Академический Документы
Профессиональный Документы
Культура Документы
VMWORLD EUROPE
2008
February , 2008
1 Contents
Table of Contents
1
Contents...........................................................................................i
Introduction.....................................................................................v
2.1
2.2
2.3
2.4
3
This manual...........................................................................................v
Info sheet..............................................................................................v
Lab staff................................................................................................v
When you have finished........................................................................v
6.1.1
6.1.2
6.1.3
6.1.4
6.1.5
6.1.6
6.1.7
6.1.8
7.2.3
7.2.4
VDM Administrators.............................................................................xxix
Desktop types.............................................................................xxxi
9.1.2
9.1.3
9.1.4
9.1.5
9.1.6
10
9.2.1
9.2.2
Step 2:..............................................................................................xxxviii
9.2.3
9.2.4
9.2.5
9.2.6
9.2.7
9.2.9
9.2.10
9.2.11
9.2.12
9.2.13
10.1.2
10.1.3
10.1.4
10.1.5
10.1.6
10.2.2
10.2.3
10.2.4
11
12
Contents
ii
12.1.2
12.1.3
12.1.4
12.1.5
12.1.6
12.1.8
12.1.9
12.1.10
12.1.11
12.1.12
12.1.13
12.1.14
Appendix 1 - Architecture..........................................................lxvi
13.1
13.2
13.3
13.4
13.5
13.6
13.7
14
......................................................................................................lxix
15
16
Appendix 4 - Tuning your XP VDM Template for use with VDM 2 lxxi
iii
16.9
16.10
16.11
16.12
16.13
16.14
Contents
iv
2 Introduction
This self-paced lab will teach you how to install, configure and operate VMware's VDM 2 VDI connection
broker.
Contents
Contents
vi
Contents
vii
4 Lab setup
This section will explain the setup of this self paced lab.
Contents
viii
Contents
ix
Contents
Contents
xi
Contents
xii
Standard: Performs a full install of a standalone instance of a connection server or the first
instance of a group of connection servers
Replica: Installs a replica broker that will join an existing group of VDM servers that all share a
common configuration
Security Server: Performs an install of just the security server components. A security server is
located in a DMZ and is used to make a VDM installation internet-accessible.
For the purposes of this lab we will be performing a Standard installation of the VDM connection broker.
Leave Standard selected and click Next.
Contents
xiii
Contents
xiv
ADAM will be installed automatically by the VDM installer (see below for further information on ADAM).
The installation of VMware VDM Connection Server has successfully completed. Click Finish to exit the
installation wizard.
Contents
xv
ADAM can be configured through a standard set of tools installed on the server.
For more information about ADAM including information on how to configure the ADAM server visit the
links below.
http://redmondmag.com/columns/article.asp?EditorialsID=592
http://www.microsoft.com/windowsserver2003/adam/default.mspx
Contents
xvi
Contents
xvii
Started
Started
Contents
xviii
Automatic
Automatic
Contents
xix
Contents
xx
The license information is stored internally on the Virtual Desktop Manager and is not part of the existing
VI3 licensing server infrastructure.
Contents
xxi
Contents
xxii
1.
2.
3.
4.
5.
6.
7.
Set Server address to the value VirtualCenter server from your info sheet
Set Username to the value VirtualCenter log-on username from your info sheet
Set Password to the value VirtualCenter log-on password from your info sheet.
Enter a description if you wish.
Leave the Connect using SSL check box checked.
Leave the Port value as 443
Set the Maximum number of concurrent provisioning operations and Maximum number of
concurrent power operations to 1
These last two values control how many disk-intensive operations VDM will attempt to perform at once,
and should be set according to your infrastructures performance.
Click OK to return to the main configuration screen. You should now see a VC server listed. VDM 2 can
manage VMs through multiple VCs, so that you can manage desktops in multiple geographicallyseparated sites.
Contents
xxiii
7.2.2
7.2.3 About VDM's global settings
Locate the Global Settings box. These settings affect every user logged into the connection broker, and
cannot be configured on a per-user basis.
Session Timeout
This is the maximum length of any VDM session. Sessions exceeding this length will have their desktops
disconnected, and then be logged out of VDM.
Contents
xxiv
USB Redirection
This setting affects if USB redirection from the client to the desktop is enabled. In addition to this setting,
the USB redirection components must also be installed on the client and the desktop.
SSL for Security Server
This setting controls whether the client communicates with VDM using HTTP or HTTPS.
Force re-authentication on Session Disconnect
This parameter will force the client to re-authenticate to a disconnected session upon reconnection, rather
than allowing it to reconnect automatically.
Contents
xxv
This dialogue box allows you to select user and group objects from the entire directory, or any child
domain or domain that has a trust relationship with the primary active directory forest the VDM 2
connection server is a member of.
Using the value for VDM administrator username from your info sheet, enter the first few letters into the
Name field, and click Find Now. When you have found the correct Group or User highlight them and click
OK.
The admin console will not let you remove the last administrator from the system.
You can select an individual server and then click Enable and Disable to alter whether or not a
connection server is serving sessions. You can also click Edit to change settings for an individual VDM
server. The External URL is only used in a DMZ deployment of VDM2, and for the purposes of this lab it
should remain blank.
This dialogue box is also where you would enable RSA integration for use with SecurID tokens.
Close this dialogue box by clicking Cancel, and leave the admin console open.
Contents
xxvi
8 Desktop types
This section will explain the different types of desktop available in VDM2.
Individual
Desktops
Unique Virtual
Machines
User gets a
dedicated desktop
VM is only ever
assigned to single
user
Power user use
case
Unique VM
configuration
Unique resource
allocations
Often admin
privileges
This is a static assignment; one desktop is served by one virtual machine, and only one user is entitled to
that desktop.
This can be a good configuration for power users, where the desktop needs to be customised for its user.
This can include specific applications, data access and resource (e.g. RAM) allocations.
Contents
xxvii
Individual
Desktops
Unique Virtual
Machines
Simple entitlement
scheme
Cloned from same
template
Desktop allocation to
any desktop in pool
Desktop returned to
pool for re-allocation
Standardized user use
case
Common VM
configuration
Common resource
allocations
Could be locked down
Efficient use of VMs
The non-persistent pool is one desktop definition served by many VMs. Many users are entitled to use
that one desktop. The VMs are all initially identical, having been cloned from the same template.
The VDM Connection Server will allocate entitled users to a VM from the pool on request. This allocation
is not retained when the user logs off the desktop, and the VM becomes available for re-allocation to
other entitled users. When the user connects to the pool on subsequent occasions, the connection server
will connect the user to any available VM in the pool.
Non-Persistent Pools provide the most efficient use of VI resources, as the pool only needs to be equal in
size to the maximum number of concurrent users. VDM manages the size of the pool, cloning or resuming
and suspending or deleting VMs according to demand.
Non-Persistent Pools are a good solution for call centre deployments, or any scenario where the user
population are transient and utilize a standard application set.
Contents
xxviii
Individual
Desktops
Unique Virtual
Machines
Simple entitlement
scheme
Cloned from same
template
Desktop allocation to
any desktop in pool
Dedicated desktop for
subsequent
connections
Knowledge user use
case
Simple to configure,
provision and maintain
Rich user experience
User can personalize
The persistent pool is identical to the non-persistent pool, except that the VM allocated to the user upon
first launching the desktop is remembered. Upon subsequent launches of the same desktop, the user will
be allocated to the same VM. An allocated VM is not available to other users, so VDM will extend the size
of the pool to ensure there are still available VMs.
Persistent pools provide a simple automated mechanism for initial cloning and deployment of the virtual
desktops like non-persistent pools, but also allows the users to customize their desktop in a personal way.
The initial administration effort is less than with Individual Desktops, because only a single template and
entitlement is required to provision a virtual desktop for every user in a large group.
Contents
xxix
Contents
xxx
Contents
xxxi
Contents
xxxii
The installation will now proceed. Once it is complete, you will see the screen below.
You should now log off the VM. It is important that you do so by logging off, and not by disconnecting.
Click Start > Log off as in the screenshot below.
Contents
xxxiii
9.2.2 Step 2:
Select Individual Desktop radio button and click on Next
Contents
xxxiv
Contents
xxxv
Contents
xxxvi
9.2.8
9.2.9 Step 9: Entitle the desktop to the user
You should now see your individual desktop listed. Note that your desktop is enabled but not yet entitled;
there is a green tick under Enabled, but not under Entitled. To entitle the desktop, select the desktop and
then click Entitle
Contents
xxxvii
xxxviii
Contents
xxxix
Contents
xl
Contents
xli
Contents
xlii
Installation will now proceed. When it has completed, you will see the screen below. Click Finish.
Contents
xliii
Contents
xliv
You should then be successfully connected to your individual XP desktop over RDP, with the VDM client
bar at the top of the screen, as in the screenshot below.
Contents
xlv
it is likely to be because you did not properly log off of the VM when you were installing the agent.
Reconnect to the VM and log off rather than disconnecting.
Contents
xlvi
You will need to relaunch the VDM client to see the new desktop once you have entitled it to your user.
Contents
xlvii
Contents
xlviii
Contents
xlix
Contents
Please make absolutely sure you have set the following values:
Contents
li
12.1.7
12.1.8 Step 7: Select destination folder
Select the VirtualCenter folder location that VMs will be reside in after being deployed from the template.
You should only see one folder, which will be named after your pod.
Contents
lii
Contents
liii
Contents
liv
Once the clone operation has completed successfully, VDM will power on the new VM and the sysprep
process will begin. Observe the process by connecting to the console of this new VM and ensure that the
sysprep process has been completed successfully before continuing. The upon first powering on, the VM
will boot to the log-on screen and pause there for up to two minutes before rebooting and starting to
sysprep do not log-on to the console of the VM during this time.
Once the sysprep process has completed, wait approximately a further two minutes to allow the VDM
agent to connect to the connection server and register itself. Then relaunch the VDM 2 client from your
XP Client and connect to your pool. You should be connected to the first XP VM in the pool.
As soon as you have connected successfully, the number of available VMs will change from 1 to 0. This
will trigger VDM to clone another VM, to bring the number of available VMs back up to 1, and will increase
Contents
lv
Contents
lvi
13 Appendix 1 - Architecture
13.1 Detailed VDM2 Architecture
Contents
lvii
13.6 Authentication
This section describes the LDAP authentication mechanisms available with ADAM. Most, if not all ADAM
authentication is handled by WinAuth mechanisms in Virtual Desktop Manager. This authenticates to
ADAM which uses Windows authentication mechanisms in conjunction with AD.
13.7 Replication
ADAM supports multi-master LDAP replication and uses optimized techniques for replication on highspeed LAN located ADAM servers. ADAM also supports site-to-site replication over a WAN.
ADAM intrasite (LAN) replication uses bidirectional ring topology to minimize replication connections.
Contents
lviii
The standard deployment scenario for ADAM is to deploy a first (primary) ADAM server with its own
configuration set. Subsequent ADAM servers can then be installed to use the configuration set of the
primary. This logical grouping of ADAM servers is called a configuration set. ADAM servers within a
configuration set perform replication between each other so that LDAP writes on any one ADAM server is
replicated automatically to all the others within a configuration set.
Contents
lix
The VDM Client and VDM Agent have a plug-in framework controlled by an internal orchestrator. This
is a flexible and highly extensible framework, which has been used to support redirection between
applications running in virtual desktops to devices attached to the client by USB (1.1 and/or 2.0). This is
solution is architected to support generic USB device although in practice it is not possible to support any
USB device due to the size of the test and QA matrix. For the list of devices officially supported in the
VDM 2 release consult product management. VDM 2 is able to support USB redirection by handling
communication between the USB hub driver installed on the client and specific device drivers installed in
the virtual desktop. The communications are directed channeled through virtual channels in the RDP
data stream, using native terminal-services APIs. The VDM Client is exposed to the devices attached to
the client and presents the user with the option to connect (pass through the communication) or
disconnect (block the communication) between the device to the virtual desktop.
USB support does not operate in the lab environment you are using, as the thin client devices you are
using do not support it. XPe-based thin clients that are on the VDM 2 compatibility list do support USB
redirection. Please ask an instructor if you wish to see a demonstration of VDM 2 USB redirection.
Contents
lx
Contents
lxi
Contents
lxii
By default Windows XP sends 16 bit color over Terminal Services. If you want to enable 24 bit color you
need to modify a local machine policy.
local computer policy editor, go to Local Computer Policy
Computer Configuration
Administrative Templates
Windows Components
Terminal Services
Then click on the Limit maximum color depth policy. Enable, set to 24 bit, and click on OK.
Restart your RDP session and you will be able to use 24 bit color
Its still not as nice as RGS, but at least the colors will be smoother.
Disable COM1 & COM2
Right-click My Computer -> Select Manage
Device Manager
Turn off all theme enhancements
Right-click My Computer -> Select Properties
Choose the Advanced Tab
Under Performance Section Choose Settings
Choose Adjust for Best Performance
Optionally choose settings like font smoothing if desired
Disable all screen savers except Blank password protected
Copy the scrnsvr.scr over the top of all the others (because windows has a habit of bringing them back if
you delete them). Once you do this, you should enable the only screen saver that will show up which is
the Blank/Password Protected.
Delete all background wallpapers
Why waste RAM or disk space on wallpapers that will be covered by an application anyway
Ensure full hardware acceleration
Control Panel -> Display -> Settings Tab -> Advanced Button
Troubleshooting Tab -> Set acceleration to full (that way by default, but
check to make sure it hasnt changed in some latest Microsoft Update)
Contents
lxiii
Contents
lxiv
16.3 Create and publish a GPO for folder redirection to the users
storage space on the SAN for the following:
Application Data
My Documents (and all sub-class special folders)
My Desktop
http://support.microsoft.com/default.aspx?scid=kb;EN-US;232692
16.5 Turn off unnecessary sounds (ie Startup and Shutdown sound
files)
Control Panel, double-click Sounds and Audio Devices and move to the sounds tab
Disable unnecessary sounds (mail notification and warnings are probably the only ones you need)
Contents
lxv
Contents
lxvi