Home > Blogs > VMware Consulting Blog > Tag Archives: Horizon View

Tag Archives: Horizon View

VMware Horizon 6 (View) Firewall and Network Ports Visualized

Ray Heffer
By Ray Heffer, VCDX#122, VMware EUC Architect

Back in April 2012, I posted on my blog my original Horizon View network firewall ports diagram. Over the past two years, it’s been used widely both internally at VMware and in the community. Since Horizon 6 just recently released, I thought I’d create a brand new full size diagram to include Cloud Pod Architecture. This updated diagram contains a better layout and a new color theme to boot!  This image is 3767 x 2355 pixels, so simply click it to enlarge then ‘Save Image’ to get the full size HD version.

You’ll notice the addition of VIPA (View inter-pod API) and ADLDS port 22389 which are both used for Cloud Pod Architecture. Bear in mind that between your View Pods, you will still require the usual Active Directory ports.

Horizon 6 Firewall Diagram

Key Firewall Considerations for VMware Horizon 6

  • TCP 8472: View interpod API (Cloud Pod Architecture) – NEW
  • TCP 22389: Global ADLDS (Cloud Pod Architecture) – NEW
  • HTTPS (443): Horizon Client access, authentication and RDP tunnel (HTTPS Secure Gateway)
  • HTTPS (8443): Used by HTML Access (Blast)
  • HTTPS (22443): HTML Access (Blast) to Virtual Desktops
  • TCP 9427: Used by Windows multimedia redirection (MMR)
  • TCP 32111: USB Redirection
  • ESP (Protocol 50) used for Security Server and Connection Server IPSEC communication (requires Windows firewall with Advanced Security to be enabled)
  • UDP 500: IPsec negotiation for Security Server and Connection Server communication and pairing.

For a full list of network ports please refer to the latest Horizon 6 documentation: https://www.vmware.com/support/pubs/view_pubs.html


Ray Heffer is an EUC Architect working at VMware and a double VCDX with both VCDX-DCV (Data Center) and VCDX-DT (Desktop). Previously part of the VMware Professional Services team as a Senior Consultant, Ray now works for the Desktop Technical Product Marketing BU at VMware. Ray joined the IT industry in 1997 as a Unix admin, before focusing on end user computing with Citrix MetaFrame and Terminal Services in the early days. In 2004 Ray joined an ISP providing managed hosting and Linux web applications, but soon discovered VMware ESX 2.5 (and GSX!) and passed his first VCP in 2007. Ray has many years of complex infrastructure design and delivery including the integration of VCE Vblock for both EUC and Cloud, and two highly successful 10,000+ user VMware Horizon View design and implementation engagements. This post originally appeared on Ray’s blog. Follow Ray on Twitter @rayheffer.

Horizon View: RDS PCoIP Design Tips

By Dale Carter, Consulting Architect, End-User Computing

With the release of VMware Horizon View has come the ability to not only configure virtual desktops but also virtual applications hosted on Windows RDS servers.

In this post, I will cover a couple of things that you should take into consideration when configuring virtual applications and how they might affect the sizing of your View Cluster and the number of connection servers you will need.

There are many different papers and posts on how to configure RDS servers themselves, so I will not be touching on that in this post. I want to discuss the effects of how the PCoIP connections connect to RDS servers and what you should look out for.

Scenario 1
The following diagram shows my first configuration. This includes a virtual desktop cluster and a single RDS farm. RDS Farm A in this example is hosting five applications: Word, Excel, Power Point, Visio and Lync.

Virtual Desktop Scenario 1

In this scenario if a user launches a virtual desktop and then an application, the user would be using a maximum of two PCoIP connections through the Horizon View infrastructure. It’s important to know that when configuring RDS with just one farm, if a user then launches a second application or all five applications, then all these applications will launch using the same PCoIP connection. This means that all five applications for that user would be running on the same RDS host. In this scenario, you need to make sure that each of your RDS hosts can handle all users opening all applications on each of the hosts.

The Horizon View connection servers do load balance a user’s connection when the user first connects to an RDS host. Users will always be sent to the RDS host with the lowest number of connections; however, once they are connected they will always go to the same RDS host until they completely disconnect from all applications.

In this scenario, if you have 300 users and they all launch Word, each RDS server will have 100 connections all running Word. It is also possible in this scenario that Servers A and B will only be running 100 instances of Word; whereas Server C could be running 100 instances of all five of the different software applications. This is why it is critical that the RDS servers are configured correctly.

Scenario 2
In the second configuration, I split the application across RDS host farms. The following diagram shows two RDS farms. The first, Farm A, is hosting Word, Excel and PowerPoint. The second, Farm B, is hosting Visio and Lync.

Virtual Desktop Scenario 2

 

Now in this scenario, if a user launches a virtual desktop and then the applications Word and Visio, we have managed to lighten the load on the RDS servers. By separating the application into different RDS farms, we now know that each RDS server is not going to get as much load when a user opens these applications. However, instead of a user only using two PCoIP connections the user is now using three PCoIP connections.

Conclusion
Given this information, it becomes more important than ever to know your users’ environment and the applications the users are using. When deploying Horizon View into your environment and taking advantage of the new hosted application functionality you need to ask yourself the following questions:

  • How many applications will be installed on each RDS host?
  • What is the hardware configuration of the RDS host?
  • How many RDS farms will be required?
  • How many PCoIP sessions will each user require?

For larger environments, the question might be: Will one or more View deployments be required? As the environments get larger, it might be a better design to have one View deployment for desktop connections and a separate deployment for hosted applications. In this scenario, VMware Workspace can become that central location for users to access all of their desktops and applications. With VMware Workspace 2.0, it is now possible to configure more that one View environment, giving you the option of multiple View environments that are all accessible from the one Workspace front end.


Dale is a Senior Solutions Architect and member of the CTO Ambassadors. Dale focuses in the End User Compute space, where Dale has become a subject matter expert in a number of the VMware products. Dale has more than 20 years experience working in IT having started his career in Northern England before moving the Spain and finally the USA. Dale currently hold a number of certifications including VCP-DV, VCP-DT, VCAP-DTD and VCAP-DTA.

For updates you can follow Dale on twitter @vDelboy

Architecture Overview: Microsoft Lync with VMware Horizon View

By Ray Heffer, VCDX #122, VMware EUC Architect

Ray HefferSince VMware Horizon View 5.2, there has been support for Microsoft Lync 2013. In fact when I say ‘support’, I mean that both Microsoft and VMware have developed the architecture that provides a great user experience. Prior to Horizon View 5.2, only VOIP phones were supported and there were bandwidth constraints that made this unviable and resulted in a poor experience for end users.

For detailed information, see the VMware whitepaper on Horizon View 5.2 and Lync 2013, and take note of KB articles 2064266 and 2045726. In addition, Microsoft has a Lync 2013 technical resource page which covers the Lync 2013 VDI Plugin. If you’re new to Lync 2013 or VMware Horizon View, this post will provide you with an architecture overview of how Lync 2013 integrates with virtual desktops running with Horizon View 5.3.

Architecture
In the architecture diagram that I’ve sketched here (below), you can see two users (Bill and Ted) using a webcam and headset with microphone to talk to each other using Lync 2013. The user at the bottom is using a virtual desktop being accessed from a Windows client (PC or thin-client), which will be running one of the following: Windows Embedded Standard 7 with SP1, Windows 7 with SP1, or Windows 8 (Tech Preview). Microsoft hasn’t yet released a VDI Plugin for Linux or zero-client manufacturers.
Lync and Horizon Architecture

The virtual desktop (shown on the right) that Bill is using contains the Horizon View agent (which you’d expect) and the Lync 2013 client. When Bill launches the Lync 2013 client on his virtual desktop, it detects the Lync VDI plugin on his physical client machine and establishes a pairing over RDP or a PCoIP (virtual channel). RDP will work, but PCoIP is the recommended approach. At this stage you are required to enter the password again, but this can be saved to prevent it prompting every time.

Any instant messaging is still sent between the Lync 2013 client on the virtual desktop and the Lync 2013 server, but when Bill establishes a video call with Ted, who is also using the Lync 2013 client, the audio/video is sent directly from Bill’s client device to Ted and NOT from the virtual desktop. The benefit of this is that the audio and video won’t be sent over PCoIP, consuming valuable bandwidth, and the user experience will be much better (or at least as good) as using the native client. Remember that the Lync 2013 client itself is still communicating with the Lync 2013 server, but a large proportion of the bandwidth required for audio/video is no longer being passed back over PCoIP.

Troubleshooting
If you have Microsoft Lync 2013 Server in place then implementation is relatively simple, but there are some things that can get overlooked.

Here is a list of common troubleshooting tips:

  • Do NOT install the Lync 2013 client on the Windows client machine. The Lync 2013 VDI plugin will not work alongside the Lync 2013 client.
  • Make sure you are not using USB redirection for your webcam or microphone devices.
  • Make sure the Horizon View agent contains both PCoIP Server and Virtual Printing as a minimum to support Lync 2013.
  • Windows 7 SP1 must be installed.
  • You need to import the Lync 2013 Server certificate to your Windows client. This should be placed in the Trusted Root Certificate Authorities store.
  • The Windows client will need the ConfigurationMode, ServerAddressInternal, and ServerAddressExternal registry entries (see VMware documentation).
  • Make sure the bit level of the Lync 2013 client is the same level as the desktop OS (32 or 64 bit).

I’d love to hear your thoughts on Microsoft Lync 2013 and/or your experiences using it with Horizon View so feel free to comment below!


Ray Heffer, (VCDX #122), VMware EUC Architect, joined the IT industry in 1997 working with Unix and focusing on Microsoft server and Cisco networking infrastructure. While working for an ISP in 2005, Ray discovered VMware ESX 2.5 (and GSX!) and started migrating hosted workloads and discovering the joys of storage optimization, virtual networking and security. Achieving his first VCP in 2007, Ray has since specialized in VMware virtualization and has collected both VCP and VCAP certifications in data center (DCV) and desktop (DT) along the way. In addition, Ray holds ITIL v3, and MCSE certifications and today he works for VMware as an End-User Computing Architect in the Technical Enablement team. This post originally appeared on Ray’s blog. Follow Ray on Twitter @rayheffer.

What Did You Miss? Best Blog Posts for 2013

When you consider the constant flow of information we are submerged in on a daily basis, it’s no surprise that great insights occasionally escape our notice. As we reflect this week on the  last year, we thought we’d share a few of our most read and most shared posts from 2013—just in case you missed one. We hope they’ll help you step into 2014 with confidence, knowing you have these helpful tips in your back pocket (and that you can check back any time for new ones). Enjoy!


Four Commonly Missed and Easy to Implement Best Practices (Horizon View)
– By Nathan Smith, VMware EUC Consultant

It All Starts Here: Internal implementation of Horizon Workspace at VMware
– By Jim Zhang, VMWare Professional Services Consultant

4 Ways To Overcome Resistance to the Cloud
– By Brett Parlier, Solutions Architect, VMware Professional Services

Quickly Calculate Bandwidth Requirements with New vSphere ‘fling’
– By Sunny Dua, Senior Technology Consultant at VMware

Don’t Miss VMworld’s Hands-On Labs: Now More Mobile & Flexible

For many of the 21,000 attendees expected at VMworld 2013 San Francisco, a main draw will be the Hands-On Labs (HOLs), which have grown from 120 users in 2004 to 45,000 square feet of space and 2.5 days worth of content this year.

HOLs allow participants to try out VMware products on provided computers or—starting last year—their own device, powered by hotspots around the convention center. This means users don’t have to change licenses or buy equipment, and product experts are available to provide immediate guidance. You’ll recognize many of the HOL experts and speakers as the same Professional Services Consultants who share their expertise on this blog.

Every time a lab is run, the environment is reset to a fresh state for the next participant. This is made possible by the very tools VMware lets participants test: Each workstation has a VMware Horizon View virtualized desktop running Lab Manager software, powered by VMware hybrid cloud technology. The vSphere virtualized infrastructure integrates onsite and offsite data centers (in San Francisco, Ashburn, and Miami) to enable 4,000 virtual machines to be deployed and un-deployed every hour.

Brand new this year are the Lightning Labs of 15 or 30 minutes, providing a shorter alternative to the usual 60-minute sessions—for attendees dedicated to optimizing every minute of their schedule.

This year VMworld will also serve as a testing ground for the public beta of VMware Hands-On Lab Portal, built on the Project Nee (Next-generation Education Environment) Application, which launched in November to much excitement.

Don’t forget to register for the 2013 HOLs—and VMworld if you haven’t! You can even self-register for HOLs for the first time. More details on HOLs and this year’s topics here.

How Virtualizing Your Desktops Can Help You Protect Sensitive Data

By Jeremy Wheeler, VMWare Professional Services Consultant

As Ted and Mason mentioned in their video post last week, today’s IT staff faces many challenges involving security, cost, risk, and governance. I’d like to address one particular challenge associated with those: how to manage data.

Let’s consider a heavily regulated industry like health care. In a typical healthcare setting, if disaster strikes, hospitals risk losing extremely sensitive patient data, either virtual or physical. In addition to implementing disaster recovery processes and large backup tapes, IT techs always have to ensure patient data doesn’t fall into the wrong hands.

This is further complicated by today’s trend toward workers using various devices, such as mobile phones and tablets, to perform daily job functions, instead of a doing everything on a single device. Employees need to be able to use the mobile device of their choice, while still being able to securely access their work applications and documents.

VMware knows IT has plenty of things to worry about besides physical end-point devices, so they provides tools to centralize data in the data center. When virtualized desktops are managed from the data center, rather than at the endpoints, IT departments can deliver consistent desktop performance, achieve the agility they desire, and reduce costs at the same time—all because of single-image-management linked-clone technology.

For on-the-move users like healthcare professionals, VMware has solutions such as “follow-me desktop,” which provides physicians with rapid access to their workspace on kiosks across the hospital. Providing users with a single point of entry to their applications and documents is not only more convenient for the user, it’s also easier for IT to manage.

With VMware’s AlwaysOn Point of Care architecture, VMware View pools balance between multiple sites, providing continuous uptime even in the event of a major disaster to a datacenter. This works with a combination of load balancers, such as F5 and provisioning half the resources per pool.

When deploying VMware AlwaysOn Point of Care, companies typically run into challenges with the dynamics required to deploy the solution, especially around communities versus use cases. For instance, check out the chart below, which illustrates three user communities in the hospital setting:

 

For a successful VDI deployment, it is critical to define two categories: communities and use cases. Communities are defined from a high level, followed by use cases. When determining use cases, it’s best to categorize the use cases as power users, knowledge workers, task workers, and kiosk users similar to what  my co-worker, TJ Vatsa, outlined in his blog.Once the communities and use cases have been identified, the next step is to size the VDI environment based on use cases. In clinical use cases, nursing units may need access to applications that doctors won’t need, or vice-versa. Every application uses guest-level resources that, in turn, eventually use host resources. One way to offload these resources is using VMware’s ThinApp technology. Resources involved with deploying a VDI environment consist of compute, networking, storage, and security.

Parent images, sometimes called “Gold Images,” are typically created per use case. If the ER nurses don’t need specific applications installed on their virtual desktop, but physicians do, IT can use two different images.

Application streaming, assisted by VMware’s ThinApp technology, is a great way to save resources from a storage and performance perspective. Administrators can update single applications across an entire infrastructure with no impact to the end-user. A key element I found when deploying Horizon View and ThinApp are “Health-Checks.” Streaming anything across a wire, you’ll need to know how much bandwidth it’s utilizing.

Recently, I did some work for a large hospital and they decided they wanted all their applications streamed. After further investigation, I discovered there was no assessment of the network before making this decision. ThinApp streaming is a great technology, but some key items need to be considered before making the decision to stream. To start with, I typically utilize Wireshark and watch packets while launching an application. The first launch packet size will determine the initial VMware ThinApp cache size. The second launch packet size is the pre-cached ThinApp package size. Once these packet sizes are established, multiply the size by the user-count to determine the needed bandwidth.

Please reference this article for further information on breakdown of use-cases: http://pubs.vmware.com/view-51/index.jsp?topic=%2Fcom.vmware.view.planning.doc%2FGUID-DA16011C-6128-44FC-97DF-0E4FB66A0309.html

For an example of a healthcare case study using VMware technology, view Michael Hubbard’s video blog.

Sizing environments for these types of solutions can be very tricky and proper planning is critical. When implementing a project plan for VDI, it’s necessary to consider disaster recovery within a cluster and between multiple sites. With VMware Horizon View and ThinApp, any origination will have the option to provide continuous uptime. This makes VMware Professional Services for End-User Computing ideal for professional project planning.


Jeremy Wheeler has extensive experience with Vmware products and solutions. He has been in the IT field for 19 years and focuses around Vmware View and AlwaysOn Healthcare.

 

Four Commonly Missed and Easy to Implement Best Practices

By Nathan Smith, VMware EUC Consultant

I want to highlight a few of the best practices in a View deployment that are often overlooked but easily corrected.  My highlights are based on our practice’s collective experience with one  of the services offered by EUC Professional Services, the Desktop Virtualization Health Check. These are normally undertaken after the environment has been up and running for a while or ahead of a significant expansion. Amongst other things the Health Check includes a comparison of both vSphere and View best practices to your current environment. In total we check over 150 best practices. Some are straightforward and hopefully done already – for example, using separate vSphere environments for the Desktops and Infrastructure components. Some are a little more esoteric, like reviewing the congestion threshold for SIOC.

1. Configure a vCenter user and role with appropriate permissions.  It is often tempting when going through a deployment to use an account that you know isn’t going to run in to permissions issues. This frequently ends up being a full vCenter Administrator. While this approach will work, it is not recommended to provide more permissions than are necessary. Correcting this is straightforward. Setup a new vCenter Role with the privileges defined in the View Administrators Guide (be sure to add the Composer and Local Mode privileges if you are using those features) and assign permissions at the vCenter level for a new user using this role. In View Administrator modify the account used to connect to vCenter under View Configuration->Servers-> vCenter Servers->Edit.

2. The next two considerations both fall in to the same category, virtual hardware configuration. The first is the virtual network adapter type. This should be VMXNET3 for both Windows XP and 7. The second is to verify that the disk controller is an LSI Logic controller. This should be LSI Logic Parallel or SAS for Windows XP and LSI Logic SAS for Windows 7. Simon Long does a great job of summarizing the reasoning here.

3. Appropriately size the Connection Server and JVM heap. The recommendation for RAM on Connection Servers supporting over 50 desktops is 10GB on a Windows Server 2008 R2 and 6GB on a Windows 2003 Server. If you are increasing memory on a 2008 R2 installation you will need to reinstall Connection Server to reset the JVM heap size. On a 2003 server you can follow this section from the Administrators guide. Also consider whether you have increased memory in the past, for example, when moving from pilot to production. Note that as of View 5.1, Windows 2003 is no longer a supported operating system for Connection Servers.

4. The last area I want to highlight is OS Optimization. There are two technical papers available, one for Windows XP and one for Windows 7, that take you step by step through the best practices for optimizing the OS. These perhaps don’t fall in to the easy to implement category as they are a little more time consuming but really essential to a successful deployment.

Good luck with your deployment and don’t hesitate to contact your EUC Professional Services lead with questions.

Nathan Smith joined VMware in 2012, bringing with him over 15 years of IT experience. He works in the EUC Professional Services practice, focusing on VMware View deployments.