Configuring VMware Identity Manager with SQL Always On

For the last few weeks I have been testing VMware Identity Manager with SQL Always On database for multi-site deployments. This has been an interesting learning curve as its been some time since I last did anything substantial with Microsoft SQL. Before I start with the VMware Identity Manager I think it is worth calling out these 2 resources that I found really useful for setting up SQL Always On in my Lab.

This is a quick intro in to SQL Always On and how to configure it

https://www.youtube.com/watch?v=VKCqRgqLAuo

This was a useful step by step guide for deploying SQL Always On

http://www.careexchange.in/installingconfiguring-sql-2014-always-on-cluster-on-windows-2012-r2-recommended-way/

Now before configuring VMware Identity Manager with an SQL Always On Database you should be aware that even though there is a database in each of the datacenter’s all Read and Writes operations will take place on the Primary database with in the Availability Group.

Screen Shot 2016-05-18 at 8.41.02 AM

From my testing I found that setting the database to automatic failover worked as expected and the database was only unavailable for a very short time less than a couple of seconds. However, I did find that when I failed the database back after an outage this took a bit more time and I would recommend that any failback is done in a much more controlled manner. In my testing fail back took about 40 seconds so a noticeable difference.

Creating the VMware Identity Manager SQL Always On Database

 

  1. Open SQL Management Studio and log in with sysadmin privileges (This should be done on the primary server)
  2. Click File – New – Query with current connection
  3. In the editor window paste the following SQL Commands
CREATE DATABASE saas

COLLATE Latin1_General_CS_AS;

ALTER DATABASE saas SET READ_COMMITTED_SNAPSHOT ON;

GO

BEGIN

CREATE LOGIN horizon WITH PASSWORD = N'H0rizon!';

END

GO

USE saas;

IF EXISTS (SELECT * FROM sys.database_principals WHERE name = N'horizon')

DROP USER [horizon]

GO

CREATE USER horizon FOR LOGIN horizon

with default_schema = saas;

GO

CREATE SCHEMA saas AUTHORIZATION horizon

GRANT ALL ON DATABASE::saas TO horizon;

GO
  1. Click Execute

Picture2

  1. The saas Database will now be created
  2. Make a Full backup of the database (This must be done before adding the database to an Always On High Availability Group)
    • Right click the database – Tasks – Back Up
  3. Add the database to the Always On High Availability Group

 

NOTE: It is also recommended to make the following changes to SQL

  • Change ‘HostRecordTTL to a lower value than the default in multi-site deployments. 120 seconds is a good value
  • Change ‘RegisterAllProvidersIP’ to false in multi-site deployments

Connect VMware Identity Manager to the SQL Database

During the install of VMware Identity Manager connect to the SQL Database using the following settings

Jdbc:sqlserver://SQLAGListener;DatabaseName=saas

  • SQLAGListener = the SQL Availability Group Listener, in the example below that is SQLProdServer
  • If the secondary SQL server is on a different subnet add the following to the jdbc string
    • multiSubnetFailover=true
      • Jdbc:sqlserver://SQLAGListener;DatabaseName=saas; multiSubnetFailover=true

Picture3

 

Advertisements

VMware User Environment Manager 9.0 – What’s New

Earlier this month VMware released a new version of User Environment Manager that brings some new and exciting features, not only to User Environment Manager, but also to the Horizon Suite. To learn about the new features in Horizon 7 you can see my blog here.

Here I would like to highlight the new main features of VMware User Environment Manager 9.0

Smart Policies

The new Smart Policies offer more granular control of what users can do when they connect to their virtual desktop or applications. With the first release of Smart Policies you will be able to manage these capabilities based on the following conditions:

  • Horizon Conditions
    • View Client Info (IP and name)
    • Endpoint location (Internal/External)
    • Tags
    • Desktop Pool name
  • Horizon Capabilities
    • Clipboard
    • Client drive
    • USB
    • Printing
    • PCoIP bandwidth profiles

 

For more information on these capabilities, see my more detailed blog Here.

It should be noted that to use Smart Policies you will need Horizon 7 View and User Environment Manager 9. You will also need the latest View Agent and Clients installed to take advantage of these new features. Also note that these policies only work with the PCoIP and BLAST Extreme protocols, and not RDP.

Application Authorization (Application Blocking)

This feature gives administrators the ability to white- or black-list applications or folders. In the example below you can see that some applications are allowed and some will be blocked.

Picture1

Using this feature with User Environment Managers Conditions will not only give administrators great control over what applications users can use, but also how they can be used. An example would be if a user is on the internal network they have access to company-specific applications; however, if they accessed their desktops from an external network then these applications would not be available.

With a simple check of a box, administrators have a very simple model for enforcing applications that the users are authorized to use, and using conditions in this way could be result in a different set of applications depending on where the user connects from.

Picture2

ThinApp Support

When clicking on the DirectFlex tab of an application you will now see the new check box to Enable ThinApp Support for that application.

Picture3

When this is selected you will be able to manage what happens within the ThinApp “bubble” from within User Environment Manager, rather than doing this by setting specific values during the ThinApp capture process, or afterward via a script. This integration generalizes the approach that packagers can take when choosing isolation or encapsulation. It allows them to not have to force the knowledge of each and every configuration during the capture process by setting isolation modes or creating separate packages for different application configurations.

You should also note that you do not need to configure a separate application within User Environment Manager to take advantage of this. If the box is checked the flex agent will notice if the application is natively installed or accessible via ThinApp, and automatically apply the correct settings.

Manage Personal Data

User Environment Manager now has the ability to easily manage personal data. This would include things like My Documents, My Music, My Pictures, etc.

The example below shows how easy this is to configure.

Picture4

Office 2016 Support

User Environment Manager 9.0 now supports Office 2016. As you can see from the example below this also includes Skype for Business and OneDrive. Just like with earlier versions these can all be added with the Easy Start button.

Picture5

New User Environment Manager Conditions

As part of the new deep integration with Horizon 7, User Environment Manager has added a number of new conditions that can be pulled from Horizon 7. These include Pool-Name, Tags, and client location – such as internal or external.

Picture6

 

I have also posted this blog on VMware.com here

VMware Horizon Smart Policies

With the release of VMware Horizon 7 and User Environment Manager 9 VMware has introduced Smart Policy’s to help administrators manage their Virtual environments better and improve what users can get access to and from where.

Smart Policys can be set on the following conditions

  • View Client Info (IP & Name)
  • Endpoint location (Internal/External)
  • Horizon Tags
  • Desktop Pool name

Below is a list of the smart policy that can be set and how they can be used by the Horizon administrators.

Clipboard

  • Enable
  • Disable
  • Allow Copy from Client to Agent
  • Allow Copy from Agent to Client

Client Drive

  • Disable
  • Allow All
  • Read Only

USB

  • Enable
  • Disable

Printing

  • Enable
  • Disable

PCoIP bandwidth profiles

  • High-Speed (20 Mbps)
  • LAN (10Mbps or Higher)
  • Dedicated WAN (5Mbps default)
  • Broadband WAN (2Mbps)
  • Low-Speed (1Mbps)
  • Extremely low-speed connections (up to 500Kbps)

The following table shows when to use the best bandwidth profile and for what use cases

Description BW(Mbps) typical network typical user
1 Best User Experience(workstation) 20 LAN M&E CAD/CAM
2 Best User Experience(VDI) 10 LAN – MAN Knowledge worker, video
3 Default Setting 5 WAN Task worker, light video
4 Optimal User Experience 2 WAN Office Apps
5 Prioritize Bandwidth 1 WAN Basic Apps only
6 Minimum Bandwidth 0.5 WAN Low Data Entry

The following table shows how the PCoIP profile is tuned based on the profile selected

GPO 1 2 3 4 5 6
Max Session BW (kbps) 9000 9000 9000 5000 2000 1000
Min Session BW (kbps) 100 100 100 100 100 100
Enable BTL 1 2 0 0 0 0
Max Initial Image Quality 100 90 80 70 70 70
Minimum Image Quality 50 50 40 40 30 30
Max FPS 60 30 30 20 15 5
Max Audio Bandwidth (kbps) 1600 1600 500 500 200 90
Image Quality performance. 50 50 50 50 25 0

 

To take advantage of these new Smart Policy you will need to use Horizon 7 and User Environment Manager 9 and have the latest Horizon Agents and Clients installed. It should also be noted that these policy only work with the PCoIP and BLAST Extreme protocols and not RDP.

For information on more new feature released with Horizon 7 see the following blog

VMware Horizon 7 New Features

User Environment Manager 8.7 Working with Horizon 6.2

With the release of VMware User Environment Manager 8.7 VMware added a number of new feature, all of which you will find in the VMware User Environment Manager Release Notes.

However, in this blog, I would like to call out two new features that help when deploying User Environment Manager alongside VMware Horizon 6.2. VMware’s EUC teams did a great job in my opinion getting these two great features added or enhanced to work with Horizon 6.2 in the latest releases.

You can read the rest of my post and find out what I will be doing on VMware.com. Click Here

VMware User Environment Manager Demo

At VMworld this week I co-presented on the “Managing Users: A Deep Dive Into VMware User Environment Manager – EUC4630” session. As part of the session I showed a quick 7 min demo of User Environment Manager.

This Demo included showing the User Environment Manager configurations and a couple of cool things you can do with User Environment Manager. After the session a couple of people asked me to share the video for further reference. Below you will find the Video Demo, I hope you find it useful.

Also make sure you check on my White Paper of configuring User Environment Manager in 60 minutes or Less Here.

EUC Professional Services Engineering (PSE) and VMworld

Screen Shot 2015-07-30 at 11.21.56 AM

VMworld in San Francisco is approaching very quickly. It’s a must-attend event for VMware customers, but there is a lot to take in, so I thought I would take a few minutes to highlight some key activities led by my team of End User Computing (EUC) consultants and architects that you won’t want to miss.

Our organization is called Professional Services Engineering (PSE) and is part of the Global Technical and Professional Services Organization. As VMware’s EUC subject matter experts, our team works with some of our largest EUC customers worldwide.

You can read the rest of my post and find out what I will be doing on VMware.com. Click Here

VMware User Environment Manager Application Profiler

One of the great benefits to the new User Environment Manager from VMware is the ability to be able to manage user setting at an application level for each individual applications. There are a number of ways in witch you can configure your applications to be managed by the UEM solution. The quickest and easiest is to use the Application Profiler that is available with the UEM download.

The VMware UEM Application Profiler is an extra software install that you install on a desktop or virtual machine where you have your user software installed. Once installed the application profiler can be used to quickly create the standard application settings that can be easily rolled out to your users.

As the UEM Application Profiler is not part of the standard install this blog will document just how to install and configure the UEM Application Profiler.

This blog post assumes that you have already configured User Environment Manager in your environment and everything is working as designed, if you do not have UEM installed and running then please see my blog on the VMware website Here

Capturing Application Settings

  1. Log in to the desktop where you have installed the Application Profiler software
  2. Install the Application that requires a profile
  3. Launch the Application Profiler

1

  1. Click Start Session

2

  1. Select the Application that requires a Profile and click OK

3

  1. The Application will automatically launch
  2. Make any changes to the Application that will be required as part of the application profile
  3. Once the Application is configured correctly switch to the Application Profiler and click Stop Analysis

4

  1. Click OK

5

  1. Click Save and save the config file with the predefined settings

6

  1. Copy the 3 saved files to the \\UEMServer\UEMShare\general\applications
    • Configuration file
    • Flag file
    • Icon file
  2. In the VMware User Environment Manager – Manager click refresh tree

7

  1. The new Application will now appear in the application tree

8

My good friend and colleague Stephane Asselin created some good video’s on the process that can be found here https://www.youtube.com/playlist?list=PLfr3uvmY7hBwGeHiVIfo7rGA7rk4yemEV

To read more from Stephane check out his blog here http://myeuc.net/?wref=bif

Application Profiler Configuration Procedure

The following should be installed on all of the PC’s that will be required to run the Application Profiler.

  1. Run the VMware UEM Application Profiler x.exe file
  2. Click Next

9

  1. Accept the License Agreement and click Next

10

  1. Confirm the destination folder and click Next

11

  1. Click Install

12

  1. Click Finish

13