VCP5-DT Objective 2.3–Configure View Standard and Replica Connection Server(s)

Objective 2.3 – Configure View Standard and Replica Connection Servers

For this objective I used the following resources:

  • VMware View Administration Documentation

Knowledge

Identify View Connection Server Backup Settings

View Connection Servers are just like anything else in your environment, once you have them configured implement a backup strategy. Using the View Administrator console you can take an immediate backup (“Backup Now” option) or schedule them for an ongoing function. If your environment consists of multiple View Connection Servers in a replicated group only one host needs to be backed up as they will share the same configuration.

Manual Backup aka “Backup Now”

Step 1 – Connect and login into the VMware View Administrator console:

LogIn

Step 2 –  Under “View Configuration” select “Servers”. In right hand pane under “View Connection Servers” select the Connection Server you wish to backup and select “Backup Now”:

Step2

Step 3 – The “Backup Now” dialog will be displayed. Click “OK” to complete the backup:

Step3

NOTE – By default backup are saved to the following directory on your View Connection server:

  • Windows Server 2008 – C:ProgramdataVMwareVDMbackups
  • Windows Server 2003 – C:Documents and SettingsAll UsersApplication DataVMwareVDMbackups

Schedule a Backup

Step 1 – Connect and login into the VMware View Administrator console:

LogIn

Step 2 – Under “View Configuration”select “Servers”. In the right hand pane under “View Connection Servers” select the Connection Server you want to schedule a backup for and click “Edit”:

Step2b

Step 3 – The “Edit View Connection Server Settings” dialog will be displayed. Click the “Backup” tab on the far right:

Step3b

Step 4 – The “Backup” tab is displayed and provides several options for configuring the backup frequency and the number of backups to keep:

Step4b

The below chart outlines the selection options:

Setting Description
Automatic Backup Frequency Every Hour – Backups take place every hour on the hour
Every 6 Hours – Backups take place at midnight, 6am, noon, and 6pm
Every 12 Hours – Backups take place at midnight and noon
Every Day – Backups take place every day at midnight
Every 2 Days – Backups occur at midnight on Saturday, Monday, Wednesday, and Friday
Every Week – Backups take place weekly at midnight on Saturday
Every 2 Weeks – Backups take place every other week at midnight on Saturday
Never – Backups do not take place automatically
Max Number of Backups Number of backups files that an be stored on the View Connection Server instance. The number must be an integer greater than 0. When the maximum number is reached, View Manager deletes the oldest backup file. This setting also applies to backup files that are created when you use Backup Now.
Folder Location The default location is on the following path on the computer where View Connection Server is running:Windows Server 2008 – C:ProgramdataVMwareVDMbackups
Windows Server 2003 – C:Document and SettingsAll UsersApplication DataVMwareVDMbackupsWhen you use Backup Now, View Manager also stores the backup files in this location.

 

Identify View Global Settings

Step 1 – Connect and login into the VMware View Administrator console:

LogIn

Step 2 – Under “View Configuration”select “Global Settings”. In the right hand pane under “Global Settings” you can view the current settings or click “Edit” to modify:

Step2c

Step 3 – If you chose to edit the current settings the below screen will be displayed:

Step3c

The chart below provides a description for each of the settings:

 Setting Description
Session Timeout Determines how long a user can keep a session open after logging in to View Connection Server. The value is set in minutes. You must type a value. The default is 600 minutes. When a desktop session times out, the session is terminated and the View client is disconnected from the desktop
Require SSL for Client Connections and View Administrator Determines if a secure SSL communication channel is used between View Connection Server and View desktop clients that access View Administrator. When you select this setting, clients must use SSL connections. You must select this setting if you use smart card authentication. After you change this setting, you must restart the View Connection Server service to make your change take effect. In a group of replicated View Connection Server instance, you must restart each instance to make the change take effect.
Reauthenticate secure tunnel connections after network interruption Determine if user credentials must be reauthenticated after a network interruption when View clients use secure tunnel connections to View Desktops. When you select this setting, if a secure tunnel connection ends during a desktop session, View Client requires the user to reauthenticate before reconnecting. When this setting is not selected, the client reconnects to the desktop without requiring the user to reauthenticate. This setting has no effect when you use direct connection
Message Security Mode Determines the security of communication between View Manger components. Specifically, determines if signing and verification of the JMS messages passed between View Manager components takes place.
Disable Single Sign-on for Local Mode Operations Determines if single sign-on is enabled when users log in to their local desktops. If you disable this setting users must manually log in to their desktops to start their Windows sessions after they log in. When you change this setting, the change takes effect for each user at the next user operation
Enable Automatic Status Updates Determine if View Manager updates the global status pane in the upper left corner of View Administrator every few minutes. When you enable this setting idles sessions do not time out for any user who is logged into View Administrator
Display a Pre-Login Message Displays a disclaimer or another message to View Client users when they log in. Type your information or instructions in the text box in the Global Settings dialog window. To display no message, leave the test box blank
Display Warning Before Forced Logoff Displays a warning message when users are forced to log off because a scheduled or immediate update such as a desktop-refresh operations is about to start. This setting also determines how long to wait after the warning is shown before the user is logged off. Check the box to display a warning message. Type the number of minutes to wait after the warning is displayed and before logging off the user. The default is five minutes.

 

Identify the Account to Connect to vCenter

Step 1 – Connect and login into the VMware View Administrator console:

LogIn

Step 2 – Under “View Configuration”select “Servers”. In the right hand pane under “vCenter Servers” you can see the user name and vCenter Server View is configured to work with:

Step2d

Step 3 – If you click “Edit” you can view/edit the account that is used:

Step3d

Add View License Settings

Step 1 – Connect and login into the VMware View Administrator console:

LogIn

Step 2 – Under “View Configuration”select “Product Licensing and Usage”. In the right hand pane two sections will be available, one displaying the license expiration date and features (if a licensed key in configured). The other providing high water marks for usage:

Step2e

Step 3 – If you wish to change our add a license key click the “Edit” button in the “Licensing” section:

Step3e

Step 4 – Enter your license key in the field provided:

Step4e

Modify Global Policies

Step 1 – Connect and login into the VMware View Administrator Console:

LogIn

Step 2 – Under “Policies”select “Global Policies”. In the right hand pane two sections will be available, one displaying “View Policies” and the other displaying “Local Mode Policies”:

Step2f

Step 3 – Both policies groups can be changed via the “Edit Policies” button.

Step3f

See the charts below for a description for each option:

View Policies

Policy Description
Multimedia Redirection (MMR) Determines whether MMR is enabled for client systems
MMR is a Microsoft DirectShow filter that forwards multimedia data from specific codecs on View desktops directly through a TCP socket to the client systems. The data is then decoded directly on the client system, where it is played
The default value is Allow. If client systems have insufficient resources to handle local multimedia decoding change the setting to Deny.
MMR does not work correctly if the client system’s video display hardware does not have overly support
USB Access Determines whether desktops can use USB devices connected to the client system
The default value is Allow. To prevent the use of external devices for security reasons, change the setting to Deny.
Remote Mode Determines whether users can connect to and use desktops running on vCenter Server instances. If set to Deny, users must check out the desktop on their local computers and run the desktop only in local mode. Restricting users to running desktops only in local mode reduces the costs associated with CPU, memory, and network bandwidth requirements of running the desktop on a back-end server.
The default value is Allow
PCoIP Hardware Acceleration Determines whether to enable hardware acceleration of the PCoIP display protocol and specifies the acceleration priority that is assigned to the PCoIP user session
This setting has an effect only if a PCoIP hardware acceleration device is present on the physcial computer that hosts the desktop.
The default value is Allow at Medium priority.

 

Local Mode Policies

Policy Description
Local Mode Determines whether users can check out desktops for local use. Also determines whether users can run local desktops while the desktops are checked out.
The default value is Allow
If you change this value to Deny while a desktop is checked out, the user cannot run the desktop in local mode, and the desktop cannot be used remotely because it is still checked out.
User-Initiated Rollback Determines whether users can discard a local desktop and revert to the remote version
When a user initiates the rollback process, the lock on the remote desktop is released and the local desktop is discarded. If necessary, the user can manually remove and delete the local folder that contains the local desktop data
The default value is Allow
Max Time Without Server Contact Specifies the amount of time in days that a local desktop can run without making contact with View Connection Server for policy updates. If the specified time limit is exceeded, View Client displays a warning message to the user and suspends the desktop
The default value is 7 days
On the client side, this expiration policy is stored in a file that is encrypted by a key that is built into the application. This built-in key prevents users who have access to the password from circumventing the expiration policy
Target Replication Frequency Specifies the interval in days, hours, or minutes between the start of one replication and the start of the next replication. A replication copies any changes in local desktop files to the corresponding remote desktop or View Composer persistent disk in the datacenter
The default value is the No replication setting. If you select At a specified interval, the default replication interval is 12 hours.
You can prohibit scheduled replications by selecting No replication.
The No replication policy doe not prohibit explicit replication requests. You can initiate replications in View Administrator, and users can request replications if the User initiated replication policy is set to Allow.
If a replication takes longer than the interval that is specified in the Target replication frequency policy, the next scheduled replication starts after the previous one is completed. The pending replication does not cancel the previous one.
User Deferred Replication Determines whether users can pause active replications. If you enable this policy, a user can defer a replication that is underway. The replication does not resume, and no new replications start, until the deferment period is over.
The default value is Deny. When the value is set to Allow, the deferment period is two hours
Disks Replicated Determines which desktop disks are replicated. This policy affects View Composer linked-clone desktops only. For full virtual-machine desktops, all disks are replicated.
You have these disk-replication choices:
-Persistent disks
-OS disks
-OS and persistent disks
Changing this policy affects desktop replication after the next checkout occurs. A change does not affect desktops that are currently checked out.
The default value is Persistent disks.
User-Initiated Check In Determines whether users are allowed to check in desktops that are running in local mode
The default value is Allow
User-Initiated Replication Determines whether users are allowed to initiate replications from their desktops when they run in local mode.
The default value is Allow.

 

Configure External URL Settings

By default, a View Connection Server or security server host can be contacted only by tunnel clients that reside within the same network. Tunnel clients that run outside of your network must use a client-resolvable URL to connect to a View Connection Server or security server host.

When users connect to View desktops with the PCoIP display protocol, View Client can make a further connection to the PCoIP Secure Gateway on the View Connection Server or security server host. To use the PCoIP Secure Gateway, a client must have access to an IP address that allows the client to reach the View Connection Server or security server host. You specify this IP address in the PCoIP external URL.

Both the secure tunnel external URL and PCoIP external URL must be the addresses that clients systems use to reach this host. For example, if you configure a View Connection Server host, do not specify the secure tunnel external URL for this host and the PCoIP external URL for a paired security server.

Taken from page 22 of the VMware View Administration documentation.

Step 1 – Connect and login into the VMware View Administrator console:

LogIn

Step 2 – Under “View Configuration”select “Servers”. In the right hand pane you can select either the “Security Servers” or View Connection Servers”:

Step2g

Step 3 – With the server you wish to modify select the “Edit” button. Depending on if you selected a Security Server or View Connection Server the dialog that is displayed will differ:

Security Server Dialog

Step3g

View Connection Server Dialog

Step3g-2

Identify Default Roles, Custom Roles, and What Permissions are Available

Role User Capabilities Applies to Folder
Administrators Perform all administrator operations, including creating additional administrator users and groups. Administrators that have the Administrators role on the root folder are super administrators because they have full access to all of the inventory objects in the system. Because the Administrators role contains all privileges, you should assign it to a limited set of users. Initially, members of the local Administrators group on your View Connection Server host are given this role on the root folder.Important – An administrator must have the Administrators role on the root folder to perform the following tasks:
-Add and delete folders
-Manage ThinApp applications and configurations settings in View Administrator
-View and modify View Transfer Server instances and the Transfer Server repository
-Use the vdmadin and vdmimport commands
YES
Administrators (Read Only) -View, but not modify, global settings and inventory objects.
-View, but not modify, ThinApp applications and settings, View Transfer Server instnaces, and the Transfer Server repository
-Run all PowerShell commands and command line utilities, including vdmexport but excluding vdmadmin and vdmimport. When administrators have  this role on a folder, they can only view the inventory objects in that folder
YES
Agent Registration Administrators Register unmanaged desktop sources such as physical systems, standalone virtual machines, and terminal servers YES
Global Configuration and Policy Administrators View and modify global policies and configuration settings except for administrator roles and permissions, ThinApp applications and settings, View Transfer Server instances, and the Transfer Server repository NO
Global Configuration and Policy Administrators (Read Only) View, but not modify, global policies and configuration settings except for administrator roles and permissions, ThinApp applications and settings, View Transfer Server instances, and the Transfer Server repository. NO
Inventory Administrators -Perform all desktop, session, and pool related operations
-Mange persistent disks
-Resync,Refresh, and Rebalance linked-clone pools and change the default pool imageWhen administrators have this role on a folder, they can only perform these operations on the inventory objects in that folder
YES
Inventory Administrators (Read Only) View, but not modify, inventory objects. When administrators have this role on a folder, they can only view the inventory objects in that folder YES

 

Chart is taken from page 35 of the VMware View Administration documentation.

Describe the Use of Folders Within the View Connection Server

By default, desktop pools are created in the root folder, which appears as / or Root(/) in View Administrator. You can create folders under the root folder to subdivide your desktop pools and then delegate the administration of specific desktop pools to different administrators. A desktop inherits the folder from its pool. An attached persistent disk inherits the folder from its desktop. You can have a maximum of 100 folders, including the root folder. You configure administrator access to the resources in a folder by assigning a role to an administrator on that folder. Administrators can access the resources that reside only in folders for which they have assigned roles. The role that an administrator has on a folder determines the level of access that the administrator has to the resources in that folder. Because roles are inherited from the root folder, am administrator that has a role on the root folder has that role on all folders. Administrators that have the Administrators role on the root folder are super administrators because they have full access to all of the inventory objects in the system

Taken from page 25 of the VMware View Administration documentation.

%d bloggers like this: