May
02

View 5.1 – Goodies and Gottcha’s

Like most of the VMware .1 releases, it’s chalk full of sorts of goodies. Below are new tidbits that make up View 5.1. The pictures below are from the beta but for the most part everything should still apply.

User Experience Improvement Program – No data that identifies your organization is collected. You do have the option of joining or opting out later.

Password protected ADAM database - This is mandatory, don’t forget to commit it to your memory. This also should tell you that once you start the upgrade you’re committed. You cannot downgrade a instance to an earlier version. Before you could get away with a mix mash, not best practice but you could do it.

This will also make your backups encrypted. To restore an encrypted backup, you must decrypt the data first. You must use the data recovery password that you provided when you installed View Connection Server.

Entering a List of Manual Names for Provisioning – Not sure why you would want to do this but someone wanted!

Array Integration (VAAI) Native Cloning capability of Network Attached Storage – Storage vendors developing support for NFS native cloning (VAAI) need additional certification to support the View workload. Double Check, Double Check with your vendor. It’s actually the redo log that is getting offload to the array. If you’re going to want to run this feature with a NAS device you CAN’T split the replica from the OS disk, they must reside on the same host.

SSD vendors are going to have a hay day with this one.

Giant Pods with NFS – Support up to 32 hosts in a cluster when Network Attached Storage is in use.

View Composer server in a server separate from VMware vCenter Server - No more hacking the ADAM database too! To speed up provisioning you had to go into the ADAM database but now it’s right in the open. I would strongly suggest leaving the defaults if you’re not putting View Composer on a separate server.

Content Based Read Cache (CBRC) – A In-memory cache of common block of reads. It’s completely transparent to the guest. The options for setting CBRC do show up on the vSphere host but the settings will not stick. This new settings needs to be configured within the View Administrator. Only with vSphere 5.0 hosts.

There is great article on CBRC on myvirtualvloud.net for more information.

VMware did testing with Window 7 – Single Host boot Storm, the results are below.

Customizable View Composer disposable disk driver letter – Just be careful with this. You machine still needs to write data here in a timely fashion. At least know you have an option if your logon scripts are getting in the way.

RADIUS Authentication – View 5.1 will be immediately able to support a wide range of alternative two-factor token based authentication options. View 5.1 will also provide an open standard extension interface to allow third party solution providers to integrate advanced authentication extensions into View. There is support for Primary and secondary RADIUS Servers

Persona Management utility that migrates Windows user profiles from Windows XP to Windows 7. Migrates profiles from physical computers to View or from View to View. I think this will remain experimental so no support will be offered. You can setup a XML files and get some scripting done with it so it is worth a look. The price is great = free.

Some other Gottcha’s
**** View Clients must use HTTPS to connect to View****** – Older View Clients that can choose not to use HTTPS will get an error if users select HTTP. Previously they were silently redirected to HTTPS. Clients that cannot make SSL connections will be unable to connect to View

Windows Firewall with Advanced Security must be enabled on security servers and View Connection Server hosts. Set Windows Firewall with Advanced Security to on before you install the View Servers

I hope this gets you started on your journey or at least some reasons to upgrade.

Comments

  1. Thanks for a great article. great info. just had a question regarding the jumbo host clusters using NFS. I’ve been unable to find any information on this. I was looking in the 5.1 instalation pdf and found this (below), but I’ve not been able to find a number of supported hosts mentioned.

    “A cluster that is used for View Composer linked clones can contain more than eight ESX/ESXi hosts, but
    you must store the replica disks on NFS datastores. On VMFS datastores, you can store replica disks only
    with clusters that contain at most eight ESX/ESXi hosts.” (pg 39)

    • dlessner says:

      NFS – 32 hosts – vSphere limit
      VMFS – 8 Hosts – View limit. VAAI limit is 140 machines per datastore.

  2. Anyone run into a problem with installing the View security server and the IPsec connection during install fails. I have opened all ports require however the install still fails. Error 28083. IPsec setup failed.

    Any Ideas?

    View 5.1
    2 – connection mangers
    2 – security servers
    all servers are on the same vlan and no external firewall

    • dlessner says:

      Do you have firewall enabled on both servers?

      Are you allowing UDP 500 in both directions?

      If there is a firewall anywhere you need to configure for protocols ESP & ISAKMP – They help to make up IPSEC. ESP doesn’t have a port assigned to it, just a protocol.

      • Yes UDP 500 is open both ways. Is there anything else I would need to do for ESP and ISAKMP?

        • dlessner says:

          Shouldn’t have to.

        • I got it working by setting source ports as default (all) destination ports set specific (i.e., 443, 8009, etc). Also, I needed to allow ESP on the firewall ACL. This is the only way I got it to communicate from my DMZ security server to the connection server. I had to use wireshark to see what was being used/blocked.

          • Lostpacket says:

            I’ve got a deployment where it will take weeks to get IPSEC allowed through the back end Cisco, but I have all the normal ports besides.

            Any chance I could just set disable on “Use IPsec for Security Server Connections” to make it work?

          • Yes, disabling it would work. Will just work like the previous releases.

Speak Your Mind

*