How to delete an orphaned desktop pool
Time for a new problem in the VMware Horizon View series. After running into problems which forced me to ‘Manually delete protected Horizon View replicas‘ and ‘Link a VMware View desktop to its replica‘, now I encountered an orphaned desktop pool which could not be deleted.
First, What got me into this mess. As I told you last week I was testing a Nvidia Quadro K5000 graphics card when my ESXi whitebox died on me. This also corrupted the one hard drive which contained all my Horizon View desktops. Fortunately the golden images resided on my NFS storage so no harm done, just delete the pools, recreate them and we’re up and running again. Wrong! Because the VDI virtual machines were no longer present, I ended up with an orphaned desktop pool. Similar like you would get when deleting View virtual machines directly from the vCenter client.
When I tried to delete the desktop pools in the Horizon View Administrator I got an error stating internal problems with the Composer server or service.
It’s not much to go on but I checked the View Composer service, Composer logs, Windows domain membership and I even reconfigured Composer in the Horizon View Administrator Server settings. No success. Then I remembered manually deleting the protected Horizon View replicas and I searched for orphaned desktops pools.
I found this VMware KB article: Manually deleting linked clones or stale virtual desktop entries from VMware View Manager and Horizon View (1008658)
This confirmed my suspicion that this had nothing to do with the Composer service but that it was caused by the disappearance of the View virtual machines due to the hard disk corruption. Much like you would get when deleting View virtual machines directly from the vCenter client instead of the proper way, in the Horizon View Administrator console.
To solve this problem and remove the bad entries to be able to delete the desktop pool I had to do the following:
- Open up vSphere and connect to vCenter.
- Open up the console for the Horizon View Connection Server.
- Connect to the Horizon View ADAM database:
- Click [Start > Administrative Tools > ADSI Edit].
- In the console window, right-click ADSI Edit and click [Connect to].
- In the Name field type: [View ADAM Database].
- Select [Select or type a Distinguished Name or Naming Context].
- In the field below, type [dc=vdi,dc=vmware,dc=int].
(do not try to be smart and change these to match your own AD domain like I did. This is the distinguished name of the Horizon View ADAM database)
- Select [Select or type a domain or server].
- In the field below, type [localhost].
- Click [OK].
- Click [View ADAM Database] to expand.
- Click [DC=vdi,dc=vmware,dc=int] to expand.
- Locate the GUID of the virtual machine. To locate the GUID of the virtual machine:
- Right-click the Connection [View ADAM Database], and click [New > Query].
- Under Root of Search, click [Browse] and select the [Servers] organizational unit.
- Click [OK].
- In the Query String, paste this search string: (&(objectClass=pae-VM)(pae-displayname=VirtualMachineName))
Where VirtualMachineName is the name of the virtual machine for which you are trying to locate the GUID. You may use * or ? as wildcards to match multiple desktops.
- Click [OK] to create the query.
- Click the query in the left pane. The virtual machines that match the search are displayed in the right pane.
- Record the [GUID] in cn=<GUID>.
- Delete the [pae-VM object] from the ADAM database:
- Locate the [OU=SERVERS] container.
- Locate the corresponding virtual machine’s GUID (from above) in the list which can be sorted in ascending or descending order, choose [Properties] and check the pae-DisplayName attribute to verify the corresponding linked clone virtual machine object.
- Delete the pae-VM object.
- Check if there are entries under OU=Desktops and OU=Applications in the ADAM database.
- Check for entries in both the [OU=Server Groups] and [OU=Applications] and remove both. Removing one entry and not the other from the ADAM database results in the java.lang.nullpointerexception error when attempting to view the pools or desktops inventory in View Manager.
This did the trick. After deleting all references to the old VDI virtual machines and desktop pools, I’ve got a fresh and clean Horizon View Connection Server.
No internet connection results in slow vSphere client consoles
In the last few weeks a customer that I am working for has been making a lot of changes within their infrastructure. Some big and some (on the surface) small. Somewhere during those weeks a change was made and the consequence of that change has gone by unnoticed at first. Then reports started to come in from colleague administrators that console sessions for virtual machines, when using the vSphere client, where really slooooowwwww. Opening a console took more than 10 seconds and trying to open more simultaneous would freeze the users screen entirely.
Building a new ESXi whitebox
Unfortunately the whitebox ESXi server I build in June 2011 died on me when testing a Nvidia Quadro K5000 graphics card. So I needed a new ESXi server for my home lab.
I looked at some HP and Dell mini servers but I decided to build a new VMware ESXi whitebox. Power supply, hard disks and SSD were still fine so I only needed a new motherboard, processor and memory.
In the past I’ve used websites like, ‘Ultimate VMware ESX Whitebox‘ and ‘VM-help.com‘ to find compatible parts but because one no longer exists and the other is pretty outdated I picked the components myself.
Because the Intel i5 processor does not support hyper-threading and comes with less cache I chose a 4 core, 8 threaded, 3,4GHz Intel i7-4770 processor with a LGA1150 socket. It’s not the cheapest processor but this one was available right away, the other Intel i7 processors were out of stock and this could take up to two weeks.
As the basis I needed a LGA1150 socket motherboard and my selection criteria where very simple, 32GB memory, onboard video and as much expansion slots as possible with a mix of PCI and PCIe (x16, x4, x1). As an ASUS fan I chose the ASUS H87-PLUS. It has four DDR3 DIMM-slots which can support up to 32GB of memory, it has onboard video VGA or HMDI and one PCIe 3.0 x16 slot, one PCIe 2.0 x16 slot (x4 mode), two PCIe 2.0 x1 slots and three PCI slots.
I topped it of with 32GB DDR3 1600MHz Corsair VengeanceLP memory in four 8GB modules (CML32GX3M4A1600C10).
The total kit list is as follows:
- Intel i7-4770 processor (8 x 3.4GHz with HT);
- ASUS H87-PLUS motherboard;
- Corsair 32GB DDR3-1600 memory (4 x 32GB);
- Western Digital Caviar Black WD1002FAEX 1TB, SATA-600 hard disk;
- 256 GB SanDisk Ultra Plus SSD;
- Intel 82572EI Gigabit Ethernet adapter;
- Broadcom NetXtreme BCM5705 Gigabit Ethernet adapter;
- Nvidia Quadro K5000 graphics card;
- HP midi tower with 750W power supply.
After bolting, screwing and plugging everything together, it was time to install ESXi 5.5, this finished with no issues, so within 1 hour my VMware ESXi whitebox was up and running and I could import my existing lab infrastructure.
But the most important of all, is it any good? It’s great to build an ESXi whitebox but when the performance of all those ‘desktop components’ suck, it’s maybe better to spend a bit more $$. In short, it’s great, performance is comparable to that of enterprise servers with the exception of disk related tasks. The disk performance is good but it’s not great. You just cant compare disk I/O of simple desktop despite the fact it’s a fast, 6Gbps SATA disk.
At the moment I’m running VMware ESXi 5.5 with:
- vCenter Server Appliance 5.5;
- vCenter Update Manager 5.5;
- vCenter Mobile Access appliance;
- VMware vCenter Operations Manager 5.7
- Horizon View 5.3 Connection Server;
- Horizon View 5.3 Composer;
- Windows Server 2012 R2 Domain Controller;
- SQL Server;
- Veeam Backup & Replication Server 7;
- Windows 7 desktop.
CPU load is as expected very low, 4968MHz on average. The total memory load when running all those virtual machine is 23.8GB.
All things considered I’m very pleased with my ESXi whitebox, performance is good, 32GB of memory gives me enough space to deploy lab VM’s and the money I spend on it is well within my budget (€650,-).
Hint and tips for those of you who want to build their own ESXi whitebox:
- Research, research, research.
I still hear people buy incompatible hardware despite the available online resources. Check if your desired configuration has already been build. If not Google is your friend;
- Do not save on your harddisk.
If you save on your harddisk you will be sorry very soon so find a fast disk or even add a SSD if your budget allows it.
If your budget is a problem, save on the processor. As you can see, the load on my processor for instance is very low. Buy a cheaper processor and spend that on a good harddisk.
- Go for a motherboard which can hold 32GB of memory or more.
Even if you do not need 32GB right now, shortage of memory probably the first bottleneck you will encounter.
BLAST Windows Apps to your Chromebook
In September 2011 VMware gave us a sneak peek at Project AppBlast and with VMware Horizon View we can use AppBlast technology to access desktops using a HTML5 compatible browse. But as of today we can experience the true power of AppBlast.
Today VMware and Google announced a new service to deliver Windows applications to Google Chromebooks.
Google and VMware today announced that they are working together to make it easier for Chromebook users in the enterprise to access Windows applications and the Windows desktops on their Google ChromeBooks by using VMware’s Horizon desktop as a service (DaaS), which uses VMware‘s HTML5 Blast protocol, it will now be easier for Chromebook users to connect to a traditional Windows experience.
It is possible to remotely access a Windows machine on ChromeOS by using Google’s ownRemote Desktop application or other 3rd party applications but they do not offer the kind of security features that enterprises look for. Another important shortcoming of Chromebooks preventing business use is the ability to run Windows or Windows-based apps. Microsoft Office is still, by far, the leader in office productivity applications, and of course, there are many critical business applications that will only run on Windows systems. So, for Chromebooks to have any hope of becoming a true business device, they must somehow support running these applications that businesses need. Chromebooks were intended to work with web-enabled applications, making Chromebook-type devices more viable, but that day is still far away.
Users will be able to use the new service to access their Windows applications, data and desktops from a web-based application catalog on their Chromebooks. Soon, Chromebook users will also be able to install the service from the Chrome Web Store.
VMworld 2014 – Save The Date!
The VMware Partner Exchange is due in one week, but we are already looking forward towards VMworld 2014! This year the conference will also be held in San Francisco in August and six week later the Europe edition in Barcelona.
- Aug. 24-28 VMworld 2014 U.S. San Francisco Moscone Center
- Oct. 13 VMworld 2014 Europe Barcelona Fira Barcelona Gran Via – Partner day
- Oct. 14-16 VMworld 2014 Europe Barcelona Fira Barcelona Gran Via
With a lot of new and exciting news around Software Defined Data Centers (SDDC) combined with NSX, the Hybrid Cloud with vCAC 6.x and the Workforce Mobility expansion through the newly added and bought Airwatch will make lots of wrinkles on the IT water for the upcoming years. Workforce Effectiveness combined with the User Experience (USX) will go beyond the frontiers, so do not miss it and come join the fun!
Manually deleting protected Horizon View replicas
Two weeks ago Sander wrote an article on ‘How to link VMware View desktop to its replica‘.
Unfortunately in my case my server died and because I had to reinstall my Horizon View environment. Because the View desktops were provisioned on another server and on shared storage the the replicas became orphaned.
During normal operation the View Connection Server creates, manages, and deletes linked clones during View Composer operations. If the Connection Server functions are interrupted, the linked clones create orphaned folders, protected folders and virtual machine objects remaining in the vCenter Server.
The problem now is to remove the replicas because they are protected.
To resolve this issue, run the unprotectentity command to remove the protection from linked clone objects.Run these commands from a command prompt on the vCenter Server from the View Composer directory:
- 32-bit servers: C:\Program Files\VMware\VMware View Composer
- 64-bit servers: C:\Program Files (x86)\VMware\VMware View Composer
For View Composer 2.7 and earlier (View 5 and earlier), run the command:
sviconfig -operation=UnprotectEntity -VcUrl=https://<VirtualCenter address>/sdk -Username=<VirtualCenter account name> -Password=<VirtualCenter account password> -InventoryPath=/<Datacenter name>/vm/VMwareViewComposerReplicaFolder/<Replica Name> -Recursive=true
For View Composer 3.0 (View 5.1), run the command:
sviconfig -operation=UnprotectEntity -DsnName=<name of the DSN> -DbUsername=<Composer DSN User Name> -DbPassword=<Composer DSN Password> -VcUrl=https://<vCenter Server address>/sdk -VcUsername=<Domain\User of vCenter Server account name> -VcPassword=<vCenter Server account password> -InventoryPath=/<Datacenter name>/vm/VMwareViewComposerReplicaFolder/<Replica Name> -Recursive=true
Notes: The sviconfig command parameters are case sensitive.
Caution: In View Composer 2.0, if a replica folder is unprotected, it cannot be protected again. Use the UnprotectEntity command as a last-resort troubleshooting procedure and exercise caution when running this command.
Running this second command on my vSphere 5.5/Horizon View 5.2 environment successfully unprotected the 4 replicas> Next I could delete the replicas from disk in vCenter.
For more information visit:
VMware acquires AirWatch
VMware and AirWatch just announced that they have signed a definitive agreement under which VMware will acquire AirWatch. Airwatch is a leading provider of enterprise mobile management and security solutions.
VMware will acquire AirWatch for approximately $1.175B in cash and approximately $365M of installment payments and assumed unvested equity.
AirWatch is a leading provider of enterprise solutions for Mobile Device Management, Mobile Application Management and Mobile Content Management with 1.600 employees,currently has more than 10,000 customers globally. AirWatch products offer enterprises a platform to securely manage a rapidly growing set of mobile devices and an increasingly mobile workforce. The vision of AirWatch is to provide a secure virtual workspace that allows end users to work at the speed of life.
This acquisition will expand VMware’s End-User Computing group, in which AirWatch’s offerings will form an expanded portfolio of mobile solutions that are complementary to VMware’s portfolio. VMware will probably integrate the AirWatch portfolio into its End User Computing (EUC) platform, VMware Horizon Suite, to further enable mobile users without compromising security.
Check out AirWatch and their wide range of solutions here.
Review: Synology Diskstation DS1513+ with VMware – Part 3
In part 1 we finished the hardware installation of the Synology and setup of the DSM software.
In part 2 we finished setting up the ESXi environment with iSCSI and the networking part which includes multipathing.
In this final part 3 we will setup the VMware environment and the Synology to use NFS and some datastores on iSCSI and NFS.
NFS Setup on the Synology DS1513+
For a correct use you have to setup NFS on the Synology by opening Control Panel in the DSM software and select under File Sharing and Privileges the Win/Mac/NFS icon. On the tab NFS Service you can Enable NFS, set the correct packet sizes for read and write.
If you press the link for Shared Folder the menu for Shared Folder will be opened where you can alter the NFS Privileges. For now we just create a new rule so we can connect to NFS from the VMware environment.
On the privileges tab you can edit the different rules so you make sure that ESX can connect from several servers towards the NFS share.
Now that we enabled NFS on the Synology we are ready to activate Volumes to hold VMware datastores and VMs. First we open Storage Manager and select Create on the Volume Tab. A wizard will start, choose Custom and press Next. Choose multiple volumes on RAID, then select the correct Diskgroup if you made more then 1. For the test we made a 2000 GB volume, so we have room for other things on the Disk RAID. Check the summary if everything is correct and Apply it.
Through file station in DSM you can check the mount paths and upload files if needed.
NFS Setup on VMware vSphere 5.1
Now that we have setup the NFS part on the Synology Diskstation, we can setup and connect it in the VMware environment. Add Storage and choose Network File System. Enter the server by FQDN (for the test we used an IP-adres) and the share to connect with. Also give the datastore a name you understand and can find between several datastores. Now finish it to activate the datastore in VMware vCenter.
The Synology DS1513+ is a great device with extremely powerful software and tons of options. Very easy to setup and useful not only for home but also for small and medium businesses. The NAS combined with some ESXi servers and VMware vSphere essentials bundle you can build your virtual environment very easy. I would recommend to expand the unit if you are going to use it in a virtual production environment with an DX513 so you have a maximum of 10 disks in the RAID and with them the performance you will probably need. The network interface are extremely fast (95-105MBps through iSCSI and about 45Mbps Upload and 69MBps Download through Windows per NIC) and you can combine the 4 NICs to 4x1Gbps aggregate.
IBM Cognos licensing in a VMware environment
IBM makes it possible with their licensing to run IBM Cognos on a virtualisation hypervisor like VMware ESXi and make full use of vMotion, HA and DRS. Many IBM products can be licensed as User-Based or Capacity-based. If the product has a server component, it will commonly be licensed as Capacity-based. Within a virtual environment like VMware you may use sub-capacity licensing for certain IBM products like Cognos.
Common used abbreviations are: PVU – Processor Value Unit / ILMT – IBM License Metric Tool / VM – Virtual Machine, a VM represents a complete system with processors, memory, disk and network resources.
- Yes you can and may use IBM Cognos, licensed through PVU, in a VMware environment.
- Yes you may use vMotion, HA, DRS to move the VMs through the whole cluster.
- No you do not have to pay for the whole cluster. You may license for the cheapest, or virtual or the physical underlying infra. Counting all physical cores in a VMware server/cluster where the VM with IBM software resides versus the total amount of vCPUs for the specific IBM software in multiple VMs. Follow the Virtualization Capacity license counting rules to determine, by program, the number of processor cores required to license. Determine the PVU factor by checking the correct table.
- Yes you need to install the ILMT tool within 90 days of signing the contract (a few exceptions apply, but I recommend you use the tool to make your life easier).
- You are not required to report to IBM the PVU usage on a regular basis, but you are required to generate quarterly ILMT reports and keep them for a period of two years. These reports must be provided if IBM conducts an audit.
PVU licensing is based on the processing capacity (expressed in PVUs) available to the IBM middleware. In the case of VMware, IBM license based on the number of virtual cores (vCPUs) available to a partition. Each vCPU is equal to one processor core for PVU licensing. IBM license to the lower of the sum of vCPUs or full (physical) capacity of the server or cluster. Copies of the revised IBM International Passport Advantage Agreement – effective 18 July 2011 are available for download here.
Difference between Sub-capacity licensing and full capacity licensing
- Sub-capacity licensing lets you license a PVU-based software program for less than the full processor core capacity of the server, when the software program is deployed in an eligible virtualization environment.
- With full capacity licensing, you are required to obtain PVU license entitlements for all activated processor cores in the server, regardless of how the software was deployed.
Full capacity licensing is based on every physical, activated processor core in the physical server. Back when servers were one processor core sitting on top of one chip plugged into one socket, software was licensed on full capacity basis by default. The concept of full capacity licensing has not changed, even with the proliferation of multi-core and multi-socket servers. Licensing was basically simple. But with partitioning and more sophisticated server virtualization technologies that create virtual CPUs, virtual servers/partitions (aka virtual machines, LPARs, etc.) that can be moved and/or resized on the fly, came the demand for more flexible licensing terms. Thus IBM announced its sub-capacity licensing offering back in 2005.
Why use sub-capacity licensing
IBM’s Passport Advantage Sub-Capacity Licensing offering enables you:
- to leverage server virtualization to more effectively consolidate their infrastructure and reduce their overall total cost of ownership (TCO)
- allows flexible software licensing using advanced virtualization capabilities such as shared processor pools, micro-partitioning, virtual machines and dynamic reallocation of resources
- gives growing customers the flexibility to choose how to add workload environments without making trade-offs between hardware design and software licensing
- enables you to license software for only the processor core capacity available to the partition hosting the IBM software
- provides a tool (ILMT) which allows you to track and manage the processor core capacity available to IBM PVU-based middleware
How to count the correct PVU units
First you must understand your virtual environment and how it is setup. So how does the physical server look like, which processor brand and technology is used, than which virtualisation technology and version is running. Furthermore how the IBM software is deployed into Virtual Machines and how do those VMs look like with virtual hardware and specific virtual cores applied to it.
If you know the environment than you can use the formula below to calculate the total amount you need to pay or have payed. In the scenarios we use a Physical server with 2 pCPU with each 4 cores. Scenario 1 has 4 pServers with a total of 32 Cores and Scenario 2 has 2 pServers with a total of 16 Cores.
- Get the correct PVU value for the used Processor Type, Brand and Model in this PVU table. How does the physical server look like? We use Intel E5- 2600 series CPU in both scenario’s, so we have to get the PVU value for the used Processor Type, Brand and Model in this PVU table. After checking the table we find that the PVU value is 70 for each core.
- Count the vCPU used in all VMs for the specific IBM product and call that total # of Cores where each virtual core is equal to one core for PVU licensing. For scenario 1 that will be 7 Cores and for scenario 2 it will be 18 Cores.
- Check your contract, offer or invoice for the cost per PVU.
# of Cores x # of PVUs x Cost per PVU = Total Price to Pay
For scenario 1 the physical layer will be 32 cores x 70 PVU = 2240 PVU and the virtual cores will be 7 vCPU x 70 PVU = 490 PVU
For scenario 2 the physical layer will be 16 cores x 70 PVU = 1120 PVU and the virtual cores will be 18 vCPU x 70 PVU = 1260 PVU
Generally, for any Eligible Product installed in an Eligible Virtualization Environment, you may license to the lower of:
- PVUs for the maximum number of virtual cores in the virtual machines (VMs) available to the Eligible Product at any given time or
- PVUs for the maximum number of physical cores in the server/cluster available to the Eligible Product at any given time
So in scenario 1 we will pay for the virtual CPUs and with scenario 2 it is smarter to pay for the underlying infrastructure. But reality is that servers are getting bigger and CPU’s are getting more and more cores. So I think most organizations will use the virtual core count to lower their cost but still make full advantage of virtualisation with HA and DRS. IBM sees vMotion as a Mobility event, where a running VM is moved from one physical server to another, and you may do that without restrictions if correctly licensed ofcourse.
To determine the correct number of Processor Value Unit (PVU) licenses required for the Eligible Virtualization Environment (for VMware vSphere):
Compliance and Entitlements
Q: Do I need to use the ILMT tool?
A: Yes you do, the IBM License Metric Tool is required when you are using Sub-capacity licensing or in other words running the software in VMware. There are some exceptions tho, but I would advise you to always use the free ILMT tool to make your life easier. The ILMT helps you maintain an inventory of the PVU based software deployed for your Full Capacity or Virtualization (Sub-) Capacity environment, and measures the PVU licenses required by software Product. It is intended to help you manage your IBM software licensing requirements, and help you maintain an audit ready posture. Customers are responsible for supplying hardware and installation services required for installing the tool. The tool generates audit reports. These reports provide the Processor Value Unit (“PVU”) license requirements based on the Virtualization Capacity available to the Eligible Sub-Capacity Product.
Exceptions to this requirement are:
1. when ILMT does not yet provide support for the Eligible Virtualization Environment
(In order to be notified when ILMT support for eligible virtualization technologies become available, customers need to subscribe to “My Notifications”.
2. if your Enterprise has fewer than 1,000 employees and contractors worldwide, you are not a Service Provider, and you have not contracted with a Service Provider to manage your Eligible Virtualization Environment
3. if total physical capacity of your servers with an Eligible Virtualization Environment, measured on a Full Capacity basis, but licensed using sub-capacity terms is less than 1,000 PVUs.
For the above exceptions, customers must manually manage, track, and prepare a Manual Calculation of Virtual Capacity worksheet for each server. For more details about the requirements for this worksheet, you can go to Virtualization Capacity License Counting Rules or use the Manual Calculation of Virtual Capacity worksheet.
Q: Do I have to pay for the ILMT tool?
A: No. The IBM License Metric Tool is a free product that IBM makes available to IBM Passport Advantage clients to help them determine the consumption of processor value units (PVU) for the IBM full and sub-capacity software they acquired. The tool helps clients assess if they are compliant with licensing requirements and it provides reports that are required for IBM compliance audits.
Q: How can you obtain the IBM License Metric Tool?
A: Even though ILMT is a no-charge product offering, an order must still be placed to establish an IBM entitlement record for the license as well as software subscription and technical support (S&S) coverage. That’s because ILMT receives the same level of technical support offered for the rest of the Passport Advantage product portfolio, as opposed to other free tools and utilities that are offered “as-is” with limited to no technical support. For additional guidance and instructions on ordering ILMT, see IBM License Metric Tool PA Online Ordering.(PDF, 926KB) The initial order for ILMT should use P/N D561HLL. In order to maintain an entitlement record, S&S should renewed annually using P/N E027NLL.
Q: Increase available capacity or buy licenses first?
A: Buy licenses first, because you would be out of compliance. The licensing terms require that customers must obtain license entitlements before increasing the processor core capacity to be in compliance. IBM will request payment for the licenses required for the additional processor core effective the date the additional processor core capacity was added (includes back coverage for Software Subscription and Support)
Q: Is VMware vSphere an eligible virtualisation platform?
A: Yes. It sure is check for sub-capacity.
Q: Do I need to report the PVU usage per eligible product to IBM on a regular basis?
A: You are not required to report to IBM the PVU usage on a regular basis, but you are required to generate quarterly ILMT reports and keep them for a period of two years. These reports must be provided if IBM conducts an audit.
Q: Can I install the tool or must I hire someone?
A: You can Install it yourself or hire an IBM partner to help you.
For installing instructions you can educate yourself, download the tool, install the tool and configure it.
How to link VMware View desktop to its replica
A while back I was looking at a VMware View environment that had Storage DRS enabled and set to automatic. If I recall correctly, one of the first things the installation document from VMware mentions is not to use Storage DRS in a View enviroment. If you need to rebalance the desktops and replica data on your datastores you can do so with the “Rebalance” option within the View administrator console.
In this enviroment storage DRS had been running like that for some time resulting in desktops and replica’s beeing moved across the datastores and View losing control over the desktops. Creating new pools and migrate the users to newly created pools was done fairly quick and from the View admin console perspective the problem was solved. However the datastores still containedmore desktop and replica folders present than there should have been. So how do you determine if a folder is still in use or not?
The way we checked the folders was through the use of the tables within the vCenter and View Composer database. In this article I want to describe how you can match a desktop name to a replica within vCenter.
1. First thing you should do is open up the table called “SVI_SIM_CLONE” in the View Composer database and look up the desktop name in the column “VM_NAME”.
2. In the same row as the “VM_NAME” find the column “REPLICA_ID” and remember that value.
3. Open up the table “SVI_REPLICA” also present in the View Composer database and look for the value in “ID” that matches the value you found in step 2.
4. On the same row of “ID” find the value in the column named “REPLICA_MOID”.
5. In the vCenter database open the table “VPX_ENTITY” and use the value of “REPLICA_MOID” minus the “vm-” part to find a match in the “ID” column.
6. Write down the value in the column “NAME” and you have the name that is shown in the vCenter client.
In case that you cannot find the “ID” / “REPLICA_MOID” in the “VPX_ENTITY” table it means that vCenter isn’t aware of that replica. It is likely that there are still some desktops running and are using this replica. Best thing to do is to shutdown those desktops manually and remove them from vCenter / View composer and then remove the replica manually.
Knowing how the tables and columns link to each other can also provide other uses. For example knowing the vCenter name of a replica can help you find all the desktops that are linked to it. The “REPLICA_ID” value in the “SVI_SIM_CLONE” table isn’t unique, if you order the table on the replica_id you can group up all the “VM_NAME” values and thus the desktops related to that replica.
Manually checking the relation between a desktop and it’s replica can be very time consuming, so it might be worth scripting something that can provide a good overview. With powershell you can open up connections to your database and use SQL queries to retreive the data you like and proces it to the information that you need.
Example of a SQL connection script with Powershell:
$connectionString = “Server=$Server;uid=$user;pwd=$pwd;Database=$databaseVcenter;Integrated Security=True;”
$connection = New-Object System.Data.SqlClient.SqlConnection
$connection.ConnectionString = $connectionString
$query = “Select ID,NAME From VPX_ENTITY WHERE NAME LIKE ‘replica%’”
$command = $connection.CreateCommand()
$command.CommandText = $query
$result = $command.ExecuteReader()
$table = new-object “System.Data.DataTable”
This script connects to a vCenter database and will select all the ID’s and Names from the “VPX_ENTITY” table where the name starts with “replica”. The values found are then put into a table for Powershell that can be used for the rest of the script.
Hopefully the information in this article can help in future endeavours. If you know any other relations between the tables / databases then please let us know, we might be able to describe those to.
Top 10 articles of 2013
For VMGuru 2013 was a great year in which we wrote 104 blog posts and introduced our new, more responsive and bandwidth-friendly website-layout.
Due to this served 2.2M pages to 426.338 visitors, using 346,5GB bandwidth last year.
But which are the most popular blog posts from 2013? We created a 2013 Top 10!
- No 2. – Bye bye Citrix XenServer.
The second best blog post is one on Citrix XenServer. In October of 2013 when I was updating our Enterprise Hypervisor Comparison, I noticed that Citrix had removed a ton of features in the new Citrix XenServer 6.2. This looked like the end of Citrix XenServer, of course looking at the comments Citrix-enthousiasts don’t agree but check out the list of withdrawn features and do your own math.
Bye bye Citrix XenServer.
- No 4. – vSphere 5 memory management explained.
During my everyday work I was amazed how VMware memory management is still a topic which a lot of VMware administrators don’t understand. Administrator of big VMware environments who don’t have a clue what Transparent Page Sharing (TPS), memory compression, host swapping or ballooning is or what it does and when it is used. Also a lot of VMware administrators have trouble explaining the virtual machine memory allocation graphs. So I wrote a blog post in which I explain the different memory management techniques in VMware vSphere 5 which ended up number 4 on the 2013 top 10 list.
vSphere 5 memory management explained (part 1).
vSphere 5 memory management explained (part 2).
- No 9. – How to license Windows 8 in a VMware Horizon View deployment.Licensing has always been one of Edwin’s specialties. He already wrote several blog posts on licensing Oracle, Microsoft SQL Server 2012 and Windows 7 and with the support for Windows 8 in VMware Horizon View he added a blog post explaining the do’s and don’t s of licensing Windows 8 as a VDI operating system in VMware Horizon View.
Wondering which version of Windows 8 to use? Get VDA through SA or VDA subscription? How about roaming use rights? Windows 8 downgrade rights? Check out Edwin’s blog post on how to license Windows 8 in a VMware Horizon View environment.
How to license Windows 8 in a VMware Horizon View deployment.
VMware Fling – Real-time audio/video test
VMware Labs has released a great new fling, an application with which you can verify and test the real-time audio/video performance. The application includes a player that displays the ‘virtual webcam’ feed, and also loops back the audio if required.
This allows for testing without a third party app (which often requires user accounts such as Skype, WebEx, etc.). The application can also perform load testing by forcing the video and audio stream to continuously run again, without a third party app dropping the call after a period of time.
- Displays webcam images at 1:1 resolution
- Automatically starts streaming images when launched (and audio will be looped back if selected)
- Ability to loop the audio-in back to audio-out
- No need to create user accounts to see RTAV
- Supports the VMware Virtual Webcam and Physical Webcams
Here you can download the real-time audio/video test application.
VMware Horizon View 5.3 is available
At VMworld 2013 in Barcelona VMware announced the new version of their EUC product Horizon View 5.3.
Now it is finally available for download!
VMware Horizon View 5.3 includes a significant number of new or improved features.
- Direct Pass-through Graphics
Virtual Dedicated Graphics Acceleration (vDGA) is a graphics acceleration capability that is offered by VMware with NVIDIA GPUs and this is now supported by Horizon View 5.3. This enables customers to deliver high-end 3D-grade graphics for use cases where a discrete GPU is needed. vDGA graphics adapters can be installed in the underlying vSphere host and are then assigned to virtual desktops. Assigning a discrete NVIDIA GPU to the virtual Machine dedicates the entire GPU to that desktop and includes support for CUDA and OpenGL.
- Windows 8.1 Support
My experience with Windows 8.1 is not that positive but VMware already included full support in Horizon View 5.3. This comes aligned with the Windows 8.1 client support in vSphere 5.5. Important: Local Mode and View Persona Management features are not supported with Windows 8.1 desktops yet.
- Multi Media Redirection (MMR) for H264 encoded media files to Windows 7 clients
VMware added support for multimedia redirection of H264 encoded Windows Media files to Windows 7 client end-points. H.264/MPEG-4 is currently one of the most commonly used formats for the recording, compression, and distribution of high-definition video. When using this Windows 7 endpoints will receive the original compressed multimedia stream from the server and decode it locally for display. This can decrease bandwidth usage since the data over the wire will be compressed video instead of a uncompressed screen information and it also decreases used server resources, because the server no longer use server CPU resources decoding the video content.
- HTML5 access improvements
With Horizon View 5.2 it was possible to use a VDI desktop without installing client software by using delivered through HTML5 capable web-browsers. With Horizon View 5.3 VMware has further improved this feature so users can now enjoy sound, clipboard access and a improved graphics performance.
- Real-time audio-video (webcam/audio redirection) for Linux clients
With Horizon View 5.3 VMware introduces real-time audio and video support for Linux clients (support for Windows client was already in 5.2). Real-time audio and video does not forward audio and webcam devices using USB. Instead the devices are controlled by the local client, and audio- and video-streams are transferred from the local devices and encoded, delivered back to the guest virtual machine, and decoded.
Audio delivery is performed from the standard View agent audio-out functionality, which provides better audio quality than with USB redirection.
- iOS 7 look & feel for iPhone/iPad client
The iOS client now matches the look and feel of iOS 7, released at the beginning of October.
- USB 3.0 port support
Horizon View 5.3 offers USB port redirection support for USB 3.0 client ports.
- Support for Windows Server 2008 VM based desktops
Strange but true, Windows Server 2008 R2 is now supported as desktop operating system. Why? Well Microsoft does not offer SPLA licensing for Windows desktop operating systems to allow service providers to create Desktop-as-a-Service (DaaS) offerings using VMware Horizon View.
Microsoft does offer SPLA licensing for Windows Server 2008, so this allows service providers to be fully compatible with the Microsoft licensing terms.
Important to know is that some features are currently not supported with Windows Server 2008 R2, check the release notes.
- Support for VMware Horizon Mirage
This is the first step in creating a single desktop image delivery system. Administrators can now utilize VMware Horizon Mirage 4.3 to manage Horizon View virtual desktops. Mirage keeps a centralized and de-duplicated copy of virtual desktops, including user’s applications and data, and is able to re-instantiate them should you have a host or site failure. Mirage can also distribute individual and departmental application layers. With Horizon Mirage IT is effectively able to eliminate the need for complex namespace or application virtualization solutions.
- VCAI production ready
View Composer Array Integration is now a fully supported feature. VCAI allows administrators to take advantage of native storage snapshot features. VCAI integrate with NAS storage partner’s native cloning capabilities using vSphere vStorage APIs for Array Integration (VAAI). VCAI speeds up provisioning of virtual desktops while offloads CPU consumption and network bandwidth.
- Linked-Clone Desktop Pool Storage Overcommit enhancements
The linked-clone desktop pool storage overcommit feature includes a new storage overcommit level called Unbounded. When selected, View Manager does not limit the number of linked-clone desktops that it creates based on the physical capacity of the datastore.
Important: note that the unbound policy should only be selected if you are certain that the datastore in use has enough storage capacity to accommodate future growth.
- Supportability improvements for View Persona Management
With Horizon View 5.3 View Persona Management feature includes several supportability improvements, including additional log messages, profile size and file and folder count tracking, and a new group policy setting called Add the Administrators group to redirected folders. View Manager uses the file and folder counts to suggest folders for folder redirection.
- Oracle 184.108.40.206 database support
In addition to the supported databases listed in the installation documentation, VMware Horizon View 5.3 supports Oracle 220.127.116.11 databases.
- vSAN for VMware Horizon View
As of version 5.3 VMware includes vSAN for Horizon View desktops in the Horizon Suite. vSAN reduces storage cost for VDI deployments by using inexpensive server disks for shared storage. It also can improve performance because vSAN uses SSD caching for read and write and provides intelligent data placement within a vSphere cluster. vSAN is a scale-out converged platform and a hybrid storage solution combining SSD and traditional disks. Because it fully integrates with the vSphere kernel it has very low latency.
Because VSAN is in beta release, this feature is being released as a Tech Preview, which means that it is available for you to try, but it is not recommended for production use and no technical support is provided.
You can download VMware Horizon view 5.3 here!
Free vSphere Hypervisor limitations removed!
Last week I ran into another discussion about the hypervisor under a XenApp deployment it had to be free or very cheap. So the customer was thinking about loading Hyper-V below it. Ok can be a viable option but the admins hoped it would be VMware ESX because they know that hypervisor and it has never let them down in the past six years. So I got the question what is possible, can we use the Free vSphere Hypervisor? I than remembered from VMworld San Francisco 2013 the limitations of the Free vSphere Hypervisor have been lifted.
So now you can use the vSphere Hypervisor 5.5 with:
- Unlimited number of cores per physical CPU
- Unlimited number of physical CPUs per host
- Maximum eight vCPUs per virtual machine
- But most important the limitation of 32GB RAM per server/host has been removed from the free Hypervisor.
So now you can use it below a XenApp deployment or in a stack where you do not need DRS, HA and vMotion. If you do need a central management solution you can use the Essentials Kit and if you need DRS, HA, vMotion etc. you can use the vSphere 5.5 essentials kit it is for max. 3 servers with 2 physical CPUs per Server.
In Europe the Essentials Kit will cost 690 Euro for 3 years and the Essentials Plus Kit will cost 5.554 euro for 3 years. If you want to have support on your VMware vSphere Hypervisor you can now purchase Per Incident Support for it.
How to: Install VMware NSX
Hany Michael from Hypervizor.com, has made series of videos showing the installation ease of VMware NSX. Unfortunately NSX is not GA yet, but in the videos you can see how the installation goes. Check these out:
Deploying the NSX vAppliance
Deploying the NSX Controllers
Preparing ESXi hosts
Configuring a Logical vSwitch
Need a ‘Cloaked’ Private, Hybrid or Public Cloud?
Where Cloud visibility and control meets security. HyTrust Acquires HighCloud Security!
Last year I had a very nice conversation with Eric Chiu about everything in the datacenter moving into software and the risky things around that move, today HyTrust Inc., the Cloud Security Automation Company, announced that it has acquired HighCloud Security, a leader in cloud encryption and key management software. By combining HyTrust’s powerful administrative visibility and control with HighCloud’s strengths in encryption and key management, the acquisition offers customers of both companies an unprecedented level of flexibility in addressing security, compliance and data privacy requirements in all cloud environments—private, public and hybrid.
The combined offering from HyTrust and HighCloud enables ‘cloaked’ private, hybrid and public clouds and helps address three of the primary security concerns in cloud environments. These are:
• The broad level of access available to privileged users with malicious intent (or those who acquire their credentials)
• Breaches and other data center disasters caused not by criminal intent but through human error or misconfiguration
• Challenges involved in maintaining the security and privacy of the data itself
While these issues don’t always get the attention they deserve, security executives are certainly aware of the concerns that stem from in-house misuse. A recent report1 from Forrester Research notes that insiders rather than extraneous criminal elements were the top source of breaches in the past 12 months, and 36% of them were caused not by malfeasance but by inadvertent misuse of data by employees.
In this environment, HyTrust and HighCloud Security offer unique and complementary strengths to the market.
Eric Chiu, president and founder of HyTrust, said: “HyTrust represents the control point for cloud management, providing automated policy-based security for private cloud environments that can enable both trusted hybrid clouds and ‘cloaked’ public clouds. HighCloud encryption, meanwhile, can be deployed in private, hybrid and public clouds, ensuring data security and privacy as organizations migrate between these environments.”
Cloud computing, and the security concerns that go with it, remain a top priority for most organizations. According to technology analyst firm Gartner Inc., nearly half of large enterprises have deployed a private cloud service and three-fourths expect to have hybrid cloud deployments by 2015.2 A full 80% of organizations intend to use cloud services in some form within the next year, while 60% plan to increase their investment in the next two to five years.3
Chiu continued: “The service also enables a unique level of ‘walk-way’ freedom by making it possible to securely change cloud providers or decommission from the cloud without having to worry about data being left behind. This also makes it easier for corporations to achieve compliance with regulations such as HIPAA and PCI.”
While the technologies can already be used together, the HighCloud solution will in the future be integrated into HyTrust to more tightly bind administrative controls with data security in cloud environments, making encryption and key management invisible to the end user. HighCloud’s engineering team will join HyTrust, continuing to provide support and maintenance to existing customers, and moving forward with the development of HighCloud’s technology roadmap.
“HighCloud and HyTrust have had many ties over the years and solve complementary problems for customers,” said Bill Hackenberger, co-founder, president and CEO of HighCloud Security. “Together, HyTrust and HighCloud give enterprises unprecedented ability to address security, compliance and data privacy requirements for all cloud environments, private, hybrid and public.”
With this move, HyTrust adds HighCloud Security’s strong data encryption and key management to its administrative visibility and control, enabling end-to-end security for cloud environments.
Together, the combined solution will offer significant benefits to enterprises and cloud service providers, including:
• Easier compliance with HIPAA, PCI and other privacy regulations
• Controlling and alerting against actions by rogue administrators, or those who gain their credentials
• Preventing catastrophic datacenter failures caused by administrative error
• Protection against data theft or accidental exposure in the public, private or hybrid cloud
• Enabling secure migration to, from and between different cloud environments
While we all move more and more to the Software Defined Data Center it is good to have controls in place like the two man rule and have software who shields sensitive data in the hybrid or even public cloud. I support the HyTrust vision of enabling automated, policy-based security for the cloud to prevent breaches and data center disasters. Data Centers can now completely be provisioned but also destroyed with the click of a mouse button!!
If you wanna know more about HyTrust and their vision and why they acquired HighCloud Security there is a live webinar on November 20th at 2pm Eastern / 11am Pacific
VMware NSX Distributed Services
This article is number two of a series about the upcoming network virtualization spree, specifically the one coming from VMware. Check out the first article in this series, ‘Introduction to VMware NSX‘.
Traditional network services have evolved over the last years. Introducing more advanced firewalling, loadbalancing and remote access services. Typically, datacenter networks architecture these days look somewhat look this:
The routers can be virtualized inside a physical box, using either VRFs or vendor proprietary router virtual routers, such as Cisco VDC. However, the external and internal firewalls are usually separate monolithic hardware firewalls, which puts a large dent into the network budget.
As we move to a virtual-everything world, desktops and applications are hosted inside the datacenter more and more. The data traffic going east-west inside the datacenter is continuing to grow and is causing scalability issues on the central network services devices. Firewalls and load balancers need to be upgraded (in-place) to keep up and are bleeding the network budget.
With VMware NSX, the physical load balancers and internal firewalls will turn virtual. This will increase the scalability of your internal services enormously; every VM will have it’s own firewall instance (embedded in the ESXi kernel) and you’ll have a load balancer service per application. Here’s how the next step in virtualization will look like:
The possibilities are limitless. There will be a world where you can build a datacenter network with a single pair of proper core switches, standard switches and the rest will be purely x86 servers. Here’s how I think the datacenter network will look in a few years when virtualization has really kicked in:
Check out these great vendors making some awesome announcements about NSX integration:
There’s still a lot of ground to cover on NSX and you will find a lot of information here as I love this technology and love the possibilities it gives when designing datacenter architectures.
One thing that has set me off a little bit, is the fact that VMware is keeping NSX closely to their chest. Evaluations are currently not on the table and integration partners are excluded from implementation tracks and there is no way to get a hold of NSX but through VMware’s Professional Services. Maybe it’s the difficulty implementing NSX, maybe it’s VMware not being ready with NSX but feeling compelled to put it out at an early stage, who knows. All I know it’s very disappoint for those of us who want to turn NSX inside and out.
They say partners will start getting in the loop around Q3 2014, but I wish they’d move that timetable up a few quarters.
This article was written by Martijn Smit, Datacenter engineer at Imtech ICT. This article was republished from his blog with his permission
Also check out Martijn’s website Lostdomain.org.
Introduction to VMware NSX
This article is number one of a series about the upcoming network virtualization spree, specifically the one coming from VMware.
I spent 14 to 17 October at VMworld 2013 in Barcelona, basically getting my mind blown by the futuristic possibilities of network flexibility. Things are changing for the network, flattening the entire stack, distributing network services throughout the virtual network (instead of the monolithic central hardware), lowering network costs and making it more flexible and simple to manage.
In this post, I will go over the basics of the components that are used to form the VMware NSX virtual network.
- NSX Manager (management-plane);
- NSX Controller (control-plane);
- NSX Hypervisor Switches (data-plane);
- NSX Gateways;
- Distributed Network Services.
Configuring the NSX virtual network mostly goes through APIs. The idea is that cloud automation platforms (i.e. vCenter Automation Center) or self-developed platforms will leverage NSX to automate deployment of virtual networks.
The NSX Manager produces a web-based GUI for user-friendly management of the NSX virtual network. This GUI can be used next to your cloud automation platform for manual configuration and troubleshooting. You can view the status of the entire virtual network, take snapshots of the virtual network for backup, restores and archival.
Everything the NSX Manager does to manage the virtual network, goes through API calls towards the NSX Controllers.
The NSX Controller is a very scalable control layer that takes on the functionality of the network control-plane. It is responsible for programming the Hypervisor vSwitches and Gateways with the configurations and real-time forwarding state. Whenever there’s a change in the virtual network (a VM boots, change of portgroup), the controller programs the virtual network to understand these changes.
The NSX Controller cluster typically consists of three NSX Controllers, but when those three are not enough (and can’t keep up with the workloads), up scaling is as easy as deploying a new NSX Controller virtual appliance and adding it to the NSX Cluster.
The Hypervisor vSwitches are divided between the NSX Controllers. The responsibility for a vSwitch is done through an election process, where 1 NSX Controller wins the master role and another NSX Controller wins the slave role. The other NSX Controllers within the cluster can be called upon the master for assistance in the workloads. The slave monitors the master and takes over if the master fails.
Virtualization today already has had vSwitches from the beginning. How else would virtual machines connect (in a scalable fashion) to the network to provide services?
Each hypervisor has a built-in, high performance and programmable virtual switch inside. In the NSX virtual network, the NSX Controllers programs these vSwitches with the current state of the network (configuration and forwarding state). If a NSX network is distributed (VMs in the same network spanned over different hosts), the controllers program the vSwitches to set up IP encapsulation tunnels (STT or VXLAN) between these hosts to extend the virtual network.
NSX Gateways / Edge devices
An NSX Gateway is basically the border or edge of the virtual network. It is where the virtual network communicates with the physical network that we see today. A NSX Gateway can be a virtual appliance linking traffic to VLANs, but it can also be a physical device by some vendors.
Here’s a small list of the top vendors:
- Arista (7150S);
- Brocade (VCS Fabric: VDX 6740 and 6740T);
- Juniper (EX9200 & MX-series);
- Dell (S6000-series);
- HP (announced something, no details).
To my (and many others with me) disappointment, Cisco is absent from this list. They have a ‘different view’ and going for their own thing (Cisco ONE), which is discussed here. I hope they come to their senses and allow certain types of network switches to be part of a NSX network. (Perhaps the Nexus 5ks!?)
Distributed Network Services
The best part about the distributed network services functionality is the services registry. This service registry makes plugins possible. So far, I’ve heard great stories from Palo Alto and TrendMicro. Those of you not familiar with any of these products (be it that Palo Alto mostly does insanely great physical firewalls), should gather some info. More on distributed network services at a later date!
Check out this awesome introductory video on NSX.
Next article in this series, VMware NSX Distributed Services.
This article was written by Martijn Smit, Datacenter engineer at Imtech ICT. This article was republished from his blog with his permission
Also check out Martijn’s website Lostdomain.org.