Apr
08

Horizon 7: Notes & important cliff notes from the docs

I was travelling last week and when I was sitting on the plane reviewing some Horzion 7 docs. I thought I would capture the bits that tend to make or break your installation. The below bits are good reminders on what to do and what not to do.

NOTE When installing replicated View Connection Server instances, you must usually configure the instances in the same physical location and connect them over a high-performance LAN. Otherwise, latency issues could cause the View LDAP configurations on View Connection Server instances to become inconsistent. A user could be denied access when connecting to a View Connection Server instance with an out-of-date configuration

IMPORTANT The physical or virtual machine that hosts View Connection Server must have an IP address
that does not change. In an IPv4 environment, configure a static IP address. In an IPv6 environment, machines automatically get IP addresses that do not change.

IMPORTANT To use a group of replicated View Connection Server instances across a WAN, MAN (metropolitan area network), or other non-LAN, in scenarios where a View deployment needs to span datacenters, you must use the Cloud Pod Architecture feature. You can link together 25 View pods to provide a single large desktop brokering and management environment for five geographically distant sites and provide desktops and applications for up to 50,000 users.

Cloud Pod Architecture

NOTE Windows Server 2008 R2 with no service pack is no longer supported.

To use View Administrator with your Web browser, you must install Adobe Flash Player 10.1 or later

IMPORTANT If you create the View Composer database on the same SQL Server instance as vCenter Server,
do not overwrite the vCenter Server database.

IMPORTANT To run View in an IPv6 environment, you must specify IPv6 when you install all View
components. – you can’t change it after the fact.

NOTE View does not require you to enter an IPv6 address in any administrative tasks. In cases where you can specify either a fully qualified domain name (FQDN) or an IPv6 address, it is highly recommended that you specify an FQDN to avoid potential errors.

NOTE To ensure that View runs in FIPS (Federal Information Processing Standard) mode, you must enable FIPS when you install all View components.

NOTE You might need to set the UPN for built-in Active Directory accounts, even if the certificate is issued
from the same domain. Built-in accounts, including Administrator, do not have a UPN set by default.

Enrollment Server Installation

NOTE Because this feature requires that a certificate authority also be set up,and specific configuration performed, the installation procedure for the enrollment server is provided in the View Administration document,

NOTE View Connection Server does not make, nor does it require, any schema or configuration updates to Active Directory.

IMPORTANT You will need the data recovery password to keep View operating and avoid downtime in
a Business Continuity and Disaster Recovery (BCDR) scenario. You can provide a password reminder
with the password when you install View Connection Server.

IMPORTANT When you perform a silent installation, the full command line, including the data recovery
password, is logged in the installer’s vminst.log file. After the installation is complete, either delete this
log file or change the data recovery password by using View Administrator.

NOTE Replication functionality is provided by View LDAP, which uses the same replication technology as
Active Directory.

NOTE You cannot pair an older version of security server with the current version of View Connection
Server. If you configure a pairing password on the current version of View Connecton Server and try to install an older version of security server, the pairing password will be invalid.

IMPORTANT If you do not provide the security server pairing password to the View Connection Server installation program within the password timeout period, the password becomes invalid and you must configure a new password.

IMPORTANT If you use a load balancer, it must have an IP address that does not change. In an IPv4 environment, configure a static IP address. In an IPv6 environment, machines automatically get IP addresses that do not change.

NOTE If the installation is cancelled or aborted, you might have to remove IPsec rules for the security server
before you can begin the installation again. Take this step even if you already removed IPsec rules prior to
reinstalling or upgrading security server.

CAUTION If you remove the IPsec rules for an active security server, all communication with the security
server is lost until you upgrade or reinstall the security server. Therefore, if you use a load balancer to manage a group of security servers, perform this procedure on one server and then upgrade that server before removing IPsec rules for the next server. You can remove servers from production and add them back one-by-one in this manner to avoid requiring any downtime for your end users.

IMPORTANT Replace the default certificate as soon as possible. The default certificate is not signed by a
Certificate Authority (CA). Use of certificates that are not signed by a CA can allow untrusted parties to intercept traffic by masquerading as your server.

IMPORTANT To configure View Connection Server or security server to use a certificate, you must change the
certificate Friendly name to vdm. Also, the certificate must have an accompanying private key.

IMPORTANT If you plan to use this feature and you are using multiple View pods that share some ESXi hosts,
you must enable the View Storage Accelerator feature for all pools that are on the shared ESXi hosts. Having
inconsistent settings in multiple pods can cause instability of the virtual machines on the shared ESXi hosts.

View Storage Accelerator is now qualified to work in configurations that use View replica tiering, in which
replicas are stored on a separate datastore than linked clones. Although the performance benefits of using
View Storage Accelerator with View replica tiering are not materially significant, certain capacity-related
benefits might be realized by storing the replicas on a separate datastore. Hence, this combination is tested
and supported.

NOTE You can also use Access Point appliances, rather than security servers, for secure external access to Horizon 7 servers and desktops. If you use Access Point appliances, you must disable the secure gateways on View Connection Server instances and enable these gateways on the Access Point appliances.

IMPORTANT Do not change the JVM heap size on 64-bit Windows Server computers. Changing this value
might make View Connection Server behavior unstable. On 64-bit computers, the View Connection Server
service sets the JVM heap size to accord with the physical memory.

IMPORTANT Syslog data is sent across the network without software-based encryption, and might contain
sensitive data, such as user names. VMware recommends using link-layer security, such as IPSEC, to avoid
the possibility of this data being monitored on the network.

IMPORTANT View Composer is an optional component. If you plan to provision instant clones, you do not need to install View Composer.

NOTE Virtual Volumes is compatible with the View storage accelerator feature but not with the space efficient
disk format feature, which reclaims disk space by wiping and shrinking disks.

NOTE Instant clones do not support Virtual Volumes.

Comments

  1. Thanks a bunch! This a impressive web-site!

Trackbacks

  1. […] Some interesting tidbits to be aware of in this article. […]

Speak Your Mind

*