In May 2013 Sander wrote two great articles (post 1, post 2) on optimization of desktop operating systems for use in a VDI environment. Today I ran into a new VMware fling, a VMware OS optimization tool.
The VMware OS Optimization Tool allows you to optimize a Windows 7 operating system for use in a VDI environment.
The VMware OS Optimization Tool helps optimize Windows 7 desktops for use with VMware Horizon View. The optimization tool includes customizable templates to enable or disable Windows system services and features, per VMware recommendations and best practices, across multiple systems.
Since most Windows system services are enabled by default, the optimization tool can be used to easily disable unnecessary services and features to improve performance.
Horizon View in a stretched cluster environment: Can I have that? No!
Ever since VMware started selling View as a desktop solution, we’ve had these discussions with colleagues and customers. You probably are familiar with the topic:
Many companies have more than one location, but they all want to manage their IT infrastructure as if it was one. So, if we can throw in a big data-line between those locations with low latency, highly resilient, including rapid fail-over and so on.. can we create one big View desktop pool for all our users spanning all our locations?
The answer is: No you cannot!
“But the bandwidth is 10 Gbps and the latency is very low!”
As a Cisco/NetApp FlexPod Partner we deploy a lot of FlexPods with all kinds of workloads. One of the more populair applications of aFlexPod is a VMware View environment. One of the tools to execute a valid and correctly configured FlexPod is a CVD, a Cisco Validated Design. Looking for the latest CVDs I ran across a very helpful VMware deployment guide for VMware view on a FlexPod. This is a must read for every architect, consultant or administrator designing a VMware View deployment on a FlexPod.
This VMware View with FlexPod deployment guide describes the Flexpod reference architecture for a VMware View 5.1 deployment on Cisco UCS servers and NetApp FAS storage systems. It also provides detailed guidance on how to architect, implement, and manage a large, scalable VMware View solution with FlexPod. The paper details the best integration points for each of the key enabling Cisco and NetApp technologies and how each of these technologies plays a critical and complementary role in providing an integrated solution for VMware View deployments.
This paper is intended for IT decision makers, architects, administrators, and others who want to familiarize themselves with the components and capabilities of VMware View on FlexPod. This paper assumes that the reader has a general understanding of VMware View and the VMware vSphere platform, and the Flexpod, Cisco, and Netapp products described in this solution.
Look at the Horizon! VMware’s Horizon Suite is finally here
For years VMware has been busy creating a range of Horizon-like products. At VMworld 2009 there was already a preview of what the folks in Palo Alto were working on.
Since then a lot has changed, AppBlast was shown, Octopus came (and went again).
30 minutes ago VMware finally launched their new range of end user computing products called the VMware Horizon Suite.
So, what does Horizon consist of? Well, actually Horizon is the new name for the collection of ALL End User Computing (EUC) products VMware has to offer, some of which you already know and love, like VMware View and ThinApp. But now the new cool products are finally here!
So, what is VMware Horizon Suite? It consists of these products:
VMware Horizon View
VMware View is now as part of the new Horizon Suite and it got a new name VMware Horizon View 5.2. It is just a minor .2 release but VMware put a lot of effort in this new View version and added
significant number of features to improve View performance, scalability and user experience.
Improved storage efficiency with SEsparse Disks Horizon View 5.2 uses a new vSphere capability that implements a new disk format for virtual machines on VMFS that allows for reduction in size and utilization allocated blocks more efficiently by filling it with real data. Unused space is reclaimed and View Composer desktops stay small.
Unified Client with View Desktops in Horizon When co-installed with Horizon Suite the View Desktop pools are connected into Horizon Suite after they are provisioned. The Horizon Suite provides a single point of access for end users to their desktops, data and applications. Horizon Suite supports SSO brokering user to the available desktops based on entitlement policy.
Clientless HTML5 Access to View Desktops & Apps
Access to View desktops and applications via Horizon is possible from any modern device using a remote protocol delivered through any HTML5 capable web-browser.This is the technology previously code-named AppBlast. It will direct users to existing View desktops leveraging Horizon View Security Server for network routing when available. This is a true install-free access to virtual Desktops.
Hardware Accelerated 3D Graphics Horizon View 5.2 uses a new vSphere capability that enables shared access to physical GPU hardware for 3D and high performance graphical workloads. Virtual desktops still see abstracted VMware SVGA device for maximum compatibility & portability, but use Accelerated 3D Graphics , enabling truly high performance graphics in a cot effective manner with multiple VMs sharing a single GPU resource. The solution is fully compatible with hosts lacking physical GPUs (for vMotion, DRS, etc).
Improved Video Chat with MSFT Lync Support Horizon View 5.2 provides Microsoft Lync 2013 client support, including full support for UC VoIP and Video on both RDP and PCoIP. This new feature enable a tighter integration between Microsoft Lync and Office applications with full collaboration capabilities. Some of the features are compresses USB webcam traffic upstream for reduced bandwidth usage,leverages UDP based channel for improved WAN performance, enabling improved performance of USB media devices.
Windows 8 Desktop Support
Horizon View 5.2 now fully supports Windows 8 virtual desktops as guest OS. It also comes aligned with the Windows 8 Client Support.
PCoIP New Features
Support for MITM (Man-In-The-Middle) network devices
PCoIP GPO settings take effect immediately when changed (host side only).
Relative Mouse enablement (supported by latest Windows View client)
Multi Touch enablement (supported by latest Windows View client)
PCoIP Security Improvements.
Port scanners that scan PCoIP Security Gateway now pass successfully.
OpenSLL upgraded to a more secure version.
Weak SSL ciphers removed.
PCoIP Performance Improvements
Image caching supported on Teradici APEX card and Tera2 Zero Clients
Improved image cache management and compression
Bandwidth reductions in both the LAN and WAN environment
Support for vertical offset caching
Improved responsiveness and fluidity during scrolling
Horizon Based ThinApp Entitlement for View Horizon View 5.2 provides a tight linkage of View ThinApp Entitlement to the Horizon Workspace and includes a migration tool to help admins to import the current pool-based entitlements to the Horizon Workspace user/group entitlements. This approach unifies application entitlement across all end user devices & virtual desktops.
Large Pools with more than 8 hosts The 8 host cluster limit for Linked Clone pools using VMFS has been removed. The new limit is 32 hosts per cluster across the board for all pool types, Linked Clone or not. The added feature may completely change how VMware View deployments are designed and deployed for many customer.
Support for 10,000 virtual desktops per vCenter Server
Horizon View now supports 10,000 virtual desktops per View pod with a single vCenter Server instance. In previous versions VMware had only validated 2,000 virtual desktops per vCenter Server.
Multi-VLAN support Multiple Network Label Assignment is being introduced with Horizon View 5.2. This is a powerful feature that allow administrators to utilize a single base image and assign it to multiple different VLANS or PortGroups. This first release comes only with PowerShell support; no Admin UI integration.
More than 2X improvement on end to end provisioning time
Significant improvement on pool re-balance time
Availability of Rolling Refit Maintain allowing for a configurable minimum number of READY desktops during refit operations that support both automatic and semi-automatic linked clone pools
VMware Horizon Mirage
Mirage is VMware’s way to manage the physical world. These are the features that come with Mirage:
Simplified Desktop Management
Layered PC Image Management
Manage your PC image as a set of logical layers owned by either IT or the end-user. Update IT managed layers while maintaining end-user files and personalization. Then, if a PC is simply malfunctioning, IT can restore the system layers on an end point to fix an issue without overwriting user layers. Or, quickly migrate a user from an old PC to a new PC without losing any of their user data, profile, or user-installed applications during a hardware refresh cycle.
Full PC snapshots and synchronizations of any IT or end-user initiated changes to the datacenter ensure quick desktop recovery. Minimize end-user downtime when an end user’s PC has been lost, stolen or damaged and quickly restore the end-user system to a new device.
Application Layering *NEW in 4.0*
Easily deploy applications or VMware ThinApp packages to any collection of end users by leveraging Horizon Mirage’s app layering technology.
Scalability with Low Infrastructure Footprint
Designed to support up to 1,500 end users per Mirage Server and can easily scale up to 20,000 end-users per server cluster.
Branch Office Optimization
Enable any Mirage Client endpoint into a Branch Reflector to optimize branch office management. Mirage Branch Reflector allows you to download any updates once from the Mirage Server and allow peer to peer updates to other Mirage Clients in the branch office. Advanced algorithms ensure that only required data is ever sent between the Mirage Server and Mirage Clients in a remote location or office.
Empowering End User Productivity Across Boundaries
Optimized and Adaptive Experience
The VMware Horizon Mirage client monitors the resources being used on an end user’s PC to make sure that the backup and synchronization processes never interferes with their productivity. Horizon Mirage will automatically throttle CPU, RAM and network usage up and down as needed to guarantee a seamless end user experience.
Allow end-users to leverage the local computing resources of their desktops and laptops and maintain offline productivity. VMware Horizon Mirage managed images can install natively onto the Windows PCs, or as virtual desktops on Mac or Linux desktops and laptops with Fusion Pro. Image layering gives end-users the flexibility to personalize and customize their systems.
Self-Service File Access & Recovery
The Mirage File Portal allows end users to access any file on their endpoint from any web browser. An end user can also restore any file or any directory on their own with just a few clicks on their PC.
VMware Horizon Workspace
Horizon Workspace is designed to bring everyone and everything together. It is designed to accomodate people with iPhones, Android phones, Windows laptops, Mac laptops and even Linux users, to sync data, access applications and desktopsand In itself, Workspace consists of three main modules:
Data Synchronization (formaly known as Project Octopus)
Web applications and Thinapp Packages (formaly known as Project AppBlast)
View desktop access from mobile devices
Combined with a single sign-on engine, Workspace offers a single webbased portal. From here your users can shared files, web based applications like Google Docs, SalesForce or Gmail, access your thinapped programs and connect to their View based desktop. The portal supports users with Windows, IOS, Android, Mac OS X and Linux. The next paragraphs describe the features of Workspace.
Simplified Workspace Management
Combine applications and data into a single aggregated workspace
Manage files, devices, applications and data through a single management console
Add, update and delete users via active directory. Manage internal and external users
Entitle and provision web applications through single sign on (SSO). Entitle and manage ThinApps
Quickly deploy new applications with data-as-a-service to stay competitive and build future growth opportunities
Offer user self-service application provisioning through an application catalogue
Complete Security and Control
Enterprise-grade security to meet industry compliance and security requirements
Fully on-premise solution gives total control to IT (security, SLAs, backups, upgrades, etc.)
Individual and group-based management to set policies and govern usage over files and data accessed and shared by and between end users — Prevents a security breach or compliance violation
Policies for data quota, allowed file types, max size, domains, expiration, external, version, hierarchical storage management
Ensure compliance with privacy regulatory and governmental policies
Inspect and audit file access, sharing and all other aspects of the service
Empower Employees with Bring Your Own Device (BYOD)
Seamless access to enterprise applications and data, anywhere, anytime
Everywhere data access – in the office, at home or on the road
Full collaboration (folder/file sharing with anyone, external user access, versions, comments)
Improve end user productivity by providing end users with secure access to applications and files on any device from anywhere: iOS, Windows, Android, Mac, and all major browsers (including high-fidelity preview capability)
Reduce end-user downtime and service interruptions
Access to files each time users login (stateless desktop)
VMware Horizon – Suite
So, how does this fold into a suite? Take a look at this table:
Now, there’s a point to pay attention to. VMware Horizon View is still licensed on a concurrend user basis. Mirage, Workspace and the whole suite, however, are per NAMED user.
This week Teradici, creator of the PCoIP protocol, released a technology preview of their new product named Teradici Arch. Teradici Arch is asoftware-based solution that enables the use of the PCoIP protocol for Microsoft RDS as an alternative to Microsoft RDP.
This should provide better user experience and access to the entire PCoIP ecosystem, PCoIP thin clients, APEX accelerator cards, etc.
Teradici has been forced to delay the release of Arch due to a scalability issue but a new tech preview will still allow enterprises to familiarize themselves with the product. The final product release is expected in Q3 2013.
This solution should be an ideal solution for enterprises with mixed environment of VMware View VDI and Microsoft RDS. I wonder how many of these mixed environments exist. The only mixed PCoIP/RDP environments I have seen in my work are View environments where both protocols are used to connect to the same View desktops to use MMR instead of PCoIP acceleration.
The PCoIP protocol is now available for use with terminal services for more performance over any network type and access to the PCoIP ecosystem of products including low maintenance, ultra-secure zero clients. Teradici Arch enables customers to:
During the last weeks we’ve been busy implementing a large VMware View deployment for one customer and planning an even larger VMware View deployment for another customer. At the first site we ran into some video performance issues which we definitely want to avoid during the second project.
In our quest to solve and avoid the video performance issues we ran into a number of ways to improve the video performance in VMware View that I would like to share.
480p-formatted video You can play video at 480p or lower at native resolutions when the View desktop has a single virtual CPU. If the operating system is Windows 7 and you want to play the video in high-definition Flash or in full screen mode, the desktop requires a dual virtual CPU.
720p-formatted video You can play video at 720p at native resolutions if the View desktop has a dual virtual CPU. Performance might be affected if you play videos at 720p in high definition or in full screen mode.
1080p-formatted video If the View desktop has a dual virtual CPU, you can play 1080p formatted video, although the media player might need to be adjusted to a smaller window size.
3D If you plan to use 3D applications such as Windows Aero themes or Google Earth, the Windows 7 View desktop must have virtual hardware version 8 and turn on the pool setting called Windows 7 3D Rendering. Up to 2 monitors are supported, and the maximum screen resolution is 1920 x 1200. This non-hardware accelerated graphics feature enables you to run DirectX 9 and OpenGL 2.1 applications without requiring a physical graphics processing unit.
These are the settings we used to size the first solution, so we use a Windows 7 desktop image with dual vCPU, 2GB memory, a VMXNET3 adapter and hardware version 8.
This is good for playing 720p in native video resolution but when scaling to full screen this setup does not run smoothly.
When deploying a VDI solution it is important to deliver PC like experience. Another requirement is delivering PC-grade applications on the VDI desktop. This is possible for the majority of office applications but applications that require (near) real-time two way audio and/or video, like Unified Communication solutions, remain a challenge.
The cause of this is the need to encode and decode voice and video. It isn’t feasible at scale to carry raw voice/video data from the endpoint to the datacenter to be encoded, or to decode it all there and send the video/audio data to the endpoint.
That is why development of Unified Communication solutions like Microsoft Lync are important to VDI vendors who need to continually reassure IT and end-users that the user experience will be the same as if they were working in a traditional personal computer.
Today, VMware announced that VMware is working with Microsoft to bring support for Microsoft Lync to VMware View desktops. The combination of VDI with Unified Communications leads to increased productivity, mobility and flexibility for employees, customers and partners alike. Soon, VMware View users will be able to communicate and collaborate with the Lync 2013 client, using rich voice and video features, all from within the VMware View desktop.
VMware is rapidly expanding the possibilities of their new management suite VMware vCenter Operations Manager (vCops) with their recent release of VMware vCenter Operations Manager for View. This new addition provides end-to-end visibility into the health, performance and efficiency of a VMware View virtual desktop infrastructure. With this new tool desktop administrators can proactively ensure the best end-user experience, avert incidents and eliminate bottlenecks.
VMware vCenter Operations Manager for View really simplifies the deployment and management of a VMware View infrastructure. Admins can do end-to-end performance monitoring of entire virtual infrastructure, perform user-specific infrastructure analysis and track the health of various components in a view deployment.
The cool thing is, VMware vCenter Operations Manager for View automatically learns normal operating parameters for View infrastructure and user workloads. This means the thresholds are not based on some default parameter from a configuration or best practices guide. Instead it knows when your infrastructure is acting normal or is in trouble by constantly monitoring and evaluating the behavior of your environment.
Today VMware released the new version of their View Client for the iPad. The VMware View Client for iPad is the first iPad client with support for the PCoIP for tight integration with VMware View and increased flexibility for the end-user.
This client enables end-users to connect to their VMware View desktop from an iPad with the best possible user experience on LAN or across a WAN. For full support with this new VMware View client version 1.4, VMware View 4.6.1 or later is recommended.
Teradici APEX 2800 PCoIP Server Offload Card available now
Today Teradici announced the availability of their long awaited Server Offload Card, the Teradici APEX 2800.
VDI implementations are typically constrained by the servers’ CPUs. The many tasks a CPU performs, together with PCoIP® protocol image encoding, limits the number of virtual machines that can run on any one server.
The APEX 2800 card offloads graphics processing from the server CPU which can reduce server CPU utilization by up to 50%, freeing up valuable CPU cycles which can be used to support even more virtual machines, allow existing virtual machines to run more intensive applications, or simply to provide more headroom to your VDI implementation. With 2GB of on-board memory, each Server Offload Card can support up to 64 displays at a resolution of 1920×1200.
The Teradici APEX2800 delivers an even better PCoIP user experience and improves the number of VDI sessions per server. Because of the offloading to the APEX2800 you can deliver a more reliable and consistent level of experience regardless of the overall demand on server CPUs. The APEX 2800 works seamlessly with VMware View (4.6, 5.0 or later).
New VMware View clients for iPad and Android released
Today VMware released a new client for the iPad and Android devices. Version 1.2 is optimized for VMware View 5, has support for iOS 5 including AirPlay and contains presentation mode for use with external displays and AirPlay.
VMware View Client for Android makes it easy to access your Windows virtual desktop from your Android with the best possible user experience on the Local Area Network or across a Wide Area Network.
It requires at least VMware View 4.6 and only has PCoIP only connectivity for excellent interactive performance.
It’s a release party at VMware today. After VMware Workstation 8 and Fusion 4, VMware now released VMware View 5.
VMware View 5 will deliver better PCoIP performance, more supported client devices and integrated persona management.
The biggest differences are the media services, integrated persona management, several PCoIP enhancements and extended client support.
View Media Services for 3D Graphics
This enables basic 3D applications in View desktops without like Aero, Office 2010 or those requiring OpenGL or DirectX without the need for specialized graphics cards or client devices.
View Media Services for Integrated Unified Communications
Which enables and integrated VOIP and View desktop experience for the end-user with an architecture to provide optimized performance for both the desktop and unified communication.
A few minutes ago, VMware released the VMware View client for the iPad.
As of today the VMware View client for the iPad is available from the Apple AppStore for free.
The iPad View client fully supports PCoIP and contains a few unique new gestures. For a decent session using PCoIP you will need a WiFi connection because the bandwidth requirements are similar to those of a common thin- or FAT client.
The iPad View client is compatible with the new iPad 2 but does not support the use of the integrated cameras at the moment.
You can watch a demo of the VMware View client for the iPad below.
Windows 7 unable to connect to View Connection Server
After installing the patches described in Microsoft Knowledge Base articles 2482017 or 2467023 Windows 7 clients are unable to connect from the View Client to the View Connection Server.
According to a VMware Knowledge Base article there is a conflict with two security bulletins issued for Windows 7, causing disruptions for VMware’s View Client and creating connection failures for users attempting to access the View Client Server.
Last week I visited a new project at which the client wants to virtualize their desktops.
During the kickoff the client mentioned that they use a variety of applications, clients and operating systems and want to deliver all these desktop flavors to their users.
Nothing new so far.
But this variety of clients and operating systems also includes Apples, MacBook (Pro)’s, etc using Mac OS X. Running a View client on a Macbook Pro with Mac OS X is no problem but provisioning Mac OS X as a virtual desktop is a whole different story.
One of my coworkers pointed me to a video from this years Tech-Ed Europe about VDI protocols. Bernhard Tritsch did an interesting comparison between the different remote protocols used in today’s VDI solutions. In a 60 minute session Bernhard explains the differences between location (host vs client), type (hardware vs software) rendering and compression types (lossless vs lossy).
Although the results aren’t that good for PCoIP (software version) it still is a very interesting video.
Last week we had a meeting with a McAfee Sales Engineer and he told us something I have been waiting for for a long time.
McAfee now has a product especially for virtualized environments, McAfee MOVE (Management for Optimized Virtual Environments). After Trend Micro, McAfee is now the second anti-virus company, that I know of, which has a product especially for virtual environments.
McAfee’s Management for Optimized Virtual Environments (MOVE) platform is combines speed ad security by significantly reducing the overhead of protecting individual machines in a VMware or Citrix virtual environment. Support for Microsoft Hyper-V is not available yet.
McAfee MOVE does this by offloading all anti-virus tasks to an appliance/server which needs to be installed on each ESX host or XenServer in a cluster. The only McAfee components which needs to be installed on the virtual server or desktop is the McAfee MOVE client and the ePO agent.