• Horizon View pod
• Horizon View blocks
This section follows the natural order of construction of the overall design.
Horizon View Management Block
This section describes the components of the management block.
View Connection Server Specifications
View Connection Servers run Windows 2008 R2 64-bit Server Standard Edition, provide user authentication, and redirect incoming remote desktop requests to the appropriate Horizon View desktop. View Connection Servers within the same pod are replicas of each other, and can be used for scaling and load-balancing purposes. View Connection Servers in the same pod share a single ADAM (Active Directory for Application Mode) database. In addition, each View Connection Server system runs the View Administrator that is the primary mechanism for Horizon View configuration and administration. The View Connection Servers must be part of the Active Directory forest.
These systems are located behind the internal load-balancing solution. Users that access their virtual desktops from secure locations do not utilize the tunneling services provided by the View Connection Servers. These users are directly connected to their desktops after successful authentication by the View Connection Servers.
The View Connection Server is a VMware virtual machine with four vCPUs, 10GB RAM, and a 40GB disk running Windows 2008 Server R2 64-bit Standard Edition. The full specification is given in Table 15.
ATTRIBUTE SPECIFICATION
Number of View Connection Servers
8 (4 per site)
Number of View Connection Servers in Failover
4 (2 per site)
View Connection Server hostnames
TBC
Physical or virtual machine Virtual machine: VMware Virtual Hardware 7
ATTRIBUTE SPECIFICATION
Total storage 40GB
Operating system Windows 2008 Server R2 64-bit Standard Edition
Cluster TBC
Datastore TBC
View Connection Server View Connection Server 5.1
Other customizations (See Horizon View Desktop OS Optimizations.)
Verify that Horizon View logs are excluded from antivirus scans.
SSL certificate Each View Connection Server will require an SSL certificate for client devices to connect via SSL. Please refer to the View Manager
Administration Guide for further information on creating and importing SSL certificates with Horizon View.
Table 15: View Manager Server Specifications
View Connection Server Availability
If a View Connection Server fails or becomes non-responsive, while an active, established, and tunneled session exists, the desktop state is preserved in the virtual desktop instance. When the user reconnects to a different View Connection Server in the group, the desktop session continues where it left off when the failure occurred.
In the case of direct connections, users are unaffected by any View Connection Server disruption, because their session is established directly with the Horizon View desktop. If the connection between the client device and the Horizon View desktop is broken, the desktop state is also preserved and the session continues when the client reconnects.
Horizon View Desktop Pool Specifications
Region H has a goal to use only one parent desktop (golden image), with the following specifications at the virtual hardware level and at the OS level, as a combination of settings in the parent desktop and GPOs.
Region H deploys business applications as VMware ThinApp packages, but is aware that it can be necessary to install a few applications or part of the applications in the parent desktop, or in templates cloned from a golden image.
Parent Desktop Virtual Machine Virtual Hardware Specifications
The virtual hardware configuration of the parent desktop will vary based on the amount of computing resources required by the end user. Region H has a goal to use only one parent desktop, with the default specifications outlined in Table 16 at the virtual hardware level.
ATTRIBUTE SPECIFICATION
Hardware VMware virtual hardware version 7
vCPU 2
vMemory 2048MB
vNICs (VMXNET 3) 1
Virtual Network Adapter 1 Template-designated VLAN
Virtual SCSI Controller 0 LSI Logic
Virtual Disk OS: VMDK 15GB
Floppy, COM, and LPT Disabled in BIOS
Virtual CD/DVD Drive 1 Removed
View Agent VMware-viewagent-5.1.2-1040196
Logging Disabled
Table 16: Parent Desktop Virtual Machine – Virtual Hardware Specifications
The hardware specifications in Table 15 are the agreed-upon configuration for all parts of the Region Hovedstaden ESA design. Lacking sizing numbers to base the configurations on, IT management put a plan in place in the event the workload inside the virtual machine had an impact on the PCoIP or application performance. If performance was impacted, a second vCPU would be configured inside the virtual machine.
This change would be made only if the original configuration was insufficient.
Region H concluded that a two vCPU configuration per virtual machine gives the user a better experience and faster login times.
Horizon View Desktop Operating System Specifications
The operating system image deployed for the parent desktop is Microsoft Windows XP SP3 (fully patched). This image is considered the parent desktop, golden image, or master template.
Horizon View Desktop OS Optimizations
To achieve the best possible end-user experience, the Horizon View desktop OS is optimized for performance and streamlined to contain only those OS elements specifically required by Region H for business applications.
Table 17 shows the critical modifications.
CUSTOMIZATION STEP REMARKS
Install latest service pack Service Pack 3 and security patches are applied.
Install VMware Tools Provides performance enhancements through optimized drivers (including memory ballooning, etc.).
Page file Set to a fixed size of 512MB.
Install required applications (including antivirus)
Golden image applications, Microsoft .Net Framework are installed after the View Agent.
Install View Agent View 5.1 or above Agent installed.
Set Windows screen saver to blank
Imprivata Single Sign-On handles screen saver settings.
Enable 16-bit color Windows XP selects between 16- and 32-bit color depth. 16-bit will be selected to start.
Disable unused hardware Disable COM1, COM2, and LPT in BIOS.
Turn off theme enhancements All theme enhancements are removed.
Performance settings Visual Settings is set to Best Performance.
Hardware acceleration enabled For best performance, hardware acceleration is turned on.
Delete hidden uninstall folders Any hidden update uninstall folders are deleted (e.g., C:\WINDOWS\$NtUninstallKB893756$).
Disable indexing services Reduces workload on the desktop.
Disable indexing of C: drive Reduces workload on the desktop.
Remove System Restore points Region H would like to remove System Restore points, but this is unsupported by an uninstallation of the View Agent. At present, Restore points are preserved.
Power setting For high performance, the power scheme is set to Always on for all devices.
Unwanted services are disabled All unwanted (unnecessary) services are disabled.
CUSTOMIZATION STEP REMARKS
GPO will handle default user settings and not the default user profile
GPOs with Client Preferences will handle all user settings. This solution is dynamic and supports the goal of only one parent desktop.
Run Disk Cleanup Removes temporary and unnecessary files from the image.
Run Disk Defrag Reduces fragmentation of the filesystem.
Release IP address Run ipconfig /release to ensure there is no IP address allocated to the virtual machine.
Flush DNS Run ipconfig /flushdns.
Disable NetBIOS over TCP/IP For best performance and reduced load on computer resources, NetBIOS over TCP/IP, file and printer services, and QoS are removed.
Automatic computer maintenance turned off
Administrators using the View Composer recompose feature will manage updates to virtual desktops.
Internet Explorer For the sake of backward compatibility, IE7 is installed in the golden image. As necessary, ThinApp editions of IE6 and IE8 are deployed.
Disable indexing Reduces CPU and memory footprint on the desktop.
Table 17: Critical Optimizations for Windows XP
Operating System Deployment Methodology
View Composer automatically creates Horizon View desktops, based on desktop pool parameters, from a snapshot of a parent virtual machine. As such, Horizon View desktops are not directly linked to the parent virtual machine; but a copy (replica) of the snapshot is deployed to each datastore.
View Composer desktops with user data and ThinApp applications on network shares are referred to as stateless desktops, because such desktops are not impacted by user-specific actions. A View Composer parent virtual machine OS disk replica is referenced by many virtual machines, and therefore all desktop changes are written to the individual View Composer delta disk of each virtual machine.
Operating system patches or updates can be propagated to View Composer desktops in two ways:
1. Manually recompose the Horizon View desktops when a patch or update must be applied. This is achieved by first modifying the parent virtual machine, creating a new snapshot of the parent virtual machine, and re-linking the desktop to this snapshot. Then users must recompose desktops using View Administrator for changes to come into effect. The recompose function deletes and recreates a new Active Directory
Horizon View Policies
All pools are governed by a global policy, outlined in Table 18. This global policy is used to deny or allow access to certain features within View Manager. The features include USB device redirection, Multimedia Redirection (MMR), and remote mode. USB devices are allowed to connect to virtual desktop sessions. multimedia redirection is allowed to enhance video and audio playback in user sessions where possible.
POLICY SETTING
USB access Allow
Multimedia redirection (MMR) Allow
Remote mode Allow
PCoIP hardware acceleration Allow at Medium priority
Table 18: Pool Global Policy Settings
By default, Horizon View allows all desktops to be used in local mode. However, in order for a user to check out their desktop, it must be published.
The global policy can be overridden by a pool policy set at a pool level. Alternatively, it can be set at a user level.
Active Directory Integration
The design employs an organizational unit (OU) created specifically for Horizon View desktops. An OU is a subdivision in Active Directory that contains users, groups, computers, or other OUs.
Dedicated OU for Horizon View Desktop, Server, and User Accounts
The design enables Microsoft and Horizon View–specific policies to be applied via GPO to all machines created dynamically by View Manager during operation, without knowing the actual workstation account name.
View Manager includes administrative templates for managing Horizon View virtual machines. Administrators can import these templates and apply them via a GPO to the respective OUs. This provides a straightforward and consistent way to manage policies specific to Horizon View virtual machines and users.
Group Policy Objects
GPOs can be applied to Horizon View components at a domain-wide level to provide granular control over the environment. In the case of the Region H infrastructure, the use of GPOs are categorized as one of two types:
1. The previously discussed, OUs were created with the specific intent of managing individual components of the overall Horizon View infrastructure using the common Microsoft and View Manager GPOs.
2. Table 19 identifies the GPO properties available with the use of the View Client GPO template (vdm_client.adm), the properties to use, and the values to apply.
PROPERTY UPDATED REMARKS
Scripting Definitions Server URL
No
Default value of the Log In as Current User checkbox
Yes Disabled
This setting does not allow current user credentials for authentication to Horizon View.
You can override this setting at the command-line using the switch:
–LogInAsCurrentUser false | true
Alternatively, a registry entry (REG_DWORD) can be set:
Key = \Software\Policies\VMware, Inc.\VMware VDM\Client\Security\
Name = LogInAsCurrentUser Value = 0 | 1
The entry can be set at the HKLM or HKCU registry level.
RDP Settings (optional)
Table 19: View Manager User Configuration GPO for View Client
Table 20, Table 21, and Table 22, identify the GPO properties available with the use of the View Server GPO template (vdm_server.adm and vdm_common.adm), which properties to use, and the values to apply.
PROPERTY UPDATED REMARKS
PROPERTY UPDATED REMARKS
Log Configuration Yes
Days to keep 7 days
Maximum number 10 logs
Maximum size 100MB
Table 21: View Manager GPO for Common Components (for View Servers)
PROPERTY UPDATED REMARKS
Table 22: Recommended Terminal Services Common GPOs for Virtual Desktops
Table 23 identifies the GPO properties available with the use of the View Agent GPO template (vdm_client.
adm), which properties to use, and the value to apply.
PROPERTY UPDATED REMARKS
Always wait for network at computer startup
Yes Enabled
Avoids inaccessible user profile/data during the login process
Table 23: View Manager Computer Configuration GPO for Horizon View Desktops
Table 24 identifies the GPO properties available with the use of the View Agent GPO template (vdm_agent.
adm), which properties to use, and the values to apply.
PROPERTY UPDATED REMARKS
Recursive enumeration of trusted domains
Yes Disabled
Only directly trusted domains are enumerated and connection to remote domain controllers does not take place.
Only internal domain is allowed.
AllowDirectRDP Yes Disabled
Does not allow users to RDP to desktop outside of Horizon View control.
Table 25 identifies the GPO properties available with the use of the PCoIP GPO template (pcoip.adm), which properties to use, and the values to apply.
PROPERTY UPDATED REMARKS
Minimum image quality No 50 (default)
Maximum initial image quality
Yes Set to 70. Default is 90.
Frame rate limit Yes Set to 12. Default is 30 frames per second.
MTU size Yes Set this equal to or less than the lowest MTU size of the endpoints.
(Default is 1400.)
Maximum link rate No Setting not currently updated. Region H application requirements make it likely that future adjustments will be necessary later to increase the maximum link rate to a higher Mbit level.
Table 25: View Manager Computer Configuration GPO for WAN Users with PCoIP
Antivirus Scanning and Updates
A key challenge in virtual desktop infrastructure is the deployment of antivirus updates and scheduled scans. In a physical deployment, PCs do not share CPU and disk resources, and therefore can accommodate updates and scans at the same time. In a shared infrastructure such as VDI, desktops share a common set of CPUs, NICs and HBAs. If an antivirus update or scan is initiated across all virtual desktops on a single ESXi host, the resources will be flooded with I/O requests. This event has the potential to bring the VDI environment to a standstill.
The Region H ESA uses Trend Micro OfficeScan 10.5 with VDI extension and TCacheGen. The TCachegen.
exe file creates a binary image—a stamp of the parent desktop—and therefore excludes the parent desktop from further scanning. While security updates in the Region H system are inevitable, the current plans for the security design are:
• Follow recommendations for exclusions of files and folders as stated in white papers from VMware and Microsoft.
• Avoid scheduled scans of desktops from floating desktop pools.
• Deploy updates to OfficeScan and large antivirus updates in the parent desktop.
• Avoid scans of ThinApp applications.
• Avoid scans of read operations.
• Avoid scans of text-based files as log files or other files, which are known to be harmless.
To avoid a resource storm, VMware recommends scheduling antivirus updates in a staggered manner to make
Region H is aware that it can be necessary to install a few applications or part of the applications in the parent desktop or in templates cloned from the golden image.
The applications are organized into two groups: one group where users must have the ability to save settings from session to session, and another group where IT management can discard the settings after each session.
When the user must have the ability to save settings, the sandbox is saved at the default location %appdata%
and Virtual Profiles handle the sandbox. When it is not necessary to save the settings in the application, the sandbox is saved at %usertemp% and discarded when the user leaves the session.
Temporary files in %usertemp% in Horizon View are considered non-disposable files, which can be placed on a separate disk for performance and cost optimization.
VMware vSphere Clusters
Within a Region Hovedstaden datacenter, ESXi server hosts are typically grouped in clusters, to provide a platform for different groups of virtual machines requiring different network and storage requirements.
Furthermore, grouping ESXi server hosts in clusters facilitates the use of such technologies as vMotion, vSphere HA, and VMware vSphere Distributed Resources Scheduler™ (DRS).
Table 26 summarizes the management cluster(s) created for this design, and their purpose.
CLUSTER NAME NUMBER OF HOSTS HOST TYPE DESCRIPTION
8 Dell PowerEdge M610 Management Servers
8 Dell PowerEdge M610 Management Servers
Table 26: Management Cluster
Table 27 summarizes the Horizon View cluster(s) created for this design and their purpose.
CLUSTER NAME NUMBER OF HOSTS HOST TYPE DESCRIPTION
Cluster #1-4 8 (per cluster) 7+1 configuration
Dell PowerEdge M910 Production cluster in the
<Horizon View> datacenter
Cluster #5-8 8 (per cluster) 7+1 configuration
Dell PowerEdge M910 Production cluster in the
<Horizon View> datacenter
Table 27: Horizon View Desktop Cluster
VMware vSphere High Availability
Region Hovedstaden configured vSphere HA on management server clusters and Horizon View desktop clusters, to provide recovery of virtual machines in the event of an ESXi server host failure. If an ESXi server host fails for any reason, the virtual machines running on that server will go down, but will be restarted on another host within a few minutes. While the service interruption is perceptible to users, the impact is minimized by the automatic restarting of these virtual machines on other ESXi server hosts. When configuring a cluster for vSphere HA, a number of additional properties must be defined.
Table 28 shows the Region Hovedstaden configuration for HA.
HA CLUSTER SETTING CONFIGURATION VALUE
Host Monitoring Enabled
Admission Control Prevent virtual machines from being powered on if they violate availability
Admission Control Policy Host failures cluster tolerates: 1
Default Virtual Machine Restart Priority Medium
Note: VMware vCenter virtual machines and management role virtual machines should be on high restart priority.
Host Isolation Response Leave Powered On
Virtual Machine Monitoring Enabled
Virtual Machine Monitoring Sensitivity Default
Table 28: HA Cluster Configuration Summary
VMware vSphere Distributed Resources Scheduler (DRS)
Region Hovedstaden configured DRS to help improve resource allocation and power consumption across all hosts and resource pools. DRS collects resource usage information for all hosts and virtual machines in the cluster, and gives recommendations (or migrates virtual machines) in one of two situations:
1. Initial placement – When the user first powers on a virtual machine in the cluster, DRS either places the virtual machine or makes a recommendation.
2. Load balancing – DRS tries to improve resource utilization across the cluster by performing automatic migrations of virtual machines (vMotion), or by providing a recommendation for virtual machine migrations.
DRS is configured on all clusters to provide load balancing of virtual machine workloads across hosts in the
VMware recommended that Region Hovedstaden use DRS to specify anti-affinity rules on management server virtual machines. The rules should be used to specify the relationship between groups of virtual machines, so they remain separated from each other.
VMware recommends splitting View Connection Servers and other critical roles that hold redundancy at the application layers. This is to avoid service downtime should one vSphere host fail.
Resource Pools
Resource pools are configured for the management roles, such as vCenter, SQL, and management appliances, to guarantee the minimum memory and CPU availability for these critical roles.
Due to issues that Region Hovedstaden experienced with locating the relationship between linked clones and the corresponding master image, IT created a resource pool for each desktop pool. These resource pools are also used as containers, when creating or running scripts that must be executed based on data in ADAM and the virtual machines in a given desktop pool.
Region H has been advised that this solution can potentially introduce performance issues, as it is vulnerable to
Region H has been advised that this solution can potentially introduce performance issues, as it is vulnerable to