An introduction to VMware View 3 features and best practices, Part 1 of 3

A look at the new features of VMware View 3, as well as best practices learned while doing a deployment for a customer. Part 1 (this article) provides information and insight on new features.

In this three-part article series, Roland van der Kruk, a freelance consultant in The Netherlands, takes a look at the new features of VMware View 3, as well as best practices learned while doing a deployment for a customer. Part 1 (this article) provides information and insight on new features, Part 2 looks at Linked Clones, and Part 3 will look at special considerations and best practices for deployment.

Introduction

Early December 2008, VMware released their new product for the VDI market, VMware View 3.0. As a rather substantial update to the former version, VMware VDM 2.0, apparently the product name also had to undergo a change to underline the differences between the new product and its predecessor. In this article I will discuss the (new) features in View 3.0 and the way they work. I will first describe the components on which the product is based. Then I will focus on the different deployment types possible with View 3.0 and what happens during and after deploying different types of ‘desktop pools’.

My experience with the new product is mainly based on an implementation that I did for a customer, who had a specific use case to provide desktop operating systems to developers around the globe. I will sometimes refer to other use cases as there are quite a few, however perhaps the biggest question that everyone probably has will remain unanswered, as the technology that makes up VDI is still developing. Where we can speak of an accepted and well known technology like Citrix XenApp, VDI is not nearly there yet. The question of how VDI will result in better return on investment than desktop deployment methods being used for many years now is not clear. It all depends on use cases and things like high availability requirements and hardware cost. Financial differences and justifications for using VDI or a traditional desktop model are not discussed in this article.

Let’s first start with a description that VMware uses to describe the product and take it from there.

VMware describes View 3.0 as follows:

‘The Next Generation of VDI, delivering rich, personalized desktops to any device with all benefits of centralized management’.

View 3.0 was created using different technologies that are found in other VMware products. Examples of technology used in View 3.0 include snapshotting as seen in VMware Workstation (see picture 1); VMware OS cloning as used in ESX; and Tomcat is used for the Web based administration console, which we have seen before in the free VMware Server product (including the “self-signed, untrusted certificates” ‘feature,’ which is enabled by default ;-).

Managing View 3.0 is fairly straightforward. It is quite easy to use once you are accustomed to the components and terminology used with this product. Troubleshooting might turn out different, so let’s hope this product is as stable as should be.


Picture 1 - Snapshotting in VMware Workstation

VMware View 3.0 only supports VMware Infrastructure and is not a hypervisor-independent product. In fact, due to the new technologies that were added to View 3.0, it also imposes some requirements to the Virtual Infrastructure you are using. Before installing the first bit of View 3.0, you should check the version you are running on. View 3.0 is supported starting with VMware Infrastructure 3.02, however VI 3.5 u3 is recommended since linked clones are supported, which is probably the part raising most questions but also promising the best use cases. Both ESX 3.5 as ESX 3.5i can be used for View 3.0.

Components and terminology

Although setting up View 3.0 in fact can be quite straightforward, at first I found it difficult to figure out which components were doing what, communicating where, and for what purpose. I will try to explain the product by naming and describing all of the important components and terms used in the product.

View Connection Server

A connection server is a server acting as desktop broker. It facilitates two web sites; one for users that want to access a virtual desktop and one for administrators managing the View 3.0 environment. The Connection Server communicates with Active directory and maps Active Directory users and groups to virtual desktops and desktop pools. This information, together with configuration data, is stored in a local LDAP database, for which VMware decided to use ADAM (Active Directory Application Mode). The ADAM database can be viewed through the locally installed ADAM AdsiEdit.

Although the choice for ADAM as a database seems a good choice, unfortunately this also causes confusion, as with ADAM, a second LDAP database is introduced next to Active Directory. Confusion can arise when looking at the log messages in the Event log of the View Administrator console, where sometimes errors point to the ADAM LDAP database, while the actual error might be caused in communication towards Active Directory or vice versa.

When the Connection Server software is installed, the ‘VMware View Connection Server’ service is added, running under ‘local system’.

View Replica Server

The installation package for the Connection Server also contains the installation source for the ‘View Replica Server’. A View Replica Server is a Connection Server with its own replica of the ADAM database stored locally. All configuration data and changes are instantaneously replicated to all replica servers, resulting in entirely independent Connection Servers, being able to act on their own in case of failure of other replica servers.

View Security Server

The installation package for the Connection Server also contains the installation source for a ‘View Security Server’. A View Security Server acts somewhat like a Citrix Secure Gateway Server (the free software version) and is typically placed in a DMZ. Installation is very straightforward and the only important thing to configure is a 1-on-1 connection to a View Connection Server. After having connected a Security Server to a Connection Server, all instances of all Connection Servers are added to the configuration of the Security Server, not introducing awkward availability situations where a Security Server is available but its attached Connection Server is not. No ADAM database is stored locally and in fact the Security Server only function is to tunnel communication from the outside world users to the internal Connection servers over SSL. By simply entering the hostname of the security server in a web browser, the View Portal page is displayed, which actually is the View Portal page of a connection server.

View Portal

View Portal is the web page that facilitates users in accessing their desktops and is run on the Connection Server. After pointing a web browser to https://connectionservername, a logon screen appears in which all domains are available that are trusted by the domain to which the Connection Server was added. View Portal is the default web page on each Connection Server and is secured with self-signed certificates out of the box. Unfortunately with View 3.0, access to the View Portal is still not possible from Windows Server 2003 R2 machines, as was the case with VDM 2. Surprisingly enough, it is possible to access virtual desktops from Windows Server 2003, but only with the View Client software installed.

View Administrator/View Manager

The console from which all View management can be done, like View configuration, desktop deployment, user session management and log event viewing has in fact two names; ‘View Administrator’ and ‘View Manager’, as can be seen when the web based console is started. To start managing View 3.0, point a web browser to https://servername.domain/admin. Make sure you read that correctly; it is NOT https://servername.domain/adm, a little something that could eat you up for awhile if you don’t pay attention ;-). View configuration is done from one console that contains all possible configuration settings; a relief if you are accustomed to the different consoles that Citrix offers with their VDI product :) (see picture 2). Licenses, the connection to the Virtual Center server(s) and the account to perform all necessary actions in Virtual Center, the accounts to use that have permissions to add computer accounts in Active Directory, smart card support, a current usage overview, session timeout settings, SSL communication to the broker, login messages and more, it can all be accomplished using this one console which is even conveniently arranged. Hurray for VMware!

Perhaps a disadvantage would be that no real delegation of control can be configured; either you are a View administrator or you are not. No room for user session management only, or permissions to only modify specific desktops or pools; one down for VMware…

The four tabs in the administration console are:

  • Desktops and Pools - An overview of all desktop pools and other resources like Terminal Severs or bare metal pc’s, which can also be offered to users if the View Agent is installed. If the tab for Desktops and Pools is selected, sub windows appear on which all active sessions, accessible desktops, offline desktops and desktop policies can be viewed and managed.
  • Users and Groups - An overview of desktop entitlements to Active Directory users and groups
  • Configuration – All configuration for View 3.0 can be done here as mentioned before
  • Events - All events about desktop pool creation, desktop refresh etc. Events can be searched and filtered on number of days through the always-good-to-know symbol that VMware uses to show that more options are available: the triangle ;-) which looks like this:


Picture 2 – VMware View Administrator, configuration tab


Picture 3 - An view on the ‘Desktops and Pools’ tab in the View Administrator console, showing two desktop pools; one non persistent, one persistent

View Composer

View composer is a separate piece of software that has to be installed on the Virtual Center server if you want to use linked clones. Prior to doing that, a database needs to be created for which I used an MS SQL 2005 database, but SQL Express is also supported. You might consider using a separate account for the View Composer to run under, however I used the Active Directory Service account that Virtual Center is running under and granted the account dbowner rights on the LinkedClones database.

While installing the View Composer software, the ‘VMware View Composer’ service is added as a Windows Service, however I could not finish the installation until I changed the logon credentials to run under the same account that ‘VMware Virtual Center Server’ service is running on. In the Administrators’ guide for View Manager 3.0, page 104 or in Table 1 below, you can see exactly which permissions are needed for View Composer to work.

Privilege

Group Privilege(s) to Enable

Folder

Create Folder

Data store

Browse Data store, File Management

Virtual Machine

Inventory Configuration State

Provisioning > Clone

Provisioning > Allow Disk Access

Resource

Assign Virtual Machine To Resource Pool

Global

Enable Methods, Disable Methods

Table 1 - View Composer Account – Minimal Privileges in Virtual Center

View Agent

View Agent is the component that you install inside the virtual machine that you want to use as a master VM. With the machine that you decide to make the ‘Master Virtual Machine’, you can deploy other virtual machines that are cloned from the Master VM. The VMware view agent consists of the following components:


Picture 4 – Custom setup window of the View agent which is installed on the master VM

· VDM Secure Authentication – This feature will install a piece of software that handles single sign-on. A user has to enter his credentials either on the View Portal or in the View Agent that is installed locally on his computer, and these credentials can be passed to the virtual desktop provided by View 3.0. This works in conjunction with the View Client, in which you can configure to use SSL for your communication or not.

· USB Redirection – This feature handles connections from the clients’ desktop USB devices to the virtual machine. I’ve already found out that HP USB keyboards with integrated smart card readers are not supported and requested an update for that particular device. There are probably more devices that are not yet supported, so make sure you test the devices that you might plan to use in your company’s View 3.0 future.

· VMware View Composer Agent – This feature needs to be installed if you plan to use linked clones, more on that in Part 2 of this article.

· Virtual Printing – This feature installs ThinPrint universal printing software. I found version 7.8.0.3 of the ThinPrint Output Gateway, dated 07/12/2007 and version 1.0.0.11 of the PostScript driver, which is more recent, dating from 6/18/2008. I concluded that with advanced multi-functional devices, not all options like stapling your papers are supported, in contrast to the Citrix Universal Printer driver, in which you can open the client devices’ local printer properties window and access all options available in the native client driver. However, most options like paper size, orientation and duplex printing are available with the Virtual Printing feature.

View Client

View client is the component that end users have to install on their own system. With this client, USB redirection and single sign-on are supported. The View client installation package is automatically pushed if users having logged on to View Portal do not have the Client installed. The installation is straightforward, but unfortunately not available as web plug-in, so administrative permissions are required for the end user to install it. The view agent looks a bit like the regular RDP client from Microsoft; you start the client, enter the connection server that you want to logon to and after successful authentication, available resources are displayed in the View Client (see picture 5).


Picture 5 – Logon screens of the View Client, which needs to be installed on the client pc of end users.

 

Part 2 will be released in the next few days and cover Linked Clones.  Part 3, available early next week, will discuss VMware View 3 best practices. 

Roland van der Kruk is a freelance consultant in The Netherlands. He currently works with server-based computing and desktop delivery solutions. Roland can be contacted by email at roland@sbcprojects.com or through his website at http://www.sbcprojects.com.

 

Join the conversation

7 comments

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

Great article, looking forward to part 2 and 3 :-)


Rene Vester


Cancel

Thanks for all the effort that went into pulling this together. Great stuff; looking forward to the next installment.


Cancel

Love this stuff, Wondering if you ran into any problems with View or hurdles. Looking for the next installment.


Cancel

Mooi artikel Roland,


ben benieuwd naar deel 2 en 3


Cancel

Thanks Roland for putting this together.


Composer holds my interest so awaiting part 2.


Cancel

So what is the deal with " Unfortunately with View 3.0, access to the View Portal is still not possible from Windows Server 2003 R2 machines, as was the case with VDM 2. "  Just a default security setting? Does this affect Server 2008?


Cancel

Chrisbuzby, this means that you cannot connect to View Portal, the web page, from a Windows Server 2003 machine. However you can use View if you install the View Client on Windows Server 2003 and connect using View Client. I don't know why the web page is not supported on Windows Server 2003; it is not a big issue but it didn't make sense to me so I mentioned it.


Cancel

-ADS BY GOOGLE

SearchVirtualDesktop

SearchEnterpriseDesktop

SearchServerVirtualization

SearchVMware

Close