Every system needs a way to group entities in order to organize them, delegate administration, and control security on them.  Horizon VIew uses desktop pools to group desktops, apply Horizon View specific policies, and entitle access to users. 

There are a few different types of desktop pools in a Horizon View environment, and the types of desktop pools that you implement will be determined by your use case.  I’m partial to Automatic Linked-Clone pools, These are known as Non-Persistent Desktop Pools because the user state is lost after logoff when the desktop is returned to a known good state.  In some ways, these pools are similar to Windows XP Steady State desktop setups or a program called Deep Freeze that did something similar.

There are other types of desktop pools in a VMware View environment, and I go into more details on the different pool types in Appendix C.

Since we went through all the effort of setting up View Composer earlier in this series, this article will focus on setting up an Automatic Linked-Clone pool for non-persistent desktops. 

1. Log into View Administrator.  Under Inventory, select Pools.

2.  Click Add to add a new pool.

3. Select the Pool Type that you want to create.  For this, we’ll select Automated Pool and click Next.

4.  Select whether you want to have Floating or Dedicated Desktops.  For this walkthrough, we’ll select Floating and click Next.

Note: The Enable Automatic Assignment option is only available if you select Dedicated. If this option is selected, View automatically assigns a desktop to a use when they log in to dedicated pool for the first time.

5. Choose the type of virtual machines that will be deployed in the environment. For this walkthrough, select View Composer Linked Clones and click Next.

6. Each desktop pool needs an ID and a Display Name.  The ID field is the official name of the pool, and it cannot contain any spaces.  The Display Name is the “friendly” name that users will see when they select a desktop pool to log into.  You can also add a description to the pool.

7. The next screen after setting the pool name is for the pool settings.  There are a lot of options here, that control how the pool will behave.  Some of the options are:

• If the pool is enabled
• Default power state of desktops
• Display protocols
• Adobe Flash settings

8. The next screen will allow you to configure the provisioning settings for the pool.  This screen allows you to control provisioning behavior, computer names, and the number of desktops provisioned in the pool.

9. The next screen allows you to set up a special non-persistent disk for disposable files.  Disposable files are classified as temporary files and page files.  If a disposable disk is used, these files will be redirected to here, and this disk is deleted whenever the VM is shut down.

This screen allows you to determine how the virtual desktop will handle these files.

10. Select the option to store Replicas on a separate datastore if you want to place them on a different storage tier.  Andre Leibovici has a good article on the benefits of placing Linked Clone replicas on a different datastore.

11. After you choose whether or not to place the Replica Disks on a separate datastore, you need to configure the pool’s vCenter settings.  This covers the Parent VM and the snapshot that the Linked Clones will be based on, the folder that they will be stored in within vCenter, and the cluster and datastores that will be used.

In order to configure each setting, you will need to click the Browse button on the right hand side of the screen.  Each step must be configured in order. 

11-A. The first item that needs to be configured is the Parent VM that the Linked Clones will be based on.  Select the VM that you want to use and click OK.

11-B. The next step is to select the Parent VM snapshot that the Linked Clones will be based on.  Select the snapshot that you want to use and click OK.

11-C. After you have selected a Parent VM and a snapshot, you need to configure the vCenter folder in the VMs and Templates view that the VMs will be placed in.  Select the folder and click OK.

11-D. The next step is to place the pool on a vSphere cluster.  The virtual machines that make up the desktop pool will be run on this cluster, and the remaining choices will be based on this selection.  Select the cluster that they should be run on and click OK.

11-E. The next step is to place the desktops into a Resource Pool.  In this example, I have not resource pools configured, so the desktops would be placed in the Cluster Root.

11-F. The final two steps of this section are to select the datastores where the Linked Clones and the Replicas will be stored.  Linked Clones can be stored on multiple datastores, so you can select multiple datastores in this section.  You can also configure View to allow the datastores to be overcommitted by changing the Storage Overcommit option on each datastore.

11-G. Replicas can only be stored on a single datastore.  Select the datastore that you want to store them on and click OK.

Note: After you have configured the Replica Datastore, you may receive the following warning about storing Replicas and Linked Clones on local datastores.  If you are using a SAN or a NAS and not storing any Replicas or Linked Clones on local datastores, you can ignore this message.

12. The next screen is for configuring the advanced storage options.  The three options that can be configured on this screen are the View Storage Accelerator, disk space reclaimation and the option to use native NFS snapshots.

If you use View Storage Accelerator or disk space reclamation, you can configure blackout times where vCenter will not run these tasks.

13. To set the blackout times for the pool, click the Add Button and select the days and times when you do not want these operations to run.  You can set multiple schedules.

14. After you have configured the advanced storage options, you need to configure the Guest Customization settings.  This screen allows you to select the domain and organizational unit for the desktops and whether Sysprep or Quickprep will be used to prepare the desktops.

15. Review the settings for the pool and verify that everything is correct.  Before you click Finish, check the Entitle Users checkbox in the upper right.  This will allow you to select the users and/or groups who have permission to log into the desktops.

If you need to make a change to the pool settings, the left-hand column contains links to each page in the wizard.

17. After you click Finish, you will need to grant access to the pool.  View allows you to entitle Active Directory users and groups.  Click Add to entitle users and groups.

18. Search for the user or group that you want to add to entitle.  If you are in a multi-domain environment, you can change domains by selecting the domain from the Domains box.  Click on the users or groups that you want to grant access to and click OK.

Note:  I recommend that you create Active Directory security groups and entitle those to desktop pools.  This makes it easier to manage a user’s pool assignments without having to log into View Administrator whenever you want to make a change.

19. You can check the status of your desktop pool creation in vCenter.  If this is a new pool, it will need to clone the VM into a Replica before it can create the Linked Clone desktops. 

Once the desktops have finished composing, you will be able to log into them through VMware Blast or the Horizon View client. 

I realize that there are a lot of steps in the process of creating a desktop pool.  It doesn’t take nearly as long as it seems once you get the hang of it, and you will be able to fly through it pretty quickly.

When you sit down to design the desktop pools in your Horizon View environment, you’ll be presented with a number of choices that will dictate how those pools will behave.  The choices that you’re presented with are the type of desktop pool and assignment type.

Desktop Pool Types

There are three types of desktop pools in a Horizon View environment.  The desktop pool types are:

• Automatic Pool – These pools consist solely of virtual machines, and they may be full-clones generated from a template in vCenter or a linked-clone desktop created using View Composer.  View and vCenter do the provisioning and management of these desktops, and most of the features of View are geared towards this class of desktop pools.  I’ll go into the differences between linked-clone and full-clone desktops below.
• Manual Pool – A manual pool is a type of pool that is essentially defined as “other.”  The items in this pool can be virtual machines that have the View Agent installed such as physical desktops that have been converted to virtual or physical hardware that has Teradici PCoIP cards installed.  As the name implies, desktops have to be manually added to this type of pool, but it can provide a single management and presentation layer if you are using PCoIP to provide access to centrally-hosted physical workstations or P2V’ed desktops.
• Microsoft Terminal Services Pool – A Terminal Services Pool provides terminal server sessions as Horizon View Desktops.  This version supports the fewest number of Horizon View features, but it can provide a single pane of glass for management if you use both Terminal Server and View desktops or if you are transitioning from Terminal Services to Horizon View.

As I mentioned above, there are two types of Automated Pool desktops – Full-Clone desktops and Linked-Clone Desktops.

Type	Pros	Cons
Full-Clone Desktops	Easy to Deploy Similar to physical desktop environments Can Utilize Existing Desktop Management Infrastructure (SCCM) Only one template required – Apps can be deployed after cloning	Requires Deduplicating Storage Arrays or lots of Storage Can’t be recomposed or refreshed Requires desktop management infrastructure to manage large numbers of full-clone desktops
Linked-Clone Desktops	Requires less storage capacity Recompose and Refresh Operations supported Can update entire pools by making changes on template machines and recomposing Does not require desktop management infrastructure (SCCM)	Recompose/Refresh operations can leave users without access to desktops during maintenance windows Removing a VM snapshot can render pools unusable Multiple desktop templates may be required to deploy pools with different application packages

Assignment Type

There are two assignment types for most of the pools: Dedicated Assignment and Floating Assignment.  These are more commonly known as Persistent and Non-Persistent pools.

Dedicated or persistent pools are desktop pools where the user gets assigned to a virtual desktop, and that is the desktop that they receive each time they log in.  The desktop can be assigned automatically the first time a user logs in or it can be assigned by an administrator through View Administrator.

Floating or non-persistent pools are desktop pools where the user is not permanently assigned to a desktop, and they may receive a different desktop each time they log in.  Desktops in a floating assignment pool are usually returned to a known good state after the user logs out, and they are commonly paired with Roaming Profiles, Persona Management and/or third-party solutions like Liquidware Labs and/or UniDesk.

If you are using Linked-Clone desktops, there is a middle ground between Persistent and Non-Persistent that is “semi-persistent.”  This kind of setup is one where the user is permanently assigned to the desktop, but the desktop is refreshed to a known good state on logout.  I’ve had to deploy a few pools like this in my previous job because non-persistent linked clone desktops were the standard but the application had licensing restrictions based on the computer name.

Design Decisions

There are a number of factors that would influence what type of pool and assignment policies are selected during the design phase, including:

1. Customer requirements
2. Type of Storage Infrastructure that is in place or being procured
3. Type of Desktop Management infrastructure that is in place or being procured
4. Application requirements
5. Budget

Understanding the strengths and weaknesses of the various combinations of pool and assignment types is very important.  Those decisions impact the ability to manage and maintain the environment.

Some vendors and evangelists like to push one particular desktop type over another, but there is no one-size-fits-all solution to any virtual desktop deployment.  The only “Ultimate Solution” is the one that fits your needs and meets your requirements.

A virtual desktop environment is nothing without virtual desktops.  And many

Supported Operating Systems

Horizon View only supports virtual desktops running Microsoft Windows.  The versions of Windows that are supported are:

• Windows 8.1 Enterprise or Professional
• Windows 8 Enterprise or Professional
• Windows 7 Enterprise or Professional
• Windows Vista Business and Enterprise (32-bit Only, SP1 and above)
• Windows XP Professional SP3 (32-bit)
• Terminal Servers running Windows Server 2008 SP2 or Windows Server 2008 R2 SP1

Windows Server 2008 R2 is supported as a desktop operating system, but it requires additional configuration in the View LDAP database.

For this part, we’re going to assume that we’re building a desktop running Windows 7 or Windows 8.1.  We’ll cover Windows Server 2008 R2 in a different section.  This will be more of a high-level overview of creating a desktop template for Horizon View, and I won’t be doing a step-by-step walkthrough of any of the steps for this section.

Configure the VM

Building a desktop VM isn’t much different than building a server VM.  The basic process is create the VM, configure the hardware, install the operating system, and then install your applications.  Building a desktop VM doesn’t deviate from this.

Although you should base the number of vCPUs and the amount of RAM assigned to your virtual desktops on the requirements for of the applications that you plan to run, there are some recommended minimums.

For the sake of this discussion, I’m going to ignore Windows XP.  It goes end of life in a few months, so there is no point in trying to deploy it in a production environment.

The minimums for a virtual desktop are:

• SCSI Controller – LSI SAS
• Hard Disk – At least 40GB Thin Provisioned
• NIC – VMXNET3
• Remove Floppy Drive, and disable parallel and serial ports in BIOS

Note: You cannot remove the CD-ROM drive until after Windows has been installed if you are installing from an ISO.

BIOS screen for disabling Serial and Parallel ports and floppy controller

You’ll notice that I didn’t put minimums for vCPUs and RAM.  Sizing these really depends on the requirements of your user’s applications.  I’ve had Windows 7 64-bit desktops deployed with as little as 1GB of RAM for general office workers up to 4GB of RAM for users running the Adobe Suite.

Install Windows

After you have created a VM and configured the VM’s settings, you need to install Windows.  Again, it’s not much different than installing Windows Server into a VM or installing a fresh copy of Windows onto physical hardware.  You can install Windows using the ISO of the disk or by using the Microsoft Deployment Toolkit and PXE boot to push down an image that you’ve already created.

When installing Windows for your desktop template, you’ll want to make sure that the default 100 MB system partition is not created.  This partition is used by Windows to store the files used for BItlocker.

Since Bitlocker is not supported on virtual machines by either Microsoft or VMware, there is no reason to create this partition.  This will require bypassing the installer and manually partitioning the boot drive.  The steps for doing this when installing from the DVD/ISO are:

1. Boot the computer to the installer
2. Press Shift-F10 to bring up the command prompt
3. Type DiskPart
4. Type Select Disk 0
5. Type Create Partition Primary
6. Type Exit twice.

Once you’ve set up the partition, you can install Windows normally.  If you’re using something like the Microsoft Deployment Toolkit, you will need to configure your answer file to set up the proper hard drive partition configuration.

Install VMware Tools and Join the Template to a Domain

After you have installed Windows, you will need to install the VMware tools package.  The tools package is required to install the View Agent.  VMware Tools also includes the VMXNET3 driver, and your template will not have network access until this is installed.   The typical installation is generally all that you will need unless you’re using vShield Endpoint as part of your antivirus solution.

After you have installed VMware Tools and rebooted the template, you should join it to your Active Directory domain.  The template doesn’t need to be joined to a domain, but it makes it easier to manage and install software from network shares.

Install View Agent

After you have installed the VMware tools package and joined your computer to the domain, you will need to install the VMware View Agent.  There are two parts to the agent install – the View Agent itself and the Remote Experience Installer that contains the Feature Pack 1 additions.  The default install of the View Agent includes all of the features except for PCoIP Smartcard support.  The agent install will require a reboot after it is completed.

Appendix B will contain more details about the various options that are available during the View Agent installation.

Installing Applications on the Template

After you install the View Agent and, optionally, the Remote Experience Agent, you can begin to install the applications that your users will need when they log into Horizon View.

With tools like Thinapp available to virtualize Windows applications or layering software like Unidesk, it is not be necessary to create templates for all of the different application combinations.  You can create a base template with your common applications, such as your office suite, pdf reader, etc, and then either virtualize or layer your other applications on top of that.

Shutdown and Snapshot

After you have your applications installed, you need to shut down your desktop template and take a snapshot of it.  If you are using linked-clones, the linked-clone replica will be based on the snapshot you select.

That’s a quick rundown of setting up a desktop template to be used with Horizon View desktops.  I’ll be posting an appendix to go along with this section to cover the various options that are available in the View Agent installer.

By default, the View Agent installs with all of the options enabled except for PCoIP Smartcard support.  While these options may be suitable for general virtual desktop use, they aren’t suitable for all deployments.

There are two parts to the Horizon View Agent installer.  The first part is the View Agent itself, and the second part is Remote Experience Agent that adds the new capabilities from Feature Pack 1.

The features that you enable on the View Agent are highly dependent upon the requirements of your environment.

The View Agent features are:

• USB Redirection – This feature provides support for connecting local USB devices, such as USB storage, to a remote desktop.  If this option is not installed, local USB devices cannot be passed through to the desktop.
• View Composer Agent – This feature provides support for QuickPrep and other features of VIew Composer.  It does not need to be installed if you are not using View Composer in your environment.
• Virtual Printing – This feature installs VMware’s licensed version of Thin Print, and it enables users to connect the local printers on their machine to a Horizon View desktop.  If this feature is not installed, local printers will not be available in Horizon View.
• vCenter Operations Manager Agent – This is a plugin for vCenter Operations Manager for View.  It collects statistics directly from the desktop.  If you do not use vCenter Operations Manager for View, you do not need to install this.
• PCoIP Server – This is a core component of the View Agent.  If this is not installed, users will not be able to connect to the desktops using the PCoIP protocol.
• PCoIP Smartcard – This feature allows users to authenticate using smartcards when connecting over PCoIP.
• VMware Audio – This is VMware’s audio driver for PCoIP.
• View Persona Management – Persona Management is VMware’s version of Roaming Profiles.  If this feature is not installed, you will not be able to use Persona Management to manage the user profile.

The Remote Experience Agent features are:

• HTML Access – This feature provides support for VMware Blast.  VMware Blast provides access to Horizon View desktops through an HTML5 compatible desktop.  If this feature is not enabled, HTML5 access will not be available.
• Real-Time Audio-Video – This feature allows the redirection of audio and video peripherals like webcams to the Horizon View desktop.
• Unity Touch – This feature provides an easier method for accessing files and applications on Android and IOS mobile devices.

People want to work from home.  Ok…maybe they don’t always WANT to work from home, but there are times where the convenience is nice.  If you live in Wisconsin today for instance, you would almost want to work from home.

One other big trend that you hear about today is Bring-Your-Own-BeerDevice.  There is a growing trend, especially amongst younger workers, to want to use their own personal devices at work.  The iPad and other tablets have really enabled this trend.

VDI enables both of these trends.  If my desktop and all of my applications and files exist in a “cloud” of some sort, it doesn’t matter what device my endpoint is or where I work.  The problem with this, though, is one of security.  Bringing untrusted machines and devices onto a corporate network, either directly onsite or through a VPN, is a huge security risk.

The View Security Server is VMware’s method of addressing this.  This component of the Horizon View environment contains a subset of the Connection Server components, and it is designed to sit in a DMZ and act as a gateway for Horizon View Clients.  It’s essentially a reverse proxy for your View environment.

In my last role, we had enabled access to our virtual desktops through the firewall by using the Security Server setup since we had people traveling all over the world.  One of their biggest successes with rolling out virtual desktops was when a number of senior managers went to Rome with only their iPads.  They were still able to log in and work as if they were in the office. 

Security Server Requirements

Security Servers are considered Connection Servers in the Horizon View documentation.  They don’t list separate hardware requirements for this application, so I would use the requirements for the Connection Server. 

Each Security Server that is deployed needs a corresponding Connection Server, and they are paired during the installation process.  Because the Security Server is an optional component, each Connection Server is not required to have one, and a Connection Server cannot be paired to more than one Security Server.

On of the best practices for both Security Servers and Connection Servers is to keep the Windows Firewall turned on.  If the firewall on either server is turned off, View will not be able to use IPSEC when communicating.

Each Security Server also needs a static IP address.  If it is externally facing, it will need to have a publicly addressable static IP.  This IP address does not need to be configured on the server’s network card as both Static 1:1 NAT and PAT work with Horizon View.

There are some firewall rules for Security Servers.  The following rules are required on your front-end Internet-facing firewall:

• HTTP – TCP 80 In
• HTTPS – TCP 443 In
• PCoIP – TCP 4172 In, UDP 4172 both directions

If you are deploying your Security Servers in a DMZ configuration with a back-end firewall, you need to configure your firewall to allow IPSEC traffic.  ISAKMP (UDP 500) and the ESP protocol need to be allowed through the firewall.

Configuring Horizon View for a Security Server

Before a Security Server can be installed, it must be paired with a Connection Server.  This is accomplished with a password that is used to authenticate the Security Server to the Connection Server.  To set up the pairing password, take the following steps:

1. In View Administrator, go to View Configuration –> Servers

2. Click on the Connection Servers tab and select the Connection Server you want to pair with.

3. Click on More Commands and select “Specify Security Server Pairing Password.”

4. Specify your pairing password.  When you do this, you will also be able to configure how long that password will be valid for.  If the password is not entered in that time period, or if you encounter errors with the install that are not resolved before the timeout period expires, you will need to create a new password.

Installing the View Security Server

Once the pairing password is set up, you can start the Security Server installation.

1. Launch the installation program.

2. Accept the license agreement

3. The next screen gives you the option to change the installation directory by clicking the Change button.  For this installation, we’ll be installing to the default location, so click Next.

4. Select Security Server

5. Enter the hostname or IP address of the Connection Server the Security Server will be paired with.

6. Enter the pairing password.

7. In order for View Clients to properly connect to the Security Server, you need to configure the External URLs for the server.  The items that need to be configured are:

• External URL – the fully-qualified public domain name and port such as view.remotedomain.com:443
• PCoIP External URL – the public IP address and port number.  If this server is behind a NAT, this should be the IP address that can be reached from the Internet.  Example: 4.4.4.4:4172
• Blast External URL – the fully-qualified public domain name and port used by VMware Blast such as html5desktop.remotedomain.com:8443

8. The View Installer will give you the option to automatically configure the Windows Firewall for View.  Click Next to allow the installer to set up the Windows Firewall.  If you do not want the installer to configure the firewall, you will need to configure these rules manually after installation.

9. Click Install to finish the installation.

10. Click Finish to close the installer.

11. If you log back into View Administrator and go to View Configuration –> Servers –> Security Servers, you should see your newly added Security Server.

That’s it for the server components.  For now, anyway.  The next post or two will be about configuring the desktops and setting up a pool.

In the last couple of posts, the first Connection Server and View Composer were installed in the environment.  Now it’s time to start configuring them.

Horizon View is primarily managed from the View Administrator web-based management interface.  This interface is based on Adobe Flex, so you will need a Flash-enabled web browser.  I hope that this is something that will be addressed in an upcoming version so that View can be managed from a mobile device.

In order to get View up and running, a few tasks need to be accomplished.  These tasks include applying a license key to the environment and telling Horizon View which vCenter Server and View Composer we will be using.  We will also want to set up an events database to record a variety of events within the environment such as logons, logoffs, and errors in the environment.

Logging into View Administrator

Before anything can be configured, though, we need to first log into Horizon View Administrator.  As I mentioned above, you will need to have Adobe Flash installed and enabled in your web browser.

The web browsers that VMware supports are:

• Internet Explorer 8 or later (on Windows 8, IE is only supported in Desktop Mode)
• FIrefox 6 or later

Although it is not officially supported, I have never had an issue with View Administrator when using Google Chrome.

To log in, take the following steps:

1. Open your web browser.

2. Navigate to https://<FQDN of connection server>/admin

3. Log in with the Administrator Account you designated (or with an account that is a member of the administrator group you selected) when you installed the Connection Server.

4. After you log in, you will be prompted for a View License key.

Note:  The license keys are retrieved from your MyVMware site.  If you do not input a license key, you will not be able to connect to View Desktops after they are provisioned.  You can add or change a license key later under View Configuration –> Product Licensing and Usage.

5. Click Edit License.  Paste your license key from the MyVMware site into the license key box and click OK.

6. After your license key is installed, the LIcensing area will show when your license expires and the features that are licensed in your deployment.

Configuring vCenter and View Composer

The next task that needs to be accomplished is configuring the vCenter and View Composer server information.  Without a vCenter, the Horizon View environment will not be able to provision full clone desktops or perform power operations.  Composer is required for linked clones.

There are two Active Directory service accounts that are required during this step.  Please check out Part 4 to get more details on the requirements for these accounts.

The steps for configuring the View environment for talking to vCenter and Composer are:

1. Under View Configuration, select Servers.

2. The vCenter Servers tab is already selected for us.  Click the Add button.

3. Enter the following information and then click Next to continue:

• Server Name: Server fully-qualified domain name
• Username: Domain User Account with access to vCenter entered as username@domain.name. Please see Part 4 for the permissions requirements for this account.
• Password: Password for the domain user account.

Note: The Advanced Settings control the number of concurrent Horizon View operations that vCenter will perform.  It is not recommended to change these.

4. Select the View Composer option for your environment and click Next:

• Do Not Use View Composer: View Composer is not installed anywhere in the environment.  Linked-Clone desktops will not be available.
• View Composer is co-installed with vCenter Server: The View Composer server is installed on the vCenter Server.  No additional configuration is necessary.
• Standalone View Composer Server: View Composer is installed on a separate server, and you will need to provide the server address, username, and password to access this instance.

Edit – June 16th, 2014: The service account that you use with the Standalone View Composer should be the Active Directory service account that you created in Step 4.   This account should be added to the Administrator group on your View Composer server.

5. If you are using View Composer and the server has a self-signed certificate installed, you will see the warning below.  Click View Certificate.

Note: Installing signed SSL Certificates will be covered later in this series.

6. Click Accept to import the certificate.

7. View Composer performs operations against Active Directory. Composer needs to know which domains to work with and the credentials to use.  Click Add to add a domain.

Note: If you are working in a multi-domain or multi-forest environment, and/or planning to use a resource domain, you only need to add the domains and credentials where desktops will be created.

8. Enter the full domain name, username (in domain\username format) and password for the service account with permissions to perform Active Directory operations.

Note:  Please see Part 4 for the View Composer service account requirements.

9. The next tab will allow you to configure advanced storage settings such as View Storage Accelerator.  Click Next to continue.

10. Review the settings and click finish.

Configuring the Horizon View Events Database

The last thing that we need to configure is the Horizon View Events Database.  As the name implies, the Events Database is a repository for events that happen with the View environment.  Some examples of events that are recorded include logon and logoff activity and Composer errors.

The Events Database requires a Microsoft SQL Server or Oracle database server, and it should be installed on an existing production database server.  For this write-up, I installed it on the Composer server where I had an instance of SQL Server Express.

There are two parts to configuring the events database.  The first part, creating the database and the database user, needs to be done in SQL Server Management Studio before the event database can be configured in View Administrator.

To set up the database, follow these steps:

1. Open SQL Server Management Studio and log in with an account that has permissions to create users and databases.

2. Expand Security –> Logins.

3. Right-click on Logins and Select New Login…

4. Enter the SQL Login Name and Password and then click OK.

5. Expand Databases.

6. Right-click on Databases and select New Database.

7. Enter the database name.  Select the database user that you created above as the database owner.  Click OK to create the database.

Now that the database is set up, we need to configure Horizon View to use it.  There is no need to create a ODBC DSN for the Events Database.  The setup is done through the View Administrator management console.

After we have logged into the View Administrator using the steps above, we need to complete the following steps:

1. In the View Configuration section, select Event Configuration.

2. In the Event Database section, click Edit.

3. Enter the following information to set up the connection:

• Database Server (if not installed to the default instance, enter as servername\instance)
• Database Type
• Port
• Database name
• Username
• Password
• Table Prefix (not needed unless you have multiple Connection Server environments that use the same events database – IE large “pod” environments)

Note: The only SQL Server instance that uses port 1433 is the default instance.  Named instances use dynamic port assignment that assigns a random port number to the service upon startup.  If the Events database is installed to a named instance, it will need to have a static port number.  You can set up SQL Server to listen on a static port by using this TechNet article.  For the above example, I assigned the port 1433 to the Composer instance since I will not have a named instance on that server.

If you do not configure a static port assignment and try to connect to a named instance on port 1433, you may receive the error below.

5. If setup is successful, you should see a screen similar to the one below.  At this point, you can change your event retention settings by editing the event settings.

What’s Next

This is the ninth part of the series. Now that the Event Database, vCenter, and Composer are set up, Horizon View is basically configured.  There are a few more things that we need to do, though.  Those are:

• Create SSL Certificates for all of our servers
• Create a Windows 8.1 Desktop Template
• Create our first desktop pool
• Overview of Desktop Pool Maintenance Operations

After that, there are a few features that I want to cover:

• Configuring a Security Server for remote access
• Using Windows Server 2008 R2 desktops with Horizon View
• Using Horizon View to broker access to Microsoft Terminal Servers
• Load Balancing Horizon View Environments
• Automating Horizon View Environments
• Setting Up VMware Blast for HTML5 access to desktops

The central part of any Horizon View environment is the Connection Server.  Without at least one of these, there would be no virtual desktops to connect to.  And while this component lives up to it’s name by terminating connections and authenticating users who are accessing View desktops, it does much more.

Some of the other things that a Connection Server does are:

1. Run the View Administrator web application that is used for managing a Horizon View environment
2. Host the ADLS (LDAP) database that contains all of the information about the Horizon View environment
3. Works with vCenter and View Composer to create, update, and delete desktops from the environment

As I mentioned in Part five, there are two types of Connections Servers – Standard and Replica.  Functionally, Standard Connection Servers and Replica Connection Servers are the same.  They all contain an up-to-date copy of the View ADLS database and authenticate users to desktops.  Replica Connection Servers are essentially full partners with a Standard Server.

The only real difference between Standard and Replica servers is that a Standard Server needs to be installed and configured before you can add Replica Connection Servers.  Replica servers must be partnered with a Standard server, and a Standard Connection Server can be partnered with multiple Replica Servers.

Two Standard Connection Servers cannot be partnered with each other, however, and if you install two of them side by side, you will end up with two separate Horizon View environments.

View Connection Server Requirements

What requirements do my servers need to meet in order to install the View Connection Server software on them?  The hardware requirements are:

• Windows Server 2008 R2 (SP1 supported)
• 1 vCPU
• 4GB RAM
• Static IP Address

The recommended hardware for a Connection Server is:

• 4 vCPUs
• 10GB of RAM if running 50 or more virtual desktops

While there are no special hardware requirements, there are a number of little “gotchas.”  Some of these are:

• Unlike other View Components, Connection Servers must be joined to a Server 2003 or Server 2008 domain.
• The Connection Server can’t be installed on a domain controller
• The Connection Server can’t be installed on any server that has the Terminal Services/Remote Desktop Services role installed
• The Connection Server must be installed with an AD user account

Installing A Standard View Connection Server

Since this Connection Server is going into a brand new Horizon View environment, the first server that will need to be installed is a Standard Connection Server.  The steps for installing the Connection Server are:

1. Double-click the installer to launch the Connection Server setup.  Click Next to start.

2. Accept the license agreement.

3. The next screen gives you the option to change the installation directory by clicking the Change button.  For this installation, we’ll be installing to the default location, so click Next.

4. Select View Standard Server and click Next.

5. Enter a data recovery password and a password hint/reminder.  Then click Next.

Note:  The data recovery password is used in the event that you need to restore a Connection Server LDAP database from backup.  Keep this password in a safe place.  For more information about the recovery process, please see KB 2036145.

6. The View Installer will give you the option to automatically configure the Windows Firewall for View.  Click Next to allow the installer to set up the Windows Firewall.  If you do not want the installer to configure the firewall, you will need to configure these rules manually after installation.

Note: It is not recommended to disable the Windows Firewall, especially if you plan to use View Security Servers with your Connection Servers.  When the firewall is turned on, traffic between the Security Server and the Connection Server is secured with IPSEC.

7. Configure the users or groups that will have Administrator rights in Horizon View.  The two options that are presented are to name an Active Directory user or security group or to use the local Administrators group on the Connection Server.

8. If you wish to participate in the Customer Experience Program, check the box and provide some data about your organization.  Otherwise click Next to continue.

9. Click Install to finish the installation.

10. Click finish to close the installer.

Note: If your system is configured with less than 10GB of RAM, you will see a warning that limited memory is available.

Although Composer and a Connection Server are installed, there is still some configuration work that needs to be done before Horizon View is ready for users to connect to virtual desktops.  The next couple of posts in this series will cover how to configure Horizon View and set up desktop templates that will be used for linked-clone desktops.

In my last post, I talked about the requirements for Horizon View Composer.  In this post, I’ll be going through the steps to install Composer and configure the database that Composer uses.

In the last post, I mentioned that the Composer installation can either be co-located with the vCenter server or be installed on a separate Windows Server.  My lab uses the Linux-based vCenter Virtual Appliance, so Composer must be installed on a separate Windows server.  I will also be using a SQL Server 2008 R2 Express instance that is installed on the Composer Server.  Although this setup will support Windows Authentication, I will be using SQL Authentication.

Configuring the View Service Account

 

Edit: June 16th, 2014: This step was not initially part of the instructions, but a comment by Mike on Part 9 and some additional testing showed that I missed this step.  I apologize for the error.

In Step 4, you configured a service account that will be used by Horizon View.  This account needs to be added to the local administrator group on your View Composer server.  If you do not add this account to the Local Administrator group, you will receive a generic error message.

Configuring the Composer Database

Before Composer can be installed, a blank database must be configured on your SQL Server.  The steps to configure the database are:

1. Log into your database server and open SQL Server Management Studio.

2. Log in as a user with administrator rights on SQL Server.

3. Create a new SQL Login by expanding Security –> Logins.  Right click on Logins and select New Login.

4. Enter a login name such as viewComposerDB or viewComposerUser, select SQL Server Authentication, and enter a password twice.  You may also need to disable Enforce Password Expiration or Enforce Password Policy depending on your environment.  Click OK to create the account.  Note: Check with your DBA on password policy settings.

5. After the SQL login is created, you need to create an empty database.  To create the database, right click on the database folder and select New Database.

6. In the database name field, enter a name such as viewComposer.  This will be the name of the database.  To select an owner for the database, click on the … button and search for the database user account you created above.  Click OK to create the database.

You will have a blank database that you can use for View Composer after you click OK.

Creating the ODBC Data Source

Unfortunately, the Composer installer does not create the ODBC Data Source driver as part of the Composer installation, and this is something that will need to be created by hand before Composer can be successfully installed.  The View Composer database doesn’t require any special settings in the ODBC setup, so this step is pretty easy.

Note: The ODBC DSN setup can be launched from within the installer, but I prefer to create the data source before starting the installer.  The steps for creating the data source are the same whether you launch the ODBC setup from the start menu or in the installer.

1. Go to Start –> Administrative Tools –> Data Sources (ODBC)

2. Click on the System DSN tab.

3. Click Add.

4. Select SQL Server Native Client 10.0 and click Finish.  This will launch the wizard that will guide you through setting up the data source.

Note: The SQL Server Native Client is not installed by default. If you are connecting to a database on another server, you will need to download and install the native client for SQL Server 2008 R2 from Microsoft (direct download link). 

5. When the Create a New Data Source wizard launches, you will need to enter a name for the data source, a description, and the name of the SQL Server that the database resides on.  If you have multiple instances on your SQL Server, it should be entered as ServerName\InstanceName.  Click next to continue.

6. Select SQL Server Authentication.  Enter your SQL Server username and password that you created above.  Optional: Check the Connect to SQL Server to obtain default settings box to retrieve the default settings from the server.  Click Next to continue.

7. Change the default database to the viewComposer database that you created above.  Click Next to continue.

8. Click Test Data Source to verify that your settings are correct.

9. If your database settings are correct, you will see the windows below.  If you do not see the TESTS COMPLETED SUCCESSFULLY, verify that you have entered the correct username and password and that your login has the appropriate permissions on the database object.  Click OK to return to the previous window.

10. Click OK to close the Data Source Administrator and return to the desktop.

Installing View Composer

Now that the database stuff is done, we can finally install View Composer.

1. Launch the View Composer installer. Click next on the first screen.

2. Enter the name of the data source that you created on the top line, and enter the SQL username and password on the two lines beneath it.

3, Enter the port that Composer will use for communicating with the View Connection servers and vCenter.  The default is 18443.

Note:  You may need to open port 18443 in the system firewall.

Note: If an SSL Certificate was installed on this server, I could select to use it with Composer at this step.  Configuring Composer and other View components with SSL certificates will be covered later in this series.

4. Click install to finish the Composer installation.

5. When the installation has completed, you will be prompted to restart the server.

At this point, Composer is installed in your environment.  There isn’t much we can do with it yet, though, because a Connection Server is required to configure both Composer and vCenter within a Horizon View environment.

And that is what I’ll be covering the next few posts – setting up the first View Connection Server in the environment.

One of the options for virtual desktops in a Horizon View environment is a linked-clone desktop.  A linked-clone is a copy of a virtual machine, in this case a desktop, that shares its virtual disks with a parent virtual machine.  In a Horizon View environment, linked-clones are based on a snapshot of the virtual desktop parent.

Horizon View Composer is the component of a View environment that provides linked-clone functionality.  Although there are many advantages to using linked-clones, such as more efficient use of space and the ability to update all desktops just by updating a parent VM, they are not required.  Because of this, Horizon View Composer is considered an optional component.  If it is not installed, you will not be able to use linked-clone desktop pools.

Composer Hardware Prerequisites

Composer tends to be the component with the most software prerequisites, so it’s going to be the component that I’m going to set up first.  Unlike the Connection and Security Server components, Composer requires its own SQL database that contains information about vCenter and linked-clone desktops and replicas.

Composer can be installed two ways.  Until View 5.1, Composer had to be installed on the same server that hosted vCenter.  Starting with View 5.1, however, a standalone version of Composer was released.  The standalone version supports both the vCenter Server Virtual Appliance and the vCenter Server Windows application.

The system requirements for View Composer are:
Operating System: Windows Server 2008 R2 or Windows Server 2008 R2 SP1
Processors: At least two 1.4 Ghz processors, 4 2.0 GHz processors recommended
Memory: 4 GB, 8GB recommended for deployments of 50 or more View Desktops

Composer also requires the server that it runs on to have static IPs assigned.

Composer Database Prerequisites

As I mentioned above, Horizon View Composer requires a SQL database to store information on replicas and linked-clone desktops.  Composer supports SQL Server 2005 SP4 and later as well as Oracle 10g and 11g with Patch 5.  The database can be installed on the Composer server or on a remote server.

There is a catch to this – if your environment requires that you use Windows Authentication for accessing a SQL Server database, the database instance must be local to the Composer server.  WIndows authentication is not supported if the Composer database is located on a remote SQL Server instance.

Note: For specific information on which databases and service packs are supported, please refer to the VMware Product Interoperability Matrix.

In the next post, I’ll cover configuring the database connection for View Composer.