Horizon View Connection Server – Install and basic setup 1/2.

Apologies to the three people who read this blog regularly,  The last month has been very busy.

So far we have configured a Root CA, and imported a certificate into what will become our first connection server, and a setup a SQL database. Now we are ready to install and do a basic setup our first connection server.

Installing the Horizon View Connection server.

  1. Connect to the server you will be using as your connection server.
  2. Copy across the installer and double click to run.
  3. Click Yes. To accept the UAC warning.
  4. Click Next.
  5. Select “I accept the terms in the license agreement” and click Next.
  6. Here you can change the installation location if you prefer. Click Next.
  7. On the Installation Options window:
    1. Select Horizon 7 Standard Server as the install.
    2. Select  “Install HTML Access”, this is technically not necessary but I would recommend it.
    3. Select the IP protocol you use. IPv4 would be the most common I expect
    4. Click Next.
  8. Enter in a password for Data Recovery and a hint if you prefer. Click Next.
  9. Select whichever is appropriate for your environment, bearing in mind that most companies will have the servers firewall controlled via GPO. So check with your Windows and Security guys. In this case I want the firewall of this server to be configured automatically. Click Next.
  10. Select whether you’d like the local Administrators Group to have Admin rights to view. This can be changed later but I generally prefer not to from the start. Click Next
  11. Choose whether you want to join the VMware Customer Experience Program or not. If your company policy allows it I would recommend you do. Click Next.
  12. Click Install.
  13. Once the installer is done, click Finish.

Now we have the Horizon View Connection Server installed which can be verified by going to http://<your_full_server_address>/admin.

In part 2 we’ll get the basic config done. Adding a vCenter server, connecting to the events DB and licensing your install.

 

Preparing for Horizon View – Connection Server Certificate.

Doing a straight forward install of the connection server is fairly easy. its mostly next-next-next. However since we are trying to do this deployment as close to prod as possible we want to get a certificate installed from the root CA we setup in an earlier post.

Post deployment task- Certificate install.

The instructions below are to be run on server you’re intending to install the Horizon view connection server on.

  1. Click on the windows icon, type mmc and select it to start the mmc.
  2. Accept the security warning.
  3. Click file then Add/Remove Snap-in.
  4. Select Certificates -> Add -> OK.
  5.  Select Computer Account -> Next.
  6. Select Local Computer -> Finish.
  7. Click OK.
  8. Expand Certificates, Right Click on Personal -> All Tasks -> Request New Certificate…
  9. Click Next.
  10. Highlight Active Directory Enrolment Policy and click Next.
  11. Check Computer, expand the Details and click Properties.
  12. Type vdm in Friendly name  and select Private Key.
  13. Expand  Key Options and select Make private key exportable. Select Certification Authority.
  14. Make sure the correct certificate authority is chosen anf click Apply.
  15. Click Enroll.
  16. Once the certificate has been issued click Finish.

Once the certificate has been installed you’ll see a new folder under Personal called Certificates. In there you’ll find the certificate issued by the root CA.

Preparing for Horizon View – If using SQLExpress

Quick Post

As a database SQL Express is pretty good. It has size restrictions built in but it is a full working MSSQL database engine and works quite well with Horizon View, although not supported at all.

To be able to connect to it from another server, one running the Horizon View connection server for example, you’ll need to enable TCP connections.

  1. Start the SQL Server Configuration Manager.
  2. Click yes
  3. Expand SQL Server Network Configuration, Select Protocals for SQLEXPRESS, Right click Enable. Once the status reads enabled, right click again and select Properties.
  4. In the entry for the IP address of the server switch Active to Yes.
  5. Scroll down to the bottom of the window and under IPALL set the TCP Port to 1433.
  6. Restart the Server

This and allowing incoming connections through the firewall got me connected and using the events logging in the Horizon View Connection Server.

Preparing for Horizon View – Setting up the Database – 2 of 2

Part of this Horizon view deployment will be to have the connection server logging its events and a configured view composer server. For this we’ll need two databases.

While I am working with the Express version of MSSQL, the following steps will also apply to other versions of MSSQL (excluding the Linux version). In a production environment you definitively will want to run either standard or enterprise. There is also the developer edition, which is a full featured version for testing and development only.

One quick change before we begin:

  1. Start the Microsoft SQL Server Management Studio.
  2. Select Connect to login.
  3. Right click the server name and select Properties.
  4. Select Security and change the Authentication mode to SQL Server and Windows Authentication Mode and click OK.
  5. Click OK. While you can restart the service to get the new security changes to apply, I usually just reboot the server.

 

Setting up the Horizon View Events Database and creating the user.

  1. Start the Microsoft SQL Server Management Studio.
  2. Select Connect to login.
  3. Expand the instance, right click on Database and select New Database…
  4. Give the database a name. I chose ViewEvent.
  5. Select Options and make sure the options match the attachment below and click OK.
  6. Expend Security, right click Logins, and select New Login…
  7. Type in  a name for your user (I used ViewEvent). Select SQL Server authentication and type in a password. Unselect Enforce password policy. Change the Default database to ViewEvent or whatever you named you database in step 4.
  8. Select User Mapping. Select the database you created above and in the bottom pane select db_owner.
  9. Click OK and we’ve successfully created the Events database and user. Now onto the composer DB.

 

Setting up the Horizon View Composer Database and creating the user.

  1. Start the Microsoft SQL Server Management Studio.
  2. Select Connect to login.
  3. Expand the instance, right click on Database and select New Database…
  4. Give the database a name. I chose ViewComposer.
  5. Select Options and make sure the options match the attachment below and click OK.
  6. Expend Security, right click Logins, and select New Login…
  7. Type in  a name for your user (I used viewcomp). Select SQL Server authentication and type in a password. Unselect Enforce password policy. Change the Default database to ViewComp or whatever you named you database in step 4.
  8. Select User Mapping. Select the database you created above and in the bottom pane select db_owner.
  9. Click OK and we’ve successfully created the Composer database and user.

In this part we’ve created the two main DB’s we’ll need for view. So just something to note. In this setup I have used SQL accounts for the databases however in most prod environments that would most likely be heavily discouraged. If you do choose to go down the domain account route then you don’t need to change the authentication mode.

Preparing for Horizon View – Setting up the Database – 1 of 2

Part 1 of 2

In the first part of this post I’ll go though installing SQL express and the SQL Management Studio.

You can download SQL express here and the SQL Management Studio here.

Installing SQL Express 2017

  1. Copy the SQL Express and Management Studio Files across to the Windows server you’ll be using as your DB server. I’m my case the Composer server is going to double as the DB server.
  2. Connect to the windows server with a user that has been granted local administrator rights.
  3. Locate and run the SQL Express installer.
  4. Accept the security challenge. Click Yes.
  5. Click Basic.
  6. You can read the license terms if you like. Click Accept.
  7. Click Install.
  8. Click Close. You can click Install SSMS. It won’t actually install SSMS, It’ll just take you to the page where you can download the installer

Installing SSMS 2017

  1. Locate and run the SSMS Installer.
  2. Accept the security challenge. Click Yes.

  3. Click Install.
  4. The install will take a good few minutes.
  5. Click Close.

Nice and easy.

Next post. Creating and setting up the databases.

Preparing for Horizon View – Setting up a root CA.

While Horizon View does come with self signed certificates but it is always best, in a production environment, to your own SSL certificates.

I connect to my lab remotely using, either my laptop, or other mobile device and like to know that my connection is secure.

If you don’t want to setup your own cert server Lets Encrypt is a public CA and does offer certificates (wild card certs too) for free. If you do choose to use them please consider donating. They are an opensource and free setup and could use your help.

Installing a root CA.

I used a windows 2016 server for this deployment.

  1. In the Server Manager window click on Add roles and features.
  2. Select Role-Based or feature-base installation and click Next.
  3. Select the local server and click Next.
  4. Select Active Directory Certificate Services, and click Next.
  5. Check Include management tools (if applicable). Click Add Features.
  6. Click Next.
  7. Click Next.
  8. Click Next.
  9. Click Next.
  10. Select Certificate Authority. Click Next.
  11. Click Install.
  12. Once the install is complete Click Close.
  13. Once the Install is finished we need to complete the post install tasks. Navigate to Server Manager and click on the alert icon. Click on the post deployment task that needs to be completed.
  14. If you need to change the credentials do so here. I just used the creds I was logged in with. Click Next.
  15. Select Certification Authority and click Next.
  16. Select Enterprise CA and click Next. You can select Standalone CA if that’s what you need. The options might be slightly different.
  17. Select Root CA and click Next.
  18. Select Create a new private key and click Next.
  19. Select the following:
    1. Cryptographic provider – RSA#Microsoft Software Key Provider
    2. Key length – 2048
    3. Algorithm – SHA256
    4. Click – Next.
  20. Leave the defaults and click Next.
  21. Select the validity period of your certificate. (I chose to leave it at 5 years. In a prod environment you might want that to be less). Click Next.
  22. Leave the defaults and click Next.
  23. In the final window check your settings and click Install.

And that’s it, we now have a working root CA!

 

Working VMware’s VDI Solution.

Over the last couple of months (with another work colleague) I’ve been looking into Horizon view 7.4. (edit: and now 7.5)

So far I really like what I see. It looks like VMware has put  fair amount of effort in the the product lately. From instant clones (windows and Ubuntu) to automated full fat clones for Linux, the product is really starting to look slick.

The next series of blog posts will be covering the installation and configuration of Horizon view, setting up various different solutions (Linux desktops, View security server and as an alternative the Unified Access Gateway, etc) and will take a look at the various “additionals” available, this includes the paks for vRealise Operations Manager and Log Insight.

So what will we need and be setting up to get the basics going?

  1. Lab (I’ve covered how to build this a while back, its a bit old but should still get you started).
  2. Certificate Authority for our domain.
  3. SQL server 2016 Express and SQL server 2016 management tools. Note: While the express version of SQL sever isn’t on the interoperability matrix it does work.
  4. A minimum of 3 Windows servers which will run:
    1. View Connection server
    2. View Composer Server, which will also run our instance of SQL express.
    3. View Security Server
  5. Horizon View Software (Download the lot)
  6. Windows 10 Enterprise
  7. 2 Popular Linux Disto’s.
    1. Centos
    2. Ubuntu

While there can seem to be quite a lot of moving parts, I would expect most prod environments to have access to either SQL standard as a minimum or Oracle (12C standard release 1 and 2 are supported) as well as a CA (certificate Authority).

Our three windows servers, which will form the base of our deployment,  will be configured as follows:

  • Windows 1 – Connection server
  • Windows 2 – Security Server
  • Windows 3 – Composer and SQL Express server

Before we run through the View install’s I’ll first go through setting up and configuring the CA, getting the cert onto the windows connection server, and configuring SQL for the two DB’s we’ll need.

Getting William Lam’s Awesome ESXi 6.5u1 Virtual Appliance to run in Fusion and Workstation (The Lazy Way!)

William Lam, The Official (to me anyway) master of nesting just about everything, has been putting together ESXi virtual appliances for quite some time.

You can find them over here:

Before you read on, please note that all the hard work has been done by William Lam and if you live under a rock and haven’t come across his website  before please go and check it out over at https://www.virtuallyghetto.com.

Honestly, once you’ve rebuild your lab more then twice the novelty wears off fast. That’s what makes these appliances are incredibly convenient.. It takes literally 2-3 minutes to have a fully functioning deployed Nested ESXi host, with all the little bits and pieces of config and vibs you would normally have to go in and setup yourself. Only one small problem, while it deploys into ESXi just fine and dandy, it doesn’t deploy onto fusion/workstation because it has virtual hardware that just isn’t compatible with Fusion/Workstation. 🙁

BUT the 6.0u3 VA does deploy without a problem.

Lazy Method:

  1. Download both the ESXi 6.0 Update 3 Virtual Appliance and the ESXi 6.5 Update 1 Virtual Appliance.
  2. To keep things neat create two folders called “ESXi6.0” and “ESXi6.5u1”.
  3. Extract both OVA’s into their respective folders. You can do this with with winrar (on widows) or if you’re using Linux/Max, from the console move into the directories and run “tar -xvf <name_of_ova>”
  4. Browse into ESXi6.5u1 and delete the ovf file.
  5. Copy the ovf file from ESXi6.0 to ESXi6.5u1. 
  6. Using your favourite editor open Nested_ESXi6.0u3_Appliance_Template_v1.0.ovf
  7. Do a search and replace for anything that reads “Nested_ESXi6.0u3_Appliance_Template_v1.0” with   “Nested_ESXi6.5u1_Appliance_Template_v1.0”
  8. Save “Nested_ESXi6.0u3_Appliance_Template_v1.0.ovf”
  9. Rename “Nested_ESXi6.0u3_Appliance_Template_v1.0.ovf” to “Nested_ESXi6.5u1_Appliance_Template_v1.0.ovf”
  10. Delete “Nested_ESXi6.5u1_Appliance_Template_v1.0.mf”
  11. Import into Workstation or Fusion
  12. Once the Nexted ESXi host has booted for the first time and run the config scripts. You’ll need to power it down and set VT-x/EPT support for the virtual machine. (I’ll add it in to the ovf instructions soon).

It’s really that simple (or lazy)!!!

 

 

Creating Project Cheat Sheets

So you’ve done your POC, your solution has passed all the tests required by the company, you’ve put together your final design document (a hearty 95 pages) and managed to navigate the frustrating world of board level approval.

Now what? Well you begin to work with the other engineers, from other disciplines, and build, build, build. They’ve read your design document and are eager to get to work. The only problem is that this isn’t the only project they are working on,  every time they need to do something they need to dip into your 95 pages of awesome design, or bring it up in the next project meeting. Infact maybe its just easier to just call you… right when you are in the middle of figuring out why the output from the powercli script you have been working on all day is showing a sea of red.

This happens to every VMware engineer.

What I have found helps is to create cheat sheets for the technical members of the project. It’s very visual and contains most of the info that they will need. It’s important to note that this isn’t the design document but should be supplementary to any project documentation.

  • Ex. Page 1 – Summary
    • Brief overview of what going in.
    • Physical Dependancies
  • Ex. Page 2 – Hypervizor details
    • Hardware config
    • Firmware revisions
    • Host Configuration
      • OS + version, License, NTP, DNS, basic networking, Cluster config
    • Virtual Infrastructure Config
      • VM Standards (hardware version, pvSCSI, vmxnet3, etc,etc
      • VCSA – Size, version, location
      • PSC – Size, version, location
      • VUM – OS, Version, ;location, Database type
      • Database for VUM – OS, DB type, verison, name, location
  • Ex. Page 3 – Core Virtual Networking
    • Diagram – How it all fits together

The 3 examples I have given below are from different projects but will show you what I usually put in.

Example Page 1 – Summary.

This page is your summary. It has some light technical bits that can quickly be referenced. The overview pane is what’s being put in. You could possibly add a sub section about the OS. No real need to put version numbers in here.

cheet_pg1

Example Page 2 – VMware Specific

This page is hold details for Ops and the VMware team. With this information you could reasonably expect an engineer or OPs to build out your cluster at the basest level.cheet_pg2
Page 3 – Virtual Networking

Very visual. So here, which I haven’t done, you could supply additional info about active and standby paths, any additional info for any NOIC specific settings you have chosen.

cheet_pg3

The above examples should give you an idea of how they could look and are by no means an exhaustive list. You could add a rack diagram, storage config, etc,etc.

The point is for these documents is to be quick reference pages highlighting the decisions made. I hope the idea helps you, its certainly a help to me.

PBM Error migrating VM’s from VSAN Datastore

Occasionally, and by that I mean very rarely, VM’s can refuse to migrate on or off VSAN storage (I know, I know, why would you every want to migrate off VSAN?).

The error will look something similar to:

A general system error occurred: PBM error occurred during PreMigrateCheckCallback: pbm.fault.PBMFault; Internal error during SPBM validation;
No VASA Provider for schema namespace (VSAN) found.

You’ll also find that you can’t create new storage providers.

The official reason is: Official: This issue occurs due to inconsistent data between the Storage Management Service (SMS) and the Storage Based Policy Manager (SPBM).

While VMware claim that this is only an issue with VSAN 5.5, I have seen it occur in VSAN 6.0. To be fair it was in my lab, and I was testing “dirty” power down of VSAN hosts.

So to the Fix

NB: As this is a VASA related issue it might work for other storage providers too. In the testing I’ve done its been non-disruptive but as always proceed with caution.

  1. In the vSphere Web Client Navigate to the vCenter Server (Not the VSAN Cluster)
  2. Select the Configure tab on the right.
  3. Select the Storage Providers Menu Item.
  4. In the Storage Providers window pane: click the storage icon with the red circular arrows. 
  5. Once done, the Cluster with VSAN will be scanned and you should be able to move your VM’s about.