Using a Mouse with my iPad Pro

Earlier this Month VMware released the latest update to the Horizon Client for the iPad. Version 4.2 can be downloaded here

This brought a number of great updates but my favorite is the ability to use a Mouse with my iPad, yes that’s right when connected to a Horizon desktop or application I can now use a Bluetooth connected mouse.

The mouse that is supported is the SwiftPoint GT mouse, this is a great mouse and fantastic from people that travel with an iPad Pro


This mouse is extremely small but works really well, I have been using the iPad for travel for a few months now and it has been working well but when connected to a virtual desktop there is definitely something missing and that’s the mouse. I have tried to use the Apple Pencil and that works OK but it’s not as good as a mouse. The SwiftPoint GT fixes that problem and now I feel that when traveling with my iPad I have everything I need to do my job as if I was at my desk.

If you would like more details on the SwiftPoint GT mouse you can find it here.

New Requirement for VMware Identity Manager when clustering

Recently VMware released Identity Manager 2.7 and with it there is a new requirement when clustering the Identity Manager behind a load balancer.

It is now required that you have a minimum of 3 Identity Manager Appliances with in the cluster.

The diagram below shows this minimum requirement.

Picture1
This will also help when upgrading to future version. If there is a minimum of 3 appliances then it will be possible to upgrade these appliances one at a time with out any downtime.

To upgrade with a minimum of 3 in the cluster you and simply take a single appliance out of the load balanced pool upgrade the server and then add it back to the load balanced pool. Simply do this for each appliance in the load balanced pool and not down time will be required.

Configuring VMware Identity Manager and VMware Horizon 7 Cloud Pod Architecture

With the release of VMware Horizon® 7 and VMware Identity Manager™ 2.6, it is now possible to configure VMware Identity Manager to work with Horizon Cloud Pod Architecture when deploying your desktop and application pools over multiple data centers or locations.

Using VMware Identity Manager in front of your VMware Horizon deployments that are using Cloud Pod Architecture makes it much easier for users to get access to their desktops and applications. The user has just one place to connect to, and they will be able to see all of their available desktops and applications. Identity Manager will direct the user to the application hosted in the best datacenter for their location. This can also include SaaS applications as well as the applications that are available through VMware Horizon 7.

For the full blog please see my blog on VMware.com

http://blogs.vmware.com/consulting/2016/07/configuring-vmware-identity-manager.html

Configuring VMware Identity Manager with SQL Always On

For the last few weeks I have been testing VMware Identity Manager with SQL Always On database for multi-site deployments. This has been an interesting learning curve as its been some time since I last did anything substantial with Microsoft SQL. Before I start with the VMware Identity Manager I think it is worth calling out these 2 resources that I found really useful for setting up SQL Always On in my Lab.

This is a quick intro in to SQL Always On and how to configure it

https://www.youtube.com/watch?v=VKCqRgqLAuo

This was a useful step by step guide for deploying SQL Always On

http://www.careexchange.in/installingconfiguring-sql-2014-always-on-cluster-on-windows-2012-r2-recommended-way/

Now before configuring VMware Identity Manager with an SQL Always On Database you should be aware that even though there is a database in each of the datacenter’s all Read and Writes operations will take place on the Primary database with in the Availability Group.

Screen Shot 2016-05-18 at 8.41.02 AM

From my testing I found that setting the database to automatic failover worked as expected and the database was only unavailable for a very short time less than a couple of seconds. However, I did find that when I failed the database back after an outage this took a bit more time and I would recommend that any failback is done in a much more controlled manner. In my testing fail back took about 40 seconds so a noticeable difference.

Creating the VMware Identity Manager SQL Always On Database

 

  1. Open SQL Management Studio and log in with sysadmin privileges (This should be done on the primary server)
  2. Click File – New – Query with current connection
  3. In the editor window paste the following SQL Commands
CREATE DATABASE saas

COLLATE Latin1_General_CS_AS;

ALTER DATABASE saas SET READ_COMMITTED_SNAPSHOT ON;

GO

BEGIN

CREATE LOGIN horizon WITH PASSWORD = N'H0rizon!';

END

GO

USE saas;

IF EXISTS (SELECT * FROM sys.database_principals WHERE name = N'horizon')

DROP USER [horizon]

GO

CREATE USER horizon FOR LOGIN horizon

with default_schema = saas;

GO

CREATE SCHEMA saas AUTHORIZATION horizon

GRANT ALL ON DATABASE::saas TO horizon;

GO
  1. Click Execute

Picture2

  1. The saas Database will now be created
  2. Make a Full backup of the database (This must be done before adding the database to an Always On High Availability Group)
    • Right click the database – Tasks – Back Up
  3. Add the database to the Always On High Availability Group

 

NOTE: It is also recommended to make the following changes to SQL

  • Change ‘HostRecordTTL to a lower value than the default in multi-site deployments. 120 seconds is a good value
  • Change ‘RegisterAllProvidersIP’ to false in multi-site deployments

Connect VMware Identity Manager to the SQL Database

During the install of VMware Identity Manager connect to the SQL Database using the following settings

Jdbc:sqlserver://SQLAGListener;DatabaseName=saas

  • SQLAGListener = the SQL Availability Group Listener, in the example below that is SQLProdServer
  • If the secondary SQL server is on a different subnet add the following to the jdbc string
    • multiSubnetFailover=true
      • Jdbc:sqlserver://SQLAGListener;DatabaseName=saas; multiSubnetFailover=true

Picture3

 

VMware Identity Manager and F5 New Step in Configuration

This week I deployed VMware Identity Manager in my lab to do some testing with SQL Always-On and F5.

When I configured VMware Identity Manager to work with F5, something I have done many times in the past, I came across and issue. After I logged out I couldn’t log in to VMware Identity Manager with a domain account but could login with a local account. The issue is below

Picture1

After testing a few things and trying to figure out the issue I found that when changing the FQDN of VMware Identity Manager there is a new step that need to be done.

Basically after changing the FQDN go back to the Admin UI.

Click Catalog and then settings.

From there select New End User Portal UI and click Enable New Portal UI

Picture2

After this log out and you should now be able to log back in with a domain account.

 

Announcing the App Volumes Backup Fling

It gives me great pleasure to announce the first Fling that I have worked on.

Over the last couple months Chris Halstead, Stephane Asselin and I have been working on the new App Volumes Backup Fling.

Picture1

This tool will help customers to backup their AppStacks and Writable Volumes VMDK files using their standard backup tools, normally backup tools do not see these files as they are not seen with in the vCenter inventory unless they are connected to a users virtual desktop.

Below you will find a number of links where you can find more information about the App Volumes Backup Fling.

Fling Download

App Volumes Back Fling

Video Demo

You can also see the full announcement on VMware.com here

For instructions on how to use the Fling see the blog here

Please feel free to leave any feedback for Chris, Stephane and I and any features you would like to see added.

VMware User Environment Manager 9.0 – What’s New

Earlier this month VMware released a new version of User Environment Manager that brings some new and exciting features, not only to User Environment Manager, but also to the Horizon Suite. To learn about the new features in Horizon 7 you can see my blog here.

Here I would like to highlight the new main features of VMware User Environment Manager 9.0

Smart Policies

The new Smart Policies offer more granular control of what users can do when they connect to their virtual desktop or applications. With the first release of Smart Policies you will be able to manage these capabilities based on the following conditions:

  • Horizon Conditions
    • View Client Info (IP and name)
    • Endpoint location (Internal/External)
    • Tags
    • Desktop Pool name
  • Horizon Capabilities
    • Clipboard
    • Client drive
    • USB
    • Printing
    • PCoIP bandwidth profiles

 

For more information on these capabilities, see my more detailed blog Here.

It should be noted that to use Smart Policies you will need Horizon 7 View and User Environment Manager 9. You will also need the latest View Agent and Clients installed to take advantage of these new features. Also note that these policies only work with the PCoIP and BLAST Extreme protocols, and not RDP.

Application Authorization (Application Blocking)

This feature gives administrators the ability to white- or black-list applications or folders. In the example below you can see that some applications are allowed and some will be blocked.

Picture1

Using this feature with User Environment Managers Conditions will not only give administrators great control over what applications users can use, but also how they can be used. An example would be if a user is on the internal network they have access to company-specific applications; however, if they accessed their desktops from an external network then these applications would not be available.

With a simple check of a box, administrators have a very simple model for enforcing applications that the users are authorized to use, and using conditions in this way could be result in a different set of applications depending on where the user connects from.

Picture2

ThinApp Support

When clicking on the DirectFlex tab of an application you will now see the new check box to Enable ThinApp Support for that application.

Picture3

When this is selected you will be able to manage what happens within the ThinApp “bubble” from within User Environment Manager, rather than doing this by setting specific values during the ThinApp capture process, or afterward via a script. This integration generalizes the approach that packagers can take when choosing isolation or encapsulation. It allows them to not have to force the knowledge of each and every configuration during the capture process by setting isolation modes or creating separate packages for different application configurations.

You should also note that you do not need to configure a separate application within User Environment Manager to take advantage of this. If the box is checked the flex agent will notice if the application is natively installed or accessible via ThinApp, and automatically apply the correct settings.

Manage Personal Data

User Environment Manager now has the ability to easily manage personal data. This would include things like My Documents, My Music, My Pictures, etc.

The example below shows how easy this is to configure.

Picture4

Office 2016 Support

User Environment Manager 9.0 now supports Office 2016. As you can see from the example below this also includes Skype for Business and OneDrive. Just like with earlier versions these can all be added with the Easy Start button.

Picture5

New User Environment Manager Conditions

As part of the new deep integration with Horizon 7, User Environment Manager has added a number of new conditions that can be pulled from Horizon 7. These include Pool-Name, Tags, and client location – such as internal or external.

Picture6

 

I have also posted this blog on VMware.com here

Update to How CPA Home Sites Work with Horizon 7

Several months ago I wrote a blog on how Home Sites work with VMware Horizon 6 Cloud Pod Architecture (CPA), you can find the blog here.

With the release of VMware Horizon 7 the way CPA handles Home Sites has been updated so the users with a Home Site will always receive a Desktop or App even if their Home Site is down.

Lets first review what would happen if a users Home Site was down. As you can see in the diagram below the Connection Brokers would return an issue that their Home Site was not available and the user would not be connected to a desktop.

Picture5

Just as with Horizon 6 with Horizon 7 when the users Home Site is available then the user will always receive the desktop from the Home Site as the diagram below shows.

 

Here is where we see a change. Now with Horizon 7 if a users Home Site is off-line then the user will still receive a desktop this time from one of the other sites within the Global Pool. As shown below.

Picture4

Once the Home Site comes back on-line the next time the user logs back in they will automatically be given a desktop from the Home Site once again.

 

Veeam NFC Storage Connection is Unavailable

I am currently doing some testing in my lab around backing up App Volumes, more to come on this in the new year, and I needed a backup solution to do my testing. I decided to use Veeam Backup and Replicate 8 as being a vExpert I get a free 1 year NFR license to use the product. Thanks Veeam for this benefit.

The product was easy to setup but when I came to make my first back I kept getting the following error.

NFC Storage Connection is Unavailable

After a couple of google searches I found the following KB article here. Having read through the article I started to look at the log files. The log files can be found on the Veeam server is this location.

%ProgramData%\Veeam\Backup\Backup_Job_Name

After looking at the logs I didn’t have any of the issues mentioned in the KB article but I did notice the following errors.

ERR |Failed to initiate NFC session. Target host: [10.0.1.200]. VI connection ID: [vcenter.delboyshome.com]. Storage MOID: [200-Local].

[22.12.2015 20:04:44] <  1592>      ERR |SSL error, code: [336151568].error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure

[22.12.2015 20:04:44] <  1592>      >>  |SSL_connect() function call has failed.

[22.12.2015 20:04:44] <  1592>      >>  |Failed to establish connection with the SSL server.

[22.12.2015 20:04:44] <  1592>      >>  |Cannot initialize new SSL connection.

[22.12.2015 20:04:44] <  1592>      >>  |Authd handshake has failed.

[22.12.2015 20:04:44] <  1592>      >>  |NFC session with the specified ticket [52 fc d5 d8 27 e2 4a 73-57 79 e2 13 85 b7 60 e8] is unavailable. Target host: [10.0.1.200].

[22.12.2015 20:04:44] <  1592>      >>  |Cannot connect to NFC session. Target host: [10.0.1.200]. Storage: [200-Local]. VI SOAP connection ID: [vcenter].

After some more goggling around I found that in ESXi 6.0U1 SSLv3 is now disabled by default and would need to be re-enabled, on all of my hosts, or at least on the host doing the backup specifically, SSLv3 would need re-enabling for post 902.

Thankfully the issue and easily be fixed. To fix the issue you can follow the simple steps in this KB from VMware found here.

 

 

 

VMware EUC a Year in Review

Well what a year it has been for VMware End User Computing. We have seen any number of new releases with great gains in moving the technology forward yet again. Here I will try and recap some of the great things we have seen from the VMware EUC team in 2015.

VMware Horizon 6

What a year its been for VMware Horizon 6 with 3 fantastic released 6.1, 6.1.1 and 6.2. These 3 releases brought with them so many new features its hard to cover them all, so lets tray and cover some of the big new features that were added in 2015.

Horizon 6.1

Horizon 6.1 was released in March and was the first of the big releases this year. With the release of 6.1 we got the following new features:

  • NVIDIA GRID vGPU (shared GPU hardware acceleration)
  • Smart Card for RDS desktops and Hosted Apps
  • Support for IPv6 networks
  • Support for Virtual SAN 6.0
  • Support for Virtual Volumes
  • View Administrator (UI) support for configuring Cloud Pod Architecture
  • USB Redirection of mass storage on RDS desktops and Hosted Apps
  • Windows Server 2012 R2 operating system support for VDI desktops

Could they fit any more in to this release well yes there was much more added for the full list of new features you can see the release notes here.

Horizon 6.1.1

In June VMware release Horizon 6.1.1 with the long awaited feature, support for Linux Desktops, this was a game changer for a number of user opening up a whole new set of use cases. Here are some of the other features released in 6.1.1

  • Client Drive Redirection
  • Serial Port Redirection
  • Support for Windows Media Multimedia Redirection (MMR) for RDS Desktops
  • HTML Access Support for Hosted Apps

For more information on this release you can fine the release notes here.

Horizon 6.2

That brings us to the Horizon 6.2 release that was released in November and this was yet another fantastic release with the following new features.

  • Windows 10 Support
  • View Composer and linked clones for RDS Server
  • Enhanced Load Balancing for RDS Farms
  • Hosted App Support for Cloud Pod Architecture
  • HTML Access (Blast) Support for Cloud Pod Architecture
  • Virtual SAN 6.1
  • Access Point Integration (New solution for external access)

Again this is only a subset of all of the new features added in 6.2 and you can find all the new features in the release notes here. You can also see my blog on the new feature working with VMware User Environment Manager here.

VMware App Volumes

Now let’s look at what’s happened with with App Volumes over the course of 2015. App Volumes had a number of great release over 2015 from 2.5.2 in January to 2.10 in November. Here are just a few of the new features that were added across the number of release in 2015.

  • Horizon View integration for better performance
  • AppStack Grouping
  • Automatic AppStack Import
  • Storage Group Distribution Strategy
  • Editing a Storage Group
  • Direct-To-Host Mounting
  • Agent access to VHD
  • Multi vCenter Configurations
  • Windows 10 Support
  • Enabling vMotion
  • Storage Group management
  • Expand existing writable volumes

This is just a small number of the of the great new features that were added to App Volumes this year. You can find all of the new features in all of the release note at these links. 2.5.2, 2.6, 2.7, 2.9 and 2.10.

I have also release a number of blogs on App Volumes over the year. Here are just a couple that I think you might find useful.

VMware App Volumes Storage Group Improvements with 2.10

Storage Considerations with App Volumes

VMware User Environment Manager

VMware User Environment Manager was added to the VMware EUC portfolio this year when VMware bought Immidio, with the release of UEM 8.6 and then 8.7 update. I believe that User Environment Manager was a great addition to the VMware EUC Family and I even wrote the following white paper around the deployment of UEM VMware User Environment Manager Deployed in 60 Minutes or Less. I also did a Demo of UEM at VMworld this year in San Francisco, you can see the demo here.

Some of the new features added over 2015 include.

  • Extended Conditions
  • Improved Horizon View Support
  • Windows 10 support.
  • Improved Application Onboarding
  • Advanced Physical Support

For more information on the two releases you can see the release note here, 8.6 and 8.7.

You can also find a number of blogs around User Environment Manager on this blog site.

VMware Identity Manager

VMware renamed their Workspace product to Identity Manager with the 2.4 release in September showing a real intent on focusing on user Identity, I think this will be a big move and a great decision as this product continues to improve.

Here are the new features added in Identity Manager 2.4

  • HTML Access support for Horizon View applications
  • New integrated authentication methods
    • RSA Adaptive Authentication
    • Certificate/Smart Card Authentication
    • RADIUS Authentication
  • Microsoft SQL Server 2014 as an external database
  • Simplified Admin UI for setting up directories, identity providers, and policies
  • External access to XenApp with NetScaler

You can see the release notes for Identity Manager 2.4 here.

VMware Mirage

VMware Mirage has also seen a number of updates through 2015 starting with 5.3 in March with the 5.6 release in December.

Here are some of the new features added to Mirage over the year.

  • Mirage supports managing multiple platforms, including Windows Embedded for Point of Service (WEPOS), POSReady 2009, and POSReady 7 operating systems.
  • Mirage supports automated backup and full disaster recovery for devices running Windows Embedded POSReady operating systems.
  • Administrators can perform OS migration operations using Mirage PowerCLI.
  • Administrators can automate endpoint provisioning and perform various CVD operations using Mirage API or Mirage PowerCLI.
  • Mirage requires lower IOPs, enabling faster centralization and upload operations.
  • Mirage PowerCLI supports vSphere 6.0 SDK
  • Branch PC technicians and administrators can provision new laptops and desktops directly from the device using the self-service provisioning interface
  • Administrators can specify base layer and app layer download only operations and manually initiate layer updates for a future time, for example, off-peak hours
  • Bare-metal provisioning supports POSReady 2009
  • You can now run Mirage database on Microsoft SQL Server 2014 Express, Standard, and Enterprise editions also
  • Administrator can now change the Management Server’s MongoDB data path using the Mirage Web Console

For a full list of all the new features added you can see the release notes here, 5.3, 5.4, 5.5 and 5.6.

VMware ThinApp

As I mentioned in my Blog here ThinApp is certainly not dead and this year in November VMware release ThinApp 5.2 that brought with it support for Windows 10, a great achievement from the ThinApp team. For more information on ThinApp 5.2 you can see the release notes here.

 

There was also updates to AirWatch, vRealize Operations Manager for Horizon, Horizon FLEX, VMware Workstation and VMware Fusion.

Well what a great year, can VMware beat that in 2016 well we will have to wait and see what’s to come but I have a feeling 2016 is going to be an even bigger year for the VMware EUC Team.

Congratulations to everyone at VMware working on the EUC products from the Engineers to the guys out in the field meeting with customers every day.