Preparing for Horizon View – SQLExpress

Quick Post

As a database SQL Express is pretty good. It has size restrictions built in but it is a full working MSSQL database engine and works quite well with Horizon View, although not supported at all.

To be able to connect to it from another server, one running the Horizon View connection server for example, you’ll need to enable TCP connections.

  1. Start the SQL Server Configuration Manager.
  2. Click yes
  3. Expand SQL Server Network Configuration, Select Protocals for SQLEXPRESS, Right click Enable. Once the status reads enabled, right click again and select Properties.
  4. In the entry for the IP address of the server switch Active to Yes.
  5. Scroll down to the bottom of the window and under IPALL set the TCP Port to 1433.
  6. Restart the Server

This and allowing incoming connections through the firewall got me connected and using the events logging in the Horizon View Connection Server.

Preparing for Horizon View – Connection Server Certificate.

Doing a straight forward install of the connection server is fairly easy. its mostly next-next-next. However since we are trying to do this deployment as close to prod as possible we want to get a certificate installed from the root CA we setup in an earlier post.

Post deployment task- Certificate install.

The instructions below are to be run on server you’re intending to install the Horizon view connection server on.

  1. Click on the windows icon, type mmc and select it to start the mmc.
  2. Accept the security warning.
  3. Click file then Add/Remove Snap-in.
  4. Select Certificates -> Add -> OK.
  5.  Select Computer Account -> Next.
  6. Select Local Computer -> Finish.
  7. Click OK.
  8. Expand Certificates, Right Click on Personal -> All Tasks -> Request New Certificate…
  9. Click Next.
  10. Highlight Active Directory Enrolment Policy and click Next.
  11. Check Computer, expand the Details and click Properties.
  12. Type vdm in Friendly name  and select Private Key.
  13. Expand  Key Options and select Make private key exportable. Select Certification Authority.
  14. Make sure the correct certificate authority is chosen anf click Apply.
  15. Click Enroll.
  16. Once the certificate has been issued click Finish.

Once the certificate has been installed you’ll see a new folder under Personal called Certificates. In there you’ll find the certificate issued by the root CA.

Preparing for Horizon View – Setting up the Database – 2 of 2

Part of this Horizon view deployment will be to have the connection server logging its events and a configured view composer server. For this we’ll need two databases.

While I am working with the Express version of MSSQL, the following steps will also apply to other versions of MSSQL (excluding the Linux version). In a production environment you definitively will want to run either standard or enterprise. There is also the developer edition, which is a full featured version for testing and development only.

One quick change before we begin:

  1. Start the Microsoft SQL Server Management Studio.
  2. Select Connect to login.
  3. Right click the server name and select Properties.
  4. Select Security and change the Authentication mode to SQL Server and Windows Authentication Mode and click OK.
  5. Click OK. While you can restart the service to get the new security changes to apply, I usually just reboot the server.

 

Setting up the Horizon View Events Database and creating the user.

  1. Start the Microsoft SQL Server Management Studio.
  2. Select Connect to login.
  3. Expand the instance, right click on Database and select New Database…
  4. Give the database a name. I chose ViewEvent.
  5. Select Options and make sure the options match the attachment below and click OK.
  6. Expend Security, right click Logins, and select New Login…
  7. Type in  a name for your user (I used ViewEvent). Select SQL Server authentication and type in a password. Unselect Enforce password policy. Change the Default database to ViewEvent or whatever you named you database in step 4.
  8. Select User Mapping. Select the database you created above and in the bottom pane select db_owner.
  9. Click OK and we’ve successfully created the Events database and user. Now onto the composer DB.

 

Setting up the Horizon View Composer Database and creating the user.

  1. Start the Microsoft SQL Server Management Studio.
  2. Select Connect to login.
  3. Expand the instance, right click on Database and select New Database…
  4. Give the database a name. I chose ViewComposer.
  5. Select Options and make sure the options match the attachment below and click OK.
  6. Expend Security, right click Logins, and select New Login…
  7. Type in  a name for your user (I used viewcomp). Select SQL Server authentication and type in a password. Unselect Enforce password policy. Change the Default database to ViewComp or whatever you named you database in step 4.
  8. Select User Mapping. Select the database you created above and in the bottom pane select db_owner.
  9. Click OK and we’ve successfully created the Composer database and user.

In this part we’ve created the two main DB’s we’ll need for view. So just something to note. In this setup I have used SQL accounts for the databases however in most prod environments that would most likely be heavily discouraged. If you do choose to go down the domain account route then you don’t need to change the authentication mode.

Preparing for Horizon View – Setting up the Database – 1 of 2

Part 1 of 2

In the first part of this post I’ll go though installing SQL express and the SQL Management Studio.

You can download SQL express here and the SQL Management Studio here.

Installing SQL Express 2017

  1. Copy the SQL Express and Management Studio Files across to the Windows server you’ll be using as your DB server. I’m my case the Composer server is going to double as the DB server.
  2. Connect to the windows server with a user that has been granted local administrator rights.
  3. Locate and run the SQL Express installer.
  4. Accept the security challenge. Click Yes.
  5. Click Basic.
  6. You can read the license terms if you like. Click Accept.
  7. Click Install.
  8. Click Close. You can click Install SSMS. It won’t actually install SSMS, It’ll just take you to the page where you can download the installer

Installing SSMS 2017

  1. Locate and run the SSMS Installer.
  2. Accept the security challenge. Click Yes.

  3. Click Install.
  4. The install will take a good few minutes.
  5. Click Close.

Nice and easy.

Next post. Creating and setting up the databases.

Preparing for Horizon View – Setting up a root CA.

While Horizon View does come with self signed certificates but it is always best, in a production environment, to your own SSL certificates.

I connect to my lab remotely using, either my laptop, or other mobile device and like to know that my connection is secure.

If you don’t want to setup your own cert server Lets Encrypt is a public CA and does offer certificates (wild card certs too) for free. If you do choose to use them please consider donating. They are an opensource and free setup and could use your help.

Installing a root CA.

I used a windows 2016 server for this deployment.

  1. In the Server Manager window click on Add roles and features.
  2. Select Role-Based or feature-base installation and click Next.
  3. Select the local server and click Next.
  4. Select Active Directory Certificate Services, and click Next.
  5. Check Include management tools (if applicable). Click Add Features.
  6. Click Next.
  7. Click Next.
  8. Click Next.
  9. Click Next.
  10. Select Certificate Authority. Click Next.
  11. Click Install.
  12. Once the install is complete Click Close.
  13. Once the Install is finished we need to complete the post install tasks. Navigate to Server Manager and click on the alert icon. Click on the post deployment task that needs to be completed.
  14. If you need to change the credentials do so here. I just used the creds I was logged in with. Click Next.
  15. Select Certification Authority and click Next.
  16. Select Enterprise CA and click Next. You can select Standalone CA if that’s what you need. The options might be slightly different.
  17. Select Root CA and click Next.
  18. Select Create a new private key and click Next.
  19. Select the following:
    1. Cryptographic provider – RSA#Microsoft Software Key Provider
    2. Key length – 2048
    3. Algorithm – SHA256
    4. Click – Next.
  20. Leave the defaults and click Next.
  21. Select the validity period of your certificate. (I chose to leave it at 5 years. In a prod environment you might want that to be less). Click Next.
  22. Leave the defaults and click Next.
  23. In the final window check your settings and click Install.

And that’s it, we now have a working root CA!

 

Working VMware’s VDI Solution.

Over the last couple of months (with another work colleague) I’ve been looking into Horizon view 7.4. (edit: and now 7.5)

So far I really like what I see. It looks like VMware has put  fair amount of effort in the the product lately. From instant clones (windows and Ubuntu) to automated full fat clones for Linux, the product is really starting to look slick.

The next series of blog posts will be covering the installation and configuration of Horizon view, setting up various different solutions (Linux desktops, View security server and as an alternative the Unified Access Gateway, etc) and will take a look at the various “additionals” available, this includes the paks for vRealise Operations Manager and Log Insight.

So what will we need and be setting up to get the basics going?

  1. Lab (I’ve covered how to build this a while back, its a bit old but should still get you started).
  2. Certificate Authority for our domain.
  3. SQL server 2016 Express and SQL server 2016 management tools. Note: While the express version of SQL sever isn’t on the interoperability matrix it does work.
  4. A minimum of 3 Windows servers which will run:
    1. View Connection server
    2. View Composer Server, which will also run our instance of SQL express.
    3. View Security Server
  5. Horizon View Software (Download the lot)
  6. Windows 10 Enterprise
  7. 2 Popular Linux Disto’s.
    1. Centos
    2. Ubuntu

While there can seem to be quite a lot of moving parts, I would expect most prod environments to have access to either SQL standard as a minimum or Oracle (12C standard release 1 and 2 are supported) as well as a CA (certificate Authority).

Our three windows servers, which will form the base of our deployment,  will be configured as follows:

  • Windows 1 – Connection server
  • Windows 2 – Security Server
  • Windows 3 – Composer and SQL Express server

Before we run through the View install’s I’ll first go through setting up and configuring the CA, getting the cert onto the windows connection server, and configuring SQL for the two DB’s we’ll need.

Getting William Lam’s Awesome ESXi 6.5u1 Virtual Appliance to run in Fusion and Workstation (The Lazy Way!)

William Lam, The Official (to me anyway) master of nesting just about everything, has been putting together ESXi virtual appliances for quite some time.

You can find them over here:

Before you read on, please note that all the hard work has been done by William Lam and if you live under a rock and haven’t come across his website  before please go and check it out over at https://www.virtuallyghetto.com.

Honestly, once you’ve rebuild your lab more then twice the novelty wears off fast. That’s what makes these appliances are incredibly convenient.. It takes literally 2-3 minutes to have a fully functioning deployed Nested ESXi host, with all the little bits and pieces of config and vibs you would normally have to go in and setup yourself. Only one small problem, while it deploys into ESXi just fine and dandy, it doesn’t deploy onto fusion/workstation because it has virtual hardware that just isn’t compatible with Fusion/Workstation. 🙁

BUT the 6.0u3 VA does deploy without a problem.

Lazy Method:

  1. Download both the ESXi 6.0 Update 3 Virtual Appliance and the ESXi 6.5 Update 1 Virtual Appliance.
  2. To keep things neat create two folders called “ESXi6.0” and “ESXi6.5u1”.
  3. Extract both OVA’s into their respective folders. You can do this with with winrar (on widows) or if you’re using Linux/Max, from the console move into the directories and run “tar -xvf <name_of_ova>”
  4. Browse into ESXi6.5u1 and delete the ovf file.
  5. Copy the ovf file from ESXi6.0 to ESXi6.5u1. 
  6. Using your favourite editor open Nested_ESXi6.0u3_Appliance_Template_v1.0.ovf
  7. Do a search and replace for anything that reads “Nested_ESXi6.0u3_Appliance_Template_v1.0” with   “Nested_ESXi6.5u1_Appliance_Template_v1.0”
  8. Save “Nested_ESXi6.0u3_Appliance_Template_v1.0.ovf”
  9. Rename “Nested_ESXi6.0u3_Appliance_Template_v1.0.ovf” to “Nested_ESXi6.5u1_Appliance_Template_v1.0.ovf”
  10. Delete “Nested_ESXi6.5u1_Appliance_Template_v1.0.mf”
  11. Import into Workstation or Fusion
  12. Once the Nexted ESXi host has booted for the first time and run the config scripts. You’ll need to power it down and set VT-x/EPT support for the virtual machine. (I’ll add it in to the ovf instructions soon).

It’s really that simple (or lazy)!!!

 

 

Creating Project Cheat Sheets

So you’ve done your POC, your solution has passed all the tests required by the company, you’ve put together your final design document (a hearty 95 pages) and managed to navigate the frustrating world of board level approval.

Now what? Well you begin to work with the other engineers, from other disciplines, and build, build, build. They’ve read your design document and are eager to get to work. The only problem is that this isn’t the only project they are working on,  every time they need to do something they need to dip into your 95 pages of awesome design, or bring it up in the next project meeting. Infact maybe its just easier to just call you… right when you are in the middle of figuring out why the output from the powercli script you have been working on all day is showing a sea of red.

This happens to every VMware engineer.

What I have found helps is to create cheat sheets for the technical members of the project. It’s very visual and contains most of the info that they will need. It’s important to note that this isn’t the design document but should be supplementary to any project documentation.

  • Ex. Page 1 – Summary
    • Brief overview of what going in.
    • Physical Dependancies
  • Ex. Page 2 – Hypervizor details
    • Hardware config
    • Firmware revisions
    • Host Configuration
      • OS + version, License, NTP, DNS, basic networking, Cluster config
    • Virtual Infrastructure Config
      • VM Standards (hardware version, pvSCSI, vmxnet3, etc,etc
      • VCSA – Size, version, location
      • PSC – Size, version, location
      • VUM – OS, Version, ;location, Database type
      • Database for VUM – OS, DB type, verison, name, location
  • Ex. Page 3 – Core Virtual Networking
    • Diagram – How it all fits together

The 3 examples I have given below are from different projects but will show you what I usually put in.

Example Page 1 – Summary.

This page is your summary. It has some light technical bits that can quickly be referenced. The overview pane is what’s being put in. You could possibly add a sub section about the OS. No real need to put version numbers in here.

cheet_pg1

Example Page 2 – VMware Specific

This page is hold details for Ops and the VMware team. With this information you could reasonably expect an engineer or OPs to build out your cluster at the basest level.cheet_pg2
Page 3 – Virtual Networking

Very visual. So here, which I haven’t done, you could supply additional info about active and standby paths, any additional info for any NOIC specific settings you have chosen.

cheet_pg3

The above examples should give you an idea of how they could look and are by no means an exhaustive list. You could add a rack diagram, storage config, etc,etc.

The point is for these documents is to be quick reference pages highlighting the decisions made. I hope the idea helps you, its certainly a help to me.

PBM Error migrating VM’s from VSAN Datastore

Occasionally, and by that I mean very rarely, VM’s can refuse to migrate on or off VSAN storage (I know, I know, why would you every want to migrate off VSAN?).

The error will look something similar to:

A general system error occurred: PBM error occurred during PreMigrateCheckCallback: pbm.fault.PBMFault; Internal error during SPBM validation;
No VASA Provider for schema namespace (VSAN) found.

You’ll also find that you can’t create new storage providers.

The official reason is: Official: This issue occurs due to inconsistent data between the Storage Management Service (SMS) and the Storage Based Policy Manager (SPBM).

While VMware claim that this is only an issue with VSAN 5.5, I have seen it occur in VSAN 6.0. To be fair it was in my lab, and I was testing “dirty” power down of VSAN hosts.

So to the Fix

NB: As this is a VASA related issue it might work for other storage providers too. In the testing I’ve done its been non-disruptive but as always proceed with caution.

  1. In the vSphere Web Client Navigate to the vCenter Server (Not the VSAN Cluster)
  2. Select the Configure tab on the right.
  3. Select the Storage Providers Menu Item.
  4. In the Storage Providers window pane: click the storage icon with the red circular arrows. 
  5. Once done, the Cluster with VSAN will be scanned and you should be able to move your VM’s about.

Course Review – Docker and Kubernetes

post1

I’d been meaning to look into Docker for a while but never really seemed to find the time. After dithering about for a bit I decided to find a course, something short and to the point.

A bit of googling later and I found a couple of one day courses run by Skippbox, the first course/day was all about Docker and the second was all Kubernetes.

The courses were presented by Sebastian Goasguen, who wrote The Docker Cookbook. Very approachable and knowledgeable. Before the course Sebastian e-mailed me to ask that I install the Docker Toolbox. As I run a Linux desktop with VMware workstation, it didn’t really apply but did send me off looking into the toolbox and what it was all about. It’s basically an installer that aims to get you going with Docker on Windows or a Mac as quickly and as easily as possible by installing Docker Machine, Engine, Compose and as well as Oracle Virtualbox. No support for VMware workstation I see.

Day one (course one): Hello Docker.

The docker course was really interesting, and quite fast. At the beginning of the day Sebastian gave us an introduction the the history of Docker, where it came from, and what problems it could potentially solve in the enterprise. Then on to the basics of downloading our first containers, running, stopping, starting, gearing up  to modifying and editing our own docker files, showing us how to setup our own repo’s,working with networking and security, and then flat out into continuous integration and more. All in I would say it was a very productive day.

Day two(course two): Kubernetes, or as I like to put it, “ Lets dial this up to 11”.

Since we’d all been on the course the day before, we hit the ground running, with a brief overview of the history of Kubernetes. Sebastian provided us with a couple of VM’s running in Digital Ocean and AWS, which we used for remote deployments and orchestration. The course went fast but at no time did I feel like I couldn’t stop and ask for clarification and more detail. Orchestration, clustering, proxying, static routes, resilience, to name a few. It went fast. Toward the end of the day we were working on our own examples that we felt were relevant with Sebastian helping and guiding. He also went on to show us kmachine, which is one of Skippbox’s main focuses.

The two courses were a great introduction into containerisation and what it could do and gives you enough that you can go off and get setup yourself. I really liked Sebastian’s enthusiasm, which pushed me to look more into containers. You can tell he lives and breathes this stuff which made two days much more insightful.

Looking to get into docker? These two courses might be just what you are looking for.