VMWARE VIEW
ABSTRACT
This document provides an overview of VMware View 4.0, the next generation virtual desktop environment which delivers rich and personalised desktop as a manged service rather than delivering applications. This document also includes single and multiple domain environments scenarios, What are the possible issues and how to overcome those issues particularly in multiple domain environment (ISP or multi national company ).
What is VMWare View
Server virtualization in data center is the common trend in the past years, but virtualizing the Desktops is not popular as much. Vmware view is the first Desktop virtualization solution by VMWARE corporation. There are many advantages in virtual desktops compared to physical or real workstations that includes easy to manage and provisioning. Virtual Desktop means, “user’s workstation is stored on central server or data center as a virtual machine”. The user can access the virtual machine from anywhere over a high speed WAN link by using thin client, even virtual desktops can be accessed by zero client which means there is no need of physical CPU, no operating system instalation and configuration. Just the user’s can have a monitor, keyboard, mouse, printers and multimedia devices. VM View uses two special protocols to send data between client and hosted virtual machines running under ESX/ESXi servers. The Microsoft Remote Desktop Protocol (RDP) has been used with earlier version of VM View releases. The recent release from VM View (VMWare View 4.0 or higher) uses high performing protocol which is called PC over IP (PCOIP). PCOIP is introduced to overcome the limitations in the RDP. Because there are some isseus like resolution of desktops and loading some complex graphics to end users. PcoIP delivers the real desktop experience to the end users in the remote site by handling mulitimedia streaming.
“VMware View 4 is the industry’s first purpose built solution for delivering desktops as a managed service. Transform desktop management into a simplified and automated process, reduce the total cost of desktop ownership by 50%, provide end users a consistent high performance desktop experience and bring the power of the datacenter and VMware vSphere to your desktops.”
Why Choose VMware View for Virtual Desktop Infrastructure (VDI)
Desktop virtualization is an important component to IT strategy and chooses the right vendor is more critical, because there are several vendors offering VDI environment. In order to preserve the competition from other companies choose the best vendor that meets your current requirements and be able to raise your business tomorrow. VMware is the leading vendor in virtualization environment, contributing the most reliable platform for developing private clouds and associate it with public clouds.
With VMware view, it’s easy to deliver cost effective virtual desktops and applications securely to internal employees, branch offices, call centers, healthcare and educational facilities.
VMware product family reduces the operating costs by 33% compared to physical environments. Less hardware means minimal energy costs and also less physical space that taken by machines. VM products have scalability, results in low cost-per-application. So you can invest innovative applications that boost up companies economic.
There is more flexibility with VM products which delivers service level agreements even the business is changing rapidly by transform existing environment into flexible cloud. You can get benefit from 1500+ VMware partners with products that support VMware deployment from the desktop to the cloud.
.
COMPONENTS OF VMWARE VIEW
View Manager
View manager is one of the key component in deploying virtual desktop environment, it act as a connection broker between the remote users and virtual desktops running on datacenter. View manager can run on any physical or virtual server, typically resides in the central data center. View manager brokers the client requests by allocating the appropriate virtual desktops to the end users. It automatically handles which virtual Desktop a client should connect to. So it is simple to end user to connect with virtual Desktop, also easy mangement for the administrator.
View manager uses a single console to manage, provision and deploy the virtual desktops. It effectively manages 100s of desktops (upto 1000) on datacenter from central location – saving time and resources.
Secure Authentication by Active Directory
For secure connection to virtual desktops, view manager uses Active directory authentication (At the moment only Active directory authentication is supported by view manger). So View Manager seamlessly contact with Active directory to ensure user authentication. End users must authenticate with same username and password that is same in the Active Directory. All user accounts are present in the Active Directory.
View manager stores view configuration in Active Directory Schema.
Management with vCenter server
View manager integrated with vCenter server to create, delete and modify the virtual desktops. For example the view manager administrator can power off, suspend the virtual desktop when not in use. It is also used to create new virtual desktops from template and delete when they no longer required.
Deploying virtual machines:
There are two types of method to deploy virtual desktops on vCenter Server.
- Persistent Pools(Non linked clone)
- Non persistent Pools (Linked Clone)
Persistent Pools:
View manager deploys virtual desktops from a template and creates non linked clone of desktops, means that view manager allocates physical disk space for desktops on the data center. View manager allocates the desktops to the users as they requested and this allocation is stored for subsequent connections. When the user logs in next time the same desktop is allocated by the view manager. Users documents, applications and settings are remain stored in the desktops.
Non persistent Pools:
Non persistent pools use linked clone technology which means virtual desktops are deployed from a snapshot (parent VM). View manager allocates desktops to users dynamically. For the creation of non persistent pools View manager integrates with View composer installed on vCenter Server. View composer is a vital component of VMware view to provide advanced image management and storage optimization. It reduces the space for storing the virtual desktops by 90% and streamlines the virtual desktop deployment and provisioning. Whenever the Pool of desktops created, the replica of Parent VM is also created. The desktops are created from a replica VM only, because it has the current customization of the parent image. If there is any change made to the parent VM (for example installation of additional components, software or hardware) also replicated to replica VM and virtual desktops.
Linked clone creates separate disks for the OS and user data. The desktop is returned to the replica VM when the user logged off from the desktop (if you specify delete of VM after first use). So users get a fresh screen of desktop each time they log in. The user data is redirected to the different disk to preserve user’s data such documents and applications.
View manager has the following components
- View connection server
- View agent
- View client
- View portal
- View administrator
View connection server
View connection server is installed on windows 2003 server, can be a physical or virtual server offering broker services for view manager. The server must be joined to domain before installing connection server and important is this must not be a domain controller. This means that the server doesn’t assign with any other roles.
View agent
View agent must be installed on virtual desktops to provide session management and single sign-on. Install on template so that deployment of virtual machines from template will automatically include view agent.
View client
View client allows users to access their virtual desktops through the view connection server. After logged into the vCenter Server users can select the virtual desktops which they are entitled.
View portal
View portal is the web based (browser) client connection to the virtual desktops.
View Administrator
A web based application to configure view connection server, deploy and manage desktops and control user authentication.
VMWARE VIEW WITH MULTIPLE DOMAINS
So far we have seen the VMware view infrastructure works effectively in a single domain environment. Most of the internet sources are descrbing that VM view works only with single domain. But what about companies with multiple domain? For example ISP or multinational company. How do they implement VM view on their environment.
THE SCENARIO
The vcenter server can installed on seperate domain or workgroup. The company has three different domain and each domain users wants to access the virtual desktops running on vCenter server. Each domain has seperate AD services running on its own domain. So what happen when view manager authenticates the end user? Which domain is integrated during authentication? Multiple domains may be in same domain forest and in different domain.
There are two procedures to access the virtual desktops from multiple domains.
- Trust Relationship between two domains- To access Virtual Desktop from multiple domains, create a two way trust relationship between the domains hosting vcenter server or view manager with the domain wants to access virtual desktops. The domain users can use the virtual desktops after implementing the trust relationship between them. After deploying the virtual desktops, add entitlements to the desktop and select which user (domain user can access the desktop).
- Install view manager-Otherwise install a connection server (view manager) in every domain and integrate with vserver running on other domain. So you can deploy virtual desktops in the domain and add entitlements.
My lab includes the two different domains (vmwareview.local and vmview.local). I made two-way trust relationship between the domains. When setting up trust you may encounter an error like “DC could be contacted”. This problem is due to DNS server can’t resolve the DNS queries. To overcome this, add DNS information for domain controller in the DNS server. This setting can found under DNS server properties. Right click the DNS server and select properties. Select the Tab forwarders and enter domain name to resolve and provide corresponding forwarder IP address to resolve the DNS query. Make sure each domain can ping the domain controller of the other domain (for example ping the DC of vmview.local as “ping admin.vmview.local” and ping DC of vmwareview.local as “admin.vmwareview.local”. If both pings are successful you can setup two way trusts between the domains. If ping fails check the configuration in forwarders DNS entry).
After successful trust between the domains, deploy virtual desktops by using view manager in vmwareview.local. By default vmwareview.local is enabled as the quickprep domain. So the desktops are having the DNS suffix name with .vmwareview.local and add entitlements to desktops (as both domain users can access the desktop).
The clients from vmwareview.local domain can access the desktops without any problems. Because view manager authenticates all users based on the vmwareview domain Active Directory. Also users from vmview domain get authenticated, but the problem is, when login into the virtual desktop.
The error because, the user from other domain does not having the user entry in the vmwareview AD. But view manager authenticates all users with vmwareview domain, so there are no issues with view manager. The issue is with the linked clone technology. Linked clone using vmwareview as quickprep domain (because I specified view composer to use vmwareview domain as quickprep).
When deploying the virtual desktop, the view manager deploys the desktops from a single image and adds it to the vmwareview domain. By default all desktop are running under vmwareview domain. The user (viewuser1) from vmview domain tries to access that desktop it shows an error. Because there is no user named viewuser1 in vmwareview AD. Just click ok to the logon screen and select the vmview domain and enter the password. Now you can successfully log in to the desktop. The users from other domain gets the error when log in to the first time not subsequently.