1. Manuals
  2. Brands
  3. VMware Manuals
  4. Software
  5. VIEW 4.5 - ARCHITECTURE PLANNING...
  6. Manual

VMware VIEW 4.5 - ARCHITECTURE PLANNING EN-000350-01 Manual

View architecture planning guide
Hide thumbs
Table of Contents

Advertisement

Quick Links

Download this manual
VMware View Architecture Planning
Guide
View 4.5
View Manager 4.5
View Composer 2.5
This document supports the version of each product listed and
supports all subsequent versions until the document is replaced
by a new edition. To check for more recent editions of this
document, see http://www.vmware.com/support/pubs.
EN-000350-01

Advertisement

Table of Contents
loading

Related Manuals for VMware VIEW 4.5 - ARCHITECTURE PLANNING EN-000350-01

Summary of Contents for VMware VIEW 4.5 - ARCHITECTURE PLANNING EN-000350-01

  • Page 1 VMware View Architecture Planning Guide View 4.5 View Manager 4.5 View Composer 2.5 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new edition. To check for more recent editions of this document, see http://www.vmware.com/support/pubs.
  • Page 2 VMware products are covered by one or more patents listed at http://www.vmware.com/go/patents. VMware is a registered trademark or trademark of VMware, Inc. in the United States and/or other jurisdictions. All other marks and names mentioned herein may be trademarks of their respective companies.

  • Page 3: Table Of Contents

    About This Book 5 Introduction to VMware View 7 Advantages of Using VMware View 7 VMware View Features 9 How the VMware View Components Fit Together 9 Integrating and Customizing VMware View 13 Planning a Rich User Experience 15 Feature Support Matrix 15...
  • Page 4 Implementing Best Practices to Secure Client Systems 55 Assigning Administrator Roles 55 Preparing to Use a Security Server 55 Understanding VMware View Communications Protocols 60 Overview of Steps to Setting Up a VMware View Environment 67 Index 69 VMware, Inc.

  • Page 5: About This Book

    Does VMware View solve the problems you need it to solve? Would it be feasible and cost-effective to implement a VMware View solution in your enterprise? To help you protect your VMware View installation, the guide also provides a discussion of security features. Intended Audience This information is intended for IT decision makers, architects, administrators, and others who need to familiarize themselves with the components and capabilities of VMware View.
  • Page 6 Customers with appropriate support contracts should use telephone support for the fastest response on priority 1 issues. Go to http://www.vmware.com/support/phone_support.html. To find out how VMware support offerings can help meet your business needs, Support Offerings go to http://www.vmware.com/support/services. VMware Education Services courses offer extensive hands-on labs, case study...

  • Page 7: Introduction To Vmware View

    Introduction to VMware View With VMware View, IT departments can run virtual desktops in the datacenter and deliver desktops to employees as a managed service. End users gain a familiar, personalized environment that they can access from any number of devices anywhere throughout the enterprise or from home. Administrators gain centralized control, efficiency, and security by having desktop data in the datacenter.
  • Page 8 Figure 1-1. Administrative Console for View Manager Showing the Dashboard View Another feature that increases convenience is the VMware remote display protocol PCoIP. PCoIP (PC-over- IP) display protocol delivers an end-user experience equal to the current experience of using a physical PC: On LANs, the display is faster and smoother than traditional remote displays.

  • Page 9: Vmware View Features

    End users start View Client to log in to View Connection Server. This server, which integrates with Windows Active Directory, provides access to a virtual desktop hosted on a VMware ESX server, a blade or physical PC, or a Windows Terminal Services server.
  • Page 10 View Thin Client. Repurposing a legacy PC into a thin client desktop can extend the life of the hardware by three to five years. For example, by using VMware View on a thin desktop, you can use a newer operating system such as Windows Vista on older desktop hardware.
  • Page 11 Security servers in the DMZ communicate with View Connection Servers inside the corporate firewall. Security servers offer a subset of functionality and are not required to be in an Active Directory domain. You install View Connection Server in a Windows Server 2003 or 2008 server, preferably on a VMware virtual machine.
  • Page 12 Server This service acts as a central administrator for VMware ESX servers that are connected on a network. vCenter Server, formerly called VMware VirtualCenter, provides the central point for configuring, provisioning, and managing virtual machines in the datacenter.

  • Page 13: Integrating And Customizing Vmware View

    Integrating and Customizing VMware View To enhance the effectiveness of VMware View in your organization, you can use several interfaces to integrate VMware View with external applications or to create administration scripts that you can run from the command line or in batch mode.
  • Page 14 When you use View Administrator to modify the configuration of VMware View, the appropriate LDAP data in the repository is updated. VMware View stores its configuration information in an LDAP compatible repository. For example, if you add a desktop pool, VMware View stores information about users, user groups, and entitlements in LDAP.

  • Page 15: Planning A Rich User Experience

    VMware View includes many features that you might want to make available to your end users. Before you decide which features to use, you must understand the limitations and restrictions of each feature.

  • Page 16: Choosing A Display Protocol

    Multiple monitors Local Mode In addition, several VMware partners offer thin client devices for VMware View deployments. The features that are available for each thin client device are determined by the vendor and model and the configuration that an enterprise chooses to use. For information about the vendors and models for thin client devices, see the Thin Client Compatibility Guide, available on the VMware Web site.
  • Page 17 Chapter 2 Planning a Rich User Experience VMware View with PCoIP PCoIP is a new high-performance remote display protocol provided by VMware. This protocol is available for View desktops that are sourced from virtual machines, Teradici clients, and physical machines that have Teradici-enabled host cards.

  • Page 18: Using A View Desktop Without A Network Connection

    VMware does not bundle or license HP RGS with VMware View. Contact HP to license a copy of HP RGS version 5.2.5 to use with VMware View. For information about how to install and configure HP RGS components, see the HP RGS documentation available at http://www.hp.com.

  • Page 19: Accessing Usb Devices Connected To A Local Computer

    This feature is available only for virtual machines that are managed by vCenter Server. Assigning application packages created with VMware ThinApp is not supported on local desktops. For security reasons, you cannot access the host CD-ROM from within the View desktop.

  • Page 20: Printing From A View Desktop

    VMware View Architecture Planning Guide USB devices that do not appear in the menu, but are available in a View desktop, include smart card readers and human interface devices such as keyboards and pointing devices. The View desktop and the local computer use these devices at the same time.

  • Page 21: Using Multiple Monitors With A View Desktop

    Regardless of the display protocol, you can use multiple monitors with a View desktop. If you use PCoIP, the display protocol from VMware, you can adjust the display resolution and rotation separately for each monitor. PCoIP allows a true multiple-monitor session rather than a span mode session.
  • Page 22 VMware View Architecture Planning Guide VMware, Inc.

  • Page 23: Managing Desktop Pools From A Central Location

    Windows Terminal Services servers. Create one virtual machine as a base image, and VMware View can generate a pool of virtual desktops from that image. You can easily install or stream applications to pools with VMware ThinApp.

  • Page 24: Reducing And Managing Storage Requirements

    Managing Storage with vSphere on page 24 VMware vSphere lets you virtualize disk volumes and file systems so that you can manage and configure storage without having to consider where the data is physically stored. Reducing Storage Requirements with View Composer...

  • Page 25: Application Provisioning

    Managing VMware ThinApp Applications in View Administrator on page 26 VMware ThinApp™ lets you package an application into a single file that runs in a virtualized application sandbox. This strategy results in flexible, conflict-free application provisioning. Using Existing Processes for Application Provisioning...
  • Page 26 Managing VMware ThinApp Applications in View Administrator VMware ThinApp™ lets you package an application into a single file that runs in a virtualized application sandbox. This strategy results in flexible, conflict-free application provisioning. ThinApp provides application virtualization by decoupling an application from the underlying operating system and its libraries and framework and bundling the application into a single executable file called an application package.

  • Page 27: Using Active Directory Gpos To Manage Users And Desktops

    Chapter 3 Managing Desktop Pools from a Central Location Using Existing Processes for Application Provisioning With VMware View, you can continue to use the application provisioning techniques that your company currently uses. Two additional considerations include managing server CPU usage and storage I/O and determining whether users are permitted to install applications.
  • Page 28 VMware View Architecture Planning Guide VMware, Inc.

  • Page 29: Architecture Design Elements And Planning Guidelines

    Architecture Design Elements and Planning Guidelines A typical VMware View architecture design uses a building block strategy to achieve scalability. Each building block definition can vary, based on hardware configuration, View and vSphere software versions used, and other environment-specific design factors.
  • Page 30 VMware View Architecture Planning Guide Estimating Memory Requirements for Virtual Desktops on page 31 RAM costs more for servers than it does for PCs. Because the cost of RAM is a high percentage of overall server hardware costs and total storage capacity needed, determining the correct memory allocation is crucial to planning your desktop deployment.
  • Page 31 Insufficient RAM allocations can cause excessive guest swapping, which can generate I/O that causes significant performance degradations and increases storage I/O load. VMware ESX supports sophisticated memory resource management algorithms such as transparent memory sharing and memory ballooning, which can significantly reduce the physical RAM needed to support a given guest RAM allocation.
  • Page 32 RAM Sizing for Specific Monitor Configurations When Using PCoIP If you use PCoIP, the display protocol from VMware, the amount of extra RAM that the ESX host requires depends in part on the number of monitors configured for end users and on the display resolution.
  • Page 33 Remove unnecessary files. For example, reduce the quotas on temporary Internet files. Choose a virtual disk size that is sufficient to allow for future growth, but is not unrealistically large. Use centralized file shares or a View Composer persistent disk for user-generated content and user- installed applications. VMware, Inc.

  • Page 34: Vmware View Esx Node

    You can also add 15 percent to this estimate to be sure that users do not run out of disk space. VMware View ESX Node A node is a single VMware ESX server that hosts virtual machine desktops in a VMware View deployment. VMware View is most cost-effective when you maximize the consolidation ratio, which is the number of desktops hosted on an ESX server.

  • Page 35: Desktop Pools For Specific Types Of Workers

    Chapter 4 Architecture Design Elements and Planning Guidelines Desktop Pools for Specific Types of Workers VMware View provides many features to help you conserve storage and reduce the amount of processing power required for various use cases. Many of these features are available as pool settings.
  • Page 36 VMware View Architecture Planning Guide Pools for Task Workers You can standardize on stateless desktop images for task workers so that the image is always in a well-known, easily supportable configuration and so that workers can log in to any available desktop.
  • Page 37 Administrators can retain tight control over the applications that run on the View desktop and can centrally manage the desktop just as they do remote View desktops. With local mode, all the benefits of VMware View can also extend to remote or branch offices that have slow or unreliable networks.

  • Page 38: Desktop Virtual Machine Configuration

    VMware View Administrator's Guide. As part of this setup, you can use the following pool settings. Create an automated pool so that desktops can be created when the pool is created or can be generated on demand based on pool usage.
  • Page 39 The amount of system disk space required depends on the number of applications required in the base image. VMware has validated a setup that included 8GB of disk space. Applications included Microsoft Word, Excel, PowerPoint, Adobe Reader, Internet Explorer, McAfee Antivirus, and PKZIP.

  • Page 40: Vcenter And View Composer Virtual Machine Configuration And Desktop Pool Maximums

    4-5. The ESX server that hosts this virtual machine can be part of a VMware HA cluster to guard against physical server failures. This example assumes that you are using VMware View with vSphere 4.1 and vCenter Server 4.1. Table 4-5. vCenter Server Virtual Machine Example and Pool Size Maximum...

  • Page 41: View Transfer Server Virtual Machine Configuration And Storage

    VMware View deployment can accommodate. This example assumes that you are using VMware View with vSphere 4.1 and vCenter Server 4.1. It also assumes that View Connection Server is running on a 64-bit Windows Server 2008 R2 Enterprise operating system.

  • Page 42: Vsphere Clusters

    In cases where availability requirements are high, proper configuration of VMware HA is essential. If you use VMware HA and are planning for a fixed number of desktops per server, run each server at a reduced capacity. If a server fails, the capacity of desktops per server is not exceeded when the desktops are restarted on a different host.

  • Page 43: Vmware View Building Blocks

    VMware had not yet validated such an approach in conjunction with VMware View. Testing of vCenter Server 4.1 with VMware View 4.5 was limited to testing 2,000 virtual desktops with one vCenter Server. If you have only one building block in a pod, use two View Connection Server instances for redundancy.
  • Page 44 View Composer desktops, which use linked-clone technology. The external storage system that VMware vSphere uses can be a Fibre Channel or iSCSI SAN (storage area network), or an NFS (Network File System) or CIFS (Common Internet File System) NAS (network-attached storage).
  • Page 45 I/O storm loads. In addition to determining best practices, VMware recommends that you provide bandwidth of 1Gbps per 100 virtual machines, even though average bandwidth might be 10 times less than that. Such conservative planning guarantees sufficient storage connectivity for peak loads.

  • Page 46: Vmware View Pod

    VMware View and Cisco Adaptive Security Appliances (ASA) SSL VPN Solution VMware View Pod A VMware View pod integrates five 2,000-user building blocks into a View Manager installation that you can manage as one entity. A pod is a unit of organization determined by VMware View scalability limits.
  • Page 47 Chapter 4 Architecture Design Elements and Planning Guidelines Table 4-11. Example of a VMware View Pod Item Number View building blocks View Connection Servers 7 (1 for each building block and 2 spares) 10Gb Ethernet module Modular networking switch Load-balancing module...
  • Page 48 VMware View Architecture Planning Guide VMware, Inc.

  • Page 49: Planning For Security Features

    Planning for Security Features VMware View offers strong network security to protect sensitive corporate data. For added security, you can integrate VMware View with certain third-party user-authentication solutions, use a security server, and implement the restricted entitlements feature. This chapter includes the following topics: “Understanding Client Connections,”...
  • Page 50 A client can access multiple desktops over a single HTTPS connection, which reduces the overall protocol overhead. Because VMware View manages the HTTPS connection, the reliability of the underlying protocols is significantly improved. If a user temporarily loses a network connection, the HTTP connection is reestablished after the network connection is restored and the RDP connection automatically resumes without requiring the user to reconnect and log in again.

  • Page 51: Choosing A User Authentication Method

    Choosing a User Authentication Method VMware View uses your existing Active Directory infrastructure for user authentication and management. For added security, you can integrate VMware View with RSA SecurID and smart card authentication solutions. Active Directory Authentication on page 51 Each View Connection Server instance is joined to an Active Directory domain, and users are authenticated against Active Directory for the joined domain.
  • Page 52 View Connection Server instance searches and that it displays to users. See the VMware View Administrator's Guide for more information. Policies, such as restricting permitted hours to log in and setting the expiration date for passwords, are also handled through existing Active Directory operational procedures.

  • Page 53: Restricting View Desktop Access

    For example, your VMware View deployment might include two View Connection Server instances. The first instance supports your internal users. The second instance is paired with a security server and supports your external users.

  • Page 54: Using Group Policy Settings To Secure View Desktops

    Enable single sign-on for smart card authentication in View Client. Configure server SSL certificate checking in View Client. Prevent users from providing credential information with View Client command line options. See the VMware View Administrator's Guide for information on using View Client group policy settings. VMware, Inc.

  • Page 55: Implementing Best Practices To Secure Client Systems

    Assigning Administrator Roles A key management task in a VMware View environment is to determine who can use View Administrator and what tasks those users are authorized to perform. The authorization to perform tasks in View Administrator is governed by an access control system that consists of administrator roles and privileges.
  • Page 56 You should follow best practice security policies and procedures when operating a security server in a DMZ. The DMZ Virtualization with VMware Infrastructure white paper includes examples of best practices for a virtualized DMZ. Many of the recommendations in this white paper also apply to a physical DMZ.
  • Page 57 If the View Connection Server instances paired with the security servers are enabled for RSA SecurID authentication, all external network users are required to authenticate by using RSA SecurID tokens. VMware, Inc.
  • Page 58 VMware View Architecture Planning Guide Figure 5-3. Multiple Security Servers remote View Client external network View Client internal network load balancing View Security Servers load balancing View Connection Servers vCenter Microsoft Management Server Active Directory ESX hosts running Virtual Desktop...
  • Page 59 TCP ports. Behind the back-end firewall, internal firewalls must be similarly configured to allow View desktops and View Connection Server instances to communicate with each other. Table 5-2 summarizes the back-end firewall rules. VMware, Inc.

  • Page 60: Understanding Vmware View Communications Protocols

    Firewalls are generally not used between the View Connection Server instances in a group. Understanding VMware View Communications Protocols VMware View components exchange messages by using several different protocols. Figure 5-5 illustrates the protocols that each component uses for communication when a security server is not configured.
  • Page 61 Chapter 5 Planning for Security Features Figure 5-5. VMware View Components and Protocols without a Security Server Windows and Linux Clients Web Client Thin Client browser thin client View Client Client operating system View Secure Client GW Client HTTP(S) HTTP(S)
  • Page 62 VMware View Architecture Planning Guide Figure 5-6. VMware View Components and Protocols with a Security Server Windows and Linux Clients Web Client Thin Client browser thin client View Client Client operating system View Secure Client GW Client HTTP(S) HTTP(S) PCoIP...
  • Page 63 Server components and between View Agent and View Connection Server. This component supports the Java Message Service (JMS) API, which is used for messaging in VMware View. By default, RSA keys that are used for intercomponent message validation are 512 bits. The RSA key size can be increased to 1024 bits if you prefer stronger encryption.
  • Page 64 VMware View Architecture Planning Guide Firewall Rules for View Connection Server Certain incoming TCP ports must be opened on the firewall for View Connection Server instances and security servers. When you install View Connection Server on Windows Server 2008, the installation program can optionally configure the required Windows firewall rules for you.
  • Page 65 Chapter 5 Planning for Security Features Firewall Rules for Active Directory If you have a firewall between your VMware View environment and your Active Directory server, you must make sure that all of the necessary ports are opened. For example, View Connection Server must be able to access the Active Directory Global Catalog and Lightweight Directory Access Protocol (LDAP) servers.
  • Page 66 VMware View Architecture Planning Guide VMware, Inc.

  • Page 67: Overview Of Steps To Setting Up A Vmware View Environment

    Set up the required administrator users and groups in Active Directory. Instructions: VMware View Installation Guide and vSphere documentation If you have not yet done so, install and set up VMware ESX servers and vCenter Server. Instructions: vSphere documentation If you are going to deploy linked-clone desktops, install View Composer on the vCenter Server system.
  • Page 68 VMware View Architecture Planning Guide VMware, Inc.

  • Page 69: Index

    11 encryption Business Intelligence software 13 of user credentials 53 supported by Microsoft RDP 17 supported with PCoIP 17 check list for setting up VMware View 67 entitlements, restricted 53 client connections ESX hosts 34 direct 50 tunnel 50...
  • Page 70 VMware View Architecture Planning Guide HA cluster 40, 42 parent virtual machine 25, 26 HP RGS 15, 18, 50 PCoIP 7, 9, 15, 17, 50, 55 persistent disks 25 physical PCs 40 I/O storms 44 policies, desktop 27 iSCSI SAN arrays 24...
  • Page 71 RSA SecurID 52 virtual private networks 17, 55 smart cards 52 .vmdk files 33 user types 30 VMotion 42 VMware View with Local Mode, See local vCenter, configuration 40 desktop vCenter Server 12, 23 vSphere 7, 9, 24 vdmadmin command 13...
  • Page 72 VMware View Architecture Planning Guide VMware, Inc.

This manual is also suitable for:

View 4.5 - architectureView composer 2.5View manager 4.5

Table of Contents