VMware User Environment Manager 9.0 – What’s New

Earlier this month VMware released a new version of User Environment Manager that brings some new and exciting features, not only to User Environment Manager, but also to the Horizon Suite. To learn about the new features in Horizon 7 you can see my blog here.

Here I would like to highlight the new main features of VMware User Environment Manager 9.0

Smart Policies

The new Smart Policies offer more granular control of what users can do when they connect to their virtual desktop or applications. With the first release of Smart Policies you will be able to manage these capabilities based on the following conditions:

  • Horizon Conditions
    • View Client Info (IP and name)
    • Endpoint location (Internal/External)
    • Tags
    • Desktop Pool name
  • Horizon Capabilities
    • Clipboard
    • Client drive
    • USB
    • Printing
    • PCoIP bandwidth profiles

 

For more information on these capabilities, see my more detailed blog Here.

It should be noted that to use Smart Policies you will need Horizon 7 View and User Environment Manager 9. You will also need the latest View Agent and Clients installed to take advantage of these new features. Also note that these policies only work with the PCoIP and BLAST Extreme protocols, and not RDP.

Application Authorization (Application Blocking)

This feature gives administrators the ability to white- or black-list applications or folders. In the example below you can see that some applications are allowed and some will be blocked.

Picture1

Using this feature with User Environment Managers Conditions will not only give administrators great control over what applications users can use, but also how they can be used. An example would be if a user is on the internal network they have access to company-specific applications; however, if they accessed their desktops from an external network then these applications would not be available.

With a simple check of a box, administrators have a very simple model for enforcing applications that the users are authorized to use, and using conditions in this way could be result in a different set of applications depending on where the user connects from.

Picture2

ThinApp Support

When clicking on the DirectFlex tab of an application you will now see the new check box to Enable ThinApp Support for that application.

Picture3

When this is selected you will be able to manage what happens within the ThinApp “bubble” from within User Environment Manager, rather than doing this by setting specific values during the ThinApp capture process, or afterward via a script. This integration generalizes the approach that packagers can take when choosing isolation or encapsulation. It allows them to not have to force the knowledge of each and every configuration during the capture process by setting isolation modes or creating separate packages for different application configurations.

You should also note that you do not need to configure a separate application within User Environment Manager to take advantage of this. If the box is checked the flex agent will notice if the application is natively installed or accessible via ThinApp, and automatically apply the correct settings.

Manage Personal Data

User Environment Manager now has the ability to easily manage personal data. This would include things like My Documents, My Music, My Pictures, etc.

The example below shows how easy this is to configure.

Picture4

Office 2016 Support

User Environment Manager 9.0 now supports Office 2016. As you can see from the example below this also includes Skype for Business and OneDrive. Just like with earlier versions these can all be added with the Easy Start button.

Picture5

New User Environment Manager Conditions

As part of the new deep integration with Horizon 7, User Environment Manager has added a number of new conditions that can be pulled from Horizon 7. These include Pool-Name, Tags, and client location – such as internal or external.

Picture6

 

I have also posted this blog on VMware.com here

Advertisements

Configuring VMware Horizon Instant Clones

I have been testing VMware Horizon Instant Clones for some time now and several people have asked me how I configured instant clones as when they tried to test them either the instant clone option was grayed out or when instant clones is selected the next button is grayed out. The other issue I see is some people have issues deploying instant clones and they fail to deploy.

Below are all of the things to check when configuring View Instant Clones. One of these issues has fixed all of the question I have been asked over the last few week during testing.

Licensing

Make sure you have the correct VMware Horizon license, there is a new license that include the Instant Clone feature. If you do not have the correct license then the option will be grayed out.

View Storage Accelerator

One of the requirements for Instant Clones is to enable the View Storage Accelerator. Before you try and deploy a new Desktop pool using Instant Clones make sure you have configured the View Storage Accelorator on you vCenter server.

1

Select the vCenter Server

If you have the View Storage Accelorator enabled and you select Instant Clones but the Next option is still grayed out make sure to select the vCenter itself.

2

Configure Instant Clone Domain Admin

Make sure you configure the Instant Clone Domain Admin, this account will need to be able to add new computers to your Active Directory.

3

Horizon View 7 Agent

Make sure you install the new Horizon View 7 Agent on to the gold image. There are a couple of things here you need to know

  1. First if you want to use the gold image for View Instant Clones, then during the install of the View 7 agent you need to select this option
  2. If you do select the View instant clone during the install then you can not install the view composer option, it is one or the other
  3. Unlike with view composer with View Instant Clones it is the Agent its self that adds the VM to active directory and not a separate composer server. This make View Instant Clones much more light weight, no extra server or database is needed for View Instant Clones.

If you make sure you have checked all of these things, then I am sure that View Instant Clones will work and you will see just how fast this new option is when deploying desktops.

Final Note

One last thing to Note, you will see a number of new VM’s in your vCenter that relate to your newly deployed instance clone desktops. I have listed these below.

4

cp-template-XXXXXXXXX This is the template VM that will be used to create your Instant Clones, this will be created from your Gold Image. This will be created on the destination storage or your desktops, but under storage you will also see that it is on the same storage as your gold image. You will also notice you can not edit this VM.

cp-replica-XXXXXXXXX this is the replica that is created for your VM parents. This is created from the cp-template and is placed on the destination storage.

cp-parent-XXXXXXXXX you will see one of these for each of the servers in your cluster, so in my case you see 6 as there are 6 ESXi servers in my cluster. These are all created on the destination storage and will be powered on, each ESXi server will have 1 of these cp-parents powered on and in memory ready to create a new desktop.

VMware Horizon Smart Policies

With the release of VMware Horizon 7 and User Environment Manager 9 VMware has introduced Smart Policy’s to help administrators manage their Virtual environments better and improve what users can get access to and from where.

Smart Policys can be set on the following conditions

  • View Client Info (IP & Name)
  • Endpoint location (Internal/External)
  • Horizon Tags
  • Desktop Pool name

Below is a list of the smart policy that can be set and how they can be used by the Horizon administrators.

Clipboard

  • Enable
  • Disable
  • Allow Copy from Client to Agent
  • Allow Copy from Agent to Client

Client Drive

  • Disable
  • Allow All
  • Read Only

USB

  • Enable
  • Disable

Printing

  • Enable
  • Disable

PCoIP bandwidth profiles

  • High-Speed (20 Mbps)
  • LAN (10Mbps or Higher)
  • Dedicated WAN (5Mbps default)
  • Broadband WAN (2Mbps)
  • Low-Speed (1Mbps)
  • Extremely low-speed connections (up to 500Kbps)

The following table shows when to use the best bandwidth profile and for what use cases

Description BW(Mbps) typical network typical user
1 Best User Experience(workstation) 20 LAN M&E CAD/CAM
2 Best User Experience(VDI) 10 LAN – MAN Knowledge worker, video
3 Default Setting 5 WAN Task worker, light video
4 Optimal User Experience 2 WAN Office Apps
5 Prioritize Bandwidth 1 WAN Basic Apps only
6 Minimum Bandwidth 0.5 WAN Low Data Entry

The following table shows how the PCoIP profile is tuned based on the profile selected

GPO 1 2 3 4 5 6
Max Session BW (kbps) 9000 9000 9000 5000 2000 1000
Min Session BW (kbps) 100 100 100 100 100 100
Enable BTL 1 2 0 0 0 0
Max Initial Image Quality 100 90 80 70 70 70
Minimum Image Quality 50 50 40 40 30 30
Max FPS 60 30 30 20 15 5
Max Audio Bandwidth (kbps) 1600 1600 500 500 200 90
Image Quality performance. 50 50 50 50 25 0

 

To take advantage of these new Smart Policy you will need to use Horizon 7 and User Environment Manager 9 and have the latest Horizon Agents and Clients installed. It should also be noted that these policy only work with the PCoIP and BLAST Extreme protocols and not RDP.

For information on more new feature released with Horizon 7 see the following blog

VMware Horizon 7 New Features

Update to How CPA Home Sites Work with Horizon 7

Several months ago I wrote a blog on how Home Sites work with VMware Horizon 6 Cloud Pod Architecture (CPA), you can find the blog here.

With the release of VMware Horizon 7 the way CPA handles Home Sites has been updated so the users with a Home Site will always receive a Desktop or App even if their Home Site is down.

Lets first review what would happen if a users Home Site was down. As you can see in the diagram below the Connection Brokers would return an issue that their Home Site was not available and the user would not be connected to a desktop.

Picture5

Just as with Horizon 6 with Horizon 7 when the users Home Site is available then the user will always receive the desktop from the Home Site as the diagram below shows.

 

Here is where we see a change. Now with Horizon 7 if a users Home Site is off-line then the user will still receive a desktop this time from one of the other sites within the Global Pool. As shown below.

Picture4

Once the Home Site comes back on-line the next time the user logs back in they will automatically be given a desktop from the Home Site once again.

 

Veeam NFC Storage Connection is Unavailable

I am currently doing some testing in my lab around backing up App Volumes, more to come on this in the new year, and I needed a backup solution to do my testing. I decided to use Veeam Backup and Replicate 8 as being a vExpert I get a free 1 year NFR license to use the product. Thanks Veeam for this benefit.

The product was easy to setup but when I came to make my first back I kept getting the following error.

NFC Storage Connection is Unavailable

After a couple of google searches I found the following KB article here. Having read through the article I started to look at the log files. The log files can be found on the Veeam server is this location.

%ProgramData%\Veeam\Backup\Backup_Job_Name

After looking at the logs I didn’t have any of the issues mentioned in the KB article but I did notice the following errors.

ERR |Failed to initiate NFC session. Target host: [10.0.1.200]. VI connection ID: [vcenter.delboyshome.com]. Storage MOID: [200-Local].

[22.12.2015 20:04:44] <  1592>      ERR |SSL error, code: [336151568].error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure

[22.12.2015 20:04:44] <  1592>      >>  |SSL_connect() function call has failed.

[22.12.2015 20:04:44] <  1592>      >>  |Failed to establish connection with the SSL server.

[22.12.2015 20:04:44] <  1592>      >>  |Cannot initialize new SSL connection.

[22.12.2015 20:04:44] <  1592>      >>  |Authd handshake has failed.

[22.12.2015 20:04:44] <  1592>      >>  |NFC session with the specified ticket [52 fc d5 d8 27 e2 4a 73-57 79 e2 13 85 b7 60 e8] is unavailable. Target host: [10.0.1.200].

[22.12.2015 20:04:44] <  1592>      >>  |Cannot connect to NFC session. Target host: [10.0.1.200]. Storage: [200-Local]. VI SOAP connection ID: [vcenter].

After some more goggling around I found that in ESXi 6.0U1 SSLv3 is now disabled by default and would need to be re-enabled, on all of my hosts, or at least on the host doing the backup specifically, SSLv3 would need re-enabling for post 902.

Thankfully the issue and easily be fixed. To fix the issue you can follow the simple steps in this KB from VMware found here.

 

 

 

VMware App Volumes Storage Group Improvements with 2.10

Several months ago I wrote a blog post on how VMware App Volumes can be deployed in a multi-site deployment. You can find the blog here.

With the release of App Volumes 2.10, for more information on the release see the information here, there has been a great improvement of the way App Volumes handles Storage replication. In this Blog I will explain how the new storage replication works and how to configure your storage groups to take advantage of this improved feature.

The main change that has happened when when looking at configuring storage groups and datastore’s is the ability to make datastore’s non-attaching. What does this mean, well basically a non-attaching datastore would be a place to create AppStacks but those AppStacks would never be attached to a desktop from this datastore.

The non-attached datastore would then be a member of a storage group or a number of storage groups. These storage groups would then replicate the AppStacks from the non-attached storage to all the other datastore’s with in the storage group.

Picture8

Now how will this look when deploying App Volumes to multiple sites here is a high level architecture of how this could be deployed. As you can see from this diagram at least 1 vCenter from each site will need access to the non-attached datastore.

Picture9

How to create the New Storage Group

First create the non attachable storage

With in the App Volumes Manager click on Infrastructure, Storage then select the storage to be non-attachable then click Make As Non Attachable.

Picture3

Now create a Storage group

With in the App Volumes Manager click on Infrastructure, Storage Groups then click Create Storage Group

Picture4

Give the storage Group a Name. Then select the required options. When choosing the datastore’s make sure to include the datastore’s that will be used to attach the AppStacks from as well as the non-attachable datastore. Click Create.

Picture5

 

As you can see from the image below I have created 2 Storage Groups one for each site and the Non-Attached storage, NFS2, is included in each Storage Group.

Picture10

 

Now all you need to do is create AppStacks on the non-attachable storage and they will automatically be copied to all the other datastores in the storage groups.

User Environment Manager 8.7 Working with Horizon 6.2

With the release of VMware User Environment Manager 8.7 VMware added a number of new feature, all of which you will find in the VMware User Environment Manager Release Notes.

However, in this blog, I would like to call out two new features that help when deploying User Environment Manager alongside VMware Horizon 6.2. VMware’s EUC teams did a great job in my opinion getting these two great features added or enhanced to work with Horizon 6.2 in the latest releases.

You can read the rest of my post and find out what I will be doing on VMware.com. Click Here