Home > Blogs > VMware Consulting Blog > Tag Archives: Ray Heffer

Tag Archives: Ray Heffer

VMware Horizon 6 (View) Firewall and Network Ports Visualized

Ray Heffer
By Ray Heffer, VCDX#122, VMware EUC Architect

Back in April 2012, I posted on my blog my original Horizon View network firewall ports diagram. Over the past two years, it’s been used widely both internally at VMware and in the community. Since Horizon 6 just recently released, I thought I’d create a brand new full size diagram to include Cloud Pod Architecture. This updated diagram contains a better layout and a new color theme to boot!  This image is 3767 x 2355 pixels, so simply click it to enlarge then ‘Save Image’ to get the full size HD version.

You’ll notice the addition of VIPA (View inter-pod API) and ADLDS port 22389 which are both used for Cloud Pod Architecture. Bear in mind that between your View Pods, you will still require the usual Active Directory ports.

Horizon 6 Firewall Diagram

Key Firewall Considerations for VMware Horizon 6

  • TCP 8472: View interpod API (Cloud Pod Architecture) – NEW
  • TCP 22389: Global ADLDS (Cloud Pod Architecture) – NEW
  • HTTPS (443): Horizon Client access, authentication and RDP tunnel (HTTPS Secure Gateway)
  • HTTPS (8443): Used by HTML Access (Blast)
  • HTTPS (22443): HTML Access (Blast) to Virtual Desktops
  • TCP 9427: Used by Windows multimedia redirection (MMR)
  • TCP 32111: USB Redirection
  • ESP (Protocol 50) used for Security Server and Connection Server IPSEC communication (requires Windows firewall with Advanced Security to be enabled)
  • UDP 500: IPsec negotiation for Security Server and Connection Server communication and pairing.

For a full list of network ports please refer to the latest Horizon 6 documentation: https://www.vmware.com/support/pubs/view_pubs.html


Ray Heffer is an EUC Architect working at VMware and a double VCDX with both VCDX-DCV (Data Center) and VCDX-DT (Desktop). Previously part of the VMware Professional Services team as a Senior Consultant, Ray now works for the Desktop Technical Product Marketing BU at VMware. Ray joined the IT industry in 1997 as a Unix admin, before focusing on end user computing with Citrix MetaFrame and Terminal Services in the early days. In 2004 Ray joined an ISP providing managed hosting and Linux web applications, but soon discovered VMware ESX 2.5 (and GSX!) and passed his first VCP in 2007. Ray has many years of complex infrastructure design and delivery including the integration of VCE Vblock for both EUC and Cloud, and two highly successful 10,000+ user VMware Horizon View design and implementation engagements. This post originally appeared on Ray’s blog. Follow Ray on Twitter @rayheffer.

Practical Tools from VMware Consultants: Mobility Policy, Horizon + Lync Architecture, and vCOps Dashboard

Our goal on the VMware Consulting blog is to share best practices that have delivered results for our customers, in hopes that they will help others be successful with VMware offerings.  Once in a while we like to highlight past posts that our readers have found particularly valuable. Last month, we published three such pieces — with great, practical advice to help you in your daily work. Just in case you missed them, we hope you find them useful. And if you’re already putting them to use, be sure to leave comments for our consulting authors. Feedback helps us bring you more of what you want to read!

How to Set Up a BYOD/Mobility Policy
By TJ Vatsa, Principal Architect, VMware Americas Professional Services Organization

Architecture Overview: Microsoft Lync with VMware Horizon View
By Ray Heffer, VCDX #122, VMware EUC Architect

Create a vCOps One-Click Cluster Capacity Dashboard, Part 2
By Sunny Dua, Senior Technology Consultant, VMware


Architecture Overview: Microsoft Lync with VMware Horizon View

By Ray Heffer, VCDX #122, VMware EUC Architect

Ray HefferSince VMware Horizon View 5.2, there has been support for Microsoft Lync 2013. In fact when I say ‘support’, I mean that both Microsoft and VMware have developed the architecture that provides a great user experience. Prior to Horizon View 5.2, only VOIP phones were supported and there were bandwidth constraints that made this unviable and resulted in a poor experience for end users.

For detailed information, see the VMware whitepaper on Horizon View 5.2 and Lync 2013, and take note of KB articles 2064266 and 2045726. In addition, Microsoft has a Lync 2013 technical resource page which covers the Lync 2013 VDI Plugin. If you’re new to Lync 2013 or VMware Horizon View, this post will provide you with an architecture overview of how Lync 2013 integrates with virtual desktops running with Horizon View 5.3.

Architecture
In the architecture diagram that I’ve sketched here (below), you can see two users (Bill and Ted) using a webcam and headset with microphone to talk to each other using Lync 2013. The user at the bottom is using a virtual desktop being accessed from a Windows client (PC or thin-client), which will be running one of the following: Windows Embedded Standard 7 with SP1, Windows 7 with SP1, or Windows 8 (Tech Preview). Microsoft hasn’t yet released a VDI Plugin for Linux or zero-client manufacturers.
Lync and Horizon Architecture

The virtual desktop (shown on the right) that Bill is using contains the Horizon View agent (which you’d expect) and the Lync 2013 client. When Bill launches the Lync 2013 client on his virtual desktop, it detects the Lync VDI plugin on his physical client machine and establishes a pairing over RDP or a PCoIP (virtual channel). RDP will work, but PCoIP is the recommended approach. At this stage you are required to enter the password again, but this can be saved to prevent it prompting every time.

Any instant messaging is still sent between the Lync 2013 client on the virtual desktop and the Lync 2013 server, but when Bill establishes a video call with Ted, who is also using the Lync 2013 client, the audio/video is sent directly from Bill’s client device to Ted and NOT from the virtual desktop. The benefit of this is that the audio and video won’t be sent over PCoIP, consuming valuable bandwidth, and the user experience will be much better (or at least as good) as using the native client. Remember that the Lync 2013 client itself is still communicating with the Lync 2013 server, but a large proportion of the bandwidth required for audio/video is no longer being passed back over PCoIP.

Troubleshooting
If you have Microsoft Lync 2013 Server in place then implementation is relatively simple, but there are some things that can get overlooked.

Here is a list of common troubleshooting tips:

  • Do NOT install the Lync 2013 client on the Windows client machine. The Lync 2013 VDI plugin will not work alongside the Lync 2013 client.
  • Make sure you are not using USB redirection for your webcam or microphone devices.
  • Make sure the Horizon View agent contains both PCoIP Server and Virtual Printing as a minimum to support Lync 2013.
  • Windows 7 SP1 must be installed.
  • You need to import the Lync 2013 Server certificate to your Windows client. This should be placed in the Trusted Root Certificate Authorities store.
  • The Windows client will need the ConfigurationMode, ServerAddressInternal, and ServerAddressExternal registry entries (see VMware documentation).
  • Make sure the bit level of the Lync 2013 client is the same level as the desktop OS (32 or 64 bit).

I’d love to hear your thoughts on Microsoft Lync 2013 and/or your experiences using it with Horizon View so feel free to comment below!


Ray Heffer, (VCDX #122), VMware EUC Architect, joined the IT industry in 1997 working with Unix and focusing on Microsoft server and Cisco networking infrastructure. While working for an ISP in 2005, Ray discovered VMware ESX 2.5 (and GSX!) and started migrating hosted workloads and discovering the joys of storage optimization, virtual networking and security. Achieving his first VCP in 2007, Ray has since specialized in VMware virtualization and has collected both VCP and VCAP certifications in data center (DCV) and desktop (DT) along the way. In addition, Ray holds ITIL v3, and MCSE certifications and today he works for VMware as an End-User Computing Architect in the Technical Enablement team. This post originally appeared on Ray’s blog. Follow Ray on Twitter @rayheffer.