the just-in-time desktop. It allows for a new virtual desktop to be created in seconds, and thousands of virtual desktops to be created in a very short time. This is one of the best features of the VMware Horizon 7 release, and I believe that VMware Horizon administrators are going to love creating desktop pools using this new Instant Clone technology.

For information on configuring the new VMware Horizon Instant Clone technology, see my blog here.

Cloud Pod Architecture

The two main updates to Cloud Pod Architecture are scale and home site improvements. I have written two new blogs to cover these new updates:

Cloud Pod Architecture New Features

Update to How CPA Home Sites Work with VMware Horizon 7

Smart Policies

The new Smart Policies are a way to have more granular control of what users can access when they connect to their virtual desktop or applications. With the first release of Smart Policies, you will be able to set the following policies based on certain conditions:

  • VMware Horizon Conditions
    • View client info (IP and name)
    • Endpoint location (Internal/external)
    • Tags
    • Desktop pool name
  • VMware Horizon Capabilities
    • Clipboard
    • Client drive
    • USB
    • Printing
    • PCoIP bandwidth profiles

For more information on these capabilities see my more detailed blog here .

To use Smart Policies, you will need VMware Horizon 7 and User Environment Manager 9. You will also need the latest view agent and clients installed to take advantage of these new features. The other thing to note is that these policies only work with the PCoIP and Blast Extreme protocols and not RDP.

Desktop Pool Deletion

The Desktop Pool Deletion feature is often a request from customers who want to stop administrators from deleting a desktop pool that currently has active desktops within it. With VMware Horizon 6.x and earlier versions, it was possible for an administrator to accidentally delete a desktop pool and all the VM’s within that pool. This new feature, when enabled, will stop that from happening. To enable this feature, follow the instructions in my blog here.

These are just some of the new features that have been released with VMware Horizon 7. For a full list of the new features, check out the release notes.


Dale is a Senior Solutions Architect and member of the CTO Ambassadors. Dale focuses in the End User Compute space, where Dale has become a subject matter expert in a number of the VMware products. Dale has more than 20 years experience working in IT having started his career in Northern England before moving the Spain and finally the USA. Dale currently hold a number of certifications including VCP-DV, VCP-DT, VCAP-DTD and VCAP-DTA.

For updates you can follow Dale on twitter @vDelboy

3 Reasons VMware Horizon 7 Will Make You Smile

Michael BradleyBy Michael Bradley

The June 2014 release of VMware Horizon® 6 brought with it a long list of exciting new features. Cloud Pod Architecture (CPA), RDS hosted desktop and applications, and integration with VMware vSAN were just a few of the headlines that sent desktop administrators rushing to upgrade.

Although the new features marked huge advances in availability and scalability, they came with certain, shall we say, nuisances. These nuisances had a way of popping up at the most inopportune times, and although not showstoppers by any stretch of the imagination, could become very irritating very quickly. Now, I’m the kind of guy who is easily irritated by nuisances, so, seeing the list of features coming with Horizon 7 made me smile. With this upcoming release, VMware is introducing enhancements that fix three of the items on my personal list of nuisances in VMware Horizon 6. Let’s take a look.

Cloud Pod Architecture Home Sites

The introduction of Cloud Pod Architecture was a huge step forward in providing true high availability and scalability for a VMware Horizon 6 virtual desktop infrastructure. The ability to easily span pools across multiple data centers had been something that VMware customers had been requesting for some time. For the most part, Cloud Pod Architecture did exactly what it was designed to do. However, there was one small thing about it that really irritated me: home sites.

A home site is the affinity between a user and a Cloud Pod Architecture site. Home sites ensure that users always receive desktops from a particular data center, even when they are traveling. Home sites were a nice idea, and worked wonderfully, in most circumstances.

What I found to be irritating was the fact that if resources were unavailable in the user’s assigned home site, Cloud Pod Architecture would stop searching for available desktop/app sessions and deny access to the user, even if there were resources available in an alternate site.

HomeSites

The good news is that, with the release of VMware Horizon 7, this behavior has changed. When a user who is assigned a home site logs in to VMware Horizon, Cloud Pod Architecture will search for available resources in that user’s home site. However, if no available resources can be found, Horizon will search other eligible sites and, if found, assign an available desktop/app session to the user.

Certificate Single Sign-On

This problem is not uncommon to users logging into a VMware Horizon® View™ environment using RADIUS, RSA’s SecurID, or even VMware Identity Manager™. In each of these situations, it is possible that the users may not enter their active directory (AD) credentials, and, although VMware Horizon “trusts” that user, they may be forced to enter their AD credentials in order to access their Windows desktop. This is dependent on the 2 form factor authentication requirements and implementation.

This will change with the introduction of certificate SSO. In VMware Horizon 7, certificate SSO allows users to authenticate to a Windows desktop without requiring AD credentials or a smartcard. Authentication is based on a patented process whereby a short lived certificate is created specifically for the user allowing authentication to a singular Windows session, which then logs the user in. In all cases, the user will have previously been authenticated through another service using other “non AD mechanisms,” such as biometrics, SecurID, RADIUS, or VMware Identity Manager. The VMware Horizon 7 session is launched using security assertion markup language (SAML), and the SAML assertion will include a reference to the user’s UPN, which is then used to generate a custom certificate for the logon process.

Desktop Pool Deletion

It’s the stuff of nightmares. A VDI administrator working in the VMware Horizon administrator console accidently clicks “Delete” on the desktop pool that contains the desktops for every executive in the company. As the administrator watches each desktop delete, all he can do is update his resume and wait for the hammer to fall. If you’ve woken up in a cold sweat with this recurring nightmare, then you are in luck.

With the release of VMware Horizon 7, administrators can only delete desktop pools that are empty. If you try to delete a pool that contains desktops, a message will be displayed, instructing the administrator that the pool contains desktops. In order to delete a desktop pool, you must disable provisioning, and then delete all of the desktops from inventory first. This makes it virtually impossible to accidently delete a desktop pool, allowing desktop administrators everywhere to sleep a little easier.

DeletePool

So, VMware Horizon 7 doesn’t fix nuisances like traffic jams, global warming, or nuclear proliferation, but I’m excited to see its new features and enhancements, and I’m pleased to say that there are plenty more where they came from.


Michael Bradley, a VMware Senior Solutions Architect specializing in the EUC space, has worked in IT for almost 20 years. He is also a VCP5-DCV, VCAP4-DCD, VCP4-DT, VCP5-DT, and VCAP-DTD, as well as an Airwatch Enterprise Mobility Associate.

Managing Horizon Gold Images Across Multi-Site Deployments

By Dale Carter

One of the challenges when deploying VMware Horizon across multiple sites or data centers is how to keep your Gold/Master images in sync and how to get them from one site to another.

In this blog I will show you how you can utilize the new Content Library that is part of vSphere 6 to help manage this challenge.

There is a caveat to using the content library – it does not currently manage VM Snapshots. This blog will also show how you can work around this caveat to make the solution work for your deployments.

The following steps will show you how to create a Content Library and then use the Content Library to move your Gold/Master images between sites.

Create Your Content Library

  1. Connect to the vCenter Web Client on your home site
  2. From the home menu select Content Libraries

DCarter Gold Images 1

  1. Click Create new content library

DCarter Gold Images 2

  1. Give the library a Name, select the vCenter Server and click Next

DCarter Gold Images 3

  1. Select Local content library and check the box for Publish content library externally then click Next

DCarter Gold Images 4

  1. Select the datastore you want to save the content library in and click Next

DCarter Gold Images 5

  1. Click Finish
  2. Right-click the new Home library and click Edit Settings

DCarter Gold Images 6

  1. Click Copy Link and then OK

DCarter Gold Images 7

  1. Now connect to the web client of the remote vCenter
  2. From the home menu select Content Libraries
  3. Click Create new content library
  4. Give the library a Name, select the vCenter Server and click Next

DCarter Gold Images 8

  1. Select Subscribed content library. Then paste the link into the first library in the box and click Next

DCarter Gold Images 9

  1. Select the datastore to save the content library and click Next
  2. Click Finish

The Content Libraries are now created at each site and are ready to have content published to the library.

The next steps are to publish the Gold/Master image to the home library and then deploy that image in the remote data center.

Publishing the Gold/Master Image

The following steps will show you how to publish the Gold/Master image with the latest Snapshot to the content library.

  1. Connect to the vCenter Web Client on your home site
  2. Under VMs and Templates right-click the Gold/Master image and click Clone – Clone to Template in Library

DCarter Gold Images 10

  1. Give the new template a name, select the correct Library and click Next

DCarter Gold Images 11

The template will now be published to the Content Library and then synced to the remote library. You can speed up the sync by connecting to the remote library, clicking Actions and Synchronize Library.

DCarter Gold Images 12

Publish Template to Remote Site

The following steps will show you how to deploy the new Gold/Master image with the latest Snapshot to the remote site from the content library.

  1. Connect to the vCenter Web Client on your remote site
  2. From the home menu select Content Libraries
  3. Select the Library and click Related Objects

DCarter Gold Images 13

  1. Right-click the correct template and click New VM from This Template

DCarter Gold Images 14

  1. Confirm the name of the new VM and the location and click Next

DCarter Gold Images 15

  1. Select the correct resource and click Next

DCarter Gold Images 16

  1. Confirm and click Next
  2. Select the disk format and the datastore location and click Next

DCarter Gold Images 17

  1. Select the required Network to deploy the VM to and click Next

DCarter Gold Images 18

  1. Click Finish

The VM will now be deployed to the remote data center. However, there is one last step required before you can use Horizon to deploy new desktops – create a Snapshot for the composer to use.

  1. Right-click the newly created VM and click Snapshots – Take Snapshot

DCarter Gold Images 19

  1. Give the Snapshot a name and click OK

DCarter Gold Images 20

 

The VM is now ready to be used by Horizon to deploy desktops with the latest Gold/Master image.


Dale is a Senior Solutions Architect and member of the CTO Ambassadors. Dale focuses in the End User Compute space, where Dale has become a subject matter expert in a number of the VMware products. Dale has more than 20 years experience working in IT having started his career in Northern England before moving the Spain and finally the USA. Dale currently hold a number of certifications including VCP-DV, VCP-DT, VCAP-DTD and VCAP-DTA.

For updates you can follow Dale on twitter @vDelboy