VMware View - 5.1 User’s Manual
VMware View Architecture Planning
View 5.1
View Manager 5.1
View Composer 3.0
This document supports the version of each product listed and
supports all subsequent versions until the document is replaced
by a new edition. To check for more recent editions of this
document, see http://www.vmware.com/support/pubs.
EN-000729-00
VMware View Architecture Planning
You can find the most up-to-date technical documentation on the VMware Web site at:
http://www.vmware.com/support/
The VMware Web site also provides the latest product updates.
If you have comments about this documentation, submit your feedback to:
docfeedback@vmware.com
Copyright © 2009–2012 VMware, Inc. All rights reserved. This product is protected by U.S. and international copyright and
intellectual property laws. VMware products are covered by one or more patents listed at
http://www.vmware.com/go/patents.
VMware is a registered trademark or trademark of VMware, Inc. in the United States and/or other jurisdictions. All other marks
and names mentioned herein may be trademarks of their respective companies.
VMware, Inc.
3401 Hillview Ave.
Palo Alto, CA 94304
www.vmware.com
2 VMware, Inc.
Contents
VMware View Architecture Planning 5
Introduction to VMware View 7
1
Advantages of Using VMware View 7
VMware View Features 9
How the VMware View Components Fit Together 10
Integrating and Customizing VMware View 14
Planning a Rich User Experience 17
2
Feature Support Matrix 17
Choosing a Display Protocol 19
Using View Persona Management to Retain User Data and Settings 21
Benefits of Using View Desktops in Local Mode 23
Accessing USB Devices Connected to a Local Computer 25
Printing from a View Desktop 25
Streaming Multimedia to a View Desktop 26
Using Single Sign-On for Logging In to a View Desktop 26
Using Multiple Monitors with a View Desktop 26
Managing Desktop Pools from a Central Location 29
3
Advantages of Desktop Pools 29
Reducing and Managing Storage Requirements 30
Application Provisioning 32
Using Active Directory GPOs to Manage Users and Desktops 34
VMware, Inc.
Architecture Design Elements and Planning Guidelines 35
4
Virtual Machine Requirements 35
VMware View ESX/ESXi Node 40
Desktop Pools for Specific Types of Workers 41
Desktop Virtual Machine Configuration 45
vCenter and View Composer Virtual Machine Configuration and Desktop Pool Maximums 46
View Connection Server Maximums and Virtual Machine Configuration 47
View Transfer Server Virtual Machine Configuration and Storage 48
vSphere Clusters 49
VMware View Building Blocks 50
VMware View Pod 54
Planning for Security Features 55
5
Understanding Client Connections 55
Choosing a User Authentication Method 58
Restricting View Desktop Access 60
3
VMware View Architecture Planning
Using Group Policy Settings to Secure View Desktops 61
Implementing Best Practices to Secure Client Systems 62
Assigning Administrator Roles 62
Preparing to Use a Security Server 62
Understanding VMware View Communications Protocols 68
Overview of Steps to Setting Up a VMware View Environment 73
6
Index 75
4 VMware, Inc.
VMware View Architecture Planning
VMware View Architecture Planning provides an introduction to VMware® View™, including a description of
its major features and deployment options and an overview of how VMware View components are typically
set up in a production environment.
This guide answers the following questions:
n
Does VMware View solve the problems you need it to solve?
n
Would it be feasible and cost-effective to implement a VMware View solution in your enterprise?
To help you protect your VMware View installation, the guide also provides a discussion of security features.
Intended Audience
This information is intended for IT decision makers, architects, administrators, and others who need to
familiarize themselves with the components and capabilities of VMware View. With this information,
architects and planners can determine whether VMware View satisfies the requirements of their enterprise for
efficiently and securely delivering Windows desktops and applications to their end users. The example
architecture helps planners understand the hardware requirements and setup effort required for a large-scale
VMware View deployment.
VMware, Inc.
5
VMware View Architecture Planning
6 VMware, Inc.
Introduction to VMware View 1
With VMware View, IT departments can run virtual desktops in the datacenter and deliver desktops to
employees as a managed service. End users gain a familiar, personalized environment that they can access
from any number of devices anywhere throughout the enterprise or from home. Administrators gain
centralized control, efficiency, and security by having desktop data in the datacenter.
This chapter includes the following topics:
n
“Advantages of Using VMware View,” on page 7
n
“VMware View Features,” on page 9
n
“How the VMware View Components Fit Together,” on page 10
n
“Integrating and Customizing VMware View,” on page 14
Advantages of Using VMware View
When you manage enterprise desktops with VMware View, the benefits include increased reliability, security,
hardware independence, and convenience.
Reliability and Security
VMware, Inc.
Virtual desktops can be centralized by integrating with VMware vSphere and virtualizing server, storage, and
networking resources. Placing desktop operating systems and applications on a server in the datacenter
provides the following advantages:
n
Access to data can easily be restricted. Sensitive data can be prevented from being copied onto a remote
employee's home computer.
n
RADIUS support provides flexibility when choosing among two-factor authentication vendors.
Supported vendors include RSA SecureID, VASCO DIGIPASS, SMS Passcode, and SafeNet, among others.
n
The ability to provision View desktops with pre-created Active Directory accounts addresses the
requirements of locked-down Active Directory environments that have read-only access policies.
n
Data backups can be scheduled without considering when end users' systems might be turned off.
n
Virtual desktops that are hosted in a datacenter experience little or no downtime. Virtual machines can
reside on high-availability clusters of VMware servers.
Virtual desktops can also connect to back-end physical systems and Windows Terminal Services servers.
7
VMware View Architecture Planning
Convenience
The unified management console is built for scalability on Adobe Flex, so that even the largest View
deployments can be efficiently managed from a single View Manager interface. Wizards and dashboards
enhance the workflow and facilitate drilling down to see details or change settings. Figure 1-1 provides an
example of the browser-based user interface for View Administrator.
Figure 1-1. Administrative Console for View Manager Showing the Dashboard View
Another feature that increases convenience is the VMware remote display protocol PCoIP. PCoIP (PC-overIP) display protocol delivers an end-user experience equal to the current experience of using a physical PC:
n
On LANs, the display is faster and smoother than traditional remote displays.
n
On WANs, the display protocol can compensate for an increase in latency or a reduction in bandwidth,
ensuring that end users can remain productive regardless of network conditions.
Manageability
Provisioning desktops for end users is a quick process. No one is required to install applications one by one
on each end user's physical PC. End users connect to a virtual desktop complete with applications. End users
can access their same virtual desktop from various devices at various locations.
Using VMware vSphere to host virtual desktops provides the following benefits:
n
Administration tasks and management chores are reduced. Administrators can patch and upgrade
applications and operating systems without touching a user's physical PC.
n
With View Persona Management, physical and virtual desktops can be centrally managed, including user
profiles, application entitlement, policies, performance, and other settings. Deploy View Persona
Management to physical desktops users prior to converting to virtual desktops.
n
Storage management is simplified. Using VMware vSphere, you can virtualize volumes and file systems
to avoid managing separate storage devices.
n
With the View storage accelerator, the IOPS storage load is dramatically reduced, supporting end-user
logins at larger scales without requiring any special storage array technology.
8 VMware, Inc.
Hardware Independence
Virtual machines are hardware-independent. Because a View desktop runs on a server in the datacenter and
is only accessed from a client device, a View desktop can use operating systems that might not be compatible
with the hardware of the client device.
For example, although Windows 7 can run only on Windows 7-enabled PCs, you can install Windows 7 in a
virtual machine and use that virtual machine on a PC that is not Windows 7-enabled.
Virtual desktops run on PCs, Macs, thin clients, PCs that have been repurposed as thin clients, iPads, and
Android devices such as tablets and Kindle Fire.
VMware View Features
Features included in VMware View support usability, security, centralized control, and scalability.
The following features provide a familiar experience for the end user:
n
On Microsoft Windows client devices, print from a virtual desktop to any local or networked printer that
is defined on the Windows client device. This virtual printer feature solves compatibility issues and does
not require you to install additional print drivers in a virtual machine.
n
On any client device, use the location-based printing feature to map to printers that are physically near
the client system. Location-based printing does require that you install print drivers in the virtual machine.
Chapter 1 Introduction to VMware View
n
Use multiple monitors. With PCoIP multiple-monitor support, you can adjust the display resolution and
rotation separately for each monitor.
n
Access USB devices and other peripherals that are connected to the local device that displays your virtual
desktop.
You can specify which types of USB devices end users are allowed to connect to. For composite devices
that contain multiple types of devices, such as a video input device and a storage device, you can split the
device so that one device (for example, the video input device) is allowed but the other device (for example,
the storage device) is not.
n
Use View Persona Management to retain user settings and data between sessions even after the desktop
has been refreshed or recomposed. View Persona Management has the ability to replicate user profiles to
a remote profile store (CIFS share) at configurable intervals.
You can also use a standalone version of View Persona Management on physical computers and virtual
machines that are not managed by View.
VMware View offers the following security features, among others:
n
Use two-factor authentication, such as RSA SecurID or RADIUS (Remote Authentication Dial-In User
Service), or smart cards to log in.
n
Use pre-created Active Directory accounts when provisioning View desktops in environments that have
read-only access policies for Active Directory.
n
Use SSL tunneling to ensure that all connections are completely encrypted.
n
Use VMware High Availability to host desktops and to ensure automatic failover.
Scalability features depend on the VMware virtualization platform to manage both desktops and servers:
n
Integrate with VMware vSphere to achieve cost-effective densities, high levels of availability, and
advanced resource allocation control for your virtual desktops.
n
Use the View storage accelerator feature to support end-user logins at larger scales with the same storage
resources. This storage accelerator uses features in the vSphere 5 platform to create a host memory cache
of common block reads.
VMware, Inc. 9
VMware View Architecture Planning
n
Configure View Connection Server to broker connections between end users and the virtual desktops that
they are authorized to access.
n
Use View Composer to quickly create desktop images that share virtual disks with a master image. Using
linked clones in this way conserves disk space and simplifies the management of patches and updates to
the operating system.
The following features provide centralized administration and management:
n
Use Microsoft Active Directory to manage access to virtual desktops and to manage policies.
n
Use View Persona Management to simplify and streamline migration from physical to virtual desktops.
n
Use the Web-based administrative console to manage virtual desktops from any location.
n
Use a template, or master image, to quickly create and provision pools of desktops.
n
Send updates and patches to virtual desktops without affecting user settings, data, or preferences.
How the VMware View Components Fit Together
End users start View Client to log in to View Connection Server. This server, which integrates with Windows
Active Directory, provides access to a virtual desktop hosted in a VMware vSphere environment, a blade or
physical PC, or a Windows Terminal Services server.
Figure 1-2 shows the relationship between the major components of a VMware View deployment.
10 VMware, Inc.
Figure 1-2. High-Level Example of a VMware View Environment
ESXi hosts running
Virtual Desktop virtual machines
View
Connection
Server
View
Administrator
(browser)
VMware vCenter Server
with View Composer
network
Windows
View Client
Mac
View Client
Windows View Client
with Local Mode
Thin Client
virtual desktops
ESXi host
VM VM VM
VM VM VM
VM
virtual machine
desktop OS
app app app
View Agent
Microsoft
Active Directory
Terminal Servers
blade PCs
physical PCs
non-vCenter VMs
View Agent
View
Transfer Server ThinApp
tablet
Chapter 1 Introduction to VMware View
Client Devices
A major advantage of using VMware View is that desktops follow the end user regardless of device or location.
Users can access their personalized virtual desktop from a company laptop, their home PC, a thin client device,
a Mac, or a tablet.
From tablets and from Mac, Linux, and Windows laptops and PCs, end users open View Client to display their
View desktop. Thin client devices use View thin client software and can be configured so that the only
application that users can launch directly on the device is View Thin Client. Repurposing a legacy PC into a
thin client desktop can extend the life of the hardware by three to five years. For example, by using VMware
View on a thin desktop, you can use a newer operating system such as Windows 7 on older desktop hardware.
View Connection Server
This software service acts as a broker for client connections. View Connection Server authenticates users
through Windows Active Directory and directs the request to the appropriate virtual machine, physical or
blade PC, or Windows Terminal Services server.
View Connection Server provides the following management capabilities:
n
Authenticating users
n
Entitling users to specific desktops and pools
VMware, Inc. 11
VMware View Architecture Planning
n
Assigning applications packaged with VMware ThinApp to specific desktops and pools
n
Managing local and remote desktop sessions
n
Establishing secure connections between users and desktops
n
Enabling single sign-on
n
Setting and applying policies
Inside the corporate firewall, you install and configure a group of two or more View Connection Server
instances. Their configuration data is stored in an embedded LDAP directory and is replicated among members
of the group.
Outside the corporate firewall, in the DMZ, you can install and configure View Connection Server as a security
server. Security servers in the DMZ communicate with View Connection Servers inside the corporate firewall.
Security servers ensure that the only remote desktop traffic that can enter the corporate data center is traffic
on behalf of a strongly authenticated user. Users can access only the desktop resources that they are authorized
to access.
Security servers offer a subset of functionality and are not required to be in an Active Directory domain. You
install View Connection Server in a Windows Server 2008 server, preferably on a VMware virtual machine.
View Client
The client software for accessing View desktops can run on a tablet, a Windows, Linux, or Mac PC or laptop,
a thin client, and more.
After logging in, users select from a list of virtual desktops that they are authorized to use. Authorization can
require Active Directory credentials, a UPN, a smart card PIN, or an RSA SecurID or other two-factor
authentication token.
An administrator can configure View Client to allow end users to select a display protocol. Protocols include
PCoIP and Microsoft RDP. The speed and display quality of PCoIP rival that of a physical PC.
View Client with Local Mode (formerly called Offline Desktop) is a version of View Client that has been
extended to allow end users to download virtual machines and use them on their local Windows systems
regardless of whether they have a network connection.
Features differ according to which View Client you use. This guide focuses on View Client for Windows. The
following types of clients are not described in detail in this guide:
n
Details about View Client for tablets, Linux clients, and Mac clients. See the VMware View Clients
documentation at https://www.vmware.com/support/viewclients/doc/viewclients_pubs.html.
n
Various third-party thin clients and zero clients, available only through certified partners.
n
View Open Client, which supports the VMware partner certification program. View Open Client is not
an official View client and is not supported as such.
View Portal
To use View Portal, end users on a Windows, Linux, or Mac PC or laptop open a Web browser and enter the
URL of a View Connection Server instance. View Portal provides links for downloading the installers for the
full View Client.
By default, when you open a browser and enter the URL of a View Connection Server instance, the View Portal
page that appears contains links to the VMware Downloads site for downloading View Client. The links on
the View Portal page are configurable, however. For example, you can configure the links to point to an internal
Web server, or you can limit which client versions are available on your own View Connection Server.
12 VMware, Inc.
Chapter 1 Introduction to VMware View
View Agent
You install the View Agent service on all virtual machines, physical systems, and Terminal Service servers that
you use as sources for View desktops. On virtual machines, this agent communicates with View Client to
provide features such as connection monitoring, virtual printing, View Persona Management, and access to
locally connected USB devices.
If the desktop source is a virtual machine, you first install the View Agent service on that virtual machine and
then use the virtual machine as a template or as a parent of linked clones. When you create a pool from this
virtual machine, the agent is automatically installed on every virtual desktop.
You can install the agent with an option for single sign-on. With single sign-on, users are prompted to log in
only when they connect to View Connection Server and are not prompted a second time to connect to a virtual
desktop.
View Administrator
This Web-based application allows administrators to configure View Connection Server, deploy and manage
View desktops, control user authentication, and troubleshoot end user issues.
When you install a View Connection Server instance, the View Administrator application is also installed. This
application allows administrators to manage View Connection Server instances from anywhere without having
to install an application on their local computer.
View Composer
You can install this software service on a vCenter Server instance that manages virtual machines or on a separate
server. View Composer can then create a pool of linked clones from a specified parent virtual machine. This
strategy reduces storage costs by up to 90 percent.
Each linked clone acts like an independent desktop, with a unique host name and IP address, yet the linked
clone requires significantly less storage because it shares a base image with the parent.
Because linked-clone desktop pools share a base image, you can quickly deploy updates and patches by
updating only the parent virtual machine. End users' settings, data, and applications are not affected. You can
also use linked-clone technology for View desktops that you download and check out to use on local systems.
Although with View 5.1, you can install View Composer on its own server host, a View Composer service can
operate with only one vCenter Server instance. Similarly, a vCenter Server instance can be associated with only
one View Composer service.
vCenter Server
This service acts as a central administrator for VMware ESX/ESXi servers that are connected on a network.
vCenter Server, formerly called VMware VirtualCenter, provides the central point for configuring,
provisioning, and managing virtual machines in the datacenter.
In addition to using these virtual machines as sources for View desktop pools, you can use virtual machines
to host the server components of VMware View, including Connection Server instances, Active Directory
servers, and vCenter Server instances.
You can install View Composer on the same server as vCenter Server to create linked-clone desktop pools.
vCenter Server then manages the assignment of the virtual machines to physical servers and storage and
manages the assignment of CPU and memory resources to virtual machines.
You install vCenter Server in a Windows Server 2008 server, preferably on a VMware virtual machine.
VMware, Inc. 13
VMware View Architecture Planning
View Transfer Server
This software manages and streamlines data transfers between the datacenter and View desktops that are
checked out for use on end users' local systems. View Transfer Server is required to support desktops that run
View Client with Local Mode (formerly called Offline Desktop).
Several operations use View Transfer Server to send data between the View desktop in vCenter Server and the
corresponding local desktop on the client system.
n
When a user checks in or checks out a desktop, View Manager authorizes and manages the operation.
View Transfer Server transfers the files between the datacenter and the local desktop.
n
View Transfer Server synchronizes local desktops with the corresponding desktops in the datacenter by
replicating user-generated changes to the datacenter.
Replications occur at intervals that you specify in local-mode policies. You can also initiate replications in
View Administrator. You can set a policy that allows users to initiate replications from their local desktops.
n
View Transfer Server distributes common system data from the datacenter to local clients. View Transfer
Server downloads View Composer base images from the Transfer Server repository to local desktops.
Integrating and Customizing VMware View
To enhance the effectiveness of VMware View in your organization, you can use several interfaces to integrate
VMware View with external applications or to create administration scripts that you can run from the
command line or in batch mode.
Integrating View with Business Intelligence Software
You can configure VMware View to record events to a Microsoft SQL Server or Oracle database.
n
End-user actions such as logging in and starting a desktop session.
n
Administrator actions such as adding entitlements and creating desktop pools.
n
Alerts that report system failures and errors.
n
Statistical sampling such as recording the maximum number of users over a 24-hour period.
You can use business intelligence reporting engines such as Crystal Reports, IBM Cognos, MicroStrategy 9,
and Oracle Enterprise Performance Management System to access and analyze the event database.
For more information, see the VMware View Integration document.
Using View PowerCLI to Create Administration Scripts
Windows PowerShell is a command-line and scripting environment that is designed for Microsoft Windows.
PowerShell uses the .NET object model and provides administrators with management and automation
capabilities. As with any other console environment, you work with PowerShell by running commands, which
are called cmdlets in PowerShell.
The View PowerCLI provides an easy-to-use PowerShell interface to VMware View. You can use the
View PowerCLI cmdlets to perform various administration tasks on View components.
n
Create and update desktop pools.
n
Add datacenter resources to a full virtual machine or linked-clone pool.
n
Perform rebalance, refresh, or recompose operations on linked-clone desktops.
n
Sample the usage of specific desktops or desktop pools over time.
n
Query the event database.
14 VMware, Inc.
Chapter 1 Introduction to VMware View
n
Query the state of View services.
You can use the cmdlets in conjunction with the vSphere PowerCLI cmdlets, which provide an administrative
interface to the VMware vSphere product.
For more information, see the VMware View Integration document.
Modifying LDAP Configuration Data in View
When you use View Administrator to modify the configuration of VMware View, the appropriate LDAP data
in the repository is updated. VMware View stores its configuration information in an LDAP compatible
repository. For example, if you add a desktop pool, VMware View stores information about users, user groups,
and entitlements in LDAP.
You can use VMware and Microsoft command tools to export and import LDAP configuration data in LDAP
Data Interchange Format (LDIF) files from and into VMware View. These commands are for advanced
administrators who want to use scripts to update configuration data without using View Administrator or
View PowerCLI.
You can use LDIF files to perform a number of tasks.
n
Transfer configuration data between View Connection Server instances.
n
Define a large number of View objects, such as desktop pools, and add these to your View Connection
Server instances without using View Administrator or View PowerCLI.
n
Back up your View configuration so that you can restore the state of a View Connection Server instance.
For more information, see the VMware View Integration document.
Using SCOM to Monitor View Components
You can use Microsoft System Center Operations Manager (SCOM) to monitor the state and performance of
VMware View components, including View Connection Server instances and security servers and View
services running on these hosts.
For more information, see the VMware View Integration document.
Using the vdmadmin Command to Administer View
You can use the vdmadmin command line interface to perform a variety of administration tasks on a View
Connection Server instance. You can use vdmadmin to perform administration tasks that are not possible from
within the View Administrator user interface or that need to run automatically from scripts.
For more information, see the VMware View Administration document.
VMware, Inc. 15
VMware View Architecture Planning
16 VMware, Inc.
Planning a Rich User Experience 2
VMware View provides the familiar, personalized desktop environment that end users expect. End users can
access USB and other devices connected to their local computer, send documents to any printer that their local
computer can detect, authenticate with smart cards, and use multiple display monitors.
VMware View includes many features that you might want to make available to your end users. Before you
decide which features to use, you must understand the limitations and restrictions of each feature.
This chapter includes the following topics:
n
“Feature Support Matrix,” on page 17
n
“Choosing a Display Protocol,” on page 19
n
“Using View Persona Management to Retain User Data and Settings,” on page 21
n
“Benefits of Using View Desktops in Local Mode,” on page 23
n
“Accessing USB Devices Connected to a Local Computer,” on page 25
n
“Printing from a View Desktop,” on page 25
n
“Streaming Multimedia to a View Desktop,” on page 26
n
“Using Single Sign-On for Logging In to a View Desktop,” on page 26
n
“Using Multiple Monitors with a View Desktop,” on page 26
Feature Support Matrix
Many features, such as RSA SecurID authentication, location-based printing, and PCoIP protocol, are
supported on most client operating systems. You must also take into consideration whether the feature is
supported on the View desktop operating system.
When planning which display protocol and features to make available to your end users, use the following
information to determine which client operating systems and agent (View desktop) operating systems support
the feature.
Editions of Windows Vista include Windows Vista Home, Enterprise, Ultimate, and Business. Editions of
Windows 7 include Home, Professional, Enterprise, and Ultimate. For Windows Terminal Server, the edition
is Standard Edition.
VMware, Inc.
17
VMware View Architecture Planning
Table 2-1. Features Supported on Operating Systems for View Desktops (Where View Agent Is Installed)
Feature
USB access X X X
RDP display
protocol
PCoIP display
protocol
Persona
Management
Wyse MMR X X
Location-based
printing
Virtual printing X X X
Smart cards X X X X
RSA SecurID or
RADIUS
Single sign-on X X X X
Multiple monitors X X X With RDP 7
Local Mode X X X
Windows 2008 SP2/2008
Windows XP Pro
SP3, 32-bit
X X X X
X X X
X X X
X X X
X X X N/A
Windows Vista SP1
and SP2, 32-bit
Windows 7 and SP1,
32-bit and 64-bit
R2 and SP1 Terminal
Server 64-bit
Table 2-2. Features Supported on VMware View for Windows Clients
Windows XP Home/Pro
Feature
USB access X X X
RDP display protocol X X X
PCoIP display protocol X X X
Persona Management X (not with local mode) X (not with local mode) X (not with local mode)
Wyse MMR X X
Location-based printing X X X
Virtual printing X X X
Smart cards X X X
RSA SecurID or RADIUS X X X
Single sign-on X X X
Multiple monitors X X X
Local Mode X X X
SP3, 32-bit Client
Windows Vista SP2, 32-bit
Client
Windows 7 and SP1, 32-bit
and 64-bit Client
In addition, several VMware partners offer thin client devices for VMware View deployments. The features
that are available for each thin client device are determined by the vendor and model and the configuration
that an enterprise chooses to use. For information about the vendors and models for thin client devices, see
the Thin Client Compatibility Guide, available on the VMware Web site.
NOTE For information about which features are supported on Mac OS X or Linux clients, or on tablets, see the
VMware View Clients documentation at
https://www.vmware.com/support/viewclients/doc/viewclients_pubs.html.
18 VMware, Inc.
Choosing a Display Protocol
A display protocol provides end users with a graphical interface to a View desktop that resides in the
datacenter. You can use PCoIP (PC-over-IP), which VMware provides, or Microsoft RDP (Remote Desktop
Protocol).
You can set policies to control which protocol is used or to allow end users to choose the protocol when they
log in to a desktop.
NOTE When you check out a desktop for use on a local client system, neither of the PCoIP or RDP remote
display protocols is used.
VMware View with PCoIP
PCoIP provides an optimized desktop experience for the delivery of the entire desktop environment, including
applications, images, audio, and video content for a wide range of users on the LAN or across the WAN. PCoIP
can compensate for an increase in latency or a reduction in bandwidth, to ensure that end users can remain
productive regardless of network conditions.
PCoIP is supported as the display protocol for View desktops with virtual machines and with physical
machines that contain Teradici host cards.
Chapter 2 Planning a Rich User Experience
PCoIP Features
Key features of PCoIP include the following:
n
For users outside the corporate firewall, you can use this protocol with your company's virtual private
network or with View security servers.
n
Advanced Encryption Standard (AES) 128-bit encryption is supported and is turned on by default.
n
Connections from all types of View clients. For more information, go to
https://www.vmware.com/support/viewclients/doc/viewclients_pubs.html.
n
MMR redirection is supported for Windows XP and Vista clients. MMR redirection is not supported for
Windows 7 View Clients and is not supported on Windows 7 View desktops.
n
USB redirection is supported.
n
Audio redirection with dynamic audio quality adjustment for LAN and WAN is supported.
n
Optimization controls for reducing bandwidth usage on the LAN and WAN.
n
Multiple monitors are supported. You can use up to four monitors and adjust the resolution for each
monitor separately, with a resolution of up to 2560x1600 per display. Pivot display and autofit are also
supported.
When the 3D feature is enabled, up to 2 monitors are supported with a resolution of up to 1920x1200.
n
32-bit color is supported for virtual displays.
n
ClearType fonts are supported.
n
Copy and paste of text and images between a local Windows client system and the desktop is supported,
up to 1MB. Supported file formats include text, images, and RTF (Rich Text Format). You cannot copy and
paste system objects such as folders and files between systems.
VMware, Inc. 19
VMware View Architecture Planning
Video Quality
480p-formatted video
You can play video at 480p or lower at native resolutions when the View
desktop has a single virtual CPU. If the operating system is Windows 7 and
you want to play the video in high-definition Flash or in full screen mode, the
desktop requires a dual virtual CPU.
720p-formatted video
You can play video at 720p at native resolutions if the View desktop has a dual
virtual CPU. Performance might be affected if you play videos at 720p in high
definition or in full screen mode.
1080p-formatted video
If the View desktop has a dual virtual CPU, you can play 1080p formatted
video, although the media player might need to be adjusted to a smaller
window size.
3D
If you plan to use 3D applications such as Windows Aero themes or Google
Earth, the Windows 7 View desktop must have virtual hardware version 8,
available with vSphere 5 and later. You must also turn on the pool setting called
Windows 7 3D Rendering. Up to 2 monitors are supported, and the maximum
screen resolution is 1920 x 1200.
This non-hardware accelerated graphics feature enables you to run DirectX 9
and OpenGL 2.1 applications without requiring a physical graphics processing
unit (GPU).
Recommended Guest Operating System Settings
Recommended guest operating system settings include the following settings:
n
For Windows XP desktops: 768MB RAM or more and a single CPU
n
For Windows 7 desktops: 1GB of RAM and a dual CPU
Desktop Client Hardware Requirements
Client hardware requirements include the following:
n
x86-based processor with SSE2 extensions, with a 800MHz or higher processor speed.
n
ARM processor with NEON (preferred) or WMMX2 extensions, with a 1Ghz or higher processor speed.
n
Available RAM above system requirements to support various monitor setups. Use the following formula
as a general guide:
20MB + (24 * (# monitors) * (monitor width) * (monitor height))
As a rough guide, you can use the following calculations:
1 monitor: 1600 x 1200: 64MB
2 monitors: 1600 x 1200: 128MB
3 monitors: 1600 x 1200: 256MB
NOTE For mobile client hardware requirements, go to
https://www.vmware.com/support/viewclients/doc/viewclients_pubs.html.
20 VMware, Inc.
Chapter 2 Planning a Rich User Experience
Microsoft RDP
Remote Desktop Protocol is the same multichannel protocol many people already use to access their work
computer from their home computer. Microsoft Remote Desktop Connection (RDC) uses RDP to transmit data.
Microsoft RDP provides the following features:
n
With RDP 6, you can use multiple monitors in span mode. RDP 7 has true multiple monitor support, for
up to 16 monitors.
n
You can copy and paste text and system objects such as folders and files between the local system and the
View desktop.
n
RDP supports 32-bit color.
n
RDP supports 128-bit encryption.
n
You can use this protocol for making secure, encrypted connections to a View security server in the
corporate DMZ.
Following are RDP-related requirements and considerations for different Windows operating systems and
features.
n
For Windows XP and Windows XP Embedded systems, you should use Microsoft RDC 6.x.
n
Windows Vista comes with RDC 6.x installed, though RDC 7 is recommended.
n
Windows 7 comes with RDC 7 installed. Windows 7 SP1 comes with RDC 7.1 installed.
n
You must have RDC 6.0 or later to use multiple monitors.
n
For Windows XP desktop virtual machines, you must install the RDP patches listed in Microsoft
Knowledge Base (KB) articles 323497 and 884020. If you do not install the RDP patches, a Windows Sockets
failed error message might appear on the client.
n
The View Agent installer configures the local firewall rule for inbound RDP connections to match the
current RDP port of the host operating system, which is typically 3389. If you change the RDP port number,
you must change the associated firewall rules.
You can download RDC versions from the Microsoft Web site.
Desktop Client Hardware Requirements
Client hardware requirements include the following:
n
x86-based processor with SSE2 extensions, with a 800MHz or higher processor speed.
n
ARM processor with NEON (preferred) or WMMX2 extensions, with a 600MHz or higher processor speed.
n
128MB RAM.
NOTE Mobile clients, such as iPad and Android, use only the PCoIP display protocol.
Using View Persona Management to Retain User Data and Settings
You can use View Persona Management with View desktops and with physical computers and virtual
machines that are not managed by View. View Persona Management retains changes that users make to their
profiles. User profiles comprise a variety of user-generated information.
n
User-specific data and desktop settings, which allow the desktop appearance to be the same regard less
of which desktop a user logs in to.
n
Application data and settings. For example, these settings allow applications to remember toolbar
positions and preferences.
VMware, Inc. 21
VMware View Architecture Planning
n
Windows registry entries configured by user applications.
To facilitate these abilities, View Persona Management requires storage on a CIFS share equal or greater than
the size of the user's local profile.
Minimizing Logon and Logoff Times
View Persona Management minimizes the time it takes to log on to and off of desktops.
n
View takes recent changes in the profile on the View desktop and copies them to the remote repository at
regular intervals. The default is every 10 minutes. In contrast, Windows roaming profiles wait until logoff
time and copy all changes to the server at logoff.
n
During logon, View downloads only the files that Windows requires, such as user registry files. Other
files are copied to the View desktop when the user or an application opens them from the profile folder
in the View desktop.
n
With View Persona Management, during logoff, only files that were updated since the last replication are
copied to the remote repository.
With View Persona Management, you can avoid making any changes to Active Directory in order to have a
managed profile. To configure Persona Management, you specify a central repository, without changing the
user's properties in Active Directory. With this central repository, you can manage a user's profile in one
environment without affecting the physical machines that users might also log on to.
With View Persona Management, if you provision desktops with VMware ThinApp applications, the ThinApp
sandbox data can also be stored in the user profile. This data can roam with the user but does not significantly
affect logon times. This strategy provides better protection against data loss or corruption.
Configuration Options
You can configure View personas at several levels: a single View desktop, a desktop pool, an OU, or all View
desktops in your deployment. You can also use a standalone version of View Persona Management on physical
computers and virtual machines that are not managed by View.
By setting group policies (GPOs), you have granular control of the files and folders to include in a persona:
n
Specify whether to include the local settings folder. For Windows 7 or Windows Vista, this policy affects
the AppData\Local folder. For Windows XP, this policy affects the Local Settings folder.
n
Specify which files and folders to load at login time. For example: Application
Data\Microsoft\Certificates. Within a folder, you can also specify files to exclude.
n
Specify which files and folders to download in the background after a user logs in to the desktop. Within
a folder, you can also specify files to exclude.
n
Specify which files and folders within a user's persona to manage with Windows roaming profiles
functionality instead of View Persona Management. Within a folder, you can also specify files to exclude.
As with Windows roaming profiles, you can configure folder redirection. You can redirect the following folders
to a network share.
Contacts My Documents Save Games
Cookies My Music Searches
Desktop My Pictures Start Menu
Downloads My Videos Startup Items
Favorites Network Neighborhood Templates
History Printer Neighborhood Temporary Internet Files
Links Recent Items
22 VMware, Inc.
Chapter 2 Planning a Rich User Experience
To configure a remote repository to store personas, you can use either a network share or an existing Active
Directory user profile path that you configured for Windows roaming profiles. The network share can be a
folder on a server, a network-attached storage (NAS) device, or a network server. To support a large View
deployment, you can configure separate repositories for different desktop pools.
With View 5.1 and later, you can install a standalone version of View Persona Management on physical
computers and virtual machines that are not managed by View, allowing you to accomplish these goals:
n
Share and manage profiles across standalone systems and View desktops.
n
Migrate user profiles from physical systems to View desktops.
n
Perform a staged migration from physical systems to View desktops.
n
Support up-to-date profiles when users go offline.
Limitations
View Persona Management has the following limitations and restrictions:
n
You must have a View license that includes the View Personal Management component.
n
View Persona Management requires a CIFS (Common Internet File System) share.
n
You cannot use View Persona Management with desktops that run in local mode.
n
A user cannot access the same profile if the user switches between desktops that have v1 user profiles and
v2 user profiles. However, redirected folders can be shared between v1 and v2 profiles. Windows XP uses
v1 profiles. Windows Vista and Windows 7 use v2 profiles.
Benefits of Using View Desktops in Local Mode
With View Client with Local Mode, users can check out and download a View desktop to a local system such
as a laptop. Administrators can manage these local View desktops by setting policies for the frequency of
backups and contact with the server, access to USB devices, and permission to check in desktops.
For employees at remote offices with poor network connections, applications run faster on a local View desktop
than on a remote desktop. Also, users can use the local version of the desktop with or without a network
connection.
If a network connection is present on the client system, the desktop that is checked out continues to
communicate with View Connection Server to provide policy updates, and ensure that locally cached
authentication criteria is current. By default, contact is attempted every 6 minutes.
View desktops in local mode behave in the same way as their remote desktop equivalents, yet can take
advantage of local resources. Latency is eliminated, and performance is enhanced. Users can disconnect from
their local View desktop and log in again without connecting to the View Connection Server. After network
access is restored, or when the user is ready, the checked-out virtual machine can be backed up, rolled back,
or checked in.
Local resource
utilization
After a local desktop is checked out, it can take advantage of the memory and
CPU capabilities of the local system. For example, memory available beyond
what is required for the host and guest operating systems is usually split
between the host and the local View desktop, regardless of the memory settings
that are specified for the virtual machine in vCenter Server. Similarly, the local
View desktop can automatically use up to two CPUs available on the local
system, and you can configure the local desktop to use up to four CPUs.
VMware, Inc. 23
VMware View Architecture Planning
Although a local desktop can take advantage of local resources, a Windows 7
or Windows Vista View desktop that is created on an ESX/ESXi 3.5 host cannot
produce 3D and Windows Aero effects. This limitation applies even when the
desktop is checked out for local use on a Windows 7 or Windows Vista host.
Windows Aero and 3D effects are available only if the View desktop is created
using vSphere 4.x or later.
Conserving datacenter
resources by requiring
local mode
Check-outs
Backups
Rollbacks
Check-ins
You can reduce datacenter costs associated with bandwidth, memory, and CPU
resources by requiring that View desktops be downloaded and used only in
local mode. This strategy is sometimes called a bring-your-own-PC program
for employees and contractors.
When the View desktop is checked out, a snapshot is taken in vCenter, to
preserve the state of the virtual machine. The vCenter Server version of the
desktop is locked so that no other users can access it. When a View desktop is
locked, vCenter Server operations are disabled, including operations such as
powering on the online desktop, taking snapshots, and editing the virtual
machine settings. View administrators can, however, still monitor the local
session and access the vCenter Server version to remove access or roll back the
desktop.
During backups, a snapshot is taken on the client system, to preserve the state
of the checked-out virtual machine. The delta between this snapshot and the
snapshot in vCenter is replicated to vCenter and merged with the snapshot
there. The View desktop in vCenter Server is updated with all new data and
configurations, but the local desktop remains checked out on the local system
and the lock remains in place in vCenter Server.
During rollbacks, the local View desktop is discarded and the lock is released
in vCenter Server. Future client connections are directed to the View desktop
in vCenter Server until the desktop is checked out again.
When a View desktop is checked in, a snapshot is taken on the client system,
to preserve the state of the virtual machine. The delta between this snapshot
and the snapshot in vCenter is replicated to vCenter and merged with the
snapshot there. The virtual machine in vCenter Server is unlocked. Future
client connections are directed to the View desktop in vCenter Server until the
desktop is checked out again.
The data on each local system is encrypted with AES. 128-bit encryption is the default, but you can configure
192-bit or 256-bit encryption. The desktop has a lifetime controlled through policy. If the client loses contact
with View Connection Server, the maximum time without server contact is the period in which the user can
continue to use the desktop before the user is refused access. Similarly, if user access is removed, the client
system becomes inaccessible when the cache expires or after the client detects this change through View
Connection Server.
View Client with Local Mode has the following limitations and restrictions:
n
You must have a View license that includes the Local Mode component.
n
End users cannot access their local desktop while rollbacks and check-ins are taking place.
n
This feature is available only for virtual machines that are managed by vCenter Server.
n
You cannot use View Persona Management with desktops that run in local mode.
n
Assigning application packages created with VMware ThinApp is not supported for View desktops that
are downloaded and used in local mode. Rolling back a desktop might cause View Connection Server to
have incorrect information about the ThinApps on the rolled-back desktop.
24 VMware, Inc.
Loading...