Home > Blogs > VMware Consulting Blog > Tag Archives: ThinApp

Tag Archives: ThinApp

VMware User Environment Manager 9.0 – What’s New

Dale CarterBy Dale Carter

Earlier this month VMware released a new version of User Environment Manager that brings some new and exciting features, not only to User Environment Manager, but also to the Horizon Suite. To learn about the new features in Horizon 7 you can see my blog here.

Here, I would like to highlight the new main features of VMware User Environment Manager 9.0

Smart Policies

The new Smart Policies offer more granular control of what users can do when they connect to their virtual desktop or applications. With the first release of Smart Policies you will be able to manage these capabilities based on the following conditions:

  • Horizon Conditions
    • View Client Info (IP and name)
    • Endpoint location (Internal/External)
    • Tags
    • Desktop Pool name
  • Horizon Capabilities
    • Clipboard
    • Client drive
    • USB
    • Printing
    • PCoIP bandwidth profiles

For more information on these capabilities, see my more detailed blog here.

It should be noted that to use Smart Policies you will need Horizon 7 View and User Environment Manager 9. You will also need the latest View Agent and Clients installed to take advantage of these new features. Also note that these policies only work with the PCoIP and BLAST Extreme protocols, and not RDP.

Application Authorization (Application Blocking)

This feature gives administrators the ability to white- or black-list applications or folders. In the example below you can see that some applications are allowed and some will be blocked.

Application Blocking

Using this feature with User Environment Managers Conditions will not only give administrators great control over what applications users can use, but also how they can be used. An example would be if a user is on the internal network they have access to company-specific applications; however, if they accessed their desktops from an external network then these applications would not be available.

With a simple check of a box, administrators have a very simple model for enforcing applications that the users are authorized to use, and using conditions in this way could be result in a different set of applications depending on where the user connects from.

Enable Application Blocking

ThinApp Support

When clicking on the DirectFlex tab of an application you will now see the new check box to Enable ThinApp Support for that application.

Enable ThinApp Support

When this is selected you will be able to manage what happens within the ThinApp “bubble” from within User Environment Manager, rather than doing this by setting specific values during the ThinApp capture process, or afterward via a script. This integration generalizes the approach that packagers can take when choosing isolation or encapsulation. It allows them to not have to force the knowledge of each and every configuration during the capture process by setting isolation modes or creating separate packages for different application configurations.

You should also note that you do not need to configure a separate application within User Environment Manager to take advantage of this. If the box is checked the flex agent will notice if the application is natively installed or accessible via ThinApp, and automatically apply the correct settings.

Manage Personal Data

User Environment Manager now has the ability to easily manage personal data. This would include things like My Documents, My Music, My Pictures, etc.

The example below shows how easy this is to configure.

Personal Data Folder Redirection

Office 2016 Support

User Environment Manager 9.0 now supports Office 2016. As you can see from the example below this also includes Skype for Business and OneDrive. Just like with earlier versions these can all be added with the Easy Start button.

File Structure

New User Environment Manager Conditions

As part of the new deep integration with Horizon 7, User Environment Manager has added a number of new conditions that can be pulled from Horizon 7. These include Pool-Name, Tags, and client location – such as internal or external.

Horizon Client Property


Dale is a Senior Solutions Architect and member of the CTO Ambassadors. Dale focuses in the End User Compute space, where Dale has become a subject matter expert in a number of the VMware products. Dale has more than 20 years experience working in IT having started his career in Northern England before moving the Spain and finally the USA. Dale currently hold a number of certifications including VCP-DV, VCP-DT, VCAP-DTD and VCAP-DTA.

For updates you can follow Dale on twitter @vDelboy

It All Starts Here: Internal Implementation of Horizon Workspace at VMware

By Jim Zhang, VMWare Professional Services Consultant

VMware has had a dogfood tradition since previous CEO Paul Maritz’ instilled the practice of having VMware IT deploy VMware products for production use internally. As a VMware employee personally, I can understand some criticism to this practice, but I definitely believe it serves to build and deliver a solid and quality product to the market.

Prior to the release of VMware’s Horizon Suite, VMware IT provided Horizon Workspace to its employees in the production environment. It’s very exciting! Right now, I can use my iPhone and iPad to access my company files without being tied to my desk. Also, it is very easy to share a folder and files with other colleagues, expanding our ability to collaborate and also track various file versions. Additionally, with Workspace, I can access internal applications without further authentication after I login to the Horizon portal. Even my entitlement virtual desktops are still there!

While Mason and Ted discuss the IT challenges with mobility computing in this blog, we at VMware understand these challenges because ‘we eat our own dogfood’.  In this blog I’d like to share some of the key sizing concepts of each of the Horizon components and reference which sizes VMware IT utilized to deploy the Horizon Workspace for its 13,000+ employees.

Horizon Workspace is a vApp that generally has 5 Virtual Machines (VM) by default:

Lets go through each VM and see how to size it in each case:

1.  Configurator VA (virtual appliance): This is the first virtual appliance to be deployed. It is used to configure the vApp from a single point and deploy and configure the rest of the vApp. The Configurator VA is also used to add or remove other Horizon Workspace virtual appliances. There can only be one Configurator VA per vApp.

  • 1x Configurator VA is used. 2vCPU, 2G Memory

2.  Connector VA:  Enterprise deployments require more than one Connector VA to support different authentication methods, such as RSA SecureID and Kerberos SSO. To provide high availability when deploying more than one Connector VA, you must front-end the Connector VAs with a load balancer. Each Connector VA can support up to 30,000 users. Specific use cases, such as Kerberos, ThinApp integration, and View integration, require the Connector VA to be joined to the Windows domain.

  • 6x Connector VA is used. 2 vCPU, 4G Memory

3.  Gateway VA: The Gateway VA is the single namespace for all Horizon Workspace interaction. For high availability, place multiple Gateway VAs behind a load balancer. Horizon Workspace requires one Gateway VA for every two Data VAs, or one Gateway VA for every 2,000 users.

  • 4x Gateway VA is used: 2 vCPU, 8G Memory

4.  Management VA: aka Service VA. Enterprise deployments require two or more Service VAs. Each service VA can handle up to 100,000 users.

  • 2x Service VA is used: 2vCPU, 6G Memory (1 for HA)

5.  Data VM: Each Data VA can support up to 1,000 users. At least three Data VAs are required. The first Data VA is a master data node, the others are user data nodes. Each user data node requires its own dedicated volume. In proof of concept or small-scale pilot scenarios, you can use a Virtual Machine Disk (VMDK). For production, you must use NFS.

  • 11x Data VA is used: 6 vCPU, 32G Memory

6.  Database: Workspace only supports Postgres. For enterprise deployment best practice is to use an external Postgres database.

  • 2x Postgres Server is used: 4 vCPU, 4G Memory (1 for replication)

7.  MS Office Preview Server: Windows 7 Enterprise or Windows 2008 R2 Standard required; MS Office 2010 Professional, 64-bit required;Admin account w/ permissions to create local accounts; Disable UAC; Real-time conversion of documents

  • 3x MS Office Preview Server: 4vCPU, 4G Memory

 

If you want to learn more about the real deployment experience and best practices for deploying the Horzion Suite, please contact your local VMware Professional Services team. They have the breadth of experience and technical ability to help you achieve your project goals: from planning and design to implementation and maintenance. Also, be on the look out for upcoming Horizon reference guides being released from VMware soon. Good luck!

Jim Zhang joined VMware in November 2007 as a quality engineering manager for VMware View.  In 2011, he moved to Professional Services as consultant and solution architect.  Jim has extensive experience in desktop virtualization and workspace solution design and delivery.

How Virtualizing Your Desktops Can Help You Protect Sensitive Data

By Jeremy Wheeler, VMWare Professional Services Consultant

As Ted and Mason mentioned in their video post last week, today’s IT staff faces many challenges involving security, cost, risk, and governance. I’d like to address one particular challenge associated with those: how to manage data.

Let’s consider a heavily regulated industry like health care. In a typical healthcare setting, if disaster strikes, hospitals risk losing extremely sensitive patient data, either virtual or physical. In addition to implementing disaster recovery processes and large backup tapes, IT techs always have to ensure patient data doesn’t fall into the wrong hands.

This is further complicated by today’s trend toward workers using various devices, such as mobile phones and tablets, to perform daily job functions, instead of a doing everything on a single device. Employees need to be able to use the mobile device of their choice, while still being able to securely access their work applications and documents.

VMware knows IT has plenty of things to worry about besides physical end-point devices, so they provides tools to centralize data in the data center. When virtualized desktops are managed from the data center, rather than at the endpoints, IT departments can deliver consistent desktop performance, achieve the agility they desire, and reduce costs at the same time—all because of single-image-management linked-clone technology.

For on-the-move users like healthcare professionals, VMware has solutions such as “follow-me desktop,” which provides physicians with rapid access to their workspace on kiosks across the hospital. Providing users with a single point of entry to their applications and documents is not only more convenient for the user, it’s also easier for IT to manage.

With VMware’s AlwaysOn Point of Care architecture, VMware View pools balance between multiple sites, providing continuous uptime even in the event of a major disaster to a datacenter. This works with a combination of load balancers, such as F5 and provisioning half the resources per pool.

When deploying VMware AlwaysOn Point of Care, companies typically run into challenges with the dynamics required to deploy the solution, especially around communities versus use cases. For instance, check out the chart below, which illustrates three user communities in the hospital setting:

 

For a successful VDI deployment, it is critical to define two categories: communities and use cases. Communities are defined from a high level, followed by use cases. When determining use cases, it’s best to categorize the use cases as power users, knowledge workers, task workers, and kiosk users similar to what  my co-worker, TJ Vatsa, outlined in his blog.Once the communities and use cases have been identified, the next step is to size the VDI environment based on use cases. In clinical use cases, nursing units may need access to applications that doctors won’t need, or vice-versa. Every application uses guest-level resources that, in turn, eventually use host resources. One way to offload these resources is using VMware’s ThinApp technology. Resources involved with deploying a VDI environment consist of compute, networking, storage, and security.

Parent images, sometimes called “Gold Images,” are typically created per use case. If the ER nurses don’t need specific applications installed on their virtual desktop, but physicians do, IT can use two different images.

Application streaming, assisted by VMware’s ThinApp technology, is a great way to save resources from a storage and performance perspective. Administrators can update single applications across an entire infrastructure with no impact to the end-user. A key element I found when deploying Horizon View and ThinApp are “Health-Checks.” Streaming anything across a wire, you’ll need to know how much bandwidth it’s utilizing.

Recently, I did some work for a large hospital and they decided they wanted all their applications streamed. After further investigation, I discovered there was no assessment of the network before making this decision. ThinApp streaming is a great technology, but some key items need to be considered before making the decision to stream. To start with, I typically utilize Wireshark and watch packets while launching an application. The first launch packet size will determine the initial VMware ThinApp cache size. The second launch packet size is the pre-cached ThinApp package size. Once these packet sizes are established, multiply the size by the user-count to determine the needed bandwidth.

Please reference this article for further information on breakdown of use-cases: http://pubs.vmware.com/view-51/index.jsp?topic=%2Fcom.vmware.view.planning.doc%2FGUID-DA16011C-6128-44FC-97DF-0E4FB66A0309.html

For an example of a healthcare case study using VMware technology, view Michael Hubbard’s video blog.

Sizing environments for these types of solutions can be very tricky and proper planning is critical. When implementing a project plan for VDI, it’s necessary to consider disaster recovery within a cluster and between multiple sites. With VMware Horizon View and ThinApp, any origination will have the option to provide continuous uptime. This makes VMware Professional Services for End-User Computing ideal for professional project planning.


Jeremy Wheeler has extensive experience with Vmware products and solutions. He has been in the IT field for 19 years and focuses around Vmware View and AlwaysOn Healthcare.