Horizon View – How to add a second Connection server (Replica server)

Looking at the design from the previous post we want to have a degree of redundancy and to do that we’ll need a second Connection server also known as a replica server.

We’ve already built our first connection server here and done some configuration here and some certificate stuff here.

Continuing on I’ll be using Horizon View 7.7, it is the latest and greatest (at the time of writing). I did redeploy my lab with 7.7, and the previous posts are still relevant if you’d like to back and inst all your own lab.

Before we begin make sure you have a Windows 2018 or 2019 server ready to go with a certificate installed.

Installing the 2nd Horizon View Connection server (Replica Server).

  1. Connect to the server you will be using as your Replica server.
  2. Copy across the installer and double click to run.
  3. Click Yes. To accept the UAC warning.
  4. Click Next.
  5. Select “I accept the terms in the license agreement” and click Next.
  6. Here you can change the installation location if you prefer. Click Next.
  7. On the Installation Options window:
  8. Select Horizon 7 Replica Server as the install.
  9. Select  “Install HTML Access”, this is technically not necessary but I would recommend it, especially if you have enabled it on the first server.
  10. Select the IP protocol you use. IPv4 would be the most common I expect
  11. Click Next.
  12. Enter in the name of the first installed Horizon View server. Click Next.
  13. Select whichever is appropriate for your environment, bearing in mind that most companies will have the servers firewall controlled via GPO. So check with your Windows and Security guys. In this case I want the firewall of this server to be configured automatically. Click Next.
  14. Select whether you’d like the local Administrators Group to have Admin rights to view. This can be changed later but I generally prefer not to from the start. Click Next
  15. Click Install.
    At this point the installer will go off and install all the same bit and pieces that is needed for the connection server and then goes through a process of setting up synchronisation  between the two servers. Hat off to VMware here, this process is really well done.
  16. Click Finish
  17. If you log into your Connection servers and take a look under View Configuration you’ll see both Connection servers.

Now that we have the two connection servers, we can move on to the next topic and we’ll setup two App Volume servers and the post after that we’ll put together some apps.

Horizon View – Design and Considerations

During the last few posts we put together a SQL server, Connection Server, Linux desktop, setup certificates, and created a working Manual working desktop pool.. A Basic working deployment of Horizon View that’s good for kicking the tires but very labour intensive to maintain in production.

In a production environment there is much more to consider than just what we’ve thrown together. Availability, security, logging, monitoring, alerting, desktop pool. Desktop OS, budget, to name a few.

Before jumping in and creating an awesome design you’ll always want to find out exactly what the requirements are. “Because” is not an answer. For example, you should be asking questions along the lines of:

  • What do the different stake holders think they are getting?
  • What does your network look like?
  • What kind of security do you have between your networks and/or VLANs
  • Is redundancy and resilience a factor to consider, and yes, they can be different things.
  • Do you have approved Windows or Linux builds?
  • Patching schedule?
  • Do you have a standard user base, or is this intended for users with differing requirements? e.g. dev, eng, admin?
  • Does this service need to be available externally, or is it an internal service only?
  • Have you met with security?
  • Apart from the requirements, have you evaluated the risks and constraints?
  • In the absence of concrete answers have you made your clients/manager aware of any assumptions you’ve made? e.g. “The project plan assumes that the current in server disk controllers will be replaced with HPE P416ie controllers for VSAN compliance.”

When working out the Requirements, constraints, risks, and assumptions be specific. Ambiguous or open ended answers will lead to scope creep and make your job more difficult.

However for the next set of posts we’ll be going through and fleshing out the environment with these (very) high level requirements

  • n+1 redundancy of the VDI deployment.
  • External Access
  • Load balanced (If possible)
  • Two different types of users. Dev and technical admins
  • Two different desktop OS’s available.
  • Profile to persist between sessions.
  • Security – no copy and paste, 2FA, logging, only applicable ports open between VLAN’s
  • Monitoring

This is more that enough to get us going back and asking many, many questions but for now we’ll pretend that most of them have been answered.

So that we don’t go off piste too much I’ll be mostly sticking to a stripped down version of VMware’s reference Architecture for the mobility suite that can be found here but slightly modified. The diagram below is partially from the linked page and modified to fit into my lab (hopefully). I’ll also make sure I reference any other blogs that i pull info from.

P.S. For the ESXi servers, I’ll be using William Lam’s most excellent ESXi servers that can be deployed via OVA onto either ESXi or Workstation/Fusion

UK VMUG USERCON – 13 December 2018

If you haven’t been to a VMUG before I would highly recommend them. I can’t speak for other countries but the VMUG events in the UK are usually very good and the best of them is the Annual UK VMUG. Every year it seems to get bigger and better.

It’s more or less like a mini VMworld. There’s a space for the sponsors (tiny solutions exchange), lots of swag, food and of course various sessions, discussing a wide range of topics from vendor specific, to VMware cloud on AWS, to Automating VDI. Best of all the whole experience is free.

This year saw the event move from the National Motorcycle Museum to the National Space Centre in Leicester, which was an interesting choice. I did take a bit of time out to explore the center. Also this year, since I had decided not to go up the day before, I missed out on the vCurry.

Joe Baguley gave the opening keynote which went into a bit of detail about where technology has been, how its evolved, the IoT (Internet of Things) and also covered topics like the difference between machine learning and AI. Duncan Epping gave the closing session, looking at where VMware are heading, their focus, and how they intend to achieve it. Both very informative and funny to see them take friendly jabs at each other.

My three favourite sessions (in brief):

The first two sessions I attended were about VMware Cloud on AWS, the first was presented by VMware and the second by AWS. Both sessions were an introduction to the server but from different angles. It was actually quite interesting.</p?

After Lunch I went along to Automating VDI tasks by Michael McDonnell who was presenting work he had done with Chris Hildebrandt on automating key parts of a massive VDI farm. Of all the sessions I attended that day, this one was the most interesting. Chris has a GitHub repository where he publishes his code in addition to his blog.

I came away with quite a lot and not just the swag raid. It’s always good to connect with the community see some familiar faces and some new.

If you have the time and your work will let you go, VMUG’s are absolutely worth a visit.

VCP-DTM 2018 Exam and My Studies 2V0-51.18

One of the reasons I’ve been a bit lax posing new content is that I’ve busy spending my free time (what little of it there is) studying for the VCP-DTM exam, the 2V0-51.18 to be exact. VCP-DTM is the certification. I’ve been involved in a View deployment at work and  since I’ve been working with the tech a fair bit over the last few months I though “why not?”.

There are three exams currently offered for Horizon View:

  • 2VO 51.18 – VCP-DTM 2018
  • 2V0-751 – VCP7-DTM
  • 2V0-651 – VCP6-DTM

The 2VO 51.18 is the latest and fits into VMware’s new Certification naming. There is a bit of a write up about it here.

The main notable difference between the 751 and 51.18 exams is that the requirement for Mirage is missing from the latter and the exam preparation guide clearly states that it is focused on Horizon View 7.5 and related products. So get the preparation guide and use that as your base to get going.

Studying – The Lab:

So first and foremost was my trusty lab. I am fortunate enough to have a fairly beefy workstation with 64GB RAM, running ESXi. This allowed me to run quite a few infrastructure VM’s and 4 or 5 desktops. While a machine of this spec isn’t strictly necessary, you will need a lab of some kind.

When you start looking at whats needed it can look like a lot of infra is needed but it doesn’t all need to be running at the same time. You can get away with only one running desktop as you test the different deployment types. The Composer server is more than happy to run on the same VM as the SQL Express install and once the VCSA is deployed you can shave off some of the RAM. vROPS, Identity Manager, App Volumes and User Manager don’t need to be up and running all the time or even together. If this is internal, turn off the UAG as soon as you’re done with it.

Much of this can be run in VMware workstation but you will need an ESXi server at some stage to deploy desktops onto.

Study – The Hands on Labs.

This resource from VMware is amazing. Its also free. Some of the Horizon Requirements I wasn’t familiar with at all, so this helped. I went in and did a search for Horizon 7.1 and did them inline with the Official Study guide. “HOL-1951-01-VWS – VMware Workspace ONE – Getting Started” isn’t strictly needed (but still worth doing) but I would strongly recommend the first two modules of “HOL-1951-03-VWS – VMware Workspace ONE – Advanced Topics” as it covers “Identity Manager”.

Studying – The Videos:

The most popular videos are the ones Greg Shields has created on Plural sight called VMware Horizon 7 Desktop and Mobility (VCP7-DTM). These are well presented and you can follow along in your Lab and have been collected into a learning path.

There are also a bunch on the official VMware YouTube channel which are worth watching.

While attending a class is a great experience, I do often prefer video study. I can work at my own pace, jump back and forwards as it suits me.

Studying – Reading Material:

To be honest I didn’t find any really up-to-date books on 7.5, which was a bit disappointing.

It was mostly going through the official material and blogs. The release notes and Architecture Planning Docs I found good, and I bounced quite a lot from these into the other official documentation

This blog post on the network ports is quite interesting too.

A very notable blog (much better than is one) is by Carl Stalhood over at www.carlstalhood.com. Its really well formatted and kept current.

The Exam Experience:

The exam itself is 59 questions over 105 minutes. Its not easy, I give it that.

I arrived just in time and after the usual round of stuffing my stuff into lockers, form signing, photos, and checking of pockets, was rushed through into the exam room. 59 questions later (several of those flagged) and I got the popup stating that I’d passed. I don’t particularly enjoy sitting for tests but I really enjoy that moment.

Exam tips:

Arrive about 15 minutes early and bring photo ID. First and foremost, nobody is out to trick you, but you are being tested to a high standard. Always make sure you read the questions carefully and in full. The questions are usually always clear and concise, and even if you don’t know the answer you can sometimes work out what what answer is not. It’s easy to get rattled during any kind of test, if you are not sure of your answer mark it for review and come back to it once you’ve gotten to the end.

If you decide to go for this exam, good luck!

Preparing for Horizon View – If using SQLExpress

Quick Post

As a database SQL Express is pretty good. It has size restrictions built in but it is a full working MSSQL database engine and works quite well with Horizon View, although not supported at all.

To be able to connect to it from another server, one running the Horizon View connection server for example, you’ll need to enable TCP connections.

  1. Start the SQL Server Configuration Manager.
  2. Click yes
  3. Expand SQL Server Network Configuration, Select Protocals for SQLEXPRESS, Right click Enable. Once the status reads enabled, right click again and select Properties.
  4. In the entry for the IP address of the server switch Active to Yes.
  5. Scroll down to the bottom of the window and under IPALL set the TCP Port to 1433.
  6. Restart the Server

This and allowing incoming connections through the firewall got me connected and using the events logging in the Horizon View Connection Server.

Preparing for Horizon View – Setting up the Database – 2 of 2

Part of this Horizon view deployment will be to have the connection server logging its events and a configured view composer server. For this we’ll need two databases.

While I am working with the Express version of MSSQL, the following steps will also apply to other versions of MSSQL (excluding the Linux version). In a production environment you definitively will want to run either standard or enterprise. There is also the developer edition, which is a full featured version for testing and development only.

One quick change before we begin:

  1. Start the Microsoft SQL Server Management Studio.
  2. Select Connect to login.
  3. Right click the server name and select Properties.
  4. Select Security and change the Authentication mode to SQL Server and Windows Authentication Mode and click OK.
  5. Click OK. While you can restart the service to get the new security changes to apply, I usually just reboot the server.

 

Setting up the Horizon View Events Database and creating the user.

  1. Start the Microsoft SQL Server Management Studio.
  2. Select Connect to login.
  3. Expand the instance, right click on Database and select New Database…
  4. Give the database a name. I chose ViewEvent.
  5. Select Options and make sure the options match the attachment below and click OK.
  6. Expend Security, right click Logins, and select New Login…
  7. Type in  a name for your user (I used ViewEvent). Select SQL Server authentication and type in a password. Unselect Enforce password policy. Change the Default database to ViewEvent or whatever you named you database in step 4.
  8. Select User Mapping. Select the database you created above and in the bottom pane select db_owner.
  9. Click OK and we’ve successfully created the Events database and user. Now onto the composer DB.

 

Setting up the Horizon View Composer Database and creating the user.

  1. Start the Microsoft SQL Server Management Studio.
  2. Select Connect to login.
  3. Expand the instance, right click on Database and select New Database…
  4. Give the database a name. I chose ViewComposer.
  5. Select Options and make sure the options match the attachment below and click OK.
  6. Expend Security, right click Logins, and select New Login…
  7. Type in  a name for your user (I used viewcomp). Select SQL Server authentication and type in a password. Unselect Enforce password policy. Change the Default database to ViewComp or whatever you named you database in step 4.
  8. Select User Mapping. Select the database you created above and in the bottom pane select db_owner.
  9. Click OK and we’ve successfully created the Composer database and user.

In this part we’ve created the two main DB’s we’ll need for view. So just something to note. In this setup I have used SQL accounts for the databases however in most prod environments that would most likely be heavily discouraged. If you do choose to go down the domain account route then you don’t need to change the authentication mode.

Working VMware’s VDI Solution.

Over the last couple of months (with another work colleague) I’ve been looking into Horizon view 7.4. (edit: and now 7.5)

So far I really like what I see. It looks like VMware has put  fair amount of effort in the the product lately. From instant clones (windows and Ubuntu) to automated full fat clones for Linux, the product is really starting to look slick.

The next series of blog posts will be covering the installation and configuration of Horizon view, setting up various different solutions (Linux desktops, View security server and as an alternative the Unified Access Gateway, etc) and will take a look at the various “additionals” available, this includes the paks for vRealise Operations Manager and Log Insight.

So what will we need and be setting up to get the basics going?

  1. Lab (I’ve covered how to build this a while back, its a bit old but should still get you started).
  2. Certificate Authority for our domain.
  3. SQL server 2016 Express and SQL server 2016 management tools. Note: While the express version of SQL sever isn’t on the interoperability matrix it does work.
  4. A minimum of 3 Windows servers which will run:
    1. View Connection server
    2. View Composer Server, which will also run our instance of SQL express.
    3. View Security Server
  5. Horizon View Software (Download the lot)
  6. Windows 10 Enterprise
  7. 2 Popular Linux Disto’s.
    1. Centos
    2. Ubuntu

While there can seem to be quite a lot of moving parts, I would expect most prod environments to have access to either SQL standard as a minimum or Oracle (12C standard release 1 and 2 are supported) as well as a CA (certificate Authority).

Our three windows servers, which will form the base of our deployment,  will be configured as follows:

  • Windows 1 – Connection server
  • Windows 2 – Security Server
  • Windows 3 – Composer and SQL Express server

Before we run through the View install’s I’ll first go through setting up and configuring the CA, getting the cert onto the windows connection server, and configuring SQL for the two DB’s we’ll need.

The future of VSAN – My take

There have been a few posts speculating on the future of VSAN and I for one am looking forward to it with great anticipation. However, I don’t think VMware really know what a hugely transformative technology VSAN could be.

I was lucky enough to attend VMworld 2015 and luckier to be invited to the VSAN pioneer summit, which gave us a real in-depth look at the future of VSAN. I liked what I was seeing but about an hour towards the end of the allotted time I put my hand up and asked why there were no NAS features planned for the future release. I mean it makes sense doesn’t it? Where’s NFS, where’s SMB? I know a linux architect who would love to see this come in.

If you really want to do the software defined storage thing then really go for it. NSX is the current favourite child. its being pushed everywhere, including presence into “competitors” such as AWS. So where’s the love for VSAN? Push this technology and it will really change the datacenter.

First Thoughts.

What if VMware made a VSAN only cluster, no VM’s allowed only storage exports. This would put them in direct competition with Storage vendors and would greatly reduce the cost for storage in the datacenter and allow for a huge amount of flexibility for businesses of all sizes. lets explore this idea more!

Fut_VSAN

Folders (native on the file system) or VMDK’s

VMDK wins. I would think that using VMDK’s instead of folders would be a much better idea. There would be no real changes needed to the VMFS file system to accommodate a much more granular permission structure that would be required by SMB. ESXi could mount the VMDK and write any file system in there. VMDK’s can be accessed by multiple ESXi hosts.

NFS3 – NFS4 – SMB2.x – SMB3

We already know that NFS4 and SMB3 can take advantage of multiple IP addresses (hosts) to provide multi-channel and VMware clusters are, quite frankly, an incredible implementation of clustering technology. Mounting the VMDK to multiple ESXi hosts would allow the data to be taken advantage of  by NFS4 and SMB3 compliant hosts.

SMB2.x and NFS3 prefer to access data through a single IP address or hostname. Now this is easy to implement immediately but if you want to add a bit more intelligence around it, some kind of construct that has a virtual IP that could move between hosts or something like the virtual IP address technology from Log insight clusters. Easier said than done I know but still should be considered.

Redundancy and performance

Kinda obvious, i know, but redundancy would be taken care of by VMware clustering technology. three or four hosts and that’s that taken care of.

Performance on the other hand could be very interesting topic, a complex topic, but still interesting. I would guess in the thousands of IOPs. There would be many factors to consider. Network speed, controller card, SSD speed, SSD size, and so on and so forth. In a future post I’ll look at this again.

Licensing

As this is only intended to be a storage service the licensing should be one ESXi-VSAN license (I’ve guessed it to be £1,500 but could be as high as £2,000, which I’ve also given as a cost per TB below)

Total Cost

So this is interesting and I’ve decided to look at a couple of real world examples below.

Dedicated Storage Appliance

I have a quote from a major vendor for £198,409.45. This figure gives us 48TB of HDD storage in 64 SAS disks and 9TB of SSD storage in 8 SSD disks (these figures are usable). For this project we decided to use the SSD as a caching layer.  As you would expect from an enterprise storage system it has a good deal of redundancy built-in with 4 nodes to manage the storage and 8 x 10GB Ethernet ports. All in, not bad for the price point and a good system all round.

Dedicated VSAN Cluster

Putting together our VSAN only node, to compete on numbers, I would size it like this: Looking at an HP DL380 Gen9 with one CPU (E5-2623) 32GB of Ram. Two disk pools with 1 x 800GB SSD and 7 X 1.2TB SAS disks each, giving us 1.6TB of SSD cache and 7.5TB of SAS storage (again these figures are usable based of a default VSAN storage policy of 2n). Two 10GB Ethernet ports.

To get the equivalent amount of usable storage as the popular storage vendors array we’d need 7 VSAN nodes.

So for the costs:

Items Storage Vendor VSAN
Nodes 4 7
10GB Network 8 14
SSD Cache Size 9.2TB 10.5TB
Usable SAS 48.5TB 52.9TB
Cost per system £198,409.45 £109,320.40
Cost per TB £4,090.92 £2,066.55

Note 1: I have estimated the cost of the VSAN license at £1,500. If the license were £2,000 then the cost per TB for VSAN would be £2,132.71.

Note 2 : (To be fair) The Storage vendor has extra goodness built-in to accelerate workloads and the hardware will be optimised and custom designed to do nothing but server data.

The above figures, which speak for themselves, are all based on real quotes and would be for an enterprise deployment.

If VMware really wanted this to be everywhere they could address smaller shops by allowing a single node VSAN. Why not; that would allow anybody to get a foot in and expand as their business grows.

So VMware, when will this be a reality for us?

Please let me know what you think and it there are any glaring errors. I’m also happy to discuss any of the above.

Graylog – Dashboard Creation.

Carrying on with my Graylog posts, the following will give you an introduction to creating a basic but functional dashboard.

Why do you need a dashboard? Well you can view a number a widgets very quickly which can all be configured with separate search queries. What’s really convenient is that it’s your dashboard, not one that the vendor thinks you will need. Every environment has different requirements. Perhaps you are tracking iSCSI disconnects and want to see a count of the number of iSCSI errors you are getting prior to the event, maybe want to track how many logs vpxa generates, or list the amount of port scans you are getting on your external firewall. It’s really defined by you.

  1. Browse to your Graylog server and login.GL20
  2.  Click on Dashboard on the Menu across the top.Gray_Dash_01
  3. Once the Dashboards tab has opened click Create Dashboard.Gray_Dash_02
  4. Give your new Dashboard a name and description.Gray_Dash_03
  5. You now have a brand new empty dashboard. lets get some widgets generated and add them in.Gray_Dash_04
  6. Click on Search in the menu bar and in the search field type something that you’d like to keep an eye on. For this purpose I’ve chosen the vpxa. It’s noisy and will be a good example.Gray_Dash_05
  7. This will return, a histogram and a bunch of messages.Gray_Dash_06
  8. Lets add the histogram to the dashboard. In the histogram pane click on Add to dashboard and select the dashboard you want to add the histogram to.Gray_Dash_07
  9. And lets add one more. In the Fields pane, expand Messages and click Quick Values. Then in the Quick values for message Click Add to dashboard and select your dashboard.Gray_Dash_08
  10. Go through the various fields and widgets and add what you think will be useful.
  11. Back to our dashboard. Click on Dashboard in the Menu across the top and then click on the name of the dashboard you just created.Gray_Dash_09
  12. You’ll now see the widgets you’ve added to your dashboard. You’ll also see three buttons, Update in background, fullscreen and unlock/edit. To rearrange your widgets click unlock/edit and move them around as needed. Update in background keeps the widgets live and fullscreen puts the screen into a display mode which could be useful to display on screens around the IT department.Gray_Dash_10
  13. Once you are done move things around click lock to take it out of editing mode.Gray_Dash_11

The above does go through creating a very basic dashboard by once again this demonstrates how useful Graylog really is. If you are looking for log monitoring you will be in a safe place with Graylog. The flexibility and scalability, absolutely compete with, and often exceed, the larger paid for rivals.

VCDX – Here we go.

The first of the VCDX defense dates for 2016 have been announced and in the last week a new round of VCDX’s have received their emails and a big congratulations to all of them

I’ve been looking forward to the new 2016 dates for a while. This gives me a time frame to get all the requirements together.

If all goes according to plan I’m hoping  to defend in the last week of April but that means I need to submit but the 11th of February. which is only three short months away and I still have a huge amount to get together.

As I work through various part of my design I’ll be tracking my progress through this blog.

Designs that are your own are easier to justify, or are they? Take one of your own designs (as I’ve done with this one), and try to look at it with fresh eyes. It’s yours, yes, but can you really quantify every decision to a third-party. Why have you chosen to ignore LACP, why aren’t you using resource pools, why have you used the windows deployment of vCenter server instead of the appliance. iSCSI vs NFS. 5 Hosts, really, why not 3 larger hosts instead? Want to bring in VVOLs, have you spoken with the storage team to find out if it can fit with their vision? Why, Why, Why?

All of the above and more needs to be worked through. The foundation of my design is one that I have done for the company I currently work for. It is a two DC deployment with SRM to replicate between them. My submission will be partly fictitious as I want to take what I currently have and update it.  I’ll need to go through and look at every decision and document it.

I understand that this will be a huge undertaking but I am looking forward to it. Most importantly I have the support of my family.

Now, I need a mentor…