Home > Blogs > VMware Consulting Blog > Tag Archives: Michael Bradley

Tag Archives: Michael Bradley

3 Reasons VMware Horizon 7 Will Make You Smile

Michael BradleyBy Michael Bradley

The June 2014 release of VMware Horizon® 6 brought with it a long list of exciting new features. Cloud Pod Architecture (CPA), RDS hosted desktop and applications, and integration with VMware vSAN were just a few of the headlines that sent desktop administrators rushing to upgrade.

Although the new features marked huge advances in availability and scalability, they came with certain, shall we say, nuisances. These nuisances had a way of popping up at the most inopportune times, and although not showstoppers by any stretch of the imagination, could become very irritating very quickly. Now, I’m the kind of guy who is easily irritated by nuisances, so, seeing the list of features coming with Horizon 7 made me smile. With this upcoming release, VMware is introducing enhancements that fix three of the items on my personal list of nuisances in VMware Horizon 6. Let’s take a look.

Cloud Pod Architecture Home Sites

The introduction of Cloud Pod Architecture was a huge step forward in providing true high availability and scalability for a VMware Horizon 6 virtual desktop infrastructure. The ability to easily span pools across multiple data centers had been something that VMware customers had been requesting for some time. For the most part, Cloud Pod Architecture did exactly what it was designed to do. However, there was one small thing about it that really irritated me: home sites.

A home site is the affinity between a user and a Cloud Pod Architecture site. Home sites ensure that users always receive desktops from a particular data center, even when they are traveling. Home sites were a nice idea, and worked wonderfully, in most circumstances.

What I found to be irritating was the fact that if resources were unavailable in the user’s assigned home site, Cloud Pod Architecture would stop searching for available desktop/app sessions and deny access to the user, even if there were resources available in an alternate site.

HomeSites

The good news is that, with the release of VMware Horizon 7, this behavior has changed. When a user who is assigned a home site logs in to VMware Horizon, Cloud Pod Architecture will search for available resources in that user’s home site. However, if no available resources can be found, Horizon will search other eligible sites and, if found, assign an available desktop/app session to the user.

Certificate Single Sign-On

This problem is not uncommon to users logging into a VMware Horizon® View™ environment using RADIUS, RSA’s SecurID, or even VMware Identity Manager™. In each of these situations, it is possible that the users may not enter their active directory (AD) credentials, and, although VMware Horizon “trusts” that user, they may be forced to enter their AD credentials in order to access their Windows desktop. This is dependent on the 2 form factor authentication requirements and implementation.

This will change with the introduction of certificate SSO. In VMware Horizon 7, certificate SSO allows users to authenticate to a Windows desktop without requiring AD credentials or a smartcard. Authentication is based on a patented process whereby a short lived certificate is created specifically for the user allowing authentication to a singular Windows session, which then logs the user in. In all cases, the user will have previously been authenticated through another service using other “non AD mechanisms,” such as biometrics, SecurID, RADIUS, or VMware Identity Manager. The VMware Horizon 7 session is launched using security assertion markup language (SAML), and the SAML assertion will include a reference to the user’s UPN, which is then used to generate a custom certificate for the logon process.

Desktop Pool Deletion

It’s the stuff of nightmares. A VDI administrator working in the VMware Horizon administrator console accidently clicks “Delete” on the desktop pool that contains the desktops for every executive in the company. As the administrator watches each desktop delete, all he can do is update his resume and wait for the hammer to fall. If you’ve woken up in a cold sweat with this recurring nightmare, then you are in luck.

With the release of VMware Horizon 7, administrators can only delete desktop pools that are empty. If you try to delete a pool that contains desktops, a message will be displayed, instructing the administrator that the pool contains desktops. In order to delete a desktop pool, you must disable provisioning, and then delete all of the desktops from inventory first. This makes it virtually impossible to accidently delete a desktop pool, allowing desktop administrators everywhere to sleep a little easier.

DeletePool

So, VMware Horizon 7 doesn’t fix nuisances like traffic jams, global warming, or nuclear proliferation, but I’m excited to see its new features and enhancements, and I’m pleased to say that there are plenty more where they came from.


Michael Bradley, a VMware Senior Solutions Architect specializing in the EUC space, has worked in IT for almost 20 years. He is also a VCP5-DCV, VCAP4-DCD, VCP4-DT, VCP5-DT, and VCAP-DTD, as well as an Airwatch Enterprise Mobility Associate.

Application Delivery Strategy: A Key Piece in the VDI Design Puzzle

By Michael Bradley and Hans Bader

Let’s face it: applications are the bane of a desktop administrator’s existence. It seems there is always something that makes the installation and management of an application difficult and challenging. Whether it’s a long list of confusing and conflicting requirements or a series of software and hardware incompatibilities, management of applications is one of the more difficult aspects of an administrator’s job.

It’s not surprising that application delivery and management is one of the key areas that often gets overlooked when planning and deploying a virtual desktop infrastructure (VDI), such as VMware’s Horizon View 6. This often-overlooked aspect is a common pitfall hindering many VDI implementations. A great deal of work and effort goes into ensuring that desktop images are optimized, the correct corporate security settings are applied to the operating system, the underlying architecture is built to scale appropriately, and the guaranteed end-user performance is acceptable. These are all important goals that require attention, but the application delivery strategy is frequently missed, forgotten, or even ignored.

Before we go further, let’s take a moment to define application delivery. A long time ago in a cube farm far, far away, application delivery was all about getting the applications installed on the desktop. But with the emergence of new technologies the definition has evolved. Software application delivery is no longer solely about the installation; it has taken on a broader meaning. In today’s end-user environment, application delivery is more about providing the end-user with access to the applications they need. In today’s modern enterprise, end-user access can come in many different forms. Some of the most common examples are:

  • Installing applications directly on the virtual desktop, either manually or by using software such as Microsoft SCCM.
  • Application virtualization using VMware ThinApp or Microsoft’s App-V.
  • Delivering the applications to the desktop using technologies such as VMware App Volumes or Liquidware Labs’ FlexApp.
  • Application presentation using RDS Hosted Applications in VMware Horizon 6.

All these examples are application delivery mechanisms. Each one can solve a different application deployment problem, and each can be used alone or in conjunction with a complimentary one. For example, using App Volumes to delivery ThinApps.

An application delivery strategy should be an integral part of your VDI design; it is just as crucial as the physical infrastructure, like storage, networking, processing and the virtual infrastructure. It is perfectly alright to have a top-notch VDI, but if you can’t deliver new and existing applications to your end-users in a fast and efficient manner, you might be spinning your bits and bytes. Your end-users need applications delivered efficiently and quickly, or the VDI project becomes a bottleneck. The prime factor to remember about VDI is it forces you to change the way you operate. Features―such as VMware’s Linked Clone technology―can change the application delivery paradigm that many desktop administrators have grown accustomed to in a physical PC world. Let’s face it: how effective is it to push and install applications to linked clone desktops every time a desktop refreshes or recomposes?

To this end, if an application delivery strategy is so important, why is it often missed or ignored? There are three primary reasons for this:

  • First, it is simply forgotten, or the VDI designers simply don’t realize they need to consider it as part of the design.
  • Second, application delivery is often considered too big of a challenge, and no one wants to tackle it when they’re already facing tight deadlines on a VDI project.
  • Third, and probably most commonly heard in enterprise environments, is there is already a mechanism in place for application delivery for physical PCs, so it is assumed that what exists will suffice.

Once the need for an application delivery strategy is established, you need to determine what goes into one. First, you need to consider all tiers of your applications: tier one, tier two, tier-n. With that be sure to identify which are most common. Determine which applications need to be provided to all end-users versus which ones go to just a small subset. That will help determine what could be installed in the base image, as opposed to being delivered by some other mechanism. For instance, Microsoft Office may be an application that would be included in the base image for all users, but a limited use accounting package may only be required for the accounting team, and therefore delivered another way.

Next, consider the delivery mechanism for your virtual desktops. Are they all full virtual machine desktops – or linked clone desktops? Determining which type you are using will play a major part in what your application delivery strategy looks like. If you are using all full virtual machine desktops―which deserves serious consideration―then you could effectively continue to use the existing application delivery strategy you use for physical PCs. But using linked clones could cause your existing application delivery strategy to become a bottleneck.

Then, you need to consider what technology will work best for you and your applications. Will application virtualization such as ThinApp be a suitable mechanism? Or, perhaps using RDS Hosted Applications in Horizon 6 is a more viable option for application delivery. You may even find the best option is a combination of technologies. You should take time to evaluate the pros and cons of each option to ensure the needs of your end-users are met ‒ and with efficiency. One question you should ask is, “Do my end-users have the ability to install their own applications?” If the answer is “yes,” you need to ensure you either change corporate policy or select a technology that supports user-installed applications. Keep in mind that an application delivery strategy can vary for different types of users.

Finally, you should consider how to handle one-off situations. There will always be the one user, or a small group of users, who require a specialized application that falls outside the realm of your standard application delivery mechanisms. Determining how to address those instances are rare but inevitable, but as a desktop administrator, it will help you respond quickly to the needs of your end-users.

A good VDI implementation is only successful if the end-users can perform their assigned tasks. Nine times out of ten, that requires access to applications. Ensuring you have a strategy in place to ensure delivery of the right applications to the right end-users is vital to the success of any VDI implementation.


Michael Bradley

Michael Bradley, a VMware Senior Solutions Architect specializing in the EUC space, has worked in IT for almost 20 years. He is also a VCP5-DCV, VCAP4-DCD, VCP4-DT, VCP5-DT, and VCAP-DTD, as well as an Airwatch Enterprise Mobility Associate.

 

Hans Bader

Hans Bader Consulting Architect, VMware EUC. Hans has over 20 years of IT experience and joined VMware in 2009. With a focus on helping organizations being operationally ready, he works with customers to avoid common mistakes.  He is a strong advocate for proactive load testing of environment before allowing users access.  Hans has won numerous consulting awards within VMware.