Home > Blogs > VMware SMB Blog

Cloud Capable, Now What?

Part 1 – Defining Your Vision is the First Step to Creating a Cloud Operating Model



By Dion Shing

In a recent consulting project, I worked with a customer to help design their cloud operating model. The key focus was on designing an operating model that would support a specific purpose. It was not so clear, however, what that purpose was.

Defining a Purpose Before Developing a Cloud Operating Model

As we went through the workshops, it was clear the customer understood that:

  • Operational processes adapted for cloud computing should underpin the cloud operating model
  • Integration with enterprise service management processes would be necessary
  • Standardization and automation form key principles of cloud computing which can be achieved by integrating process, coordinating people and enabled through technology

What was still ambiguous to them was how they could define an appropriate cloud operating model and structure that would solve their specific business issues.

Our initial recommendation was to develop the cloud operating model in iterative stages, addressing the majority of the business cases, but not all of them.

The Incremental Approach

The first scenario they focused on aimed at building competencies toward Cloud Service Provider Level 3 maturity (VMware’s Cloud Maturity Model) in increments over a medium time horizon.

As we progressed with that scenario, another business case emerged in which the customer would provide cloud computing services to external customers in the same time horizon. This necessitated a change to the design of the cloud operating model and required Level 5 maturity, focusing on the processes in service and business control.

Due to the time frames, an organic growth strategy would take too long and not be sufficient.  This necessitated a different approach with respect to structure. Considerations for partnership and outsourcing were put forward, altering the design of the operating model with a heavier focus on developing processes for vendor management and service brokerage.

What this highlighted to me was how critical it is to understand the overarching enterprise goals and objectives as you set out to design and build a cloud operating model that will meet your organization’s needs.

The example I just laid out represents a process that was effective, but is it possible perhaps to make it efficient as well?

What’s Next in This Blog Series?

As I continue with this blog series I will:

  • Lay out an approach for establishing a cloud operations transformation strategy that is matched to the goals and objectives of the business
  • Examine why the IT department should play an equal role in establishing and shaping business strategies and business models to support the development of innovation and sustained competitive advantages
  • Explore how a cloud organization structure and operating model can be designed based on different enterprise strategies and how to manage the implementation of the change.

Dion Shing is an Operations Architect based in Dubai.

Follow VMware SMB on FacebookTwitterSpiceworks and Google+ for more blog posts, conversation with your peers, and additional insights on IT issues facing small to midmarket businesses.

AirWatch Training Class added to VMworld 2015 US Schedule

This is a cross post from the VMware EDU blog.

The schedule of training courses available the week before VMworld has expanded.

airwatch-300x150The new course is an exclusive, partner-only offering of an AirWatch Boot Camp for a discounted price of just $2,500. This course comprises the three AirWatch technical training modules and prepares you to take the three associated exams required for earning the Mobility Competency. The modules include VTSP Mobility, VMware AirWatch: Cloud Deployment and VMware AirWatch: On-Premise Deployment. You’ll gain the technical knowledge necessary to address mobility challenges across a variety of verticals. Learn how to effectively plan, lead, and execute next generation mobility projects using AirWatch tools. Master innovative techniques for large scale, advanced mobile deployments.

Gain the skills you need to become a recognized leader in deploying the AirWatch mobility management solution at this unique offering. Class size is very limited in this offering which is expected to be quite popular, so register early to secure your seat.

This course is in addition to the other classes scheduled for San Francisco before VMworld 2015 US:

  • VMware vSphere: Install, Configure, Manage [V6]
  • VMware NSX: Install, Configure, Manage [V6.0]
  • VMware vRealize Automation: Install, Configure, Manage [V6.2]
  • VMware vRealize Operations Manager: Install, Configure, Manage [V6.0]

Learn more about these classes and the other training discounts available for VMworld attendees.

Follow VMware SMB on FacebookTwitterSpiceworks and Google+ for more blog posts, conversation with your peers, and additional insights on IT issues facing small to midmarket businesses.

6 Processes You Should Automate to Provide IT-as-a-Service

This is a repost from the Cloud Ops Blog.

By Kai Holthaus


IT-as-a-Service (ITaaS) is one of the current paradigm shifts in managing IT organizations and service delivery. It represents an “always-on” approach to services, where IT services are available to customers and users almost instantly, allowing unprecedented flexibility on the business side with regards to using IT services to enable business processes.

This brave new world requires a higher degree of automation and orchestration than is common in today’s IT organizations. This blog post describes some of the new areas of automation IT managers need to think about.

1&2) Event Management and Incident Management

This is the area where automation and orchestration got their start – automated tools and workflow to monitor whether servers, networks, storage—even applications—are still available and performing the way they should be. An analysis should be performed to study whether events, when detected, could be handled in an automated fashion, ideally before the condition causes an actual incident.

If an incident already happened, incident models can be defined and automated, implementing self-healing techniques toresolve the incident. In this case, an incident record must be created and updated as part of executing the incident model. Also, it may be advisable to review the number of incident models executed within a given time period, to determine if a problem investigation should be started.

It is important to note that when a workflow makes these kinds of changes in an automatic fashion, at the very least the configuration management system must be updated per the organization’s policies.

3) Request Fulfillment

Automation and orchestration tools are removing the manual element from request fulfillment. Examples include:

  • Requests for new virtual machines, databases, additional storage space or other infrastructure
  • Requests for end-user devices and accessories
  • Requests for end-user software
  • Request for access to a virtual desktop image (VDI) or delivery of an application to a VDI

Fulfillment workflows can be automated to minimize human interaction. Such human interaction can often be reduced to the approval step, as required.

Again, it is important that the configuration management system gets updated per the organization’s policies since it is part of the workflows.

4&5) Change and Configuration Management

Technology today already allows the automation of IT processes that usually require change requests, as well as approvals, implementation plans, and change reviews. For instance, virtual machine hypervisors and management software such—such as vSphere—can automatically move virtual machines from one physical host to another in a way that is completely transparent to the user.

Besides automating change, the configuration management system should be automatically updated so that support personnel always have accurate information available when incidents need to be resolved.

6) Continuous Deployment

The examples provided so far for automating activities in an IT organization were operations-focused. However, automation should also be considered in other areas, such as DevOps.

Automation and orchestration tools can define, manage, and automate existing release processes, configuring workflow tasks and governance policies used to build, test, and deploy software at each stage of the delivery processes. The automation can also model existing gating rules between the different stages of the process. In addition, automation ensures the correct version of the software is being deployed in the correct environments. This includes integrating with existing code management systems, such as version control, testing, or bug tracking solutions, as well as change management and configuration management procedures.

In an ITaaS model, automation is no longer optional. To fulfill the promise of an always-on IT service provider—and remain the preferred service-provider of your customers—consider automating these and other processes.

Kai Holthaus is a delivery manager with VMware Operations Transformation Services and is based in Oregon.


Follow VMware SMB on FacebookTwitterSpiceworks and Google+ for more blog posts, conversation with your peers, and additional insights on IT issues facing small to midmarket businesses.

VMware vSphere 6 and HA with Virtual Machine Component Protection (VMCP)

Post by vExpert Vladan Seget

VMware vSphere 6 further enhanced VMware HA and related configurations, which help detect shared storage issues, and also introduced VM Component Protection (VMCP). It’s perhaps a lesser-known feature, but I’d say it’s good to have one. Today, we’ll focus on VMCP and show how it allows vSphere admins to sleep better and not worry about hardware problems.

Before jumping into the demo, I’d like to point out the situation in which this feature is leveraged and where to activate VMCP.

When VMCP is enabled, vSphere can detect data store accessibility failures, APD or PDL, and then recover affected virtual machines by restarting them on another host in the cluster that is not affected by the data store failure. VMCP allows the admin to determine the response that vSphere HA will make. It can be a simple alarm or the VM restart on another host. Let’s say the latter is what we’re looking for. HA can handle this for us…


A VM running on shared storage can be iSCSI, FC or FCoE and also file-based storage (NFS).


The host cannot communicate with a storage device via a storage network. It can be an iSCSI hardware failure or FC card failure on a particular host. The path to a data store is down from a particular host.

VM Component Protection (VMCP) detects APD and PDL conditions on connected storage, generates vCenter alarms, and automatically restarts impacted virtual machines on fully functional hosts, which can reach that storage. The actions that happen are configurable by the admin.

All paths down (APD) - vSphere will restart the VM after user-configured timeout only if there is enough capacity.

Action? Restart on a healthy host. Reset a VM if APD clears after APD timeout.

Permanent device lost (PDL) - vSphere assumes that the device won’t show up again and is “lost” due to hardware failure.

Action? Terminate VM immediately and restart on a healthy host.

Prior to vSphere 6.0, vSphere HA could not detect APD conditions and had limited ability to detect and
remediate PDL conditions.

Where to configure?

vSphere Client Select Hosts and clusters > Manage > vSphere HA > Edit > Protect against Storage Connectivity Loss.

You must configure it in two places

  1. Check the box “Protect against Storage Connectivity Loss”
  2. Expand the “Failure conditions and VM response”

Cluster Settings


The second condition allows you to specify what happens.

By default it does not restart the VM on another host so it’s important to do it.

There, you’ll see options that you need to configure:

  1. Response for Datastore with Permanent Device Lost (PDL)
  2. Response for Datastore with All Path down (APD) – with this one you have two choices: to be more conservative or more aggressive. Basically it means to wait a longer (or shorter) amount of time in case the problem is resolved. As I mentioned at the beginning of my post, APD can be resolved (can be temporary outage) but PDL can’t.
  3. Response for APD recovery after APD timeout – change it to “reset VMs” as by default it’s disabled.



If I simulate it in my environment, I can only do APD not PDL. So the third option on the picture above is necessary, because the time interval of 3 min will be respected and then the VM will be restarted on another host.

Let’s say I have a VM called 2003srv01 running on a shared data store called “drobo.” I simulate a problem with an iSCSI path to that data store.  I’ll enter wrong network details for the iSCSI initiator…



And then we get this error in the Event log telling us that the connectivity to our data store is lost, the path is down.

Cluster 4


After 3 min I can see the warning that VMCP has triggered an HA event, and when I check my VM, I can see that the VM has started on another host automatically.



Requirements for successful VM restarts:

If the Host Monitoring or VM Restart Priority settings are disabled, VMCP cannot perform virtual machine restarts.

The VMCP settings have to be changed from their default values because by default, the Response for APD recovery after APD is disabled.

You can check settings at the cluster level, but also via the VM’s properties at the VM level by selecting the VM through vSphere Web client.


Wrap Up:

VMCP further enhances vSphere HA in the latest release – vSphere 6. Those fine-grain options allow you to react on unpredictable APD and PDL signals when using shared storage within your environment, and give you significant insurance in case of connectivity problems to your shared storage. By being able to do the configuration at the cluster level, it allows easy change options for whole clusters.

Vladan Headshot


Vladan SEGET is as an Independent consultant, professional blogger, vExpert 2009 - 2014, VCAP5-DCA/DCD, VCP 4/5. Vladan’s blog, ESX Virtualization, started as a simple bookmarking site, but quickly found a large following of readers and subscribers.



Follow VMware SMB on FacebookTwitterSpiceworks and Google+ for more blog posts, conversation with your peers, and additional insights on IT issues facing small to midmarket businesses.


Horizon FLEX: Giving Users the Local Desktop They Need (Part 3 of 3)

This is a repost from the EUC Blog and Part 3 in a 3-part series. Visit Parts 1 and 2 for more information. 

By Andy Morris, Sr. Product Line Marketing Manager, Horizon FLEX, End-User Computing, VMware

It’s finally here, the day you’ve been waiting for, how to define a Horizon FLEX entitlement!

Hello, it’s Andy again. Today’s short video once again features a shiny me, but it’s thankfully very short: just over 90 seconds after you skip all the fancy bumpers we put at the front and back of it.

To recap, in part one I showed you how to build a Horizon FLEX compatible image. In part two, I showed you how to define acceptable use policy for groups of people. In today’s lesson, we’re going to take everything we’ve learned so far, sprinkle it with AD groups and build entitlements.

Entitlements are just the fancy way of saying that the people in accounting get access to a different image than the one you give the sales people, and those differing images can operate under different acceptable use polices.


The next section on the Horizon FLEX administrator’s console shows all the VM’s that are in use, what policies are being enforced, and even gives you the ability to tweak the settings for a specific user.


Bonus point! If you’re using VMware Mirage to manage your virtual images (and you really should) that information appears in the console too. Fantastic.

Next time, I think I might show you sometime I call my Russian Doll demo. It showcases why more people use VMware hypervisors than any other. It’s truly mind blowing.

Thanks and if you’d like to know more, or to download a free trial of Horizon FLEX, please click here.

Follow VMware SMB on FacebookTwitterSpiceworks and Google+ for more blog posts, conversation with your peers, and additional insights on IT issues facing small to midmarket businesses.

New Self Paced Courses on vSphere 6, VIO, and User Environment Manager

This is a repost from the EDU Blog.


Three new self-paced courses were released last month:

VMware vSphere: What's New [V5.5 to V6] On Demand -This On Demand course explores the newest features and enhancements in VMware vCenter Server™ 6 and VMware ESXi™ 6. Real-world use case deployment scenarios, hands-on lab exercises, and lecture material teach the skills you need to effectively implement and configure VMware vSphere® 6.

VMware Integrated OpenStack Fundamentals - VMware Integrated OpenStack (VIO) is a VMware supported OpenStack distribution that makes it easier for IT to run a production-grade OpenStack-based deployment on top of their existing VMware infrastructure. VIO enables IT admins to quickly and easily deploy and operate a production grade OpenStack cloud while giving developers the standard OpenStack APIs on a reliable platform. This eLearning course overviews the features, architecture, operations, troubleshooting, and management of VIO. This course introduces you to the OpenStack project and to the high level features of VIO. It also provides an insight into the architecture, deployment, and consumption of VIO, and demonstrates, at a high-level, how to operate, troubleshoot, and manage VIO.

VMware User Environment Manager: Fundamentals - This free eLearning course describes the key benefits of VMware User Environment Manager and how it can benefit your organization. You will get an overview of the installation and configuration process, as well as insight into the key elements of the user interface.


Follow VMware SMB on FacebookTwitterSpiceworks and Google+ for more blog posts, conversation with your peers, and additional insights on IT issues facing small to midmarket businesses.

5 Compelling Reasons to Upgrade to vSphere 6 Today

Post by vExpert Michael Webster

vSphere 6 is the latest and much anticipated flagship release from VMware and has been available since March 2015. It is the first time in a while that we’ve seen a new major release from VMware, and they’ve made a concerted effort to ensure that this release is as rock solid and stable as possible. This was evidenced by the 6-month extensive public beta in addition to extensive QA and holding the release back until it was ready. The release has updates in many areas across the full suite of products, including vCenter, ESXi Hypervisor and more. This article will focus on the aspects that are important  when running business critical applications, such as large databases, in memory analytics and online customer facing systems.

Reason #1: Quality of Service Improvements

When virtualizing business critical apps, it’s important to reduce risk and guarantee service levels. Virtualize but without compromise. This is why quality of service improvements is first in the top 5 list. VMware has once again enhanced the ability of the hypervisor to guarantee service levels to critical applications so they can rely on getting consistent and predictable performance on a host that may be running multiple workloads. The quality of service features are greatly improved across the board in Compute, Network and Storage. It is now possible to reserve IOPS and Bandwidth for particularly sensitive applications, and Virtual NUMA (vNUMA) has been enhanced to include the ability to hot add RAM more evenly. For environments that require Microsoft Failover Cluster, you can now vMotion VM’s to ensure non-disruptive hardware maintenance.

Reason #2: Improved Availability for Critical VM’s

Additional reliability enhancements have been made around HA with regards to Permanent Device Loss and All Paths Down scenarios. In the case of PDL or APD VM’s may be restarted on hosts that are not suffering from those problems. This could include hosts on another site in the case of a metro cluster environment. All of this adds up to the best platform with the lowest risk to run business critical applications. In addition to these enhancements, VMware Fault Tolerance (FT) has been enhanced to support 4 vCPU and to be able to run on top of metro cluster environments without the need for shared storage. This provides continuous availability for applications that may now have their own HA capabilities built in. With these new enhancements, it may be possible to achieve four nines right out of the box without any additional complex clustering software required. Additionally, the VMware Storage API’s for Data Protection can be used to back up FT VM’s – previously, an In-Guest Agent would have been required.

Reason #3: Better Performance On The Same Hardware

The ESXi VMKernel has been enhanced to improve performance, which means you get more performance on exactly the same hardware. More performance means you can consolidate more VM’s onto the same or less numbers of hosts, potentially pay less for applications licensing, save OPEX and delay future CAPEX investments. We’ve seen performance improvements in both increased throughput and significantly lower latency. This goes to boost your ROI and TCO, on the same hardware you’ve already invested in. Performance increases from 6% - 25% could be achieved depending on workload type and the underlying physical hardware components. Just by upgrading the hypervisor, the same VM’s will perform better for your users without any changes.

Reason #4: Scalability For The Most Demanding Workloads

Scalability for the entire platform has increased by at least 2x. While this might not impact most environments or workloads it means you can rely on VMware vSphere to successfully virtualize the most demanding applications. Hosts are capable of having up to 6TB of RAM as standard (12TB with certain platforms) and up to 480 logical CPU’s per host. Virtual machines with Virtual Hardware 11 are capable of having up to 128 vCPU’s and 4TB of RAM. Each vSphere cluster can now scale to 64 hosts and 8000 VM’s.

But it’s not just platform scale and VM scale that has been improved. The ability to scale applications on demand, including hot add for virtual disks for applications such as Oracle RAC, works seamlessly. Situations where hot add of resources previously didn’t work well have been fixed, such as when using the cores per socket setting. Scale up, scale out, non-disruptively, as your applications demand. Note: Storage Live Migration for Oracle RAC VM’s is not yet seamless, this still requires in guest work to migrate RAC Nodes from one storage system to another.

Reason #5: Virtual Machine Mobility

The new virtual machine mobility that I write about in my article “vSphere 6.0 Release Revolution for Mobile Cloud Era” is a big deal for business critical applications, especially when it comes to disaster avoidance and consumption of cloud services. The ability to live migrate any application from one place to another over great distances and across vCenters should not be downplayed. If a storm is coming, you could quite literally pick up your critical applications and live migrate them to a different datacenter, up to 100ms round trip away (think east coast to west coast of USA or Australia), all without having to worry about shared storage. There are some prerequisites, such as stretched networking, to make this happen, but this is now realistically possible. If you want to move your critical VM to a cloud service, you could also do this now live (provided you control the cloud service or it has dedicated resources part of the same SSO domain). VMware has literally liberated the virtual machines from a fixed location.

Final Word

Today would be a great time to start planning your upgrade so you can benefit from the Software Defined Datacenter and get more performance and availability from the same hardware. vSphere 6 is a very stable release that offers great benefits for all VMware customers. It is by far the leading platform for virtualizing business critical applications and that looks set to continue for some time.

The benefits of vSphere 6 can be even better realized through the deployment of vSphere with Operations Management which provides virtualization with consistent management.  The platform packages the powerful features of vSphere 6 along with the robust management features in vRealize Operations.

Virtualizing your critical applications on VMware vSphere 6 improves availability and reduces complexity compared to running physical, especially when you take into consideration providing consistent qualify of service, performance, and repeatable run book disaster recovery and disaster avoidance.  All of the VMware community and ecosystem are ready and willing to help you upgrade successfully. On some platforms the upgrade is as easy as a single non-disruptive click away. So, what are you waiting for?

Michael Webster HeadshotAuthor of longwhiteclouds.com, voted in the top 15 virtualization blogs in the world, co-author of Virtualizing SQL Server with VMware: Doing IT Right (VMware Press 2014). Senior Solutions and Performance Engineer for Nutanix, VMware Certified Design Expert (VCDX-066), vExpert. Specializing in solution architecture and performance engineering for Unix to VMware migrations, virtualizing business critical applications, disaster avoidance, mergers and acquisitions, public and private cloud. More than 20 years in the IT industry, more than 10 years experience deploying VMware solutions in environments around the globe. Michael dedicates himself to helping customers implement virtualization solutions and performance tune their most critical applications including large databases, SAP environments, large scale Java and high performance compute systems. He is regularly presenter at VMware VMworld, VMware vForums, VMware User Groups and other IT industry events.

Follow VMware SMB on FacebookTwitterSpiceworks and Google+ for more blog posts, conversation with your peers, and additional insights on IT issues facing small to midmarket businesses.

vSphere with Operations Management Product Walkthroughs

This is a repost from the Storage Blog.

If you’ve ever tried to watch a product demo video, or tried to use it to show a product to someone else, often times you find yourself trying to pause the video at the exact right moment, and then having scrub backwards or forwards because you missed the timing.  At VMware we’ve created an alternative way ot showing demos, which we call Product Walkthroughs.  These are web-based demos that let you walk through a scenario screen-by-screen, at your own pace.  Each screen has annotations to explain what’s going on and markups that highlight important parts of the screen, both of which can be turned off if you want a clean view.

Although we have created Product Walkthroughs for numerous products and solutions, the ones I want to focus on are forvSphere 6 and vSphere with Operations Management.  Both of these provide a great way to learn about these products and their features at your own pace, as well as to show how something works to your colleagues (or bosses).  The one on vSphere 6 highlights the features in this major new release, with sections on:

and more.

The vSphere with Operations Management product walkthrough provides an in-depth look at all the features of its two major components, vSphere and vRealize Operations, including

So, check them out and let us know what you think!

Follow VMware SMB on FacebookTwitterSpiceworks and Google+ for more blog posts, conversation with your peers, and additional insights on IT issues facing small to midmarket businesses.

Horizon FLEX: Powerful Policy Controls (Part 2 of 3)

This is a repost from the EUC Blog.

By Andy Morris, Sr. Product Line Marketing Manager, Horizon FLEX, End-User Computing, VMware

Hello again, Andy here.

Last time I showed you how to build a Horizon FLEX image for mass sharing. This time, I’m going to show you the simple steps needed to ensure that image is securely used.

You’ll be happy to note that there’s significantly less of my shiny red face in this video.

The video concentrates on server controlled dynamic policies. At the time of writing there’s over half a dozen of them, but a customer was quick to correct me when I shared the video, saying  ‘we enforce over 50 policies with FLEX ‘. He is right of course, there are lots of policy decisions you burn into the image at creation time.

The full list of FLEX polices is huge and varies depending upon the client hypervisor (in other words, your mileage may vary). Using a combination of fixed image and dynamic server policy an administrator can specify over 70 distinct control points.


  • Specify VM memory allocation
  • Specify number of processors assigned to VM
  • Specify number of cores per processor assigned to VM
  • Specify the type of virtualization engine used
    • Automatic, binary, VT-x, AMD-V, VT-x/EPT, AMD-V/RVI
  • Enable / disable acceleration for binary translation
  • Virtualize CPU performance counters
  • Specify process priorities
  • Disable memory page trimming


  • Map virtual disk to local volume
  • Add virtual hard disk
    • IDE, SCSI, SATA (independent, persistent, non-persistent)
    • New, existing, physical
  • Add virtual CD/DVD
    • ISO, physical (SATA, SCSI, IDE, legacy emulation)
  • Add floppy drive
    • Image, physical
  • Connect CD/DVD at power-on
  • Share local folders with VM
  • Map local folders as network drive
  • Share local folders as read only


  • Connect network at power-on
  • Create bridge directly to physical network
    • Initially set by admin, user can edit
  • Share host IP address
  • Create private network to host
  • Create custom virtual network
  • Attach to specific LAN segment
  • Custom throttle incoming network traffic
  • Emulate incoming pipe size
    • Modem (28.8Kbps, 56Kbps)
    • ISDN (64Kbps, 128Kbps)
    • Leased line (192Kbps, 1.544Mbps, 45Mbps)
    • Cable (4Mbps, 10Mbps, 100Mbps)
  • Enable VNC access


  • Turn USB support on or off
    • Except for keyboard and mouse
  • Specify USB supported level
    • 1.0, 2.0, 3.0
  • Automatically connect new USB devices
  • Add specific USB controller
  • Share Bluetooth devices with VM
  • Connect soundcard on power-on
  • Specify host sound card to use
  • Connect printer at power on
  • Auto-map host printers to VM
  • Add specific printer
  • Hardware accelerate 3D graphics
  • Use host settings for monitor
    • Initially set by admin, user can edit
  • Specify number of monitors to use
    • To a maximum of 10
  • Specify screen resolution
  • Use Retina Mode (mac only)
  • Specify graphics card memory allocated to VM
  • Use enhanced virtual keyboard
  • Share battery info with VM
  • Synchronize guest time with host
  • Specify hardware compatibility level
  • Add parallel port
    • Physical, file
  • Add serial port
    • Physical, file, pipe
  • Add generic SCSI device

User Experience           

  • Go full screen on power on
    • Initially set by admin, user can edit
  • Close application after powering off VM
  • Enable drag & drop between host and VM
  • Enable shared clipboard (cut & paste)
  • Show borders in Unity mode
  • Show badges in Unity mode
  • Add custom colored borders in Unity mode
  • Enable direct access to applications
  • Auto-update embedded VMware Tools
    • Manual, auto, global

Recovery & Protection

  • Revert to snapshot on power-off
  • Auto-create snapshot on power-off
  • Auto-create snapshots
    • Daily, hourly, every 30 mins
  • Specify number of snapshot generations to keep
  • Force local encryption password reset
  • Specify VM expiration date
  • Display custom message for expired VM’s
  • Display custom message for soon expiring VM’s
  • Specify policy server contact frequency
  • Specify policy server contact grace period
  • Remote kill of local VM

Next time, I’ll show you how to easily combine AD, images and policy to give your users the desktop you want them to have.

Thanks and if you’d like to know more, or to download a free trial of Horizon FLEX, please click here.

Follow VMware SMB on FacebookTwitterSpiceworks and Google+ for more blog posts, conversation with your peers, and additional insights on IT issues facing small to midmarket businesses.

Making NSX for Horizon 6 More Approachable

This is a repost from the EUC Blog

By Tristan Todd, Architect, End-User Computing, VMware

I love riding bikes! For years I have served as my own bike mechanic. And for about the last 10 years I have hand-built my own bicycle wheels. I do this because I like to choose my parts, I like the quality of the finished product, and I like to save money!


When I first started thinking about building my own bicycle wheels, I was terrified of the complexity, and I faced myriad questions. How do I find parts? What tools do I need? How long will it take? Will my wheels be safe? Yikes! This might be more than I can handle!


My first experiences with NSX in a Horizon 6 environment were similarly overwhelming. Things seemed simple at first until I started considering deployment nuances, operational procedures, and design options.

For background on the importance of micro-segmentation for Horizon 6, see the recent VMware EUC blog post VMware NSX - Customer Imperatives for Desktop Transformation Security. Today’s article aims to break down the broad micro-segmentation topic as it applies to a Horizon 6 environment. By breaking down NSX into bite-sized chunks, I hope to make this topic a bit more approachable to the EUC technical professional.


One obvious benefit that NSX provides to a Horizon 6 virtual desktop environment is the ability to provide micro-segmentation as part of desktop and application delivery services in an enterprise environment. As depicted at a high level in the preceding diagram, it is actually quite easy to introduce NSX into a Horizon 6 virtual desktop environment. I want to address a handful of important NSX components and then address their role in micro-segmentation.


NSX is easy and fast to deploy in an existing Horizon 6 environment. A single OVA (open virtualization appliance) is deployed in minutes, and after it is connected to vCenter, you are ready to start delivering services. Service Composer lets you provision and assign firewall policies and security services to applications. The Firewall Services let you build rules to protect virtual machines and applications. NSX Load Balancers provide the capability of front-ending application servers via an integrated, intuitive management interface.


A simple View virtual desktop environment in Horizon 6 (configured for desktop pool services) is depicted in the preceding diagram. Zooming in, we can see four ways that NSX is adding more lateral controls and protection.


  • Distributed firewalls to protect Horizon 6 services

Required network services for Horizon 6 are controlled through distributed firewall rules. The NSX Service Composer interface makes it very easy to create and group services that the different Horizon 6 components require.

Protip: See VMware Horizon 6 (View) Firewall and Network Ports Visualized from Ray Heffer at VMware. In this blog post, Ray clearly depicts all of the required network services needed throughout a Horizon 6 environment.


  • Distributed firewall for controlling View desktop pool access in Horizon 6

Virtual desktop access can be easily managed (allowed or blocked) at the desktop pool level by grouping desktops that belong to a single pool (for example, by desktop name or by NSX security tagging) with client connectivity addressed by identity-based firewall rules. If View user Dexter Smith belongs to the “IT Admin” security group in Active Directory, then he is permitted access to the “IT Admins Pool” desktop pool in Horizon.


  • Distributed firewall for controlling individual desktop access

Because firewall rules are distributed and can be based on the identity of a logged-in Windows user, it is easy to deliver just-in-time firewall rules to a large pool of desktops based on a master image. For example, it might be a good security best practice to block all network traffic between individual desktops in a pool. This could protect the environment from attacks such as malware that is injected at the desktop browser and which attempts to move laterally through an environment. Blocking all network traffic between desktops could go a long way in protecting the enterprise.


  • Load-balancing servers to optimize performance

An NSX edge load balancer can be rapidly deployed in front of a cluster of View Connection Servers in Horizon 6. With a basic round-robin load balancing policy, a basic protective mechanism is in place which prevents any single View Connection Server from being overloaded with sessions. Because everything is administered through the vCenter Web Client, it is very easy to deploy, administer, and monitor this load balancer service.


Cycling back (sorry for the pun!) to my biking story, after reading some books, using some Web resources, and making a few mistakes along the way, I have now worked through the complexity of bicycle wheel building. What used to take me three days, I can now do in three hours. Sometimes a topic that seems complex on the surface is, in fact, not so complex after all.

In the next blog post I will address just how easy it is to deploy NSX for micro-segmentation in an existing Horizon 6 environment. In future posts I will address the topics of:

  • Distributed firewalling with identity
  • Distributed firewall rule creation
  • Monitoring NSX with vRealize Log Insight

Some other fantastic resources that I highly recommend are:


Follow VMware SMB on FacebookTwitterSpiceworks and Google+ for more blog posts, conversation with your peers, and additional insights on IT issues facing small to midmarket businesses.