VMware VIEW 4.5 - ARCHITECTURE PLANNING EN-000350-00, View 4.5, View Manager 4.5, View Composer 2.5 User Manual
VMware View Architecture Planning
Guide
View 4.5
View Manager 4.5
View Composer 2.5
This document supports the version of each product listed and
supports all subsequent versions until the document is replaced
by a new edition. To check for more recent editions of this
document, see http://www.vmware.com/support/pubs.
EN-000350-00
VMware View Architecture Planning Guide
2 VMware, Inc.
You can find the most up-to-date technical documentation on the VMware Web site at:
http://www.vmware.com/support/
The VMware Web site also provides the latest product updates.
If you have comments about this documentation, submit your feedback to:
docfeedback@vmware.com
Copyright © 2009, 2010 VMware, Inc. All rights reserved. This product is protected by U.S. and international copyright and
intellectual property laws. VMware products are covered by one or more patents listed at
http://www.vmware.com/go/patents.
VMware is a registered trademark or trademark of VMware, Inc. in the United States and/or other jurisdictions. All other marks
and names mentioned herein may be trademarks of their respective companies.
VMware, Inc.
3401 Hillview Ave.
Palo Alto, CA 94304
www.vmware.com
Contents
About This Book 5
1
Introduction to VMware View 7
Advantages of Using VMware View 7
VMware View Features 9
How the VMware View Components Fit Together 9
Integrating and Customizing VMware View 13
2
Planning a Rich User Experience 15
Feature Support Matrix 15
Choosing a Display Protocol 16
Using a View Desktop Without a Network Connection 18
Accessing USB Devices Connected to a Local Computer 19
Printing from a View Desktop 20
Streaming Multimedia to a View Desktop 20
Using Single Sign-On for Logging In to a View Desktop 20
Using Multiple Monitors with a View Desktop 21
3
Managing Desktop Pools from a Central Location 23
Advantages of Desktop Pools 23
Reducing and Managing Storage Requirements 24
Application Provisioning 25
Using Active Directory GPOs to Manage Users and Desktops 27
4
Architecture Design Elements and Planning Guidelines 29
Virtual Machine Requirements 29
VMware View ESX Node 34
Desktop Pools for Specific Types of Workers 35
Desktop Virtual Machine Configuration 38
vCenter and View Composer Virtual Machine Configuration and Desktop Pool Maximums 40
View Connection Server Maximums and Virtual Machine Configuration 40
View Transfer Server Virtual Machine Configuration and Storage 41
vSphere Clusters 42
VMware View Building Blocks 43
VMware View Pod 46
5
Planning for Security Features 49
Understanding Client Connections 49
Choosing a User Authentication Method 51
Restricting View Desktop Access 53
Using Group Policy Settings to Secure View Desktops 54
VMware, Inc.
3
Implementing Best Practices to Secure Client Systems 55
Assigning Administrator Roles 55
Preparing to Use a Security Server 55
Understanding VMware View Communications Protocols 60
6
Overview of Steps to Setting Up a VMware View Environment 67
Index 69
VMware View Architecture Planning Guide
4 VMware, Inc.
About This Book
The VMware View Architecture Planning Guide provides an introduction to VMware View™, including a
description of its major features and deployment options and an overview of how VMware View components
are typically set up in a production environment.
This guide answers the following questions:
n
Does VMware View solve the problems you need it to solve?
n
Would it be feasible and cost-effective to implement a VMware View solution in your enterprise?
To help you protect your VMware View installation, the guide also provides a discussion of security features.
Intended Audience
This information is intended for IT decision makers, architects, administrators, and others who need to
familiarize themselves with the components and capabilities of VMware View. With this information,
architects and planners can determine whether VMware View satisfies the requirements of their enterprise for
efficiently and securely delivering Windows desktops and applications to their end users. The example
architecture helps planners understand the hardware requirements and setup effort required for a large-scale
VMware View deployment.
VMware Technical Publications Glossary
VMware® Technical Publications provides a glossary of terms that might be unfamiliar to you. For definitions
of terms as they are used in VMware technical documentation, go to
http://www.vmware.com/support/pubs.
Document Feedback
VMware welcomes your suggestions for improving our documentation. If you have comments, send your
feedback to docfeedback@vmware.com.
VMware, Inc.
5
Technical Support and Education Resources
The following technical support resources are available to you. To access the current version of this book and
other books, go to http://www.vmware.com/support/pubs.
Online and Telephone
Support
To use online support to submit technical support requests, view your product
and contract information, and register your products, go to
http://www.vmware.com/support.
Customers with appropriate support contracts should use telephone support
for the fastest response on priority 1 issues. Go to
http://www.vmware.com/support/phone_support.html.
Support Offerings
To find out how VMware support offerings can help meet your business needs,
go to http://www.vmware.com/support/services.
VMware Professional
Services
VMware Education Services courses offer extensive hands-on labs, case study
examples, and course materials designed to be used as on-the-job reference
tools. Courses are available onsite, in the classroom, and live online. For onsite
pilot programs and implementation best practices, VMware Consulting
Services provides offerings to help you assess, plan, build, and manage your
virtual environment. To access information about education classes,
certification programs, and consulting services, go to
http://www.vmware.com/services.
VMware View Architecture Planning Guide
6 VMware, Inc.
Introduction to VMware View 1
With VMware View, IT departments can run virtual desktops in the datacenter and deliver desktops to
employees as a managed service. End users gain a familiar, personalized environment that they can access
from any number of devices anywhere throughout the enterprise or from home. Administrators gain
centralized control, efficiency, and security by having desktop data in the datacenter.
This chapter includes the following topics:
n
“Advantages of Using VMware View,” on page 7
n
“VMware View Features,” on page 9
n
“How the VMware View Components Fit Together,” on page 9
n
“Integrating and Customizing VMware View,” on page 13
Advantages of Using VMware View
When you manage enterprise desktops with VMware View, the benefits include increased reliability, security,
hardware independence, and convenience.
Reliability and Security
Virtual desktops can be centralized by integrating with VMware vSphere and virtualizing server, storage, and
networking resources. Placing desktop operating systems and applications on a server in the datacenter
provides the following advantages:
n
Access to data can easily be restricted. Sensitive data can be prevented from being copied onto a remote
employee's home computer.
n
Data backups can be scheduled without considering when end users' systems might be turned off.
n
Virtual desktops that are hosted in a datacenter experience little or no downtime. Virtual machines can
reside on high-availability clusters of VMware servers.
Virtual desktops can also connect to back-end physical systems and Windows Terminal Services servers.
Convenience
The unified management console is built for scalability on Adobe Flex, so that even the largest View
deployments can be efficiently managed from a single View Manager interface. Wizards and dashboards
enhance the workflow and facilitate drilling down to see details or change settings. Figure 1-1 provides an
example of the browser-based user interface for View Administrator.
VMware, Inc.
7
Figure 1-1. Administrative Console for View Manager Showing the Dashboard View
Another feature that increases convenience is the VMware remote display protocol PCoIP. PCoIP (PC-overIP) display protocol delivers an end-user experience equal to the current experience of using a physical PC:
n
On LANs, the display is faster and smoother than traditional remote displays.
n
On WANs, the display protocol can compensate for an increase in latency or a reduction in bandwidth,
ensuring that end users can remain productive regardless of network conditions.
Manageability
Provisioning desktops for end users is a quick process. No one is required to install applications one by one
on each end user's physical PC. End users connect to a virtual desktop complete with applications. End users
can access their same virtual desktop from various devices at various locations.
Using VMware vSphere to host virtual desktops provides the following benefits:
n
Administration tasks and management chores are reduced. Administrators can patch and upgrade
applications and operating systems without touching a user's physical PC.
n
Storage management is simplified. Using VMware vSphere, you can virtualize volumes and file systems
to avoid managing separate storage devices.
Hardware Independence
Virtual machines are hardware-independent. Because a View desktop runs on a server in the datacenter and
is only accessed from a client device, a View desktop can use operating systems that might not be compatible
with the hardware of the client device.
For example, although Windows Vista can run only on Vista-enabled PCs, you can install Windows Vista in
a virtual machine and use that virtual machine on a PC that is not Vista-enabled. Virtual desktops run on PCs,
Macs, thin clients, and PCs that have been repurposed as thin clients.
VMware View Architecture Planning Guide
8 VMware, Inc.
VMware View Features
Features included in VMware View support usability, security, centralized control, and scalability.
The following features provide a familiar experience for the end user:
n
Print from a virtual desktop to any local or networked printer that is defined on the client device, or use
the location-based printing feature to map to printers that are physically near the client system. The virtual
printer feature solves compatibility issues and does not require you to install additional print drivers in
a virtual machine.
n
Use multiple monitors. With PCoIP multiple-monitor support, you can adjust the display resolution and
rotation separately for each monitor.
n
Access USB devices and other peripherals that are connected to the local device that displays your virtual
desktop.
VMware View offers the following security features, among others:
n
Use RSA SecurID two-factor authentication or smart cards to log in.
n
Use SSL tunneling to ensure that all connections are completely encrypted.
n
Use VMware High Availability to host desktops and to ensure automatic failover.
The following features provide centralized administration and management:
n
Use Microsoft Active Directory to manage access to virtual desktops and to manage policies.
n
Use the Web-based administrative console to manage virtual desktops from any location.
n
Use a template, or master image, to quickly create and provision pools of desktops.
n
Send updates and patches to virtual desktops without affecting user settings, data, or preferences.
Scalability features depend on the VMware virtualization platform to manage both desktops and servers:
n
Integrate with VMware vSphere to achieve cost-effective densities, high levels of availability, and
advanced resource allocation control for your virtual desktops.
n
Configure View Connection Server to broker connections between end users and the virtual desktops that
they are authorized to access.
n
Use View Composer to quickly create desktop images that share virtual disks with a master image. Using
linked clones in this way conserves disk space and simplifies the management of patches and updates to
the operating system.
How the VMware View Components Fit Together
End users start View Client to log in to View Connection Server. This server, which integrates with Windows
Active Directory, provides access to a virtual desktop hosted on a VMware ESX server, a blade or physical PC,
or a Windows Terminal Services server.
Figure 1-2 shows the relationship between the major components of a VMware View deployment.
Chapter 1 Introduction to VMware View
VMware, Inc. 9
Figure 1-2. High-Level Example of a VMware View Environment
ESX hosts running
Virtual Desktop virtual machines
View
Connection
Server
View
Administrator
(browser)
VMware vCenter Server
with View Composer
network
Windows
View Client
Mac
View Client
Windows View Client
with Local Mode
Thin Client
virtual desktops
ESX host
VM VM VM
VM VM VM
VM
virtual machine
desktop OS
app app app
View Agent
Microsoft
Active Directory
Terminal Servers
blade PCs
physical PCs
non-vCenter VMs
View Agent
View
Transfer Server ThinApp
Client Devices
A major advantage of using VMware View is that desktops follow the end user regardless of device or location.
Users can access their personalized virtual desktop from a company laptop, their home PC, a thin client device,
or a Mac.
From Mac and Windows laptops and PCs, end users open View Client to display their View desktop. Thin
client devices use View thin client software and can be configured so that the only application that users can
launch directly on the device is View Thin Client. Repurposing a legacy PC into a thin client desktop can extend
the life of the hardware by three to five years. For example, by using VMware View on a thin desktop, you can
use a newer operating system such as Windows Vista on older desktop hardware.
View Connection Server
This software service acts as a broker for client connections. View Connection Server authenticates users
through Windows Active Directory and directs the request to the appropriate virtual machine, physical or
blade PC, or Windows Terminal Services server.
View Connection Server provides the following management capabilities:
n
Authenticating users
n
Entitling users to specific desktops and pools
VMware View Architecture Planning Guide
10 VMware, Inc.
n
Assigning applications packaged with VMware ThinApp to specific desktops and pools
n
Managing local and remote desktop sessions
n
Establishing secure connections between users and desktops
n
Enabling single sign-on
n
Setting and applying policies
Inside the corporate firewall, you install and configure a group of two or more View Connection Server
instances. Their configuration data is stored in an embedded LDAP directory and is replicated among members
of the group.
Outside the corporate firewall, in the DMZ, you can install and configure View Connection Server as a security
server. Security servers in the DMZ communicate with View Connection Servers inside the corporate firewall.
Security servers offer a subset of functionality and are not required to be in an Active Directory domain.
You install View Connection Server in a Windows Server 2003 or 2008 server, preferably on a VMware virtual
machine.
View Client
The client software for accessing View desktops runs either on a Windows or Mac PC as a native application
or on a thin client if you have View Client for Linux.
After logging in, users select from a list of virtual desktops that they are authorized to use. Authorization can
require Active Directory credentials, a UPN, a smart card PIN, or an RSA SecurID token.
An administrator can configure View Client to allow end users to select a display protocol. Protocols include
PCoIP, Microsoft RDP, and HP RGS for View desktops that are hosted on HP Blades. The speed and display
quality of PCoIP rival that of a physical PC.
View Client with Local Mode (formerly called Offline Desktop) is a version of View Client that has been
extended to allow end users to download virtual machines and use them on their local systems regardless of
whether they have a network connection.
Features differ according to which View Client you use. This guide focuses on View Client for Windows and
View Client for Mac. The following types of clients are not described in detail in this guide:
n
View Client for Linux, available only through certified partners.
n
Various third-party clients, available only through certified partners.
n
View Open Client, which supports the VMware partner certification program. View Open Client is not
an official View client and is not supported as such.
View Portal
From a Windows PC or laptop, end users can open a Web browser and use View Portal to download, install,
update, and start the Windows-based View Client. As of View 4.5, View Portal installs the full View Client for
Windows, with or without Local Mode.
To use View Portal, end users open an Internet Explorer browser and enter the URL of a View Connection
Server instance. View Portal provides a link for downloading the installer for the full View Client for Windows.
Chapter 1 Introduction to VMware View
VMware, Inc. 11
View Agent
You install the View Agent service on all virtual machines, physical systems, and Terminal Service servers that
you use as sources for View desktops. This agent communicates with View Client to provide features such as
connection monitoring, virtual printing, and access to locally connected USB devices.
If the desktop source is a virtual machine, you first install the View Agent service on that virtual machine and
then use the virtual machine as a template or as a parent of linked clones. When you create a pool from this
virtual machine, the agent is automatically installed on every virtual desktop.
You can install the agent with an option for single sign-on. With single sign-on, users are prompted to log in
only when they connect to View Connection Server and are not prompted a second time to connect to a virtual
desktop.
View Administrator
This Web-based application allows administrators to configure View Connection Server, deploy and manage
View desktops, control user authentication, and troubleshoot end user issues.
When you install a View Connection Server instance, the View Administrator application is also installed. This
application allows administrators to manage View Connection Server instances from anywhere without having
to install an application on their local computer.
View Composer
You install this software service on a vCenter Server instance that manages virtual machines. View Composer
can then create a pool of linked clones from a specified parent virtual machine. This strategy reduces storage
costs by up to 90 percent.
Each linked clone acts like an independent desktop, with a unique host name and IP address, yet the linked
clone requires significantly less storage because it shares a base image with the parent.
Because linked-clone desktop pools share a base image, you can quickly deploy updates and patches by
updating only the parent virtual machine. End users' settings, data, and applications are not affected. As of
View 4.5, you can also use linked-clone technology for View desktops that you download and check out to use
on local systems.
vCenter Server
This service acts as a central administrator for VMware ESX servers that are connected on a network. vCenter
Server, formerly called VMware VirtualCenter, provides the central point for configuring, provisioning, and
managing virtual machines in the datacenter.
In addition to using these virtual machines as sources for View desktop pools, you can use virtual machines
to host the server components of VMware View, including Connection Server instances, Active Directory
servers, and vCenter Server instances.
You can install View Composer on the same server as vCenter Server to create linked-clone desktop pools.
vCenter Server then manages the assignment of the virtual machines to physical servers and storage and
manages the assignment of CPU and memory resources to virtual machines.
You install vCenter Server in a Windows Server 2003 or 2008 server, preferably on a VMware virtual machine.
VMware View Architecture Planning Guide
12 VMware, Inc.
View Transfer Server
This software manages and streamlines data transfers between the datacenter and View desktops that are
checked out for use on end users' local systems. View Transfer Server is required to support desktops that run
View Client with Local Mode (formerly called Offline Desktop).
Several operations use View Transfer Server to send data between the View desktop in vCenter Server and the
corresponding local desktop on the client system.
n
When a user checks in or checks out a desktop, View Manager authorizes and manages the operation.
View Transfer Server transfers the files between the datacenter and the local desktop.
n
View Transfer Server synchronizes local desktops with the corresponding desktops in the datacenter by
replicating user-generated changes to the datacenter.
Replications occur at intervals that you specify in local-mode policies. You can also initiate replications in
View Administrator. You can set a policy that allows users to initiate replications from their local desktops.
n
View Transfer Server keeps local desktops up-to-date by distributing common system data from the
datacenter to local clients. View Transfer Server downloads View Composer base images from the image
repository to local desktops.
n
If a local computer is corrupted or lost, View Transfer Server can provision the local desktop and recover
the user data by downloading the data and system image to the local desktop.
Integrating and Customizing VMware View
To enhance the effectiveness of VMware View in your organization, you can use several interfaces to integrate
VMware View with external applications or to create administration scripts that you can run from the
command line or in batch mode.
Integrating View with Business Intelligence Software
You can configure VMware View to record events to a Microsoft SQL Server or Oracle database.
n
End-user actions such as logging in and starting a desktop session.
n
Administrator actions such as adding entitlements and creating desktop pools.
n
Alerts that report system failures and errors.
n
Statistical sampling such as recording the maximum number of users over a 24-hour period.
You can use business intelligence reporting engines such as Crystal Reports, IBM Cognos, MicroStrategy 9,
and Oracle Enterprise Performance Management System to access and analyze the event database.
For more information, see the VMware View Integration Guide.
Using View PowerCLI to Create Administration Scripts
Windows PowerShell is a command-line and scripting environment that is designed for Microsoft Windows.
PowerShell uses the .NET object model and provides administrators with management and automation
capabilities. As with any other console environment, you work with PowerShell by running commands, which
are called cmdlets in PowerShell.
The View PowerCLI provides an easy-to-use PowerShell interface to VMware View. You can use the
View PowerCLI cmdlets to perform various administration tasks on View components.
n
Create and update desktop pools.
n
Add datacenter resources to a full virtual machine or linked-clone pool.
n
Perform rebalance, refresh, or recompose operations on linked-clone desktops.
Chapter 1 Introduction to VMware View
VMware, Inc. 13
n
Sample the usage of specific desktops or desktop pools over time.
n
Query the event database.
n
Query the state of View services.
You can use the cmdlets in conjunction with the vSphere PowerCLI cmdlets, which provide an administrative
interface to the VMware vSphere product.
For more information, see the VMware View Integration Guide.
Modifying LDAP Configuration Data in View
When you use View Administrator to modify the configuration of VMware View, the appropriate LDAP data
in the repository is updated. VMware View stores its configuration information in an LDAP compatible
repository. For example, if you add a desktop pool, VMware View stores information about users, user groups,
and entitlements in LDAP.
You can use VMware and Microsoft command tools to export and import LDAP configuration data in LDAP
Data Interchange Format (LDIF) files from and into VMware View. These commands are for advanced
administrators who want to use scripts to update configuration data without using View Administrator or
View PowerCLI.
You can use LDIF files to perform a number of tasks.
n
Transfer configuration data between View Connection Server instances.
n
Define a large number of View objects, such as desktop pools, and add these to your View Connection
Server instances without using View Administrator or View PowerCLI.
n
Back up your View configuration so that you can restore the state of a View Connection Server instance.
For more information, see the VMware View Integration Guide.
Using SCOM to Monitor View Components
You can use Microsoft System Center Operations Manager (SCOM) to monitor the state and performance of
VMware View components, including View Connection Server instances and security servers and View
services running on these hosts.
For more information, see the VMware View Integration Guide.
Using the vdmadmin Command to Administer View
You can use the vdmadmin command line interface to perform a variety of administration tasks on a View
Connection Server instance. You can use vdmadmin to perform administration tasks that are not possible from
within the View Administrator user interface or that need to run automatically from scripts.
For more information, see the VMware View Administrator's Guide.
VMware View Architecture Planning Guide
14 VMware, Inc.
Planning a Rich User Experience 2
VMware View provides the familiar, personalized desktop environment that end users expect. End users can
access USB and other devices connected to their local computer, send documents to any printer that their local
computer can detect, authenticate with smart cards, and use multiple display monitors.
VMware View includes many features that you might want to make available to your end users. Before you
decide which features to use, you must understand the limitations and restrictions of each feature.
This chapter includes the following topics:
n
“Feature Support Matrix,” on page 15
n
“Choosing a Display Protocol,” on page 16
n
“Using a View Desktop Without a Network Connection,” on page 18
n
“Accessing USB Devices Connected to a Local Computer,” on page 19
n
“Printing from a View Desktop,” on page 20
n
“Streaming Multimedia to a View Desktop,” on page 20
n
“Using Single Sign-On for Logging In to a View Desktop,” on page 20
n
“Using Multiple Monitors with a View Desktop,” on page 21
Feature Support Matrix
Most features, such as access to local USB devices, virtual printing, Wyse multimedia redirection (MMR), and
PCoIP and Microsoft RDP display protocols, are supported on most client operating systems.
When planning which display protocol and features to make available to your end users, use Table 2-1 and
Table 2-2 to determine which client operating systems support the feature.
Table 2-1. Features Supported on Windows Clients
Feature
Windows XP Home/Pro
SP3, 32-bit
Windows Vista SP1, SP2,
32-bit Windows 7, 32-bit and 64-bit
USB access X X X
RDP display protocol X X X
PCoIP display protocol X X X
HP RGS display protocol X X
Wyse MMR X X
Virtual printing X X X
Smart cards X X X
VMware, Inc. 15
Table 2-1. Features Supported on Windows Clients (Continued)
Feature
Windows XP Home/Pro
SP3, 32-bit
Windows Vista SP1, SP2,
32-bit Windows 7, 32-bit and 64-bit
RSA SecurID X X X
Single sign-on X X X
Multiple monitors X X X
Local Mode X X X
Editions of Windows Vista include Windows Vista Home, Enterprise, Ultimate, and Business. Editions of
Windows 7 include Home, Professional, Enterprise, and Ultimate.
Table 2-2. Features Supported on Mac Clients
Feature Mac OS X (10.5,6) Mac OS X (10.6)
USB access
RDP display protocol X X
PCoIP display protocol
HP RGS display protocol
Wyse MMR
Virtual printing
Smart cards
RSA SecurID X X
Single sign-on X X
Multiple monitors
Local Mode
In addition, several VMware partners offer thin client devices for VMware View deployments. The features
that are available for each thin client device are determined by the vendor and model and the configuration
that an enterprise chooses to use. For information about the vendors and models for thin client devices, see the
Thin Client Compatibility Guide, available on the VMware Web site.
Choosing a Display Protocol
A display protocol provides end users with a graphical interface to a View desktop that resides in the
datacenter. You can use Microsoft RDP (Remote Desktop Protocol), HP RGS for HP physical machines, or
PCoIP (PC-over-IP).
You can set policies to control which protocol is used or to allow end users choose the protocol when they log
in to a desktop.
NOTE When you check out a desktop for use on a local client system, neither of the RDP or PCoIP remote
display protocols is used.
VMware View Architecture Planning Guide
16 VMware, Inc.
VMware View with PCoIP
PCoIP is a new high-performance remote display protocol provided by VMware. This protocol is available for
View desktops that are sourced from virtual machines, Teradici clients, and physical machines that have
Teradici-enabled host cards.
PCoIP can compensate for an increase in latency or a reduction in bandwidth, to ensure that end users can
remain productive regardless of network conditions. PCoIP is optimized for delivery of images, audio, and
video content for a wide range of users on the LAN or across the WAN. PCoIP provides the following features:
n
You can use up to 4 monitors and adjust the resolution for each monitor separately, up to 2560 x 1600
resolution per display.
n
You can copy and paste text between the local system and the View desktop, but you cannot copy and
paste system objects such as folders and files between systems.
n
You can configure the amount of bandwidth used by Adobe Flash content to improve the overall Web
browsing experience and make other applications more responsive.
n
PCoIP supports 32-bit color.
n
PCoIP supports 128-bit encryption.
n
PCoIP supports Advanced Encryption Standard (AES) encryption, which is turned on by default.
n
You can use this protocol with your company's virtual private network.
Client hardware requirements include the following:
n
800MHz or higher processor speed
n
x86-based processor with SSE2 extensions
View clients that use PCoIP can connect to View security servers, but PCoIP sessions with the virtual desktop
ignore the security server. PCoIP uses the User Datagram Protocol (UDP) for streaming audio and video.
Security servers support only TCP.
Microsoft RDP
Remote Desktop Protocol is the same protocol many people already use to access their work computer from
their home computer. RDP provides access to all the applications, files, and network resources on a remote
computer.
Microsoft RDP provides the following features:
n
You can use multiple monitors in span mode.
n
You can copy and paste text between the local system and the View desktop, but you cannot copy and
paste system objects such as folders and files between systems.
n
You can configure the amount of bandwidth used by Adobe Flash content to improve the overall Web
browsing experience and make other applications more responsive.
n
RDP supports 32-bit color.
n
RDP supports 128-bit encryption.
n
You can use this protocol for making secure, encrypted connections to a View security server in the
corporate DMZ.
Chapter 2 Planning a Rich User Experience
VMware, Inc. 17
HP RGS Protocol
RGS is a display protocol from HP that allows users to access the desktop of a remote physical computer over
a standard network.
You can use HP RGS as the display protocol when connecting HP Blade PCs, HP Workstations, and HP Blade
Workstations. Connections to virtual machines that run on VMware ESX servers are not supported.
HP RGS provides the following features:
n
You can use multiple monitors in span mode.
n
You can configure the amount of bandwidth used by Adobe Flash content to improve the overall Web
browsing experience and make other applications more responsive.
VMware does not bundle or license HP RGS with VMware View. Contact HP to license a copy of HP RGS
version 5.2.5 to use with VMware View. For information about how to install and configure HP RGS
components, see the HP RGS documentation available at http://www.hp.com.
Using a View Desktop Without a Network Connection
With View Client with Local Mode, users can check out and download a View desktop to a local system such
as a laptop. Administrators can manage these local View desktops by setting policies for the frequency of
backups and contact with the server, for access to USB devices, and for permission to check in desktops.
For employees at remote offices with poor network connections, applications run faster on a local View desktop
than on a remote desktop. Also, users can use the local version of the desktop with or without a network
connection.
If a network connection is present on the client system, the desktop that is checked out continues to
communicate with View Connection Server to provide policy updates, and ensure that locally cached
authentication criteria is current. By default, contact is attempted every 5 minutes.
View Client with Local Mode is the fully supported feature that in earlier releases was an experimental feature
called View Client with Offline Desktop.
View desktops in local mode behave in the same way as their remote desktop equivalents, yet can take
advantage of local resources. Latency is eliminated, and performance is enhanced. Users can disconnect from
their local View desktop and log in again without connecting to the View Connection Server. After network
access is restored, or when the user is ready, the checked-out virtual machine can be backed up, rolled back,
or checked in.
Local resource
utilization
After a local desktop is checked out, it can take advantage of the memory and
CPU capabilities of the local system. For example, memory available beyond
what is required for the host and guest operating systems is usually split
between the host and the local View desktop, regardless of the memory settings
that are specified for the virtual machine in vCenter Server. Similarly, the local
View desktop can automatically use up to two CPUs available on the local
system, and you can configure the local desktop to use up to four CPUs.
VMware View Architecture Planning Guide
18 VMware, Inc.
Although a local desktop can take advantage of local resources, a Windows 7
or Windows Vista View desktop that is created on an ESX 3.5 host cannot
produce 3D and Windows Aero effects. This limitation applies even when the
desktop is checked out for local use on a Windows 7 or Windows Vista host.
Windows Aero and 3D effects are available only if the View desktop is created
using vSphere 4.x.
Conserving datacenter
resources by requiring
local mode
You can reduce datacenter costs associated with bandwidth, memory, and CPU
resources by requiring that View desktops be downloaded and used only in
local mode. This strategy is sometimes called a bring-your-own-PC program
for employees and contractors.
Check-outs
When the View desktop is checked out, the vCenter Server version of the
desktop is locked so that no other users can access it. When a View desktop is
locked, vCenter Server operations are disabled, including operations such as
powering on the online desktop, taking snapshots, and editing the virtual
machine settings. View administrators can, however, still monitor the local
session and access the vCenter Server version to remove access or roll back the
desktop.
Backups
During backups, the View desktop in vCenter Server is updated with all new
data and configurations, but the local desktop remains checked out on the local
system and the lock remains in place in vCenter Server.
Rollbacks
During rollbacks, the local View desktop is discarded, and the lock is released
in vCenter Server. Future client connections are directed to the View desktop
in vCenter Server until the desktop is checked out again.
Check-ins
When a View desktop is checked in, the local desktop is uploaded to vCenter
Server, and the lock is released. Future client connections are directed to the
View desktop in vCenter Server until the desktop is checked out again.
The data on each local system is encrypted with AES. 128-bit encryption is the default, but you can configure
256-bit encryption. The desktop has a lifetime controlled through policy. If the client loses contact with View
Connection Server, the maximum time without server contact is the period in which the user can continue to
use the desktop before the user is refused access. Similarly, if user access is removed, the client system becomes
inaccessible when the cache expires or after the client detects this change through View Connection Server.
View Client with Local Mode has the following limitations and restrictions:
n
You must have a View license that includes the Local Mode component.
n
End users cannot access their local desktop while rollbacks and check-ins are taking place.
n
This feature is available only for virtual machines that are managed by vCenter Server.
n
Assigning application packages created with VMware ThinApp is not supported on local desktops.
n
For security reasons, you cannot access the host CD-ROM from within the View desktop.
n
Also for security reasons, you cannot copy and paste text or system objects such as files and folders between
the local system and the View desktop.
Accessing USB Devices Connected to a Local Computer
Administrators can configure the ability to use USB devices, such as thumb flash drives, VoIP (voice-over-IP)
devices, and printers, from a View desktop. This feature is called USB redirection.
When you use this feature, most USB devices that are attached to the local client system become available from
a menu in View Client. You use the menu to connect and disconnect the devices.
Chapter 2 Planning a Rich User Experience
VMware, Inc. 19
USB devices that do not appear in the menu, but are available in a View desktop, include smart card readers
and human interface devices such as keyboards and pointing devices. The View desktop and the local computer
use these devices at the same time.
This feature has the following limitations:
n
When you access a USB device from a menu in View Client and use the device in a View desktop, you
cannot access the device on the local computer.
n
USB redirection is not supported on Windows 2000 systems or for View desktops sourced from Microsoft
Terminal Servers.
Printing from a View Desktop
The virtual printing feature allows end users to use local or network printers from a View desktop without
requiring that additional print drivers be installed in the View desktop. For each printer available through this
feature, you can set preferences for data compression, print quality, double-sided printing, color, and so on.
After a printer is added on the local computer, View adds that printer to the list of available printers on the
View desktop. No further configuration is required. Users who have administrator privileges can still install
printer drivers on the View desktop without creating a conflict with the virtual printing component.
To send print jobs to a USB printer, you can either use the USB redirection feature or use the virtual printing
feature.
In addition, the location-based printing capabilities as of View 4.5 allow IT organizations to map View desktops
to the printer that is closest to the endpoint client device. For example, as a doctor moves from room to room
in a hospital, each time the doctor prints a document, the print job is sent to the nearest printer.
Streaming Multimedia to a View Desktop
Wyse MMR (multimedia redirection) enables full-fidelity playback when multimedia files are streamed to a
View desktop.
The MMR feature supports the media file formats that the client system supports, because local decoders must
exist on the client. File formats include MPEG2, WMV, AVI, and WAV, among others.
This feature has the following limitations:
n
For best quality, use Windows Media Player 10 or later, and install it on both the local computer, or client
access device, and the View desktop.
n
The Wyse MMR port, which is 9427 by default, must be added as a firewall exception in the View desktop.
n
MMR is not supported on Windows 7 clients or virtual desktops.
Although MMR is not supported on Windows 7 virtual desktops, if the Windows 7 desktop has 1GB of
RAM and 2 virtual CPUs, you can use PCoIP to play 480p- and 720p-formatted videos at native resolutions.
For 1080p, you might need to make the window smaller than full screen size.
Using Single Sign-On for Logging In to a View Desktop
The single-sign-on (SSO) feature allows you to configure View Manager so that end users are prompted to log
in only once.
If you do not use the single-sign-on feature, end users must log in twice. They are first prompted to log in to
View Connection Server and then are prompted log in to their View desktop. If smart cards are also used, end
users must sign in three times because users must also log in when the smart card reader prompts them for a
PIN.
VMware View Architecture Planning Guide
20 VMware, Inc.
SSO is implemented as an optional component that you can select when you install the View Agent on a desktop
source. This feature includes the Graphical Identification and Authentication (GINA) dynamic-link library for
Windows XP and a credential provider dynamic-link library for Windows Vista.
Using Multiple Monitors with a View Desktop
Regardless of the display protocol, you can use multiple monitors with a View desktop.
If you use PCoIP, the display protocol from VMware, you can adjust the display resolution and rotation
separately for each monitor. PCoIP allows a true multiple-monitor session rather than a span mode session.
A span mode remote session is actually a single-monitor session. The monitors must be the same size and
resolution, and the monitor layout must fit within a bounding box. If you maximize an application window,
the window spans across all monitors.
In a true multiple-monitor session, monitors can have different resolutions and sizes, and a monitor can be
pivoted. If you maximize an application window, the window expands to the full screen of only the monitor
that contains it.
This feature has the following limitations:
n
The maximum number of monitors that you can use to display a View desktop is 10 if you use the RDP
display protocol and 4 if you use PCoIP.
n
If you use Microsoft RDP display protocol, you must have Microsoft Remote Desktop Connection (RDC)
6.0 or higher installed in the View desktop.
n
If you use a View desktop in local mode, no remote display protocol is used. You can use multiple monitors
in span mode.
Chapter 2 Planning a Rich User Experience
VMware, Inc. 21
VMware View Architecture Planning Guide
22 VMware, Inc.
Loading...