In an effort to make these processes as easy as possible heres the next in my series of flowcharts for supporting VMware. Keep in mind that this is simply for installation. Make sure you follow best practices and do a full application assessment before assuming your DR plan is complete. Attempting to deploy a DR plan for Exchange, SQL or any other multi-tier application without looking at all the interconnectivity will result in an unsuccessful DR failover. With that being said… heres the flowchart.
I have worked for multiple resellers throughout the years and one of the things that has been constant throughout has been that customers like to bring in an subject matter expert to do an initial deployment, but then after the initial deployment they let the environment remain status quo. Budgets tend to shrink with each passing year but the one area that should not get overlooked in maintenance of your infrastructure. As companies consolidate their servers and desktops onto a small subset of servers, the old system admin rule of “Always check from layer one up” carries even more weight, the physical layer quickly gives way to the hypervisor.
The challenge comes into play when you need to determine if you are truly following the best practices that have been put out by VMware. The do more with less mentality often means that IT staff are wearing multiple hats. This is the time to bring back in the VMware Solutions Provider or consultant and ask for one of the more underutilized tools in the consultants belt, the VMware HealthAnalyzer.
HealthAnalyzer is an automated process that collects inventory, configuration, and utilization data from the vSphere environment through the vSphere SDK. Once the data is collected the tool allows the solutions provider to produce a report grading the environment through a stop light mentality and display the findings and data in an easy to view format, including ways to re-mediate any pieces that are missing when compared to VMware Best Practices. The amount of time that the report takes is completely dependent on the size of your environment but in most SMB environments the data collection can be done in a single day without installing anything on the corporate environment. Once the data is collected, the consultant can compile and analyze the data to return the report card both in a written report as well as a summary presentation.
The VMware purchase of SpringSource seems to be paying off heavily in the past few weeks. After the long awaited release of the VMware View App for the Ipad last week, VMware followed up with the vSphere Client for Ipad on Friday Unlike the View app that connects directly to a current production environment, the vSphere client requires you to install the vCMA or vCenter Mobile Access appliance from http://labs.vmware.com/flings/vcma.
Once you install the vCMA you are able to publish a new web based vCenter management console. The vCMA will not give full control of your environment but it is great for quick checkups or vMotions. Once the app is installed you can set the IP address from the console and then access the webserver by browsing to the IP address followed by /vim (http://192.168.1.15/vim as an example). The next few screenshots are from my iPhone connecting into the vCMA
The first is the home screen with the second being the host and clusters view. These should look very similar on any smartphone you look at. One of the biggest features of the mobile app is the ability to migrate machines between hosts as seen below.
Now that the vCMA is installed you can grab the vSphere client for the ipad and get an even more detailed view into your environment. The first step, once you have the client downloaded and installed, is to set the webserver in the Global Settings screen. The webserver will be the IP address of the vCMA you installed earlier. When you open the app you will be asked to enter the vCenter address and username and password. From there you will see your hosts.
If you select one of the hosts you will see all the VMs it hosts along with basic performance information for the host.
Notice the performance tab at the bottom of the screen. This screen shows the historic performance stats of your host.
Returning back to the info tab, you can select an individual VM and get information from that VM.
Similar to the host settings you can also see the performance of the individual VM.
Now that you can get the information from VMs and Hosts, the next options are tools. You can ping or traceroute to the VM.
One of the last notable features is the ability to Suspend, Stop, or Restart the VM from the app.
As these apps mature I am sure we will see more features to include the network configurations, storage integration, and hopefully connectivity to the Public Cloud with the integration of vCloud Connector.
As a premier partner with VMware, we’ve seen a significant uptick in sales and pilots of the VMware View virtual desktop solution. The solution gives you a lot of flexibility for access including the flood of mobile devices hitting the market; iPad 2 anyone?
First, you can re-purpose your existing desktop as what’s called a full or fat client. This involves launching a client application from within the existing Operating System to access the View broker(s). The nice part about this approach is that regardless of your OS, there’s a client available to connect with. The Windows OS client from VMware gives you the advantage of software PCoIP and out of the box functionality. For Mac users there’s now have a native client as well, and you can use the Open Client when working with a Linux machine like Ubuntu (http://code.google.com/p/vmware-view-open-client/). If you’re looking to repurpose the desktops in your company but don’t want to maintain the desktop OS, there are client vendors that provide the ability to convert your existing desktop into a pseudo-thin client. This option allows you to ether completely rebuild the desktop as a pure thin-client platform, or as a dual boot environment. For more on this type of deployment, check out ThinDesktop (http://thinlaunch.com/).
The next option would be to access your virtual desktop from a traditional thin client. A thin client gives you a significant power savings with a product that has no moving parts and consumes anywhere from 6 to 50 watts versus upwards of 350 watts for a traditional desktop. There are a lot of vendors out there that make thin clients, but the granddaddy of them all is Wyse. We were fortunate to be able to speak with Kim Nicola at Wyse at VMware PEX 2011.
The last and most exciting (in my opinion) option for access is through a mobile device. If you are using an iPhone or Android based phone, you can use the Wyse PocketCloud app to get RDP access to your View environment and virtual desktop. For both platforms, the app runs $14.99 and allows you to connect to View as well as traditional RDP or VNC clients. If you have an iPad you can still use the Wyse app or you can use the newly released VMware View iPad App (http://itunes.apple.com/us/app/vmware-view-for-ipad/id417993697?mt=8).
Take a look at our latest ClearpathTV video below and see the View iPad Client in action.
After working on updating my View 4.5 environment to 4.6, I came to the conclusion that the documentation is not exactly complete. I have listed out a few tips to take note of during your update process.
•All of the base images must have the upgraded View Agent installed. ◦You can install over the existing 4.5 agent, however it might fail if the View Composer Guest Server Agent can’t be stopped. To get around this, disable the service, reboot and reinstall the 4.6 agent
◦Once you install the agent, make sure you check the video card driver version. It should be the VMware SVGA 3D (Microsoft Corporation – WDDM) version 22.214.171.124
•Easiest way to upgrade the connection broker is by adding a replica server. ◦If you are running Windows 2003 32-bit the easiest upgrade path is to add a new server. Simply create a 2008 R2 server and install View as a replica server.
◦If you want to keep your Connection Server as 2003 then you can simply click the option “Use PCoIP Secure Gateway for PCoIP connections to desktop”
◦If you want to have a security server, I found it easiest to create another new server and set the pairing password. If your security server is already 2008 r2 then you could also reinstall the security server and set the password, but that would stop access temporarily from the outside world.
•On the View Admin console, make sure to set the external url on both the Security Server and the Connection Server. This is not needed or possible if you keep a 2003 connection server.
•If you want PCoIP over the WAN you will need to open a few more ports in addition to 443 ◦TCP 4172 Security Server -> Virtual Desktop
◦UDP 4172 Security Server Virtual Desktop
◦TCP 4172 View Client External -> Security Server
◦UDP 4172 View Client External Security Server
•If you think you have all the ports open, but still get a time out when using the Ipad client or through PCoIP, but RDP works fine and you are using a Cisco ASA (and possibly some other firewalls); we have found that you may need to separate the firewall rules. One rule for the UDP 4172, one for TCP 4172, and one for TCP 80 and 443. Having a single rule with all the ports seems to have problems when connecting through an ASA.
Hopefully these few tips will allow your upgrade or deployment to go just a little bit smoother.
Manage the User Locally, but Extend Identity to the Cloud
Starting at last years VMWorld one of the hottest topics has been Project Horizon. What was initially billed as an Enterprise App store will be released in three phases.
Phase 1: Secure Identity and Manage SAAS Apps
– Federate AD to Cloud SAAS Apps
– Simplify End User Experience with SSO
– Provision Users to mainstream SAAS Apps
A complementary product to many of your Identity Access and Management suites, Horizon will use a virtual machine placed in your DMZ that is referred to as the Horizon Connector.
Connector acts as a broker between the enterprise and the SAAS services. Secure tokens are used for the communication into the Horizon Cloud. Connectors from the Cloud could begin with Google Apps, Salesforce, Success Factors, Workday, Zimbra, Mozy, and Box.Net. These are done with SAML (http://en.wikipedia.org/wiki/Security_Assertion_Markup_Language) federation. SAML is an open standard that provides high security with no passwords, digitally signed tokens are passed for access. Access and reporting can be done from the Horizon Connector for auditing and license tracking.
Phase 2: Modernize your Windows Environment
– Virtualize your windows apps for isolation and portability
– Secure and Mange the desktop
– Orchestrate Windows App Delivery Options
This phase will bring applications into an app store, very similar to http://myonelogin.com/, with the addition of being able to add in ThinApp applications and Microsoft App-V packages. With a client to be released for desktops Horizon should be able to push icons for applications directly to the desktop after they are selected from the enterprise app store.
Phase 3: Control Your data and Collaboration
– Automatic Data Sync to trusted devices
– Encrypt data across different platforms
– Enable Simplified End User Collaboration
The last phase of this rollout will include being able to allow access to data and transfer/sync user data regardless of platform or applications, either within the enterprise or with SAAS products.
VMware announced at Partner Exchange yesterday a new certification designed specifically around desktop virtualization. The VMware Certified Associate – Desktop or VCA4-DT is the first of these certifications and the test is being ran in beta at Partner Exchange. According to the education team this is the first of 3 new certifications. There will be a VCP-DT for desktop focused engineers as well as a VCAP-DT for the most advanced desktop focused virtualization architects.
There are no prerequisites for the VCA exam, however VMware recommends taking the VMware View Fundamentals and the View 4.5 Install, Configure and Manage classes. The current requirements for the VCP4-DT will include passing the VCA4-DT and attaining a VCP4 certification.
The test is still in beta, however there is a blueprint on the VMware website (http://bit.ly/erCNUD). The beta test is 110 questions with top is ranging from the CLI commands, to maximum capabilities. Before taking the test you will want to make sure you have worked on View often, including troubleshooting.
VMware, like many other large corporations, announces new products at their large conferences. So far at Partner Exchange, I’ve seen VMware announce new competencies for its partners, new products to run the cloud, new certifications for technology professionals, and new email collaboration suites. The questions that come to mind are how all of these will impact the consumer, why it matters to the IT manager and how it will affect normal business user. In an effort to sum up the changes and the impacts, I will break each of these down along with why you should care.
New competencies include virtualization of business critical applications, cloud computing, security and management. The largest impact for consumers will be the cloud computing and tier one apps. Server virtualization has reached a point where most servers are being built virtually first, 2009 being the first year where more servers were virtual than physical. Competency in tier one applications (Exchange, SQL, and Oracle the major players) gives partners credentials to support essential applications. As an IT staff, the ability to call in a partner expert that knows how to do these large scale virtualization transitions is similar to calling in a plumber to fix a leak versus calling a handyman. The cloud competency certifies that the partner can help any company look strategically and determine how the cloud can be leveraged to help grow the enterprise.
Cloud Management Products
The vCloud Connector was announced yesterday and is a free plug-in for the traditional vCenter client that will allow a user to access the public clouds from within one console. When building out a development or testing environment, a user could leverage the low operating cost of public clouds versus more capital expenditures for underutilized equipment. Operations Manager is another product that was released that leverages public and private clouds and builds on the web based interfaces that VMware has built with the Service Director and View products.
The desktop certifications that I wrote about in earlier blog post touches on the need for IT staffs to know how to make a transition between the traditional desktop and the virtual desktops. The move into ‘bring your own computer and tablet’ driven business means that IT staff will need expertise around the products that allow the end user to use whatever device they want while still providing enterprise applications.
The new collaboration suite released this week give enterprises flexibility to look at new desktop applications for email and calendars. The norm has been Outlook but at a substantial Microsoft licensing cost.
The combination of these products, certifications, and competencies and knowing which works when is going to be the key to move IT into the next level and allow enterprise IT shops to become strategic thought leaders.
Comment viewing options
VMware View as a business catalyst. That was the overwhelming focus of the solution track boot camp at Partner Exchange today. I was very excited to hear the product team at VMware go into details about the total cost of ownership and return on investment that comes from a VMware View deployment. Imagine being able to take a physical server infrastructure that costs over $3 to manage for just a single dollar worth of hardware and being able to reduce that to just over $1.
The historical argument has been that it is impossible for the cost to be so much lower when you have to buy server and storage hardware instead of a desktop. Add in the Microsoft licensing and the View licensing and it has to be more expensive.
Not the case. Using some of the industry standard numbers you can get up to a 50% decrease in total cost of ownership. I will make sure to get all the details and get that out in another blog soon.
Cost savings is a great thing, but how is the user experience or the management experience? The ability to split the apps from the desktop and from the profiles allows management staff to customize the user experience for performance. This sounds great, but make sure you get an assessment done first. View is not the solution for every desktop and every application and an assessment can help you see exactly which desktops and which solutions will help you move into a virtual desktop infrastructure.
Once you have the results of your assessment there are a few things that may come in handy:
• Administrators have the ability to throttle PCoIP is now built into some of the View 4.5 adm files. The throttling can give minimum and maximums on bandwidth consumption.
• If you want to avoid the $100/year Microsoft VDA license, you can purchase a barebones PC with Windows licensing, no hard drive and maintain software assurance. This will drop your yearly cost in half since SA is normally about 30% of the cost of the OS purchase.
• USB load across PCoIP will show as more bandwidth than you probably imagine. This sounds like something that might not matter, except when your users want to sync their iTunes all at the same time.
More to come, stayed tuned throughout the week, tomorrow should be some more technical View info.