UKVMUG USER/CON 2019 – Space the final frontier.

This is an event I look forward to all year and once again it didn’t disappoint.

This was the second year at the National Space Centre in Leicester, which saw me getting up at 5:30 am to take a couple of trains, and one bus to arrive there on time. Totally worth the journey. This year the UK VMUG was a couple of weeks earlier than last year.

This venue is about the right size for this event and the whole space theme lends a bit of novelty to the proceedings. I’m still surprised after all these years that this event is free.

As is becoming tradition Joe Baguley gave the opening keynote. He went into a fair bit of detail about AI and the various misconceptions between (what is commonly thought of as AI), machine learning, deep learning, and data analytics which was very interesting. The closing keynote was given by Dr Anu Ojha, but more about that later.

There was a great collection of vendors there. Lots of very interesting tech on show, including some old favourites like Veeam, Zenoss, HP, and Google Cloud. (to name a few).

My Favourite Sessions, in no particular order.

There is always a good selection of sessions and the first one I attended was given by Ed Gummett of Veeam. I’m a big fan of Veeam Backup and Replication and was looking forward to finding out whats new. The discussion revolved around cloud and how Veeam has grown its products to take advantage of that. Of particular interest was the new features coming in version 10.

From there I went across to “VMware: What’s new in VMware End User Computing” presented by Darren Hirons. Much of the talk was about the new features in Workspace One, Horizon Cloud, and a bit about App Volumes 4. If you are into EUC take a look over at VMware’s EUC Blog here. After the lecture I went up to present Darren with a bunch of questions i had about the upcoming App Volumes 4.0.

After lunch and walk around the centre, I attended “VMware: NSX-T Container Level Networking & Security” by Joshua Coulling. This talk actually surprised me quite a bit. I though it would be quite dry but in actual fact I found it interesting how NSX and containers can work together as well as gaining a better understanding of kubernetes as a whole. Joshua clearly know his stuff and was happy to answer my “no-so-bright” questions when I went up to meet him after the talk.

Closing Keynote.

This was so unexpected and absolutely fascinating. The closing keynote was given by Professor Anu Ojha. He took us through current space exploration, the benefits of investing in space technology and research (which provides quite a good financial return) and its practical applications. There is a push to invest more, including returning to the moon in 2024 and further out, a manned mission to mars. the talk was about 45 minutes long and I just sat there in completely mesmerised at how incredible “space science” really is.

And that wrapped up another really great UK VMUG.

As always I came away with a bunch of new information, both from vendors and VMware itself. It can be nicer to be in these smaller venues as I find it easier to approach the speakers after the talks and take up a bit of their time with questions.

If you haven’t been before, what are you waiting for?

How to setup Dynamic Environment Manager – Installing the Management Console.

[Edit – 31/10/19 – Updated for Dynamic Environment Manager]

In this post we’ll be installing the management console and starting it for the first time. This is what I really like about this solution “No server backend. The management console is a fairly small executable and once installed gets pointed at the share we put together in the previous post, where it goes off and creates the folder structure, if it isn;t already there.=.

It’s a smart way of controlling desktops and in my opinion is much more powerful and flexible than using GPO’s.

Installing the Management Console.

  1. Extract the downloaded DEM ZIP.
  2. Run the executable VMware Dynamic Environment Manager
  3. Click Next.
  4. Tick “I accept the terms in the License Agreement“.
  5. Click Next.
  6. Select Typical and click Next.
  7. Unselect VMware DEM FlexEngine and Select VMware DEM Management Console.
  8. Click Install.
  9. Click Finish.

Installing the Management Console.

  1. Select Start -> VMware DEM -> Management Console.
  2. During the first run you’ll be asked for the location of the confguration share.
  3. Select Application Migration and Click OK.

We’re almost ready to go. Next we need to install the agent onto a desktop. This can be a physical or virtual machine.

How to setup Dynamic Environment Manager – Setting up the config share

The first step we need to take on the road to DEM domination is to get the share setup. This will hold the configuration files that the agent will read to apply to the desktop. Once the share is setup you install the DEM manager and point it at the share, at which point it will create the initial directory structure, if it isn’t already there.OK

There are two types of permissions we need to address. Share permissions and security permissions. Thankfully in this case we’ll set the same for both. The DEM admins will need full control and DEM users will need read only. I’d consider it best practice to create separate AD groups called DEM admins and DEM Users.

Creating and configuring the DEM Share.

  1. Connect to your file server. When testing this out in my lab I just created a share on my DC, but in a prod environment you’ll want to get this setup on a dedicated file server.
  2. Create a folder. In my case I called it DEMConfig.
  3. Right click on the folder and select properties. Select the tab labeled Sharing and click Advanced Sharing.
  4. In the Advnced Sharing window check “Share this folder”. If you add a $ sign to the end of your folder name it becomes hidden from casual browsing. Click Permissions.
  5. Select Everybody and click Remove. Click Add and add your DEM user and Admin groups. The DEM Users should only have read and the DEM Admins should have full control. Click OK. Click OK.
  6. Back in the Properties windows select the Security tab and click Edit. Add the DEM user and administrators.  The DEM Users should only have read and the DEM Admins should have full control. Click OK. Click OK.

Now we’ve created the share it’s on to installing the management console and putting together the first XML file for noAD mode.

 

How to setup Dynamic Environment Manager – Intro

[Edit – 31/10/19 – Updated for Dynamic Environment Manager]

In the next few posts wel’ll look at setting up Dynamic Environt Manager. User Environment Manager or Dynamic Envirnment Manager as its now called is a very powerful tool for EUC. It gives admins a very flexable way to configure desktops without needing to work the base image. VMware are pushing it as a replacement for Persona Manager, which makes sense as then they do not need to support two products. Persona manager can be configured to use physical as well as virtual desktops.

DEM can have its initial config delivered through GPO or, in the case of noAD mode, an XML file. Infact all configuration is pickedup via XML files. The management dashboard is a local install of a few hundred MB which you point at the file share, and really only makes sure the formatiing is correct. All the hardwork is done via the agent. There is an argument to be had about whether or not to have some of the desired config baked into your parent images. I prefer to have as much of the the config delivered via DEM as possible to prevent any more recomposes than nessesary.

I particuarily like the fact that this product does not need a server backend and can run without the need for active directory GPO’s. Infact to get up and running there are only 4 things to setup.

  1. File share and correct permissions
  2. The Managment interface
  3. The various customisations you’d like
  4. And (obviously) the agent on the parent image (or physical machines

The next post will look at getting the file share setup.

 

How to setup ThinApp and package an application.

I like ThinApps, I really do. They’re efficient, easy to create, portable and they just work (most of the time). They can be streamed, deployed locally, and are a great way to run older, legacy apps on later OS’s (although the last bit might not technically be supported).

We’re got to go through the process of installing ThinApp and then creating our own ThinApp. It’ll be a basic app but will still work.

Before we start you’ll need the following:

  • A clean install of windows, in this case I’m using Widows 10.
    • Fully patched
    • My preference is to have no AV installed. It doesn’t really matter as we’ll be rolling the VM back to a clean snapshot at the end.
  • The Thinapp Installer which can be downloaded from VMware’s website
  • An app to install and package. Make sure its from a trusted site. I’ve used Notepad++ for this particular post.

Deploying ThinApp Enterprise.

  1. On your “clean” VM, run the ThinApp installer
  2. Accept the security warning. Click Yes.
  3. You’ll be presented with a patent wall. Click Next.
  4. Like everybody does, read the License agreement and Select “I accept the the terms of the license agreement.” and click Next.
  5. Here you’ll need to enter in your Horizon View License and give it a name. Click Install.
  6. Once the installer is done Click Finish.
  7. You’ll now see three new icons in your Start Menu.
  8. Now that we have ThinApp installed, Shut down your VM and take a snapshot. You’ll want to have a clean state every time you go to package a new app.

Packaging an App.

Our first App is going to be Notepad++. Its a great little app and, in my opinion, should be part of any VDI deployment.

  1. Start ThinApp Setup Capture.
  2. At the User Account Control, Click Yes.
  3. Click Next.
  4.  Here we’ll trigger the prescan. This is where ThinApp goes off and profiles the current system state, hence the need for a clean system. Click Prescan.
  5. Go ahead and install you app. I would strongly recommend that you start it at least once, to finish any post install config, before clicking Postscan, which will trigger a second profiling of your system to see what has changed.
  6. Just to confirm what I said above. Click OK.
  7. Select the Executable file. I’m installing NotePad++ here so it makes sense to select the notepad++.exe executable. As its a ThinApp I’ll not be needing any of the other executable. Click Next.
  8. We’ll be importing this into our connection server later so won’t be managing this with VMware Workspace.
  9. I want everybody to be able to run this but you might want to restrict it to certain groups. Click Next.
  10. I’m installing an editor so it makes sense to me to have it be able to access as much as possible. Click Next.
  11. We’re running this app through Horizon View and want the setting and hostpry to persist so I’ll leave the default here. Click Next.
  12. So this step depends on your companies security policy. Most I would imagine don’t want any information sent out. I’m using this in a lab so I don’t mind to send the usage info out. Make your selection and Click Next.
  13. Name your App. I’ve kept the default but added the version number. If you have a central location for your apps, you can also set it here. Click Next.

  14. IThe package settings are usually fine as they are. I did however select Generate a MSI Package. In the next post we’re going to look at the two ways to deploy a ThinApp though Horizon View. Click Save.
  15. All the various changes that were made during the App install, such as file creation, reg keys, etc. Will be put into a build folder. This can take a while depending on the size of the App.
  16. And now we get to trigger the build, you have the option of editing the ini file to change some of the more advanced options that were not available during the profiling.. This can take a bit of time. Click Build, and go get yourself a coffee.
  17. If successful you’ll see an output similar to the below.
  18. Your app is built, packaged, and put into the specified folder. As you can see I have two files; one the exe that I chose as the entry point, and the other is the MSI, which we”ll use in the next post.
  19. Once you’re done, copy the files out of the VM and roll back the snapshot. Unless you are putting together a bunch of apps (which I wouldn’t recommend with ThinApp)  its always best to start in a clean state.

Packaging an App can take awhile but for some deployments it make perfect sense.

Horizon View – How to add a second Connection server (Replica server)

Looking at the design from the previous post we want to have a degree of redundancy and to do that we’ll need a second Connection server also known as a replica server.

We’ve already built our first connection server here and done some configuration here and some certificate stuff here.

Continuing on I’ll be using Horizon View 7.7, it is the latest and greatest (at the time of writing). I did redeploy my lab with 7.7, and the previous posts are still relevant if you’d like to back and inst all your own lab.

Before we begin make sure you have a Windows 2018 or 2019 server ready to go with a certificate installed.

Installing the 2nd Horizon View Connection server (Replica Server).

  1. Connect to the server you will be using as your Replica server.
  2. Copy across the installer and double click to run.
  3. Click Yes. To accept the UAC warning.
  4. Click Next.
  5. Select “I accept the terms in the license agreement” and click Next.
  6. Here you can change the installation location if you prefer. Click Next.
  7. On the Installation Options window:
  8. Select Horizon 7 Replica Server as the install.
  9. Select  “Install HTML Access”, this is technically not necessary but I would recommend it, especially if you have enabled it on the first server.
  10. Select the IP protocol you use. IPv4 would be the most common I expect
  11. Click Next.
  12. Enter in the name of the first installed Horizon View server. Click Next.
  13. Select whichever is appropriate for your environment, bearing in mind that most companies will have the servers firewall controlled via GPO. So check with your Windows and Security guys. In this case I want the firewall of this server to be configured automatically. Click Next.
  14. Select whether you’d like the local Administrators Group to have Admin rights to view. This can be changed later but I generally prefer not to from the start. Click Next
  15. Click Install.
    At this point the installer will go off and install all the same bit and pieces that is needed for the connection server and then goes through a process of setting up synchronisation  between the two servers. Hat off to VMware here, this process is really well done.
  16. Click Finish
  17. If you log into your Connection servers and take a look under View Configuration you’ll see both Connection servers.

Now that we have the two connection servers, we can move on to the next topic and we’ll setup two App Volume servers and the post after that we’ll put together some apps.

Horizon View – Design and Considerations

During the last few posts we put together a SQL server, Connection Server, Linux desktop, setup certificates, and created a working Manual working desktop pool.. A Basic working deployment of Horizon View that’s good for kicking the tires but very labour intensive to maintain in production.

In a production environment there is much more to consider than just what we’ve thrown together. Availability, security, logging, monitoring, alerting, desktop pool. Desktop OS, budget, to name a few.

Before jumping in and creating an awesome design you’ll always want to find out exactly what the requirements are. “Because” is not an answer. For example, you should be asking questions along the lines of:

  • What do the different stake holders think they are getting?
  • What does your network look like?
  • What kind of security do you have between your networks and/or VLANs
  • Is redundancy and resilience a factor to consider, and yes, they can be different things.
  • Do you have approved Windows or Linux builds?
  • Patching schedule?
  • Do you have a standard user base, or is this intended for users with differing requirements? e.g. dev, eng, admin?
  • Does this service need to be available externally, or is it an internal service only?
  • Have you met with security?
  • Apart from the requirements, have you evaluated the risks and constraints?
  • In the absence of concrete answers have you made your clients/manager aware of any assumptions you’ve made? e.g. “The project plan assumes that the current in server disk controllers will be replaced with HPE P416ie controllers for VSAN compliance.”

When working out the Requirements, constraints, risks, and assumptions be specific. Ambiguous or open ended answers will lead to scope creep and make your job more difficult.

However for the next set of posts we’ll be going through and fleshing out the environment with these (very) high level requirements

  • n+1 redundancy of the VDI deployment.
  • External Access
  • Load balanced (If possible)
  • Two different types of users. Dev and technical admins
  • Two different desktop OS’s available.
  • Profile to persist between sessions.
  • Security – no copy and paste, 2FA, logging, only applicable ports open between VLAN’s
  • Monitoring

This is more that enough to get us going back and asking many, many questions but for now we’ll pretend that most of them have been answered.

So that we don’t go off piste too much I’ll be mostly sticking to a stripped down version of VMware’s reference Architecture for the mobility suite that can be found here but slightly modified. The diagram below is partially from the linked page and modified to fit into my lab (hopefully). I’ll also make sure I reference any other blogs that i pull info from.

P.S. For the ESXi servers, I’ll be using William Lam’s most excellent ESXi servers that can be deployed via OVA onto either ESXi or Workstation/Fusion

UK VMUG USERCON – 13 December 2018

If you haven’t been to a VMUG before I would highly recommend them. I can’t speak for other countries but the VMUG events in the UK are usually very good and the best of them is the Annual UK VMUG. Every year it seems to get bigger and better.

It’s more or less like a mini VMworld. There’s a space for the sponsors (tiny solutions exchange), lots of swag, food and of course various sessions, discussing a wide range of topics from vendor specific, to VMware cloud on AWS, to Automating VDI. Best of all the whole experience is free.

This year saw the event move from the National Motorcycle Museum to the National Space Centre in Leicester, which was an interesting choice. I did take a bit of time out to explore the center. Also this year, since I had decided not to go up the day before, I missed out on the vCurry.

Joe Baguley gave the opening keynote which went into a bit of detail about where technology has been, how its evolved, the IoT (Internet of Things) and also covered topics like the difference between machine learning and AI. Duncan Epping gave the closing session, looking at where VMware are heading, their focus, and how they intend to achieve it. Both very informative and funny to see them take friendly jabs at each other.

My three favourite sessions (in brief):

The first two sessions I attended were about VMware Cloud on AWS, the first was presented by VMware and the second by AWS. Both sessions were an introduction to the server but from different angles. It was actually quite interesting.</p?

After Lunch I went along to Automating VDI tasks by Michael McDonnell who was presenting work he had done with Chris Hildebrandt on automating key parts of a massive VDI farm. Of all the sessions I attended that day, this one was the most interesting. Chris has a GitHub repository where he publishes his code in addition to his blog.

I came away with quite a lot and not just the swag raid. It’s always good to connect with the community see some familiar faces and some new.

If you have the time and your work will let you go, VMUG’s are absolutely worth a visit.

Horizon View – How to create a Manual Desktop Pool

This is the most simple of pools that you can create. It requires a Desktop VM that has the Horizon view agent installed. It doesn’t really matter if its Windows or Linux as long as the Desktops are built and ready to go.

Before anybody asks, there are a few legitimate reasons that you’d want to have a manual pool. The most obvious be that the company security policy is that all Desktops need to be deployed from a central location such as a RedHat satellite server.

  1. Connect to your View Connection Server https://<connection_server>/admin with an account that has administrator permission.
  2. Expand Category and select Desktop Pools.
  3. Click Add.
  4. Select Manual Desktop Pool and click Next.
  5. Select Dedicated . Its up to you whether you select Enable Automatic Assignment. All it does is automatically assign a user to a free desktop, which will be a permanent assignment. Click Next.
  6. Select vCenter virtual machines. Click Next.
  7. Select your vCenter and clict Next.
  8. Fill in a name for the ID and a Display name. While you can change the display name, teh ID name won’t change. 
  9. In this page there a quite a lot of options you can configure, I’ll break them down in a later post but for now select HTML Access as this will allow us to connect to the desktop using a browser and click Next
  10. Select the VM’s you’d like to add to the pool, click Add and click Next.
  11. Click Next
  12.  Select Entitle Users After this wizard Finishes to add users. `This will allow you to add users after the wizard finishes. Not necessary but a bit of a time saver. Click Finish.
  13.  Once you’ve finished the New Pool wizard the entitlements wizard opens if you’ve selected it in the previous step. Click Add.
  14. In the Name/User name box type the name of the group or user you’d like to add and click find. Once it appears, select it and click OK. In production environments you’d usually add an AD group rather than an individual user. This allows for greater flexibility and monitoring.
  15. To entitle other groups or users click add or if you are finished click close.

Testing our new pool.

  1. Log out of your Connection server and connect back to the server but this time without the /admin. just https://connection_server; Log back in as a regular user that is entitled to the Desktop pool
  2.  Click VMware Horizon HTML Access.
  3.  Enter in your username and password, and click Login. 
  4.  Select the pool you created earlier. In my case I called it Manual_01. 
  5.  If everything went according to plan you’ll now have access to your VM.  

Troubleshooting:

  • If you experience issues connecting via the web interface go back and have a look at step 9, did you tick the box to enable HTML access?
  • Can you connect using the full client?
  • Check the firewall on the Desktop OS. The agent on the desktop needs to speak to the connection server on port 4001.
  • Is the View agent installed?

We’ve created a very basic pool. Next few posts will look whats needed to create an automated Desktop pool using both Windows and Linux. We’ll also look at optimizing the Widows Desktop, including various design and storage considerations,  As well as discussing the various options available in the Desktop Pool wizard.

Horizon View – How to install the Linux Desktop agent.

In the previous post we looked at joining the Linux desktop to an Active Directory domain. While its not necessary for Linux desktop to be domain members I feel it should be done if a domain is available.

As before we’ll be focusing on two business ready distro’s; Centos 7.X (RHEL) and Ubuntu 18.04 (LTS). We’ll get the correct dependencies setup, and the agents installed.

To begin I have deployed CentOS 7, with a GUI (Gnome) and Ubuntu 18.04 LTS. VM’s. Both VM’s are fully patched and running the latest available official kernels as of 16/11/18. A local user has been created during install time called viewuser01. The VM’s are called centosdt-01 and ubuntudt-01 respectively. Static IP’s have been assigned. Ubuntu is running the GNOME desktop and CentOS is running KDE.

In addition I would recommend you go and take a look at this page System Requirements For Horizon 7 for Linux.

[EDIT 26/01/19]: Depending how your VM is installed you might get an error when trying to install the agent stating that the hostname is resolvable.  This is common if you are setting up a template to be referenced by an automated desktop pool and the hostname of the desktop pool isn’t in DNS. The fix is to add the hostname to the /etc/hosts file next to the entry 127.0.0.1.

Ubuntu:

Only certain desktop environments are supported in Ubuntu and unity is not one of them. VMware have written a kb detailing how to change the desktop in Ubuntu:  KB2151294.  Since I’m using 18.04 LTS its not an issue as the default desktop is Gnome.

  1. Open a terminal and run the following to update and install dependencies. Note that you’ll be asked to choose a display manager, choose lightdm:
  2.  sudo apt-get update
    sudo apt-get -y upgrade
    sudo apt-get -y install open-vm-tools python python-dbus python-gobject lightdm 
  3. Reboot (might not be strictly necessary but if there is a kernel update its a good idea)
  4. Download or copy across the VMware Linux agent. (Currently VMware-horizonagent-linux-x86_64-7.6.0-9857537.tar.gz)
  5. Open a terminal and locate the downloaded agent. Usually in /home/<user>/Downloads/
  6. Unpack the file.
  7.  tar zxvf VMware-horizonagent-linux-x86_64-7.6.0-9857537.tar.gz 
  8. Change into the unpacked directory
  9.  cd VMware-horizonagent-linux-x86_64-7.6.0-9857537 
  10. Run the installer, type y to accept the EULA
  11.  sudo sh ./install_viewagent.sh 
  12. Reboot your VM
  13.  sudo reboot 

Ubuntu is configured and ready to go.

CentOS:

It’s usually easier to get dependancies resolved in CentOS and CentOS is “aware” its running as a VM and will usually have the open VMtools installed.

  1. Open a terminal, switch to root and run the following to update and install dependencies, and fix the networking.
     yum -y update&amp;amp;amp;amp;lt;/li&amp;amp;amp;amp;gt;&amp;amp;amp;amp;lt;li&amp;amp;amp;amp;gt;&amp;amp;amp;amp;lt;pre&amp;amp;amp;amp;gt;yum -y install glibc
    virsh net-destroy default
    virsh net-undefine default
    service libvirtd restart
    
  2. Reboot (might not be strictly necessary but if there is a kernel update its a good idea),
  3. Download or copy across the VMware Linux agent. (Currently VMware-horizonagent-linux-x86_64-7.6.0-9857537.tar.gz)
  4. Open a terminal and locate the downloaded agent. Usually in /home/<user>/Downloads/.
  5. Unpack the file.
     tar zxvf VMware-horizonagent-linux-x86_64-7.6.0-9857537.tar.gz 
  6. Change into the unpacked directory
     cd VMware-horizonagent-linux-x86_64-7.6.0-9857537 
  7. Run the installer, type y to accept the EULA
     sh ./install_viewagent.sh 
  8. Add a Firewall rule so that the agent can talk to the Connection server
     firewall-cmd --add-port=4001/tcp --permanent
  9. Reboot your VM
  10. reboot 

CentOS is configured and ready to go.