Horizon View 5.3 Part 4 – Active Directory and vCenter Configuration

/ seanpmassey / 2 Comments

The only desktops that are supported for virtual desktops in Horizon View 5.3 are Windows-based.  This includes the latest versions of the Windows Desktop operating system and Windows Server running Windows Terminal Server or as a desktop.  Because Windows desktops are the core of Horizon View, Active Directory is used to handle authentication into the View environment.

As I mentioned in my last post, an Active Directory environment is a requirement.  Per the documentation, Server 2003 and Server 2008/R2 Active Directory environments are supported.  The documentation doesn’t go into any details as to whether Windows Server 2012 domain controllers are unsupported or if the Server 2012 domain and forest functional levels are unsupported.

Edit 3/26/2014: VMware has updated the release notes for Horizon View 5.3 to clarify support, and the 2012 Domain/Forest functional levels are not supported.  2012 domain controllers are supported. h/t rboyett

Some Active Directory objects need to be configured before any Horizon View components are installed.  Some of these objects require special configuration either in Active Directory or inside vCenter.  The Active Directory objects that need to be set up are:

  • An organizational unit structure for Horizon View Desktops
  • A service account for View Composer
  • A service account that View will use to access vCenter

Optionally, you may want to set up an organizational unit for any security groups that might be used for entitling access to the Horizon View desktop pools.  This can be useful for organizing those groups and/or delegating access to Help Desk or other staff who don’t need Account Operator or Domain Administrator rights.

Creating An Organizational Unit for Horizon View Desktops

The first think that we need to do to prepare Active Directory for a Horizon View deployment is to create an organizational unit structure for Horizon View desktops.  This OU structure will hold all of the desktops created and used by Horizon View.  A separate OU structure within your Active Directory environment is important because you will want to apply different group policies to your Horizon View desktops than you would your regular desktops.  There are also specific permissions that you will need to delegate to the View Composer service account.

There are a lot of ways that you can set up an Active Directory OU structure for Horizon View.  My preferred organizational method looks like this:

2013-12-28_21-55-14

View Desktops is a top-level OU (ie – one that sites in the root of the domain).  I like to set up this OU for two reasons.  One is that is completely segregates my VDI desktops from my non-VDI desktops and servers.  The other is that it gives me one place to apply group policy that should apply to all VDI desktops such as disabling non-essential services, turning off screen savers, or setting the inactivity timeout to lock the machine.

I create three child OUs under the View Desktops OU to separate persistent desktops, non-persistent desktops, and desktop templates.  This allows me to apply different group policies to the different types of desktops.  For instance, you may want to disable Windows Updates and use Persona Management on non-persistent desktops but allow Windows Updates on the desktop templates.

You don’t need to create all three OUs.  If your environment consists entirely of Persistent desktops, you don’t need an OU for non-persistent desktops.  The opposite is true as well.

Finally, I tend to create department or location OUs underneath the persistent or non-persistent OUs if I have locations that require special Group Policy settings in addition to the default settings.  One example where I used this was in a previous job that HEAVILY used Microsoft Access databases at one site.  Microsoft Access includes a security groups option that uses a centrally stored database file to manage access to databases.  This can be configured with group policy, and since other locations used Access without the security groups configured, applying that policy to all desktops would have broken any Access databases that the other locations used.

These grandchild OUs are completely optional.  If there is no need to set any custom policy for a location or a department, then they don’t need to be created.  However, if a grandchild OU is needed, then an entire pool will need to be created as desktop pools are assigned to OUs.  Adding additional pools can add management overhead to a VDI environment.

Creating a View Composer Service Account

There are two service accounts that need to be created in Active Directory to support a Horizon View deployment.  The first is the account that will be used by View Composer.  This account can be created as a standard domain user.  This account should not have domain administrator or account operator rights – it only needs a select group of permissions on the OU (or OUs) where the View Desktops are being stored.

After this account has been created, you need to delegate permissions to it on the OU (or OUs) where your VDI desktops will be placed.  If you use the structure like the one I outlined above, you only need to delegate permissions on the top-level OU and permission inheritance, if turned on, will apply them to any child or grandchild objects beneath it.

Note:  If inheritance is not turned on, you will need to check the Apply to All Child Objects checkbox before applying the permissions.

The permissions that need to be delegated on the OU are:

  • Create Computer Objects
  • Delete Computer Objects
  • Write All Properties
  • Reset Password

Note: Although granting this account Domain Administrator or Account Operator permissions may seem like an easy way to grant it the permissions it needs, it will grant a number of other permissions that are not needed and could pose a security risk if that account is compromised.  Only the required permissions should be granted in a production environment.

Creating a vCenter Server Service Account

The second Active Directory account that needs to be created is a service account that will be used by Horizon View to access vCenter.  Because Horizon View has a number of different configurations, the actual rights required by vCenter will vary.  I will be using View Composer in this series, so I will be setting up the vCenter Service Account with the permissions required to use View Composer.

Note: If you are not using View Composer, or you plan to use View Composer and Local Mode, different permissions will be required in vCenter.  Please see Chapter 8 of the Horizon View 5.2 Installation Guide for more details on the permissions that need to be assigned to the service account.

The user account that is created for accessing vCenter Server should be a standard domain user account.  Unlike the View Composer, it shouldn’t have any rights to administer objects in the domain as the permissions that this account needs will be assigned within vCenter.

To create a new role in the vCenter Web Client, you need to go to Administration –> Roles from the main page.  This will bring up the roles page, and we can create a new role from here by clicking on the green plus sign.

2013-12-29_19-14-37

The permissions that need to be assigned to our new role are:

Edit June 16th, 2014 – The Datastore permissions were missing from the list of permissions needed for the vCenter Service Account.  They have now been added in.

Privilege Group

Privilege
Datastore Allocate Space
Browse Datastore
Low Level File Operations
Folder Create Folder
Delete Folder
Virtual Machine Configuration –> All Items
Inventory –> All Items
Snapshot Management Note 2–> All Items
Interaction:
Power On
Power Off
Reset
Suspend
Provisioning:
Customizing
Deploy Template
Read Customization Spec
Clone Virtual Machine
Allow Disk Access
Resource Assign Virtual Machine to Resource Pool
Migrate Powered-Off Virtual Machine
Global Enable Methods
Disable Methods
System Tag
Act As vCenter Note 1
Network All
Host Configuration:
Advanced Settings Note 1

Note 1: Act as vCenter and Host Advanced Settings are only needed if View Storage Accelerator are used.  If these features are not used, these permissions are not required.

Note 2: The documentation says to grant all permissions to State under virtual machine.  However, in vCenter 5.1 and later, there does not appear to be an item called State.  The state item existed in earlier versions of vCenter and was renamed to Snapshot Management.  For more information, please see this post by Terence Luk.

After the role has been created, we will need to assign permissions for our vCenter Server service account to the vCenter root.  To do this from the roles screen, you will need to go back to the vCenter Web Client Home screen and take the following steps:

  1. Select vCenter
  2. Select vCenter Servers under Inventory Lists
  3. Select the vCenter that you wish to grant permissions on
  4. Click on the Manage Tab
  5. Click Permissions
  6. Click the Green Plus Sign to add a new permission
  7. Select the role for View Composer
  8. Add the Domain User who should be assigned the role
  9. Click OK.

2013-12-29_20-33-59

This wraps up the preparation work for configuring Active Directory and vCenter to support a Horizon View deployment.  Now we can start installing the components for a Horizon View environment beginning with View Composer.

Horizon View 5.3 Part 3 – Prerequisites

/ seanpmassey

In order to provide a virtual desktop environment that meets that often varied needs of the users, Horizon View 5.3 contains a number of components and moving parts.  And like any complex system, there are a number of prerequisites and requirements that need to be met at an infrastructure level for Horizon View to be successfully deployed.

So what infrastructure do you need to have in place in order to successfully run a Horizon View environment? 

Horizon View is a virtual desktop environment, and the environment is based upon the vSphere platform.  The compatibility matrix for Horizon View 5.3 has not changed from the previous version, and Horizon View 5.3 supports vSphere 5.5 and the vCSA appliance.

Note: I won’t cover how to install and configure vSphere 5.5 or vCenter 5.5 in this series.  If you’re working with the Windows version of vCenter 5.5, please check out Derek Seaman’s excellent series on vCenter 5.5 at http://www.derekseaman.com/2013/10/vsphere-5-5-install-pt-1-introduction.html.  If you want to know more about the vCSA, you can check out my articles on the vCSA 5.5 appliance at http://seanmassey.net/vcenter-server-appliance/.

Horizon View also requires an Active Directory environment.  This isn’t surprising considering that Horizon View only supports virtual desktops running Windows.  The only versions of Active Directory that are supported are the Windows Server 2003 and Windows Server 2008 versions.  I’m not sure if this means that the domain controllers have to be running a version of Server 2003 or Server 2008 or if the domain and forest functional levels cannot be raised above the Server 2008 R2 versions.  The documentation isn’t clear on this, and I haven’t had a chance to test it in my lab.

If you plan on using Horizon View Composer for linked-clone desktops, you will need to have a database for the Composer data.  Composer supports versions of Oracle and Microsoft SQL Server, including SQL Server Express.  It can be run on the same server with Composer.  Generally speaking, SQL Server 2008 and 2008 R2 and Oracle 10g and 11g are supported, but because there are multiple patch levels and versions of Oracle and SQL Server, please refer to the compatibility matrix to find out if your database server is supported.

There are some best practices for configuring Active Directory in a VMware View environment, and I will be covering those in Part 4.

Horizon View 5.3 Appendix A – Links to Resources

/ seanpmassey

This appendix to the Horizon View 5.3 series will contain links to various resources from VMware and the community.  This page may be updated throughout the series as new links and resources are added.

VMware Documentation

All of the documentation for Horizon View 5.3 can be found at https://www.vmware.com/support/pubs/view_pubs.html.

PDF: VMware Horizon View Optimization Guide for Windows 7 and Windows 8

Note: Many of the manuals for 5.3 are the same as the manuals for 5.2.

VMware KB Articles

Connecting to the View ADAM Database

Using Windows Server 2008 R2 as a desktop operating system in VMware Horizon View

Community Blogs

Craig Kilborn has a series on upgrading from Horizon View 5.2 to Horizon View 5.3:
Part 1: Composer Server
Part 2: Connection Server
Part 3: Security Server
Part 4: View Agent
Load Balancing Horizon View – Design
Load Balancing Horizon View – Failure Testing

horizonflux.com
View Connection Server Memory Sizing and JVM Heap Size

Horizon View 5.3 Part 2–What’s New

/ seanpmassey

Although there haven’t been a lot of earth-shattering architecture changes in Horizon View 5.3, there have been some great new features added.  No, there aren’t virtual appliances that you can deploy as Connection and Security Servers.  Feature Pack 1 and VMware Blast haven’t been integrated into the base install – they are still add-on components that need to be installed on the View Desktops after the agent is installed.

In fact, there have been so few major changes to Horizon View 5.3 that VMware has said that the Horizon View 5.2 documentation still applies.  Aside from some release specific notes, the documentation that you view or download from the support site.

The full release notes can be found on the VMware support page.

What’s New in Horizon View 5.3

  1. Support for virtual desktops running Windows Server 2008 R2 – this is perhaps the biggest new feature as it provides one avenue for providing VDI without having to deal with Microsoft’s broken VDA licensing model.  While this was possible, albeit hit-or-miss, in previous versions, Horizon View 5.3 provides official support for Server 2008 R2 desktops.  Some features, like Persona Management and ThinPrint, are not available.
  2. Support for Windows 8.1 – Horizon View 5.3 supports Windows 8.1 as a virtual desktop OS.  Unlike Server 2008 R2 desktops, all functionality of Horizon View is supported.
  3. Support for using Horizon Mirage for Managing Virtual Desktops – Horizon Mirage can be used for managing and deploying applications in Horizon View.
  4. vDGA Support – Virtual Dedicated Graphics Acceleration is now supported in Horizon View desktops.  This could provide better support for graphics intensive applications like medical imaging and CAD/BIM.
  5. Unbounded Linked-Clone Overcommit – In previous versions of Horizon View, there were a few settings that controlled how aggressively a pool would overcommit its storage and would limit the number of desktops placed on a datastore.  The unbounded overcommit option in Horizon View 5.3 will not limit the number of desktops placed on a datastore.
  6. Add Administrator Groups to Persona Management Redirected Folders – Persona Management includes the option to redirect certain Windows Profile folders, such as Desktop and Documents, to a network share.  However, if the Persona Management GPOs were used, domain administrators would not have access to those folders.  The updated GPO templates add a setting to grant Domain Administrators access to these folders.
  7. Direct-Connection Plugin – The direct-connection plugin provides yet another option for connecting to Horizon View desktops – this time foregoing the Connection Server entirely by connecting directly to the desktop.
  8. VSAN – VSAN is “supported” by Horizon View 5.3 as a tech preview since VSAN is still in Beta.  So unfortunately, no official support will be provided.

What’s New in Horizon View 5.3 Feature Pack 1

  1. Windows 7 Multimedia Redirection – Multimedia Redirection has been available for Windows XP and Windows Vista in previous versions of Horizon View, and it has now been extended to support Windows 7.
  2. Support for Server 2008 R2 Desktops – Real-Time Audio-Video, Unity Touch, and HTML Access are fully supported in Feature Pack 1.
  3. Support for Windows 8.1 – Real-Time Audio-Video and Unity Touch are supported in Feature Pack 1.
  4. Real-Time Audio-Video – Now supported on Linux Clients when using the Horizon View 2.2 client.
  5. HTML Access – There have been a number of additions and changes to this feature:
    • Sound is now available from the remote desktop
    • Copy and Paste between remote desktop and client device
    • Available for Windows 8 and Windows 8.1 as tech preview – no official support at this time
    • VMware Blast Gateway can now support up to 350 simultaneous users per Connection Server.

That pretty much covers what’s new in Horizon View 5.3.  As this series continues, we’ll start going into the requirements for running View and the various components that are needed in the environment.

Horizon View 5.3 Part 1–Introduction

/ seanpmassey

One of the many hats that I wore at [Previous Job] was VDI Administrator for a 200-seat VMware View deployment.  That deployment, initially built by a consultant, started with View 4.6.  I had updated it to View 5.1 and was planning another update to View 5.3 when I left.  I no longer work with Horizon View on a daily basis, but I run it in my home lab and am a VDI hobbyist.

The announcement of Horizon View 5.3 at VMware Europe in October was somewhat shocking.  Horizon View 5.2 had been released about seven months earlier in March 2013 and added a number of new features such as Unity Touch for mobile devices, HTML5 access to desktops, and support for larger clusters and multiple VLANs.

Horizon View 5.3 hit General Availability on November 21st, 2013, and it improved on Horizon View 5.2.  There have been few major changes from Horizon View 5.2, but the documentation from 5.2 is still valid for 5.3.

Unless Microsoft changes their licensing model yet again, one of the additions to Horizon View 5.3 could make 2014 the mythical “Year of VDI” more likely.  OK…maybe that’s a little hyperbolic, but between official support for VDI desktops running Windows Server and the number of new entries into the Desktop As A Service market, I’d like to think that there will be an uptick in VDI adoption.

Series Agenda

Horizon View is a large application with at least four major components, and it would be impossible to cover it all in one or two posts.  I’m not sure how many posts this series will be in total, but it should be at least ten covering the following topics:

  1. Changes/What’s New and System Requires for Horizon View 5.3
  2. Configuring SSL Certificates and Active Directory for Horizon View
  3. Installing Horizon View Composer
  4. Installing a standalone Horizon View Connection Server
  5. Installing a Replica Connection Server
  6. Installing and Configuring a Security Server
  7. Configuring the View Events Database
  8. Configuring Windows  7 and 8.1 as Desktop Sources
  9. Configuring Server 2008 R2 as a Desktop Source
  10. VMware Blast (HTML Access)
  11. Configuring a Transfer Server
  12. Automating Your View Environment

If time allows, I will look at the Real-Time Audio/Video component, Persona Management, and other components of Horizon View.

You’ll notice that I don’t cover setting up a vSphere Environment as part of this series.  Both ESXi and vCenter Server are required for Horizon View, and the best walkthrough for setting up a vSphere 5.5 environment is Derek Seaman’s 19+ part blog series.  I’ve linked to Derek in the past because he has some well researched and seriously good content.

2013 – A Retrospective

/ seanpmassey

Life is Change.  It’s a good thing.” Lise Hampton Edgars – Babylon 5: The Wheel of Fire

Looking back, it’s hard to believe how big of a year 2013 was.  If the page quote wasn’t enough of an indication, a lot has changed from this time last year.  At the same time, it has been an exciting year to say the least.  Most of it was in the latter half of the year.

As this post goes up, I will be getting ready to head down to Milwaukee to take the VMware Certified Advanced Professional Data Center Design exam.  That’s a big shift from where I was a year ago when I was taking the vSphere Install, Configure, Manage training course.

My top five posts from 2013 were:

  1. Utilizing Offsite Backups to Seed Backup Copy Jobs in @Veeam #V7
  2. Scripting Exchange 2010 Backups on Windows Server 2008R2 using PowerShell and Windows Backup Service
  3. VMware View Pool Recompose PowerCLI Script
  4. vCenter Server Virtual Appliance 5.5 SSL Certificates – Part 1
  5. vCenter Server Virtual Appliance 5.5 SSL Certificates Part 2 – Certificate Installation

And some of my highlights from this year were:

  • Attending my first VMworld
  • Getting VCPs for Data Center and Desktop virtualization
  • Giving my first presentation at the Wisconsin VMUG
  • Becoming more active in the VMware community as a blogger, on Twitter, and by participating in community activities like VMUG and vBrownbag.
  • Changing jobs and moving to a position that is lower stress and will allow me to grow more

The biggest change, though, hasn’t quite come yet.  My wife and I are expecting our second child, a girl, at the end of March.

I hope everyone had a wonderful 2013 and has a wonderful 2014!

Three Tips for Starting Your Home Lab

/ seanpmassey

Home labs have been the topic de jure lately, and I covered my lab in my last post.  Virtualization makes it much easier to test new products and run an IT environment at home.  As Chris Wahl said, “Having a lab is a superb way to get your hands dirty with hardware and troubleshooting that just can’t be experience in a “cloud” environment.”

But where, and how, do you get started?  Here are three tips that will help you get started without breaking the bank.

Tip 1: Start Small

A good home lab takes time and money to build up.  You won’t be able to go out and buy a few servers, shared storage, and decent networking gear to run a miniature enterprise environment in your basement.  If you’re just starting out or branching into a new area, you might not need systems that can do a lot of heavy lifting.  An older desktop, or server, might not be on the hardware compatibility list or even offer great performance, but it could be the starter environment that you use to get your feet wet on a platform.

Your lab doesn’t need to run on separate hardware either.  VMware Workstation (Windows/Linux)/Fusion (Mac) and Virtualbox are two virtualization products that allow you to run virtual machines on your desktop or laptop.  GNS3 can run Cisco IOS without having to buy actual Cisco hardware.  Performance won’t be the greatest, and it is very easy to bog down your machine if you aren’t careful, but it can be one of the fastest ways to start getting hands-on without a significant investment.

Tip 2: Look for Deals

The enterprise-grade equipment that you’d find in an office or data center is expensive, and it is priced outside of what most people would be willing to pay for hardware if it was purchased new.  But as you start working on more sophisticated things, you will want to get better equipment. 

Build Your Own Server

There are three good ways to go about doing this.  The first is to build your own servers.  Chris Wahl has a nice list of whitebox servers that members of the community have built.  The nice thing about this is that you can control exactly what components are in the system, and many of the designs listed have a sub-$1000 bill of materials before sales at Amazon or NewEgg.

Buy a New Server

If assembling a server isn’t something that you have the time or inclination for, then you can buy lower-end retail hardware.  ESXi runs on a surprising number of platforms, and the HCL includes inexpensive options like HP Microservers, Dell PowerEdge T110 II, and even the Mac Mini.  Even a low-end server or Mac Mini maxed out with RAM can easily cross the $1000 barrier, but you get the peace-of-mind of having a manufacturer warranty for at least part of the machine’s life.

Pre-Owned Equipment

Off-Lease.  Refurbished.  Pre-Owned.  Whatever you call it, it’s buying used equipment.  And like a day-old loaf of bread, it’s a little stale but still usable and much cheaper.

There is still a lot of life left in the three to five year old equipment that you can pick up.  Many of these servers will show up on the VMware HCL and run vSphere 5.1 or 5.5 without any problem.  Depending on where you get them from, you may get a warranty.

A few months ago, Scott Lowe took this route when building up his lab for OpenStack.  He picked up two off-lease Dell C6100 servers that provided him with 8 blades, 16 processors, and 192 GB of RAM.

Another possible source purchasing used equipment is your employer.  Many employers, especially larger ones, are constantly refreshing equipment in their datacenters.  Purchased equipment needs to be retained or disposed of, and your company may allow you to purchase some of that equipment if their policies allow.

eBay, Craigslist, and local computer recyclers may also be good sources of equipment, and you can often get very good deals on items that they collected from a business.

Caveat emptor applies whenever you buy used equipment.  Although most local businesses and eBayers have reputations to protect, you may not have any recourse if the server you bought turns out to be a rather large and expensive paperweight. 

All of the Above

As you build up your lab, you’ll probably end up with an odd mixture of equipment.  My lab has my PowerEdge T310 that I purchased new over four years ago and a T110 II from Dell Outlet utilizing used QLogic Fibre Channel HBAs that I picked up from a friend who runs a computer recycling business.

Tip 3: Utilize Free/Open Source/Not-for-Resale

The untimely death of MIcrosoft’s TechNet program hurt hobbyists and IT professionals by taking away a source of legitimate software that could be used almost perpetually in a home lab.  That’s been replaced with 120-day trials.  I don’t know about you, but I don’t want to be rebuilding a domain controller/DHCP/DNS infrastructure three times per year.  I pick on Microsoft here because many of the workloads I want to run in my home lab are Microsoft-based, and I find it to be a bigger pain to rebuild an Active Directory infrastructure than a virtual infrastructure.

VMware hasn’t had a TechNet equivalent for many years.  There have been murmurings in the community that it might be coming back, but that doesn’t seem likely at this point.  VMware’s trials only last 60 days on most products, although some, such as Workstation and Fusion, only have 30 day trials.  Although VMware has the free ESXi Hypervisor, the 5.5 version is crippled in that the vSphere client cannot manage machines with the latest vm hardware compatibility levels. 

If there are parts of your lab that you don’t want to rebuild on a regular basis, you will need to look to free and/or open source products beyond the Linux, MySQL, and LibreOffice that people normally associate with those categories.  Some vendors also offer Not-For-Resale licenses, although some of those offers may only be available if you possess a Microsoft or VMware Certification.

The list below does not include everything out there in the community that you can try out, but here are a few products that offer free or not-for-resale versions:

Bonus Tip: Be Creative

If you’ve ever read one of these types of lists on LinkedIn or the Huffington Post, you knew this was coming. 

If you look out in the community, you’ll see some very creative solutions to the problems that home labs can pose.  I’ve posted two of the best ideas below:

Frank Denneman built a rack for his servers using two Lack tables from Ikea.

Greg Rouche’s VSAN/Infiniband environment is built sans server cases on a wood bookshelf.

My Home Lab

/ seanpmassey / 2 Comments

The topic of home labs is a popular one lately with several people talking about it on their blogs or twitter.  They are one of the best learning tools that you can have, especially if you are a hands-on learner or just want to try out the latest technology.  I’ve had some form of a home lab since I graduated from college in 2005 and has ranged in size from an old desktop running a Windows Server domain controller to the multi-device environment that I run today. 

It’s taken me a few years to build up to where I am today, and most of my equipment is good enough to keep my wife happy that I’m not spending too much money.

The most recent upgrades to my lab were adding 4GB Fibre Channel and switching from Nexenta to OmniOS.  I have also been slowly swapping out hard drives in my storage box to bring everything up to 1TB drives.  The last one should be arriving by the end of the week.

I use both Fibre Channel and iSCSI in my lab.  Fibre Channel is used to connect the storage to the compute node, and iSCSI is used to connect to the backup server.

Compute

  • Dell PowerEdge T110 II
  • Xeon E3-1240v2
  • 32GB RAM
  • ESXi 5.5
  • 2x 50GB OCZ Vertex 2 SSD
  • 1 Bootable 2GB USB Flash drive
  • 3x gigabit NICs (2 Single Port Intel NICs, 1 Broadcom Onboard NIC)
  • 1 QLogic 2460 4GB Fibre Channel HBA

Storage

  • Dell PowerEdge T310
  • Xeon X3430
  • 8GB RAM
  • OmniOS w/ NAPP-IT Management Interface
  • ZFS (2 mirrored pairs w/ SSD Cache)
  • 3x 7200 RPM 1TB Hard Drives (1x WD Blue, 1x WD Red, 1 Seagate Constellation)
  • 1x 7200 RPM 500 Hard Drive (soon to be upgraded to a 1 TB WD Red)
  • 1 60GB SSD
  • 2x 60GB USB Hard Drives for OmniOS
  • 4 gigbait NICs (2 Onboard Broadcom NICs, 1 Dual-Port Intel NIC)
  • 1 QLogic 2460 4GB Fibre Channel HBA in Target Mode

Backup

  • HP WX4400 Workstation
  • Intel Core 2 Duo 4300
  • 4GB RAM
  • Windows Server 2008R2
  • Veeam 7
  • 80GB OS Drive
  • 2x WD Blue 500GB Hard Drives in software RAID1
  • 3 gigabit NICs (1 Onboard Broadcom NIC, 1 Dual-Port Broadcom NIC)

Network

  • Firewall/Router – Juniper SRX100
  • Switch – Linksys 48-port gigabit switch

Where I Go Spelunking into the Horizon View LDAP Database–Part 2

/ seanpmassey

In Part 1 of this series, I shared some of the resources that are currently available in the greater VMware View community that work directly with the View LDAP database.  Overall, there are some great things being done with these scripts, but they barely scratch the surface of what is in the LDAP database.

Connecting to the View LDAP Database

Connecting to the VIew LDAP database has been covered a few times, and VMware has a knowledgebase article that covers the steps to use ADSI edit on Windows Server. 

Any scripting language with an LDAP provider can also access the database.  Although they’re not View specific, there are a number of resources for using scripting languages, such as PowerShell or Python, with an LDAP database.

Top-Level LDAP Organizational Units

LDAP OUs

Like Active Directory or any other LDAP database, there are a number of top-level OUs where all the objects are stored.  Unlike many LDAP databases, though, the naming of these OUs doesn’t make it easy to navigate and find the objects that you’re looking for.

The OUs that are in the View LDAP Database are:

Organizational Unit Name

Purpose
Applications Pool, Application, and ThinApp settings
Data Disks Persistent Desktop Data Disks
Hosts ?? Possibly Terminal Server or Manual Pool members
Groups View Folders and Security Groups/Roles
ForeignSecurityPrincipals Active Directory SIDs used with View
Packages ?? Possibly ThinApp repositories or packages
People ??
Polices Various system properties stored in child container attributes
Properties VDM properties, child OU contains event strings
Roles Built-in security?
Servers Desktops
Server Groups Desktop Pools

You may notice that a few of the OUs have question marks under their purpose.  I wasn’t able to figure out what those OUs were used for based on how I had set up my home lab.  I normally don’t work with Terminal Server or Manual pools or ThinApp, and I suspect that the OUs that aren’t defined relate to those areas.

This series is going to continue at a slower pace over the next couple of months as I shift the focus to writing scripts against the LDAP database.

Book Review–The Phoenix Project

/ seanpmassey

Rating – Highly Recommend

When I sat down to start writing this review, it was almost 11:30 PM on Friday night.  For some reason, I’m wired even though I’m running on about five hours of sleep total.  My mind is racing, and I can’t get it to settle down.  So, I’ve decided to try writing my first book review instead.

I’ve just finished reading The Phoenix Project (Amazon)(Barnes and Noble) – a book about how IT is intertwined with the business and is now a critical role in it’s success or failure.  Modern businesses live and die by the information that is contained in and produced by those system.  If they don’t work, the business doesn’t work either.

The book follows Bill, a mid-level IT manager who gets gets a surprise promotion to acting VP of IT Operations one morning and has to take charge of an IT Operations group that is overworked to the point of being dysfunctional.  The group is sorely lacking in basic IT practices like adequate change control procedures that cause numerous severity 1 outages that bring the business to its knees, poor relationships with other departments, no budget, and most of the knowledge living inside the head of the senior systems architect.  At the start, Bill has to scrape by with what he has.

Bill is accompanied on this journey by Patty and Wes, the two department managers within IT Operations who act as Bill’s superego and id respectively; Brent, the systems architect who is the cause of, and solution to, many of the problems they face early on; John, the CISO who is loathed by everyone around him; and Steve, the CEO of “Parts Unlimited” who promoted him. 

Other key players include members of the senior management staff such as Chris, the acting CIO and head of Development, Dick, the CFO/COO, and Sarah, the …um…ambitious and troublemaking VP of Retail Operations and the driving force behind Project Phoenix, the expensive and expansive IT project that “Parts Unlimited” has staked its future on.

The story wouldn’t be complete without the enigmatic Eric, a prospective board member who acts as an eccentric mentor to Bill, John, and others at Parts Unlimited.  It is through Eric that Bill is introduced to many of the bits and pieces that will transform him and the Parts Unlimited IT Team.  In some senses, he’s the Yoda or Dumbledore to Bill’s Luke Skywalker or Harry Potter by not always giving the answers or answering with another question.  Eric also comes off as an author avatar at times to discuss the concepts that the book is trying to teach.  This isn’t necessarily a bad thing, though, because they allow Bill to reach many of the conclusions himself.

Overall, the characters are flat.  I’m not sure if they were intentionally designed to be that way to act as self-inserts or if it is because the authors are trying to present a management text as a work of fiction.  Either way, its not too big of a detriment to the concepts that the book is trying to teach.

There are a number of factors that come off a little too unrealistic for my tastes – the changes happen very quickly and without much resistance, or everyone comes around in the end to that way of doing things.  Or Wes falling in line under Bill rather quickly.  But like I said with the characterizations, this isn’t critical to what the book is trying to accomplish.

Where The Phoenix Project excels is breaking down the ideas behind lean operations such as kanban and the Toyota Production System and presenting them to technical people who might not have been exposed to them.  It also does a good job avoiding overly technical jargon and of comparing IT operations to that of a factory floor in order to make it accessible to non-technical managers who want, or need, to know about IT and how it relates to and integrates with the operation of a business.

It’s also spurred my interest in learning more about some of the lean manufacturing and continuous improvement process techniques.  I’m not the management type – I see myself as more of a systems architect – but I can see how techniques that are used on a production floor can be applied to improving IT operations – even if it is something as simple as automating routine operations like account creation or virtual machine deployments.  It also gives me an excuse to dig out my copy of Dr. Eliyahu Goldratt’s The Goal that I received from a former boss of mine as it is heavily referenced in the book.

The Phoenix Project would have been a great book for my boss at my last job.  She had been hired to oversee one department and had IT tacked onto it as one area of responsibility.  This would have given her a management-level perspective of what IT is about and would have better prepared her for managing that group without bogging her down in technical minutia.  This isn’t meant as a slam against her – in the year I worked under her, she learned a lot about IT and was able to instill a customer-oriented focus in the organization, but this type of resource may have better prepared her for the challenges that overseeing an IT Department presented and helped us better address the bottlenecks that we had as a department as a result of the focus change.

Provided that this book is approached as a management text disguised as a novel, I highly recommend this book to anyone who is in IT, especially if they aspire to a management or senior technical role.  I also think this book would be a good read for non-technical senior management.