W Vlad03

VCP6-DTM STUDY GUIDE
[UNOFFICIAL]
By Vladan SEGET
www.vladan.fr
1
VCP6-DTM Objective 1.1 Describe and differentiate between component functions and features .................... 3
VCP6-DTM Objective 1.2 Install Horizon (with View) Composer Server.............................................................. 7
VCP6-DTM Objective 1.3 Install Horizon (with View) Connection Server .......................................................... 16
VCP6-DTM Objective 1.4 Install Horizon (with View) Security Server ............................................................... 21
VCP6-DTM Objective 1.5 Prepare Environment for Horizon (with View) .......................................................... 26
VCP6-DTM Objective 1.6 Install, Configure and Manage vRealize Operations Manager For Horizon ................ 35
VCP6-DTM Objective 2.1 Configure Horizon (with View) Composer................................................................. 45
VCP6-DTM Objective 2.2 - Configure Horizon (with View) .................................................................................. 52
VCP6-DTM Objective 2.3 Configure PCoIP/RDP Protocol Settings .................................................................... 68
VCP6-DTM Objective 2.4 Configure and Manage Security in Horizon (with View) ............................................ 77
VCP6-DTM Objective 2.5 Create ThinApp applications and a ThinApp repository ............................................ 85
VCP6-DTM Objective 2.6 Configure Horizon View Cloud Pod Architecture....................................................... 96
VCP6-DTM Objective 3.1 Configure Automated Pools using linked clones ..................................................... 104
VCP6-DTM Objective 3.2 Configure Automated Pools using full clones .......................................................... 115
VCP6-DTM Objective 3.3 Configure Manual Pools ......................................................................................... 125
VCP6-DTM Objective 3.3 Configure Manual Pools ......................................................................................... 125
VCP6-DTM Objective 3.4 Build and Customize Desktop Images ..................................................................... 129
VCP6-DTM Objective 3.5 Configure RDSH (Remote Desktop Session Host) Application Pools ........................ 135
VCP6-DTM Objective 4.1 Troubleshoot Desktop Imaging Issues .................................................................... 143
VCP6-DTM Objective 4.2 Troubleshoot Account and Permissions.................................................................. 146
VCP6-DTM Objective 4.3 Troubleshoot connectivity between Horizon (with View) components ................... 152
VCP6-DTM Objective 4.4 Troubleshoot PCoIP Configuration ......................................................................... 157
VCP6-DTM Objective 5.1 Install and Configure VMware Mirage Components ............................................... 162
VCP6-DTM Objective 5.2 Manage Layers....................................................................................................... 183
VCP6-DTM Objective 5.3 Manage Endpoints ................................................................................................. 191
VCP6-DTM Objective 6.1 Install VMware Workspace Portal .......................................................................... 203
VCP6-DTM Objective 6.2 Configure VMware Workspace Portal..................................................................... 207
VCP6-DTM Objective 6.3 Manage VMware Workspace Portal ....................................................................... 214
2
VCP6-DTM Objective 1.1 Describe and differentiate between component
functions and features
VCP6-DTM Study Guide will be a new project that will take shape in following weeks on ESX Virtualization.
Mobility is something thats going fast, very fast and its everywhere. Folks studying towards the VMware
Certified Professional 6 Desktop and Mobility Exam will find those series of posts and the VCP6-DTM Study
Guide Page helpful, I hope. The different topics shall be covered in order as found through the official VMware
blueprint.
The VCP6-DTM certification exam is replacing the VCP6-DT and the VCP5-DT certifications. (you should not be
able to take the VCP6-DT after the end of November). If you do not hold a valid VCP certification for any other
solution track, you have to complete the vSphere 6 Foundations Exam (VCP-DCV) and the VMware Certified
Professional 6 Desktop and Mobility Exam.
The Knowledge
Describe hardware and software requirements for installation

Explain functionality of the following components:
Connection server
View Composer
Replication server
Security server
Describe the Horizon View agent
Differentiate Horizon View client access options
Tools Used:
Horizon View Administration Guide

Horizon View Installation Guide
VMware Horizon Reference Architecture
Horizon View Administrator
Describe hardware and software requirements for installation

View Connection server - The hardware requirements for View connection server ( standard, replica, and
security server installations, on a dedicated physical or virtual machine) are pretty low (Pentium IV or higher)
but recommending a 4CPUs, with 10Gb of RAM (min. req is 4Gb of RAM) if deploying 50 or more remote
desktops. 1Gb LAN is also recommended (req. is 100Mbps NICs).
Supported OSs for View connection server: 2008R2, 2008R2 SP1, 2012R2 standard or enterprise. x64 bit
versions only (pretty obvious)
3
Supported version of vCenter server and ESXi, see the VMware Product Interoperability Matrix
at http://www.vmware.com/resources/compatibility/sim/interop_matrix.php.
View Composer Pretty much the same as above, except its 1.4GHz or faster intel 64 or AMD 64 with 2CPU or
higher.
Composers DB requirements SQL needed to be On the composer server OR being available to the View
Composer host. Composers DB can be used in conjunction with vCenter server DB. If vCenter has DB
unsupported for composer, you must install DB for composer separately.
Screenshot from View Installation PDF.
View Agent supported OS Server 2008R2 x64 Datacenter, WXP (32bit), Vista, W7, W8, W8.1 (x64 and x32)
Enterprise and Pro.
RDS Hosts Server 2008R2 SP1, 2012 and 2012R2 Standard,Ent, Datacenter
Supported OS for Standalone View Persona Management W8, W7, Vista (SP1, SP2), XP(SP3) . The standalone
View Persona Management software provides persona management for standalone physical computers and
virtual machines that do not have View Agent 5.x installed. When users log in, their profiles are downloaded
dynamically from a remote profile repository to their standalone systems.
4
Client Systems processor and memory requirements, see the Using VMware Horizon Client document for
the specific type of client system. Go
to https://www.vmware.com/support/viewclients/doc/viewclients_pubs.html.
For Windows XP desktop virtual machines, you must install the RDP patches listed in Microsoft Knowledge Base
(KB) articles 323497 and 884020. If you do not install the RDP patches, a Windows Sockets failed error message
might appear on the client.
Explain functionality of the following components:

Connection server the main function of connection server is a broker. View Connection Server acts as
a broker for client connections by authenticating and then directing incoming user requests to the
appropriate remote desktops and applications. View Connection Server has specific hardware, operating
system, installation, and supporting software requirements.
View Composer Composer allows Linked clones to be used in your pools. View uses View Composer to
create and deploy linked-clone desktops in vCenter Server. You can then a patch your golden image and
then re-compose all your linked-cloned desktops within your environment. With View Composer, you
can deploy multiple linked-clone desktops from a single centralized base image. View Composer has
specific installation and storage requirements
Replication server To have load balancing and HA, you can install one or more additional instances of
View Connection Server that replicate an existing View Connection Server instance. After a replica
installation, the existing and newly installed instances of View Connection Server are identical.
Security server separate server (or VM) which is placed in the DMZ. Its an instance of View
Connection Server that adds an additional layer of security between the Internet and your internal
network. You can install one or more security servers to be connected to a View Connection Server
instance.
Describe the Horizon View agent
5
View agent is a package that needs to be deployed to all endpoints (desktops, laptops, servers ) or RDS hosts
that will be managed by Horizon View. The View Agent component assists with session management, single
sign-on, device redirection, and other features.
View agent cannot be installed on the same system as other parts of the View Horizon Suite (connection server,
composer, security server).
View agent has many components which can (or does not have to) be installed. Example PCoIP used in
conjunction with smartcards, then the Agents PCoIP smartcard sub-feature has to be installed as well.
When installing View agent you must provide your administrator login credentials to register the unmanaged
machine with the View Connection Server instance. The behavior of View agent can also be controlled via GPO
and AD. For example the vdm_agent.adm template allows the modification of settings like authentication.
View agents log can also be sent to syslog server (feature can be enabled through GPO which is linked to a OU
where are your desktops).
Differentiate Horizon View client access options

Its possible to use RDP or PCoIP to access the View environment. PCoIP is supported as the display protocol
for remote applications and for remote desktops that use virtual
machines, physical machines that contain Teradici host cards, or shared session desktops on an RDS host.
6
PCoIP has best viewer experience across WAN environments, but can be used on LAN or WAN environments. It
supports audio or video content and uses AES encryption 128-bit by default. (can be changed to AES-192 or AES-
256).
For example, on Windows-based clients, you can use up to four monitors and adjust the resolution for each
monitor separately, with a resolution of up to 2560 x 1600 per display. Pivot display and autofit are also
supported.
Support Matrix for View Agent in the View Architecture Planning document. For information about which
client devices support specific PCoIP features, go
to https://www.vmware.com/support/viewclients/doc/viewclients_pubs.html
RDP 6.0 supports multiple monitors in span mode, where RDP 7.0 supports up to 16 monitors.
VCP6-DTM Objective 1.2 Install Horizon (with View) Composer Server

VMware Horizon View Suite has many components. Todays VCP6-DTM Objective 1.2 Install
Horizon (with View) Composer Serverwill show you the installation of Horizon View with a
Composer server (can also be installed on Windows based vCenter server). Composer is the component That
allows using linked clones, do recompose or refresh operations on destkops.
Linked clone is a copy of a virtual machine that shares virtual disks with the parent virtual machine. This
saves disk space, and allows multiple virtual machines to use the same software installation. Lets kick up the
lab.
VMware Horizon View Knowledge in this Objective:
Explain Horizon View Composer database and connectivity

Describe View Composer service and dependencies
Navigate the Horizon View Composer installation wizard
Determine when to install Horizon View Composer in stand-alone mode
Documentation Tools

Horizon View Security Guide
Horizon View Architecture Planning Guide
Explain Horizon View Composer database and connectivity

View Composer is an optional feature. Install View Composer if you intend to deploy linked-clone desktops. By
doing so you can reduce storage needs by 50-90%, which is not something that you can ignore
7
Composers DB requirements SQL is needed to be on the composer server OR being available to the View
Composer host. Composers DB can be used in conjunction with vCenter server DB (if vCenter uses SQL DB). If
vCenter has DB unsupported for composer, you must install DB for composer separately. For example the
default all-in-on vCenter 6 installation does deploy vPostgre SQL, which isnt supported for composer based
deployments. In addition, the composer database must be configured on an available machine in the same
domain or on a trusted domain.
Screenshot from View Installation PDF concerning the DB requirements for composer service.
View Composer creates RSA key pairs to encrypt and decrypt authentication information stored in the
View Composer database. If you want to migrate composer > To make this data source compatible with the new
VMware Horizon View Composer service, you must migrate the RSA key container that was created by the
original VMware Horizon View Composer service. You must import the RSA key container to the machine on
which you install the new service. Check the details of the migration on the Horizon View Administration
Guide p.95.
If the composer server did not manage linked clones pools, then the migration of the RSA is not necessary.
Each composer server has to have its own database. They cannot share a single DB. The View Composer service
does not include a database. If a database instance does not exist in your
network environment, you must install one.
Composer database stores connections for:
8
vCenter server
Active Directory (AD)
Linked-clone desktops that are deployed by composer
Replicas created by composer
Describe View Composer service and dependencies

Composer service is dependent on reliable DNS. In many situations when things dont works as they should its
DNS problem. Make sure that DNS resolution works correctly. The View Composer service relies on dynamic
name resolution to communicate with other computers. To test DNS operation, ping the Active Directory and
View Connection Server computers by name. (ex. ping view.lab.local to ping the view connections server).
Make sure that you have create forward and reverse static DNS records in your DNS zone.
You should create a separate user account in Active Directory to use with View Composer. View Composer
requires this account to join linked-clone desktops to your Active Directory domain.
The user account should not be a View administrative account. Give the account the minimum privileges that it
requires to create and remove computer objects in a specified Active Directory
container.
Navigate the Horizon View Composer installation wizard

Composer needs a SQL database and connection to it otherwise you wont be able to install composer service.
Youll need to setup a Horizon View Composer Database User which acts as a service account
and is able to connect to the SQL server DB. Login to your SQL server as a user which has rights to create new
logins and DBs. Usually I use SQL server authentication, but you can use Windows based authentication if the
composer DB is located on the same server as Composer server.
Expand the Security > Logins > Right Click > New Login.
9
You may want to uncheck the Enforce password policy, Enforce password expiration and user must
change password at next login check boxes
Once done, create a new database
Do a right click on Databases > New database,
put some meaningful name and select the owner from the list by clicking the button next to the field. The owner
is the composer DB user we had created in previous step.
Click OK and you should end up with an empty database like this
10
Now that we have the DB and the user which can connect we can setup the ODBC connection from our
Composer server. Yes composer needs to have an ODBC connection which youre asked during the setup
process. But before you can setup the ODBC connection to the composer database, youll need an SQL client
The SQL Server Native Client is not installed by default on a Windows server. If you are connecting from
Windows server to a database hosted on another server, you will need to download and install the native client
for SQL Server 2008 R2 from Microsoft (direct download link).
Note that if you have SQL Server 2012 as a DB, then youll need the native client for SQL Server 2012 from this
page. (pick only the sqlncli.msi .).
SQL Server 2012 has native Client 11.0. If the Composer database is installed on SQL Server 2012, Native
Client 11.0 should be used.
System Requirements:
.Net 3.5 SP1

SQL Server Native Client
11
Go and create an ODBC connection to the SQL server DB we created. (you can see on the image below that
were using SQL Server 2012 so we have the sql native client 11.0)
Then follow the assistant
12
Once finished you can start the composer installer.
And then youll get the final message inviting you to reboot the server Composer installation done.
13
Determine when to install Horizon View Composer in standalone mode
The standalone installation of composer is usually the case when vCenter server isnt running Windows OS.
(Its VCSA, Linux based vCenter). So in this case not only youll have to install composer service on different
Windows system and also you must create a domain user account in Active Directory that View can use to
authenticate to the View Composer service on the standalone machine.
This account should have local administrator rights on the composer server as well.
By creating a separate account, you can also guarantee that it does not have additional privileges that are
defined for another purpose. You can give the account the minimum privileges that it needs to create and
remove computer objects in a specified Active Directory container. For example, the View Composer account
does not require domain administrator privileges.
So create a user account in AD. Its a standard user account, not part of domain admin group.
Create an OU which will be used to put View desktop computer accounts in it. When you create
this ViewDesktop OU youll need to assign permission ( Create Computer Objects, Delete Computer Objects,
and Write All Properties permissions to the account in the Active Directory container).
14
List of permissions needed to include those which are assigned by default:
List Contents
Read All Properties
Write All Properties
Read Permissions
Reset Password
Create Computer Objects
Delete Computer Objects
Make sure that the user accounts permissions apply to the Active Directory container and to all child objects of
the container
Next go to the Composer server and add the viewcomposer user that we just created in AD to local admin
group on that host.
15
Composer needs two accounts:
1. Account in AD which is used for composer service to communicate with View.

2. Account in SQL server DB which is used by the composer service to access the SQL database.
VCP6-DTM Objective 1.3 Install Horizon (with View) Connection Server

Todays post is about Horizon View Connection server. VCP6-DTM Objective 1.3 Install Horizon (with View)
Connection Server will teach you whats necessary to successfully deploy View connection server. Well see the
firewall requirements and then at the end we put the hands on the installation in the lab.
Horizon View 6.x introduced a possibility to build a desktop infrastructure based on Linux desktops. Linux
desktops now support clipboard redirection, single sign-on, and smart card redirection. Interesting, as the cost
of such infrastructure is obviously much lower avoiding the Microsofts licensing part. Now it depends in which
environment this would be relevant. Schools, Governmental? All the VCP6-DTM exam topics will get covered
and gathered on single WordPress page VCP6-DTM Study Guide (work in progress).
VMware Knowledge
Determine required firewall rules

Install Horizon View Connection servers
Differentiate between standard and replica servers
16
Documentation Tools
Horizon View Installation Guideins


View connection server firewall requirements (from the Installation guide p.58):
TCP 4001 Standard and replica

HTTP TCP 80 Standard, replica, and security server
HTTPS TCP 443 Standard, replica, and security server
PCoIP TCP 4172 in;
UDP 4172 both directions Standard, replica, and security server
HTTPS TCP 8443 Standard, replica, and security server. After the initial connection to View is made, the
Web browser on a client device connects to the Blast Secure Gateway on TCP port 8443. The Blast
Secure Gateway must be enabled on a security server or View Connection Server instance to allow this
second connection to take place.
HTTPS TCP 8472 Standard and replica For the Cloud Pod Architecture feature: used for interpod
communication.
HTTP TCP 22389 Standard and replica For the Cloud Pod Architecture feature: used for global LDAP
replication. HTTPS TCP 22636 Standard and replica For the Cloud Pod Architecture feature: used for
secure global LDAP replication
During the installation, Horizon View will prompt you to open Windows firewall ports automatically.
Install Horizon View Connection servers

System requirements:
1 cpu (4 recommended)
Minimum 4GB RAM, 10GB recommended if more than 50 sessions
Server 2008 R2 , Server 2012 R2
Server joined in AD
Static IP
Note that before you start installing you should follow the post VCP6-DTM Objective 1.5 Prepare Environment
for Horizon (with View).
Follow the installation guide..
17
Chose which type of installation youre doing
Let the Windows firewall to be configured automatically.
18
And then just click next as you can add the horizon service accounts that you created in your AD, later on,
through the admin interface
After the installation when you first login to the admin UI through https://ip_of_your_view_server/admin
youll get a warning that your certificate is not valid.
19
For production environments you should get valid certificate, but if you just want to overcome this and
have a green icon, than you can just copy the self signed certificate to the Trusted root certificate
authorities store on the view connection server VM.
You can do that like this:
Start > run > mmc > File > Add/remove Snap-ins > Certificate > Add > Computer account > Finish > OK
Then copy the self signed certificate from Personal store to the Trusted root certificate authorities store
20
Differentiate between standard and replica servers
Standard installation its a view connection server instance with new view LDAP config.
Replica installation This is new view connection server installed, but we use existing View LDAP configuration
which is copied from an existing View instance.
Security Server in this type of installation the view connection server is deployed in a DMZ to add an additional
protection between your LAN environment and the outside world.
Sizing? For more than 50 VDI sessions on a Connection Server one should easily plan with 10GB of RAM for that
server.
VCP6-DTM Objective 1.4 Install Horizon (with View) Security Server

Today we will tackle VCP6-DTM Objective 1.4 Install Horizon (with View) Security Server. VCP6-DTM Study
Guide continues, you could possibly check the VCP6-DTM page where were moving forward to not only cover
Horizon View, but also VMware Mirage and Horizon Workspace.
All the topics from the VMware blueprint will be covered. Check the VCP6-DTP Study Guide Pagefor all topics.
The certification exam is a necessity for VMware admins willing to get deeper knowledge on Horizon View and
DR products likeMirage or Workspace and get certified in this track. Its the second step forward VCAP, VCIX or
VCDX in the destkop certification tree.
Lets have a look what we will cover today:
Horizon View Knowledge

Configure Horizon View security server pairing
Navigate the View Connection server installation wizard
Horizon View PDF Documentation Tools


If you choose to install HTML Access with View Connection Server, the installer configures the VMware Horizon
View Connection Server (Blast-In) rule in Windows Firewall to open TCP port 8443, used by
HTML Access (Previously called VMware Blast . )
21
View connection server firewall requirements (from the Installation guide p.58):

HTTP TCP 80 Standard, replica, and security server
HTTPS TCP 443 Standard, replica, and security server
PCoIP TCP 4172 in;
UDP 4172 both directions Standard, replica, and security server
HTTPS TCP 8443 Standard, replica, and security server. After the initial connection to View is made, the
Web browser on a client device connects to the Blast Secure Gateway on TCP port 8443. The Blast
Secure Gateway must be enabled on a security server or View Connection Server instance to allow this
second connection to take place.
HTTPS TCP 8472 Standard and replica For the Cloud Pod Architecture feature: used for interpod
communication.
HTTP TCP 22389 Standard and replica For the Cloud Pod Architecture feature: used for global LDAP
replication. HTTPS TCP 22636 Standard and replica For the Cloud Pod Architecture feature: used for
secure global LDAP replication.
During the installation, Horizon View will prompt you to open Windows firewall ports automatically. This is
optional step.
Back-End firewall config between Security servers and View connection server instances If your network
has a back-end firewall between security servers and View Connection
Server instances, you must configure certain protocols and ports on the firewall to support IPsec. If not, the data
sent between a security server and View Connection Server instance will fail to
pass through the firewall.
By default, IPsec (highly recommended to use IPsec) rules (allowing bidirectional traffic) govern the connections
between security servers and View Connection Server instances. To support IPsec, the View Connection Server
installer can configure Windows firewall rules on the Windows Server hosts where View servers are installed.
For a back-end firewall, you must configure the rules yourself.
22
Configure Horizon View security server pairing
The configuration of the pairing password is done through the view admin UI.
Select View Configuration > Servers > Connection Servers > More commands > And then Specify Security
Server Pairing password.
23
And then as you can see you can enter the password but also specify the time during which the password stays
valid. By default its 30 min. You can change the value or from the dropdown select hours instead of minutes.
24
Navigate the View Connection server installation wizard
A security server is an instance of View Connection Server that adds an additional layer of security between the
Internet and your internal network. You can install one or more security servers to be connected to a View
Connection Server instance.
Here you can enter the pairing password which stays active only 30 min by default. We saw it above where to
configure it
25
The external URL for PCoIP and Blast protocol access
And then last two screens here
Thats about it concerning the security server. You should definitely look at the requirements we have
enumerated in VCP6-DTM Objective 1.5 Prepare Environment for Horizon (with View).
VCP6-DTM Objective 1.5 Prepare Environment for Horizon (with View)

This is a very important chapter VCP6-DTM Objective 1.5 Prepare Environment for Horizon (with View). As
without the proper setting of your AD groups, AD organizational units (OU), vCenter users (and priviledges) the
environment will not meet the requirements and some components might not work correctly or users will
26
get too many priviledges and perhaps put your company at risks. So to prepare a horizon environment is
very important.
So in todays topic VCP6-DTM Objective 1.5 Prepare Environment for Horizon (with View) we will teach you all
that. All the VCP6-DTM exam topics will get covered and gathered on single WordPress page VCP6-DTM Study
Guide.
Knowledge
Explain characteristics of required Active Directory domain accounts, groups, and permissions
Identify and describe the Group Policy Object template files
Describe Organizational Units for machine accounts
Verify trust relationships
Describe DHCP requirements for Horizon View desktops
Tools

Setting Up Desktop and Application Pools in Horizon
Explain characteristics of required Active Directory domain accounts, groups,

and permissions
Microsoft AD is supported at the following AD levels:
Windows Server 2003, 2008, 2008r2, 2012 and 2012R2. View connection servers has to be joined to AD, but the
server must not be a Domain controller.
Youll need few things:
1. Create an OU for Remote desktops

2. Create Groups for users
3. Create a user account for vCenter server
4. Create a user account for Standalone View Composer server
5. Create a user account for View Composer AD operations
Step 1: Create an OU for View Remote Desktops. In this OU will be all computer accounts used within view
desktops. You can easily apply GPO on that OU. A GPO that will be different from other GPOs used in your
environment. If using View composer you should create separate OU for linked-clone desktops.
27
Note: If youre using kiosk mode than you should also create an OU for those desktops running in locked-down
kiosk mode. And also you should create an AD group for kiosk mode client accounts. It allows to separate the
different settings, configuration and administration.
Step 2: Create Groups for users. Create group viewusers and viewadmins. Like this you, again, can differentiate
and setup different configs for both groups which wont have the same privileges on the environment. Users can
only use the desktops while administrators can login as admin to the environment to perform administration
tasks.
Step 3: Create vCenter service user account for vCenter server, in AD.
Well name this account vcenterservice and this user account will be used when youll be within View admin
portal when adding vCenter server instance. This account is used when View interacts with vCenter (behind the
scenes) when provision desktops, powers them on, or off etc. The privileges of this account should not be as
high as administrators account. There is no reason for that. The vcenterservice service user account must be in
the same domain as your View Connection server, or in a trusted domain.
Case A: Composer installed on the same machine as vCenter (if Windows) you must add the vCenter
server user to the local admin group on the vCenter server VM (or physical). This requirement allows
View to authenticate to the View Composer service.
Case B: Composer installed on separate machine have to create a standalone View Composer Server
user account that must be a local administrator on the View Composer
machine. (note we have done this in the Objective 1.2 for composer installation as we installed on
separate VM)
Step 4: Create a user account for Standalone View Composer server the same as case B. You must create
separate user in AD in this case. view will use this account to authenticate to the view composer service on the
standalone composer machine.
Step 5: Create a user account for View Composer AD operations a special composer account is needed that
view composer will use to join linked-clones to AD. A separate AD account shall be created for this purpose. You
can give a minimum privileges to this account to ensure that this account can do only the tasks needed. In our
case we have created aComposerOperations user. How?
Go to AD and create a user account which youll place to the viewlinked-clones OU.
Apply following permissions to that OU (including those assigned by default):
28
List Contents
Read All Properties
Read Permissions
Reset Password
NOTE Fewer permissions are required if you select the Allow reuse of pre-existing computer accounts setting for
a desktop pool. Make sure that the following permissions are assigned to the user account:
List Contents
Read All Properties
Read Permissions
Reset Password
Make sure that the permissions apply to the OU and to all child objects!
Create new role in vCenter server We also need to create a new role in vCenter: >Administration > Roles >
and assign privileges needed for that role.
29
HorizonViewConnection vCenter server role privileges:
30
Were using Composer, so well be using certain set of privileges in vCenter for that. If you dont use composer,
than youll most likely want to set this different way. See p. 83 of the Horizon View Admin guide.
31
vCenter priviledges for HorizonViewComposer role:
Once done we need to do one more thing while in vCenter admin UI. We need to assign permissions
for composer service account that we created in our AD, to the vCenter root
You see the required steps through the screenshot here.
32
Identify and describe the Group Policy Object template files
View provides several component-specific Group Policy Administrative (ADM and ADMX) template files. You can
optimize and secure remote desktops and applications by adding the policy settings in these ADM and ADMX
template files to a new or existing GPO in Active Directory. All ADM and ADMX files that provide group policy
settings for View are available in a bundled .zip file named VMware-Horizon-View-Extras-Bundle-x.x.x-
yyyyyyy.zip
To install:
Unzip the file and copy the View Persona Management ADM Template file, ViewPM.adm, to your Active
Directory server.
On your Active Directory server, open the Group Policy Management Console. (gpmc.msc)
In the left pane, select the domain or OU that contains your View machines.
In the right pane, right-click the GPO that you created for the group policy settings and select Edit.
Right-click Administrative Templates under Computer Configuration > select Add/Remove Templates.
Click Add, browse to the ViewPM.adm file > click Open.
Click Close to apply the policy settings in the ADM Template file to the GPO.
33
The name of the template appears in the left pane under Administrative Templates.
Describe Organizational Units for machine accounts

Details in the text above
34
Verify trust relationships
In case you have more than one domain, you must establish trust relationship between those domains. This
must be an external non-transitive two-way trust. Users are authenticated against Active Directory for the
View Connection Server hosts domain and against any additional user domains with which a trust agreement
exists.
View connection server instance traverses trust relationships beginning with its own domain. For small number
of domain which has good connectivity the filtering isnt necessary, but can help in access time when domains
get larger or the connectivity between those domains doesnt perform well. In this case its possible to
use vdmadmin command to configure domain filtering which limits the domains that View connection server
instance searches and displays to users.
Describe DHCP requirements for Horizon View desktops

To be defined
VCP6-DTM Objective 1.6 Install, Configure and Manage vRealize Operations

Manager For Horizon
Another chapter towards the end concerning our VCP6-DTM study guide for VMware Horizon View Suite, but
especially towards all the objectives on the VCP6-DTM blueprint. Todays post covers VCP6-DTM Objective 1.6
Install, Configure and Manage vRealize Operations Manager For Horizon.
vRealize Operations Manager for Horizon is available in 3 different installation packages, starting
with OVA (pre-packaged Suse Linux Enterprise Server VM), then EXE file for Windows based systems or BIN file
for Linux systems. Quite flexible.
Check the work in progress page VCP6-DTM Study Guide. The main materials to study from are as usually the
VMware documentation PDFs.
VMware Knowledge
Describe software requirements for vRealize Operations Manager for Horizon View
Create an instance of the vRealize Operations Manager for Horizon View adapter
Install and configure a Horizon Broker agent
Reference View dashboards and reports
Documentation Tools
VMware vRealize Operations for Horizon Administrator Guide

VMware vRealize Operations for Horizon Installation
35
VMware vRealize Operations for Horizon Security
Maximizing the Use of VMware vRealize Operations for Horizon
Describe software requirements for vRealize Operations Manager for Horizon

View
vROPS Compatibility:
VMware Horizon 6 version 6.1, VMware Horizon 6 version 6.2.1, VMware Horizon 6 version 6.2.2, and
VMware Horizon with View 6 version 6.0.x (Please check the View product naming from the product
page)
VMware vRealize Operations Manager 6.0.3 and 6.1
Adapter Software Requirements - You can install the Horizon adapter on a cluster node or remote collector
node in vRealize Operations Manager.
vRealize Operations Manager 6.0.3 and 6.1

Licenses that enable vRealize Operations for Horizon 6.2 and vRealize Operations Manager 6.0.3 or
vRealize Operations Manager 6.1
Broker Agent Software Requirements
You install the vRealize Operations for Horizon broker agent on a Horizon Connection Server host in your
Horizon environment. You install the broker agent on one Horizon Connection Server host in each Horizon pod
View Connection Server 6.0.1 or later

Microsoft .NET Framework version 4.5
Desktop Agent Software Requirements
In VMware Horizon 6 version 6.2.1 environments, the vRealize Operations for Horizon desktop agent version 6.2 is installed
as part of the Horizon Agent installation.
Create an instance of the vRealize Operations Manager for Horizon View adapter
After you install the vRealize Operations for Horizon, you must create an instance of the View adapter in vRealize
Operations Manager. You can create a single View adapter instance to monitor multiple View pods. If you need to create
multiple View adapter instances, you must create each adapter instance on a unique cluster node or remote collector.
First import the PAK file you have downloaded with all the other bits. VMware-vcops-viewadapter-6.0.0-
buildnumber.pak this is the file and must be installed/deployed on via the vROps web console
36
Click the Plus button to start an assistant
Then just follow When finish hit the configure button.
37
Youll need to setup a Display Name, Description and Adapter ID. Hit the Test connection button when ready, to
confirm
You must add credentials which contains a credentials name and a server keys (remember those, youll need it
later !!! )
Install and configure a Horizon Broker agent

The vRealize Operations for Horizon broker agent shall be installed on one Horizon View Connection Server in each Horizon
pod in your Horizon environment. You shall not install it on a security server.
What you should have done previously is:
Install the vRealize Operations for Horizon solution

Add your license key
Create an instance of the Horizon adapter
Note that: If vRealize Operations for Horizon broker agent 6.1 is installed, it can be upgraded to vRealize Operations for
Horizon broker agent 6.2
The steps:
38
Log in to the Horizon Connection Server (use a domain account that is part of the local administrators
group)
Copy the VMware-v4vbrokeragent-x86_64-6.2.0-buildnumber.exe file to a temp folder on the Horizon
Connection Server host.
Double click the EXE file to start the broker agent setup wizard > Accept the EULA and click Next.
(Optional) Select the Launch the VMware vRealize Operations Horizon Broker Agent configuration utility
check box to cause the Broker Agent Configuration wizard to open immediately after the broker agent is
installed.
The check box is selected by default.
Click Install > click Finish to exit the broker agent setup wizard. Done
IMPORTANT: If you havent done alreay you must open some firewall ports on the view connection server:
TCP PORTS 3091:3095

TCPP ORTS 3099:3101
If not you wont be able to finish the config wizard
The wizard starts like this:
39
Note: If you want to restart the wizard, there is a shortcut in start menu folder, allong with the shortcuts for
Horizon View admin UI
then
40
then
And then
41
And then, the final screen should open. In this window you can also do modifications
42
Quite complete I would say Then you can hit the close button
43
Reference View dashboards and reports
The Horizon dashboards are in the Horizon group in the Dashboard List menu in the vRealize Operations
Manager user interface. As you can see there is quite a lot of them.
Most Horizon dashboards contain at least one master (or providing) widget and several receiving widgets.
Master widgets provide data to receiving widgets, and receiving widgets update the data they display depending
on the information they receive from master widgets.
View Overview
View Infrastructure
View Users
View Remote Sessions
View VDI Pools
View RDS Pools
View TS Pools
View Applications
View Desktop Usage
View Remote Sessions details
View RDS and TS Most details
View Adapter Self Health
To check all the details about each dashboard you can go to the online help page here.
Horizon Reports allows get reporting information about remote desktop and app usage, deskop and app config
details, license compliance If you want to generate a report:
44
Select Environment > Horizon Horizon Environment and select the object you want to have report for
> Reports tab > Reports templates
Click the Run Template button as above in order to generate a report. Then click on the Generated reports
link.
Check all the objectives for the VCP6-DTM exam on a dedicated VCP6-DTM Study Guide Page.
VCP6-DTM Objective 2.1 Configure Horizon (with View) Composer

VCP6-DTM Study Guide continue with todays post VCP6-DTM Objective 2.1 Configure Horizon (with View)
Composer. Horizon View composer is an essential piece of the artchitecture allowing to use linked-clones. The
big advantage of linked-clones is storage savings that it allows, because linked-clone desktops share a base
system-disk image, they use less storage than full virtual machines. Check all exam objectives on theVCP6-DTM
Study Page here.
To create a linked-clone desktop pool, View Composer generates linked-clone virtual machines from a snapshot
of a parent virtual machine. View Manager dynamically provisions the linked-clone desktops based on settings
that you apply to the pool.
But lets get started todays objective with the following chapters and knowledge:
Describe default port settings for View Composer

Determine domain accounts used for QuickPrep
Determine the vCenter Server host system
Identify necessary account domain permissions and domain trust relationships
Enable View Composer from View Administrator and add domain account(s)
Quick overview of View Composer functionnality (img. courtesy of VMware).
45
Documentation Tools

Describe default port settings for View Composer

The default port to allow View Composer to communicate with vCenter is 18443. You may need to open port
18443 in the system firewall.
TCP 902 on ESXi must be opened

80
443
From the documentation:
The SSL certificate that is used by the View Composer service is bound to a certain port by default. You can
replace the default port by using the SviConfig ChangeCertificateBindingPortutility.When you specify a new port
with the SviConfig ChangeCertificateBindingPort utility, the utility unbinds the View Composer certificate from
the current port and binds it to the new port.
46
During installation, View Composer configures the Windows firewall to open the required default port. If you
change the port, you must manually reconfigure your Windows firewall to open the updated port and ensure
connectivity to the View Composer service.
Stop the View Composer service > Open a command prompt on the Windows Server host where View Composer
is installed > Type the SviConfig ChangeCertificateBindingPort command.
For example:
sviconfig -operation=ChangeCertificateBindingPort -Port=port number
where -port=port number is the new port to which View Composer binds the certificate.
The -port=port number parameter is required.
Restart the View Composer service to make your changes take effect.
Also you should review VMware KB Article 1027217 Network connectivity requirements for VMware View
Manager 4.5 and later
Determine domain accounts used for QuickPrep

The quickprep component (its VMware view utility) is used to do the customization of the horizon view linked-
cloned desktops. It uses the same account that Horizon View composer guest agent server service is configured
to use to. Usually its the Default System account. To ensure security, create a separate user account to use with
View Composer. You can give the account the minimum privileges that it needs to create and remove computer
objects in a specified Active Directory container. The View Composer account does not require domain
administrator privileges, but shall have at least:
List Contents
Read All Properties
Read Permissions
Check this KB with video: Creating a QuickPrep user account for VMware View Composer operations.
Quickprep or sysprep, Whats the difference? Here is the answer: Differences between VMware QuickPrep and
Microsoft Sysprep
Determine the vCenter Server host system
The goal is to add vCenter server, within the view administrators UI Lets first login into the Horizon View
Administrator.
47
Then through the configuration menu, through View configuration click the Add vCenter Server
Identify necessary account domain permissions and domain trust

relationships
You should check the VCP6-DTM Objective 1.5 Prepare Environment for Horizon (with View)where we
discussed the details. Without the proper setting of your AD groups, AD organizational units (OU), vCenter users
(and priviledges) the environment will not meet the requirements and some components might not work
correctly or users will get too many priviledges and perhaps put your company at risks.
48
Enable View Composer from View Administrator and add domain account(s)
Here we will be using the AD account which we created in Objective 1.5. Login to the View administrator and
then go to the View Configuration > Servers > vCenter server TAB > Select vCenter Server > Edit > click the
second button from the top > Edit
Here we can specify the service account used for composer to interact with vCenter. [note that this depends on
how you have installed composer, if on the same server as vcenter or on separate server]. Check VCP6-DTM
Objective 1.5 Prepare Environment for Horizon (with View) for more details.
49
Then after validating we have the default certificate error. In production environment you should use
commercial SSL certificate, but here we can just click View Certificate to Accept this default certificate, as is.
50
And then click OK to validate.
You should end up with a screen like this.
51
VCP6-DTM Objective 2.2 - Configure Horizon (with View)
Horizon View and preparation for VCP6-DTM Study guide continue today with Objective 2.2: Configure Horizon
(with View). Todays (long) chapter is divided into several sections, each one of those very important and un-
skippable. This guide shall help, but its only a part of the equation
So far we have covered few chapters (the road is long). One of the chapters (products) withing the EUC (End
user computing) suite is VMware Mirage. Its one of the products thats getting better and better with each
release. The installation and architecture of Mirage can be followed through this post, where the Endpoint
Management (VMs or physical PCs or servers) can be found here.
But lets focus on todays objective.
We will cover:
Explain the purpose of and configure the Events database

Enable Horizon View Storage Accelerator
Configure and modify Horizon View global settings
Modify Horizon View security server settings
Describe virtual printing services and architecture
Enable disk space reclamation
Configure the following:
SSL
Syslog server
External URL settings
Default roles
Custom roles
Required permissions
Display protocol settings
Location aware printing
Profile store for Persona management
Virtual profile group policies
Explain the purpose of and configure the Events database

The event database is necessary to register events which are happening in your Horizon View environment. The
event database allows the admin to look for events during a certain time frame (configurable) . You can create
an event DB by adding it to an existing DB server.
There are quite a few different types of events that are recorded (logged). For example:
Admins action (creating/modifying desktop pools, adding/removing entitlements)

End user actions (logging or starting desktops)
Errors and (or) system failures
52
Requirements:
SQL database can be 2005 or 2008

Oracle database both 10g or 11g can be used.
Both can be on the same instance as the vCenter database.
The same way as we created Horizon View Composer DB, we will do for the View Event DB. Lets go
to check VCP6-DTM Objective 1.2 Install Horizon (with View) Composer Server where we did that.
We did have used standalone SQL server where we created a composer DB. Lets login to SQL Management
studio and add another DB there. This time for Horizon View Events DB. First, create a new login. Expand
the Security > Logins > Right click > New login
You can (or you dont want to) the Enforce password policy (which also unselect the enforce password
expiration and user must change password at next login).
Then create a new database:
53
And here is our Horizon View event DB
Then login to the Horizon View Administrator and go to View Configuration > Event Configuration > Edit >
Add the SQL server which hosts the SQL DB (or Oracle).
54
The table prefix allows to have single Events DB shared by several Connection servers. Validate and you should
see this screen. If youre using SQL express than you should change the port as the default 1433 isnt used by
SQL Express, which uses random connection port.
55
As I mentioned in the beginning, its possible to change the defaults of the settings for the Events.
Enable Horizon View Storage Accelerator

When ESXi hosts are caching virtual machine disks data this feature is called View Storage Accelerator. It uses
the Content based Read Cache (CRBC). View Storage Accelerator improves View performance during I/O storms,
which can take place when many virtual machines start up or run anti-virus scans at once. The feature is also
beneficial when administrators or users load applications or data frequently. Instead of reading the entire OS or
application from the storage system over and over, a host can read common data blocks from cache.
Login to the Horizon View Administrator > Select View Configuration > Servers > On the Storage Settings page,
make sure that the Enable View Storage Accelerator check box i
selected.
56
The default cache size applies to all ESXi hosts that are managed by this vCenter Server instance. The default
value is 1,024MB. The cache size must be between 100MB and 2,048MB.
Configure and modify Horizon View global settings

View Administrator session timeout time after which the admin will get logged out
Forcibly disconnect users after
57
Single Sign-on (SSO)
For client that supports applications, if user stops using the keyboard and mouse disconnect their applications
and discard SSO Credentials:
58
Other clients discard SSO credentials:
Enable automatic status updates check box:
Display pre-login message:
Display warning before forced log off this allows the user to be informed
59
Enable Windows Server Desktops:
Mirage config:
Modify Horizon View security server settings

The different security settings can be found in the Horizon View 6.2 admin guide.
For example the Reauthenticate secure tunnel connections after network interruption means that:
Determines if user credentials must be re-authenticated after a network interruption when Horizon
clients use secure tunnel connections to remote desktops.
When you select this setting, if a secure tunnel connection is interrupted, Horizon Client requires the
user to re-authenticate before reconnecting.
This setting offers increased security. For example, if a laptop is stolen and moved to a different
network, the user cannot automatically gain access to the remote desktop without entering credentials.
60
When this setting is not selected, the client reconnects to the remote desktop without requiring the
user to re-authenticate.
This setting has no effect when the secure tunnel is not used.
Describe virtual printing services and architecture

An end users must be able to send print jobs to the nearest available printer. IT administrators also need an easy
way to manage printers and printer drivers. VMware Horizon 6 satisfies both requirements with two advanced
features for printing from View virtual desktops:
Printer redirection Printer redirection enables end users to send print jobs from a View virtual desktop
to a network printer or to a printer locally attached to the users client device. There is support for a
wide range of client devices, including Windows and Linux PCs, Macintosh computers, and thin and zero
clients
Location-based printing Location-based printing determines which printer to use based on the
location of the end users client device and the mapping rules specified by the IT administrator
Printing from virtual desktops or virtual applications is called virtual printing. Img. courtesy of VMware. Check
this PDF called Horizon 6 view virtual printing solutions
61
The virtual printings central piece reside in the Horizon View Agent. The View Agent installed on the virtual
desktop and provides features such as connection monitoring, virtual printing and access to local USB devices.
The View Agent is installed by running the appropriate View Agent installer (can be x86 or x64) .
Note that additional installer used to be required to add the HTML (Blast) access, this was referred to as the
Feature Pack Installer but this is no longer the case. The HTML access is now included within the agent installer.
Enable disk space reclamation

In View Administrator to edit the vCenter Server settings, navigate to the Storage tab, and select Reclaim VM
disk space.
62
Use View Administrator to edit the pool settings, navigate to the Advanced Storage section, select Reclaim VM
disk space, and set the threshold for space reclamation to 1GB.

SSL To configure a View Connection Server instance, security server, or View Composer instance to use an SSL
certificate, you must import the server certificate and the entire certificate chain into the Windows local
computer certificate store on the View Connection Server, security server, or View Composer host.
In a pod of replicated View Connection Server instances, you must import the server certificate and certificate
chain on all instances in the pod.
By default, the Blast Secure Gateway (BSG) uses the SSL certificate that is configured for the View Connection
Server instance or security server on which the BSG is running. If you replace the default, self-signed certificate
for a View server with a CA-signed certificate, the BSG also uses the CA-signed certificate. Certificates with
Subject Alternative Name (SAN) and wildcard certificates are supported.
Syslog server If you plan to use a Syslog server to listen for the View events on a UDP port, you must have the
DNS name or IP address of the Syslog server and the UDP port number. The default UDP port number is 514.
63
If you plan to collect logs in a flat-file format, you must have the UNC path to the file share and folder in which
to store the log files, and you must have the user name, domain name, and password of an account that has
permission to write to the file share.
To enable View event log messages to be generated and stored in Syslog format, in log files, select the Log to
file: Enable check box. The log files are retained locally unless you specify a UNC path to a file share.
To store the View event log messages on a file share, click Add next to Copy to location, and supply the UNC
path to the file share and folder in which to store the log files, along with the user name, domain name, and
password of an account that has permission to write to the file share.
An example of a UNC path is:
\\syslog-server\folder\file
Click Add next to Send to syslog servers, and supply the server name or IP address and the UDP port number.
64
External URL settings In View Administrator, click View Configuration > Servers > Select the Connection
Servers tab, select a View Connection Server instance, and click Edit > Type the secure tunnel external URL in
the External URL text box. The URL must contain the protocol, client-resolvable host name and port number.
For example: https://myserver.example.com:443
Default roles The default admin roles are not modifiable. See description in VMware Horizon View
Documentation here.
You can find the default roles in View configuration > Administration
The roles are:
Administrators
Administrators (read only)
Agent registration Administrators
Global configuration and policy Administrators
Global configuration and policy Administrators (read only)
Inventory Administrators
Inventory Administrators (read only)
Local Administrators
Local Administrators (read only)
Custom roles If the predefined administrator roles do not meet your needs, you can combine specific
privileges to create your own roles in View Administrator.
Add custom role: View configuration > Administration > Add Role
65
Required permissions usual common admin tasks needs a priviledge or a permission.Someoperations require
permission at the root access group in addition to access to the object that is being manipulated.
Managing Pools
Managing Machines
Managing Persistend disks
Privileges for Managing Users and Administrators
Privileges for General Administration Tasks and Commands
Display protocol settings View supports RDP or PCoIP (PC over IP). You can set policies to control which
protocol is used or to allow end users to choose the protocol when they log in to a desktop. If you use the HTML
Access client, available with the HTML Access feature, the Blast protocol is used, rather than PCoIP or RDP.
PCoIP (PC over IP) provides an optimized desktop experience for the delivery of a remote application or an
entire remote desktop environment, including applications, images, audio, and video content.
Remote Desktop Protocol is the same multichannel protocol many people already use to access their work
computer from their home computer. Microsoft Remote Desktop Connection (RDC) uses RDP to transmit data.
Microsoft RDP is a supported display protocol for remote desktops that use virtual machines, physical machines,
or shared session desktops on an RDS host. (Only the PCoIP display protocol is supported for remote
applications.)
66
Location aware printing see above concerning the virtual printing services and architecture. To use the
location-based printing feature, you must install the Virtual Printing setup option with View Agent and install the
correct printer drivers on the desktop. Configure the location-based printing GPO
Profile store for Persona management Use View Persona Management to retain user settings and data
between sessions even after the desktop has been refreshed or recomposed. View Persona Management has
the ability to replicate user profiles to a remote profile store (CIFS share) at configurable intervals.
To configure View Persona Management, you set up a remote repository that stores user profiles, install View
Agent with the View Persona Management setup option on virtual machines that deliver remote desktop
sessions, add and configure View Persona Management group policy settings, and deploy desktop pools.
Tasks to do:
Overview of Setting Up a View Persona Management Deployment

Configure a User Profile Repository
Install View Agent with the View Persona Management Option
Install Standalone View Persona Management
Add the View Persona Management ADM Template File
Configure View Persona Management Policies
Create Desktop Pools That Use Persona Management
Virtual profile group policies The View Persona Management ADM Template file contains group policy
settings that you add to the Group Policy configuration on individual systems or on an Active Directory server.
You must configure the group policy settings to set up and control various aspects of View Persona
Management.
Overview of the Horizon View Extras bundle
The ADM Template file is named ViewPM.adm.
67
Location of View Persona Management Settings in the Group Policy Window:
Windows 7 and later or Windows Server 2008 and later: Computer Configuration > Administrative Templates >
Classic Administrative Templates (ADM) > VMware View Agent Configuration > Persona Management
Windows Server 2003: Computer Configuration > Administrative Templates > VMware View Agent
Configuration > Persona Management
Documentation Tools

Horizon View ADM files
sviconfig.exe
VCP6-DTM Objective 2.3 Configure PCoIP/RDP Protocol Settings

Todays objective will cover some protocol settings, we will touch GPOs, Flash and 3D rendering etc So todays
post, VCP6-DTM Objective 2.3 Configure PCoIP/RDP Protocol Settings, is another chapter, another objective
towards the VCP6-DTM certification exam which were covering on our VCP6-DTM Study GuidePage. Were not
done yet, but were about half way through.
vSphere Knowledge
68
Configure HTML access
Describe protocol requirements
Locate ADM template files
Explain GPO settings
Configure flash quality and throttling
Configure 3D rendering capabilities
Tools

Configure HTML access

HTML access (VMware Blast) allows access with any client without the need to have previously installed the
view client application. Just inside a browser. During the installation of Horizon View connection server, the
HTML access is an installation option (checked by default) and the installer configures the VMware Horizon View
Connection Server (Blast-In) rule in Windows Firewall to open TCP port 8443, used by HTML Access.
Blast connections however limit the number of simultaneous connections for one connection server to 800 (its
2000 simultaneous connections for PCoIP). Check the image below from the View Architecture planning PDF.
Describe protocol requirements
When using the Blast Secure Gateway:

69
Browser TCP 8443 > Connection Server TCP 22443 > View Desktop
Browser TCP 8443 > Security Server TCP 22443 > View Desktop
When not using the Blast Secure Gateway:
Browser TCP 22443 > View Desktop
In all cases:
Browser TCP 443 > Connection Server

Browser TCP 443 > Security Server
Required Featues When using the Blast Secure Gateway:
The Remote Experience Agent must be installed in the View Desktop. Install this feature in the parent
image, and recompose the pool to ensure all View machines have this installed.
Pool Requirements:
In the View Administrator page, edit the pool settings and ensure that the maximum resolution of any
one monitor setting must be 19201200 or higher so that the View desktop has at least 17.58 MB of
video RAM.
The HTML Access setting must be enabled within the pool.
Connection server:
You must install the HTML Access Web Portal on the View Connection server to enable the HTML Access
functionality. For more information, see the Horizon View HTML Access document.
Check this KB as well: Troubleshooting VMware Horizon View HTML Access
The HTML access needs to be used with compatible browsers. The progress in browsers technology is so fast
that telling you that you must have Chrome version 20 or 30 wouldnt make sense. Its just too fast. But
compatible browsers like chrome, Firefox or latest IE
For Blast Secure Gateway and the HTML Access agent, by default, TLS 1.1 and TLS 1.2 are enabled and TLS 1.0 is
disabled. You can configure the security protocols and cipher suites for both components. See Configuring
Security Protocols and Cipher Suites for Blast Secure Gatewayin the View Security document and Configure
Security Protocols and Cipher Suites for HTML Access Agent in the Horizon Client and View Agent
Security document.
Locate ADM template files

View provides several component-specific Group Policy Administrative (ADM and ADMX) template files. You can
optimize and secure remote desktops and applications by adding the policy settings in these ADM and ADMX
70
template files to a new or existing GPO in Active Directory. All ADM and ADMX files that provide group policy
settings for View are available in a bundled .zip file named VMware-Horizon-View-Extras-Bundle-x.x.x-
yyyyyyy.zip
View PCoIP Session Variables (pcoip.adm) Contains policy settings related to the PCoIP display protocol.
View PCoIP Client Session Variables (pcoip.client.adm) Contains policy settings related to the PCoIP display
protocol that affect Horizon Client for Windows.
You can easily import them into the a new or existing policy via right click the Administrative
Templates > Add/remove Templates .
Theyll appear under the Classic Administrative Templates (ADM)
71
Explain GPO settings
there are quite a few values which can be overridden, through those adm templates. Those are quite self-
explanatory. Id invite you to go through one by one, and see by yourself what options are there
Configure flash quality and throttling

Flash config affects frame rate of flash content. Here you can control the bandwidth and quality of the movies.
Configure 3D rendering capabilities

3D Rendering Options:
72
Hardware The virtual machine must have access to a physical GPU. If the GPU is not available, the
virtual machine cannot power on.
Software The virtual machines virtual device uses a software renderer and will not attempt to use a
GPU, even if one if present.
Automatic The default setting. The virtual device selects whether to use a physical GPU or software-
based rendering. If a GPU is available on the system and has the resources required by the virtual
machine, the virtual machine uses the GPU. Otherwise software rendering is used.
When click the question mark next to the 3D renderer, youll get further explanation
73
When you change the Allow users to chose protocol from Yes to No, youll unlock the grayed out option
74
If you choose manage using vSphere client then you have to specify the amount of memory through vSphere
web client.
So you can also change the settings on the virtual hardware (through vSphere Web client only!!)
75
When you create or edit a virtual machine, you can configure 3D graphics to take advantage of Windows AERO,
CAD, Google Earth, and other 3D design, modeling, and multimedia applications. You can enable 3D on virtual
machines that have Windows desktop or Linux guest operating systems.
Not all guests support 3D graphics. To verify 3D support for a guest operating system, see the VMware
Compatibility Guide here. Linux distributions must have a 3.2 or later kernel.
Check the VCP6-DTM Study Guide Page.
76
VCP6-DTM Objective 2.4 Configure and Manage Security in Horizon (with
View)
Todays post will focus on security VCP6-DTM Objective 2.4 Configure and Manage Security in Horizon (with
View). We will have a look at certificates and certificate-based authentication as well as other security options
like smart cards, RADIUS and configuration of SAML authenticator.
Were cleared more than half the objectives from the official VMware blueprint. Check out our VCP6-DTM Study
Guide page.
VMware Knowledge
Import certificates
Enable certificate-based authentication
Identify authentication requirements for RSA, Smart Cards, and RADIUS
Configure SAML authenticator
Create Horizon View access groups for delegated administration and roles
Create and assign delegated administrative roles
Configure clipboard redirection
Tools

Check the Admin guide on the Overview of Tasks for Setting Up SSL Certificates (p. 67 of the installation guide).
Import certificates
Production environments have to use (or shall do) use certificates provided by certification authority. Those are
usually certificates you pay for. The certificate is then imported into view. Determine the fully qualified domain
name (FQDN) that client devices use to connect to the host. To comply with VMware security recommendations,
use the FQDN, not a simple server name or IP address, even for communications within your internal domain.
You must import the SSL server certificate into the Windows local computer certificate store on the Windows
Server host on which the View Connection Server instance or security server service is installed. You also must
perform this task on the Windows Server host where the View Composer service is installed. Depending on your
certificate file format, the entire certificate chain that is contained in the keystore file might be imported into
the Windows local computer certificate store.
Steps:
77
Perform those steps on View Connection Server instance, security server service is installed. Also on Composer,
if used.
Fist open MMC and Add the certificates snap-in for local computer. In the MMC window, expand the Certificates
(Local Computer) node and select the Personal folder. In the Actions pane, go to More Actions > All
Tasks > Import.
In the Certificate Import wizard, click Next and browse to the location where the certificate is stored.
Select the certificate file and click Open. To display your certificate file type, you can select its file format from
the File name drop-down menu. Type the password for the private key that is included in the certificate
file. Select Mark this key as exportable. Select Include all extended properties> Next > Finish.
Verify that the new certificate contains a private key. In the Certificates (Local Computer)
>Personal > Certificates folder, double-click the new certificate.
In the General tab of the Certificate Information dialog box, verify that the following statement appears: You
have a private key that corresponds to this certificate.
Modify the certificate Friendly name to vdm. (for connection server, not composer).
Import a Root Certificate and Intermediate Certificates into a Windows Certificate Store In the MMC console
on the Windows Server host, expand the Certificates (Local Computer) node and go to the Trusted Root
Certification Authorities > Certificates folder.
78
If your root certificate is in this folder, and there are no intermediate certificates in your certificate chain, skip to
step 7.
If your root certificate is not in this folder, proceed to step 2.
Step 2: Right-click the Trusted Root Certification Authorities > Certificates folder and click All Tasks Import.
next etc etc
Step 7: Restart the View Connection Server service, Security Server service, View Composer service, or
vCenter Server service to make your changes take effect.
Note for Composer: View Composer, you must run the SviConfig ReplaceCertificate utility to replace the
certificate that is bound to the port used by View Composer. This utility unbinds the existing certificate and
binds the new certificate to the port. (p73. Horizon View Installation guide)
Enable certificate-based authentication

You need to not only install the SSL certificates on required servers (above), but also you must configure the
client to trust those certificates. Check details for each of the Systems (Windows, OSX, MacOS on p73 74.
There youll find also PCoIP gateway configuration concerning SSL. Basically PCoIP Secure Gateway (PSG)
service uses default certificate after install, so you must follow the whole procedure:
Verify That the Server Name Matches the PSG Certificate Subject Name on page 78
Configure a PSG Certificate in the Windows Certificate Store on page 78
Set the PSG Certificate Friendly Name in the Windows Registry on page 80
(Optional) Force a CA-Signed Certificate to Be Used for Connections to the PSG on page 80
Identify authentication requirements for RSA, Smart Cards, and RADIUS

You can configure a View Connection Server instance so that users are required to use RSA
SecurID authentication or RADIUS (Remote Authentication Dial-In User Service) authentication.
you must have those servers configured and accessible to the View Connection Server host. For example, if you
use RSA SecurID, the authentication manager would be RSA Authentication Manager. If you have RADIUS, the
authentication manager would be a RADIUS server.
2 Factor Authentication You need to have third-party software for 2-factor authentication. Install and
configure the two-factor authentication software, such as the RSA SecurID software or the RADIUS software, on
an authentication manager server.
RADIUS The RADIUS server has not been configured to accept the View Connection Server instance as
a RADIUS client. Each View Connection Server instance using RADIUS must be set up as a client on the RADIUS
server.
79
Smart Card To use smart cards, client machines must have smart card middleware and a smart card reader. To
install certificates on smart cards, you must set up a computer to act as an enrollment station.
Configure SAML authenticator

VMware Horizon Suite uses SAML 2.0 authenticators to provide Web-based authentication and authorization
across security domains. If you want View to delegate authentication to the Horizon Suite, you can configure
View to accept SAML 2.0 authenticated sessions from Horizon Suite. When Workspace is configured to support
View, Workspace users can connect to remote desktops by selecting desktop icons on the Horizon User Portal.
In View Administrator, you can configure SAML 2.0 authenticators for use with View Connection
Server instances. Before you add a SAML 2.0 authenticator in View Administrator, make sure that the SAML
2.0 authenticator uses a certificate that is signed by a CA.
Requirements:
Verify that the root certificate for the signing CA for the SAML server certificate is installed on the
View Connection Server host
Verify that Horizon Workspace is installed and configured
Make a note of the FQDN or IP address of the Workspace Gateway server or external-facing
load balancer.
Make a note of the URL of the Workspace Connector Web interface.
Where?
Horizon View admin UI > View configuration > Servers > Select Connection Server > Edit > Authentication tab.
80
Disabled SAML authentication is disabled. You can launch remote desktops and applications only from
Horizon Client.
Allowed SAML authentication is enabled. You can launch remote desktops and applications from both
Horizon Client and Workspace.
Required SAML authentication is enabled. You can launch remote desktops and applications only from
Workspace. You cannot launch desktops or applications from Horizon Client manually.
Check more details on p.51 of Horizon View administration guide.
Create Horizon View access groups for delegated administration and roles
You can define who can use View Administrator role and what tasks those users are authorized to perform. With
role-based delegated administration, you can selectively assign administrative rights by assigning administrator
roles to specific Active Directory users and groups. The same way as in vCenter server, admins are allowed to
perform tasks in View Administrator is governed by an access control system that consists of administrator roles
and privileges.
Administrator Role is a collection of privileges. Privileges grant the ability to perform specific actions, such as
entitling a user to a desktop pool. Privileges also control what an administrator can see in View Administrator.
81
Root Access Group Automated desktop pools, manual desktop pools, and farms are created in the root access
group, which appears as / or Root(/) in View Administrator. RDS desktop pools and application pools inherit
their farms access group. You can create access groups under the root access group to delegate
the administration of specific pools or farms to different administrators.
A role must contain at least one object-specific privilege to apply to an access group. Roles that contain
only global privileges cannot be applied to access groups. You can use View Administrator to create access
groups and to move existing desktop pools to access groups. When you create an automated desktop pool, a
manual pool, or a farm, you can accept the default root access group or select a different access group.
82
After you create a role you can assign a permission
83
Create and assign delegated administrative roles
A role must contain at least one object-specific privilege to apply to an access group. Roles that contain
only global privileges cannot be applied to access groups.
You can delegate the administration of specific machines, desktop pools, or farms to different administrators by
creating access groups. By default, desktop pools, application pools, and farms
reside in the root access group.
You can have a maximum of 100 access groups, including the root access group.
Move a Desktop Pool or a Farm to a Different Access Group In View Administrator, select Catalog > Desktop
Pools or Resources > Farms
Select a pool or a farm > Select Change Access Group from the Access Group drop-down menu in the top
window pane > Select the access group and click OK. View Administrator moves the pool to the access group
that you selected.
Configure clipboard redirection

Horizon View has PCoIP Session Variables ADM template files (), which contains GPO settings that configure
general session characteristics such as PCoIP image quality, USB devices, and network ports.
84
Note: To know how to install those ADM template files check out the Objective 2.3 Configure PCoIP/RDP
Protocol Settings
Configure clipboard redirection Determines the direction in which clipboard redirection is allowed. You can
select one of these values:
Enabled client to agent only (That is, allow copy and paste only from the client system to the remote
desktop.)
Disabled in both directions
Enabled in both directions
Enabled agent to client only (That is, allow copy and paste only from the remote desktop to the client
system.)
Clipboard redirection is implemented as a virtual channel. If virtual channels are disabled, clipboard redirection
does not function.
This setting applies to View Agent only.
When this setting is disabled or not configured, the default value is Enabled client to agent only.
VCP6-DTM Objective 2.5 Create ThinApp applications and a ThinApp

repository
Todays objective will dive into Thinapps. VCP6-DTM Objective 2.5 Create ThinApp applications and a
ThinApp repository. ThinApp has been historically one of the software pieces present in Horizon View as it
allows the software distribution across your domain architecture with central management through View admin
console.
85
ThinApp creates virtualized applications. In Horizon implementation, these virtual packages reside on a ThinApp
repository in a network share. As an administrator, you can copy a full ThinApp package from the repository to
the virtual desktop. You can also place a shortcut on the virtual desktop that points to the ThinApp package on
the repository.
Applications on remote desktops can be natively installed applications, ThinApp virtual applications, or shortcuts
to ThinApp virtual applications. You copy a ThinApp virtual application to a remote desktop or add a shortcut
that points to the virtual application on the ThinApp repository.
ThinApp applications have their ability to execute itself in a sandbox so the dependency on the underlying OS is
inexistent and the app can be streamed across the LAN too. However with AppVolumes the trend is going
forward allowing faster deployment of hundreds of applications at the same time with very little administrative
effort. But the exam has this objective in it so well go through today.
VMware Knowledge:
Create VMware ThinApp applications

Create file shares
Assign permissions to the file shares
Verify MSI streaming settings in the package.ini files
Determine necessary VMware ThinApp package components to put on the share
Assign VMware ThinApp applications to pools
VMware Study Tools (PDF):

VMware ThinApp Users Guide
VMware ThinApp Reference Architecture Guide
Create VMware ThinApp applications

To create a ThinApp application youll need the ThinApp packager (present in the download bundle) and
also VMware Workstation, which will allow you quickly work and prepare ThinApp packages and at the same
time by using snapshots to go back to the clean state of the OS which is used to prepare Thinapps.
Thinapp workflow:
Prescan > Install app > Postscan > Extraction of the difference = Thinapp package.
ThinApp Virtualization Packager installs on a clean workstation system (in a VM) and first thing you must do is to
do a prescan.
86
Once done, create a snapshot.. Like this youll have a system which is clean and which is ready to
monitor the application that you want to package.
87
Now you can install an application (and check that it works) > do a post-scan .
88
Then click Next to have a screen where you can define authorization to run the package
then chose whether you grant the full write access to non-system directories. In this case, the application can
read and write to the local VMs filesystem.
89
then you can setup ThinDirect by entering which websites to capture and redirect to the browser. Thinapp
packager detected that youre creating virtualization package for a web browser
and here simply put a meaningful name and chose whether to use separate .DAT file for thinapps and if you at
the same time want to generate MSI package or not. (simple checkbox).
90
to finish with
You can only prepare the project without actually build the project.
91
Create file shares
You must store the MSI packages on a Windows network share that resides in an Active Directory domain that is
accessible to your View Connection Server host and remote desktops. The file server must support
authentication and file permissions that are based on computer accounts.
To run streamed ThinApp applications on remote desktops, users must have access to the network share that
hosts the MSI packages.
Assign permissions to the file shares

NTFS permission of the network share that hosts the ThinApp packages to Read & Execute for users.
Verify MSI streaming settings in the package.ini files

VMware Horizon View administration p.157
If you plan to stream the application to remote desktops, set the MSIStreaming property to 1 in
the package.ini file.
MSIStreaming=1
There is a special paper called VMware Thinapp Streaming Execution Mode.
Determine necessary VMware ThinApp package components to put on the

share
1. Thinapp Executables
2. .DAT file generated when virtualizing an Application.
Better to do a separate .DAT file as the thinapps will launch faster. Another reason is that Windows systems has
limits when it comes to size of Executables. When an .EXE is over its file size limitation for the specified OS,
thing can (and will) goes wrong.
Assign VMware ThinApp applications to pools
Before assigning Thinapps to pool, you must make sure that:
You have placed Thinapp (including the .DAT file) to network share accessible to View connection server
and destkop pools
You have granted necessary NTFS permissions to the users on that share (ReadExecute)
92
To Add Thinapp application to the pools go to View Admin > View Configuration > Thinapp Configuration > Add
Repository
There youll Add ThinApp repository. Enter some meaningful name, share path and Description. Click Save
button..
Put your ThinApp packages to the network share
93
Then go to Catalog > Thinapps > Scan New Thinapps
And the final step is to assign the ThinApp application to the pool
Then chose the pool and also the installation type..

94
Then when you log on the desktop youll find Firefox icon on the desktop and when launched youll see the
usual ThinApp Windows like this
Wrap-Up:
We have done another chapter towards the VMware VCP6-DTM (Desktop and mobility) certification exam. You
can have a look on our VCP6-DTM Study Page
95
If youre studying towards traditional VCP6-DCV (Datacenter virtualization) youll be certainly interested by
our VCP6-DCV Study Page.
VCP6-DTM Objective 2.6 Configure Horizon View Cloud Pod Architecture

In todays post VCP6-DTM Objective 2.6 Configure Horizon View Cloud Pod Architecture well activate one of
the newer feature of Horizon View Cloud Pod architecture. A View Pod cannot cross multiple datacenters, but
a federation can be done between PODs where one POD local and one in remote datacenter. Each View pod is
an independent entity that has its own user entitlements and is managed separately, but with the new Horizon 6
Cloud Pod Architecture, its possible to aggregate multiple View pods in either the same data center or different
data centers and entitle users to a desktop in any location.
VMware Knowledge
Enable and configure a multi-site/pod deployment

Configure global/user entitlements
Configure home sites
Tools
Administering Horizon View Cloud Pod Architecture

Enable and configure a multi-site/pod deployment

View POD consists of a set of View Connection Server instances, shared storage, a database server, and the
vSphere and network infrastructures required to host desktop virtual machines. In a traditional View
implementation, you manage each pod independently. With the Cloud Pod Architecture feature, you can join
together multiple pods to form a single View implementation called a pod federation. A pod federation can span
multiple sites and datacenters and simultaneously simplify the administration effort required to manage a large-
scale View deployment.
The horizon deployments will be able to use global LDAP replication between different datacenters. The
metadata will replicate over to the other side where data are replicated like the user entitlements.
The global data layer is stored in a new AD LDS instance. Shared data is replicated on every View Connection
Server instance in a pod federation. Entitlement and topology configuration information stored in the Global
Data Layer determines where and how desktops are allocated across the pod federation.
New interpod communication protocol called the View InterPod API (VIPA).
96
You should check the firewall requirements. Here are some of them:
TCP 8472: View interpod API (Cloud Pod Architecture)

TCP 22389: Global ADLDS (Cloud Pod Architecture)
To enable multi-site deployment at first you must have already installed those two sites with Horizon View.
Cloud Pod architecture allows users to be entitled to desktops across multiple data centers and geographical
locations. The Horizon View servers can be scaled out through different datacenters, countries and sites.
You can initialize the Cloud Pod Architecture feature from any View Connection Server instance in a pod. You
need to initialize the Cloud Pod Architecture feature only once, on the first pod in a pod federation.
97
The process is straightforward, where the initialization phase takes literally few seconds
98
Component Limit:
Desktops 20,000
Pods 4
Sites 2
View Connection Server instances 20
Configure global/user entitlements

Global Entitlement or Global Pool for the Local Desktop Pool needs to be created. This is the global pool which
englobes all local desktop pools associations.
My command exemple:
lmvutil.cmd createGlobalEntitlement entitlementName WinSeven scope ANY isFloating

authDomain lab.local authAs administrator authPassword MySuperPassword007
99
To check the validations:
Initialize the Cloud Pod Architecture Command line command: (case sensitive)
Youll need to know a command for the activation of the cloud pod architecture as before it was possible only
through a CLI.
On any View Connection Server instance in the pod, run the lmvutil command with the initialize option. lmvutil
initialize
For example:
lmvutil authAs administrator authDomain lab.local authPassword * initialize
where lab.local is the domain and administrator is the site admin.
Connect the Pods to the Pod Federation
On a View Connection Server instance (remote site) in the pod that you are joining to the pod federation, run
the lmvutil command with the join option.
Example:
lmvutil.cmd join joinServer view.lab.local userName lab.local\administrator password

MySuperPassword007 authDomain lab.local authAs administrator authPassword MySuperPassword007
Repeat this command for each pod that you want to join to the pod federation. It takes few min to complete.
Watch out for the cAsE, as its case sensitive!!
100
Create and configure a Global entitlement
A global entitlement provides the link between users and their desktops, regardless of where those desktops
reside in the pod federation. You must create and configure at least one global entitlement to use the Cloud Pod
Architecture feature.
verification:
Create Sites
101
By default, the Cloud Pod Architecture feature places all pods into a default site called Default First Site. If your
Cloud Pod Architecture topology contains multiple pods, you might want to group those pods into different
sites. The Cloud Pod Architecture feature treats pods in the same site equally.
Well create 2 sites:
Remote and local
The command my example:
lmvutil.cmd createSite siteName Remote authDomain lab.local authAs administrator

authPassword MySuperPassword007
List sites:
lmvutil.cmd listSites authDomain lab.local\administrator authPassword MySuperPassword007
As you can see we now have 3 sites:
Default First site (which has 2 pod members)

Local (without a pod)
Remote (without a pod)
We need to assign one pod to the Local site and one pod to the remote site. Lets go back to the CLI:
The command My example:
lmvutil.cmd assignPodToSite podName Cluster-VIEW siteName Local authDomainlab.local authAs

administrator authPassword MySuperPassword007
102
On the image above you see the assignement to Cluster-VIEW (my local view pod) and the assignement to
Cluster-VVIEW which is the remote site cluster.
Each of the command does generate no output, and no output is good output
Now we can check the sites again:
and confirm it through the GUI on our View admin UI :
103
And the above view youll find now on each of the Horizon view connection servers. The configuration is
duplicated through the common layer.
Assign a Home site to a user or group
An option createUserHomeSite will be used
Example:
lmvutil.cmd createUserHomeSite userName lab.local\vladan siteName Local

authAslab.local\administrator authPassword MySuperPassword007
Configure home sites (same as above)

You can use the lmvutil command with the createUserHomeSite or createGroupHomeSite option create a
home site for a user or group. You can also use these options to associate a home site with a global entitlement.
Home site can also be deleted with a switch deleteUserHomeSite
Wrap UP:
The Horizon View 6.2.1 I tried the config does allow the initialization of the cloud pod architecture via the UI, but
thats about it. The rest of the config gets your hand into the CLI. This might change in the future to get this
feature more user friendly and more easier to configure.
If you labbing this in your lab, you might appreciate a great help from this VMware Blog post -:). In addition
youll also need the Administering View Cloud Pod Architecture PDF which is a must have for this lesson.
VCP6-DTM Objective 3.1 Configure Automated Pools using linked clones

Another post focusing on VMware desktop certification exam today. VCP6-DTM Objective 3.1 Configure
Automated Pools using linked clones. Yes, pool settings, linked clones etc. Good stuff. All exam objectives will be
on our VCP6-DTM page (for now its work-in-progress).
But in order to do that we must first prepare a source (golden image) of that first pool, and so we must have an
optimized virtual machine managed by the same vCenter server registered in View Connection server. That VM
also has to have View Agent installed, and a snapshot must be created. I assume that you know how to do that.
VMware Knowledge:
Identify floating vs. dedicated assignments
104
Identify and configure the following:
Optional disk settings
Pool settings
3D renderer
Provisioning settings
Base image and snapshots
vCenter Server resource settings
Advanced storage settings
Guest customization settings (e.g., QuickPrep, Sysprep)
Documentation Tools


Desktop pools are two kinds. Dedicated or Floating.
Dedicated Desktop Pool each user is assigned to a desktop and each time user logs in he (she) obtains
access to the same destkop.
Floating Desktop Pool In a floating assignment pool, its the opposite. Each user receive different
desktops each time he (she) logs in. As simple as that.
You can see the option when start the assistant to create new Desktop Pool.
105
First of all, when creating desktop pool you have the choice between Full Virtual Machines and View Composer
linked clones (in the case you have installed and Configured VMware Horizon View Composer). Composer
generates linked clone VMs from snapshot of parent VM. The VMs are dynamically provisioned and the settings
that youre enter when creating desktop pool are applied to each of those desktops.
106
Optional disk settings the option allows us to set several options when creating the destkop pool. We well
walk you through all the different options which you can configure:
Disk size and drive letter for persistent disk this allows to set the drive letter and size of a persistent
disk in case you want to store the user profile on separate disk.
Disposable file redirection allows the redirection the Guest OS paging and temp files to separate (non
persistent) disk.
Disk size and drive letter for disposable file disk here you can provide disk size in megabytes and a
drive letter. It should be larger than pagefile size of the guest OS. The drive letter is by default set to
Auto which allows View to assign that drive letter automatically.
Use vSphere Virtual SAN allows use VSAN as a datastore for desktop pools. VSAN is bundled with
Horizon View (from the licensing perspective). Its logical to offer some kind of an integration -:)
Pool settings Well check the different pool settings here.
Desktop Pool identification there is an ID and Display name which you have to enter.
107
The next screen has much more details concerning state, remote settings, remote display protocol, number of
monitors to use and whats the maximum resolution or if HTML access shall be enabled by default. There is also
setting allowing to override default global Mirage settings. (as you know Mirage and View are complementary
products, so it also makes sense)
Note that 4K displays are supported allowing to set the Max resolution to 3840 x 2160 and its possible to
assingn up to 4 monitors.
108
3D renderer supported on W7 and later with virtual hardware 8 (vhv 8) and higher. The hardware-based
renderer is supported on virtual hardware version 9 (vhv 9) in vSphere 5.1. Software renderer is supported on
virtual hardware 8 in vSphere 5.0.
109
PCoIP have to be selected as default for the desktop pool and users has to be allowed to choose their own
protocol.
vhv 9 in vSphere 6.0 supports Video memory supports up to
Provisioning settings We can enable (disable) provisisoning and (or) disable on error.
Names for the machines can be specified manually or automatically (also with a pattern). The wizard is well
done, on the right you always have a explanations. (note that since its inception Wiew has that I always like that
having the explanations at my fingertips ) Very easy to enter the naming pattern when you have an example
on the right -:)
Option Minimum number of ready (provisioned) machines during View Composer maintenance operations Use
this setting to perform machine maintenance operations in a rolling fashion. Increasing this count may decrease
the concurrency for View Composer operations for the desktop pool.
Other options allow to specify the composer disk
110
Base image and snapshots The base image is the Golden image VM. You basically optimize that VM to your
needs. Good help might be the VMware Fling called VMware OS Optimization tool (you can find a link in
our Free Tools page -:)) .
You should:
remove DHCP leas from the parent VM (ipconfig /release command)

The VM shall have a system disk with single volume only.
VM shall not have independent disk
You should remove default user TEMP and TMP variables from the parent virtual machine.
You can also remove the pagefile.sys file to avoid duplicating the file on all the linked clones.
Disable the hibernation option to reduce the size of linked-clone OS disks
Before you take a snapshot of the parent virtual machine, disable searching Windows Update for device
drivers
vCenter Server resource settings on this page you have to set few things:
On the vCenter Settings page, you must click Browse and select the vCenter Server settings in sequence.
You cannot skip a vCenter Server setting:
Parent VM
Snapshot
VM folder location
Host or cluster
Resource pool
Datastores
111
vCenter uses those settings to do many things under the cover
Advanced storage settings you can enable storage accelerator or reclamation VM disk space (youll need to
have vmx-09 and higher based VM. vSphere 5.1 and higher).
112
You cannot directly initiate disk space reclamation for a pool. You determine when View initiates disk space
reclamation by specifying the minimum amount of unused disk space that must
accumulate on a linked-clone OS disk to trigger the operation. When the unused disk space exceeds the
specified threshold, View directs the ESXi host to reclaim space on that OS disk. View applies the threshold to
each virtual machine in the pool.
Manual option (for demo purposes): vdmadmin -M
Needs SCSI controller on VMs disk disk space reclamation is not supported on virtual machines with IDE
controllers.
113
Guest customization settings (e.g., QuickPrep, Sysprep) You might want to read my post Quickprep or Sysprep
whats the difference?
Basically quickprep during the initial startup of each new desktop, QuickPrep does this:
Creates a new computer account in Active Directory for each desktop.

Gives the linked-clone desktop a new name.
Joins the desktop to the appropriate domain.
Optionally, mounts a new volume that contains the user profile information.
114
The linked clones might restart one or more times while they are provisioned. If a linked clone is in an
error state, the View automatic recovery mechanism attempts to power on, or shut down and restart, the
linked clone.
By default, View Composer generates a new Active Directory computer account for each linked clone that
it provisions. The Allow reuse of pre-existing computer accounts option lets you control the computer accounts
that are created in Active Directory by ensuring that View Composer uses existing AD computer accounts.
With this option enabled, when a linked clone is provisioned, View Composer checks if an existing AD computer
account name matches the linked clone machine name. If a match exists, View Composer uses the existing AD
computer account. If View Composer does not find a matching AD computer account name, View Composer
generates a new AD computer account for the linked clone.
Wrap Up:
Another lesson done. Were getting closer to cover the exams blueprint. This however does not mean that you
can find ALL covered here! No you should have the documentation set (especially the Setting up Desktop and
Application pools in View document, required for the exam as a priority at your fingerprint. We can show you
more screenshots from the inside than those documents can, but still you should lab it. If you cant have a
dedicated lab you should at least try some online labs (VMware HOL or Ravello).
VCP6-DTM Objective 3.2 Configure Automated Pools using full clones

In todays post well configure full clones driven by automated pools. In this particular case we wont use
VMware Composer, reducing a bit the complexity of View, but on the other hand growing the storage needs.
But there is also a time which plays a certain role as full clone gets more time to get created than linked clone
Lets get started with VCP6-DTM Objective 3.2 Configure Automated Pools using full clones.
The full Study page of all the VCP6-DTM exam topics is taking shape here. In case youre studying for
traditional datacenter VCP you might visit our VCP6-DCV Study Guide page and get a PDF version with 28
chapters (210 pages).
But lets get back to our exam topic and its VMware Knowledge:

Pool settings
3D renderer
Templates
Guest customization settings
Documentation Tools
115

When View Composer creates a linked clone, it takes a snapshot of the clones OS disk. The snapshot uniquely
identifies the linked-clone virtual machine. A refresh operation reverts the OS disk to the snapshot. View
Composer can refresh a linked clone in as little as half the time it takes to delete and recreate the clone.
Dedicated Desktop Pool each user is assigned to a desktop and each time user logs in he (she) obtains
access to the same destkop.
Floating Desktop Pool In a floating assignment pool, its the opposite. Each user receive different
desktops each time he (she) logs in. As simple as that.
You can see the option when start the assistant to create new Desktop Pool.
116
Pool settings assistant of creation of desktop pool.
3D renderer Virtual Shared Graphics Acceleration (vSGA) and Virtual Dedicated Graphics Acceleration (vDGA),
which are vSphere features that use physical graphics cards
installed on the ESXi hosts and manage the graphics processing unit (GPU) resources among the
virtual machines.
When you select the 3D Renderer hardware-based options, users can take advantage of 3D applications
for design, modeling, and multimedia, which typically require GPU hardware to perform well. The 3D Renderer
setting also offers a software option, which provides graphics enhancements that can support less demanding
applications such as Windows AERO, Microsoft Office, and Google Earth.
Requirements:
W7 or later
PCoIP as default display protocol and users arent allowed to change
for Hardware 3D: vSGA has to be on ESXi 5.1 or later with vCenter 5.1 and later (this will evolve for the
exam, imho).
vDGA single physical GPU on ESXi host on single VM. (GPU pass-through) and configure the
individual virtual machines to use dedicated PCI devices after the desktop pool is created in View.
You must install VIB corresponding to the graphic card youre using (from HCL only !!)
W7 has to be vmx8 and later, where W8 has to be vmx9 and later.
To configure the Hardware 3D rendering > Power Of esixting VMs > reconfigure through vCenter > check
> power On.
To configure the 3D renderer you can configure the amount of VRAM that is assigned to the virtual machines
in the pool by moving the slider in the Configure VRAM for 3D guests dialog box. The minimum VRAM size is
64MB. For virtual hardware version 9 virtual machines, the default VRAM size is 96MB, and you can configure a
maximum size of 512MB. For virtual hardware version 8 virtual machines, the default VRAM size is 64MB, and
you can configure a maximum size of 128MB.
117
Check Horizon View 6 setting up desktops PDF p. 117
When click the question mark next to the 3D renderer, youll get further explanation
118
When you change the Allow users to chose protocol from Yes to No, youll unlock the grayed out option
119
The different options bring different config options. For example the Software 3D renderer options allows you
to configure the amount of memory available to your VMs
120
When you click the question mark next to the 3D renderer, youll get a nice explanations.
So you can also change the settings on the virtual hardware, through vSphere Web client only when selecting
the Manage using vSphere client
121
So then you go to your VM and allocate directly the video memory there
122
Are same as in the Objective 3.1
Templates
You have to pick one of your templates (if you dont have one you can clone a VM to template). Note that
message saying that only supported OS can be selected. The latest version of View allows even server OS to be
selected
The resource settings options allow to pick host/cluster and then resource pool and datastore.
You can enable Storage Accelerator for a View desktop pool. A View Storage Accelerator is most useful for
shared disks that are read frequently, such as View Composer OS disks.
123
Guest customization settings
Concerning Guest customization, the options are:
Use this customization specification

None customization will be done manually
The customization of the OS is done through vSphere client and its vCenter relative.
There you can create customization files for Windows or Linux OS.
124
VCP6-DTM Objective 3.3 Configure Manual Pools
Todays objective is VCP6-DTM Objective 3.3 Configure Manual Pools. Manual pools can have any VMs with
View agent installed. Its not View generating new VMs, like the linked clones, but those VMs must be created
upfront and installation of Horizon View agent must be done on those systems in order to be able to manage
them through manual desktop pool. Note that you can even have physical hosts/desktops within manual pool.
Horizon View Agent is a separate component which exists in x32 or x64 versions or Linux version, so in your
manual pool you can add any of those types of machines. Also supported are Server VMs or Physical server OS
like 2008R2 or 2012R2.
You can have dedicated assignment of floating assignment in manual pools. Via dedicated assignments users
receive the same machines each time they log into the desktop pool, where in floating ones they simply pick
next available machine present in the pool. Lets get started.
Horizon View Knowledge
Determine and configure pool settings

Describe and configure desktop sources
Given a scenario, manually configure pool resources
Study Tools

VCP6-DTM Objective 3.3 Configure Manual Pools
Determine and configure pool settings

The pool type is radio button and once you configure the setting you cannot change the type of pool.
125
Also you cannot switch between dedicated assignments and floating asignments.
The size of manual pool can be increased by adding an un-managed machine to a manual pool. You have to
verify that the machine has horizon view agent.
The steps:
Go to the Horizon View admin dashboard > Catalog > Desktop Pools > Inventory TAB > Select
pool > Add button > Select VM to add
126
You can check the Settings for Manual desktop pool on page 79 of the PDF document Setting up Destkop and
Application Pools
Describe and configure desktop sources

As a desktop source you can have either vCenter VMs OR Other Soruces (this can be VMs managed on other ESXi
systems or physical hosts).
127
To use PCoIP with machines that are unmanaged virtual machines or physical computers, you must use Teradici
hardware.
The unmanaged machines must have their firewall configured.
Check that the VMware Horizon View Agent service is started on the unmanaged machine.
Note: If Windows Media Player is not installed, the View Agent installation program does not install the
multimedia redirection (MMR) feature. If you install Windows Media Player after installing View Agent, you can
install the MMR feature by running the View Agent installation program again and selecting the Repair option.
Given a scenario, manually configure pool resources

I imagine that here youll be given a scenario according to which youll be able to determine:
Which type of pool youll have to create

Which assignment you have to use
As this will be determined only during the exam itself were unable (as such) to propose any fictive scenario,
but perhaps persons which has passed the exam could help, avoiding giving all details, but perhaps some
guidelines what to expect here if thats not being said already above.
128
The whole VCP6-DTM exam has requirements which depends of your existing VMware certifications and if
theyre are still valid (VCP). If you dont hold VCP certification youll additionally need to pass the vSphere 6
Foundation exam (2V0-620) and attend one of the required VMware courses.
VCP6-DTM Objective 3.4 Build and Customize Desktop Images

This lesson will teach us some tweaks on optimization of desktop images. VCP6-DTM Objective 3.4 Build and
Customize Desktop Images. VMware has an excellent utility (recently updated to support Windows 10)
called VMware OS Optimization Utility. The tool can Analyze/Optimize locally, remote Analyze (not optimize).
Has optimization history and rollback. It also can manage templates for different OS (Windows 7, W8.x,
Windows Server 2008-2012).
More importantly there is also optimization history and rollback. It also can manage templates for different OS
(Windows 7, W8.x, Windows Server 2008-2012).
The exams documentation (right now) has also the Windows XP deployment guide. I suspect this to be removed
in future updates of the exam as Windows XP is no longer supported system by Microsoft. The latest version of
Horizon View already supports Windows 10 desktops. Well be updating the post when an available
documentation from VMware shows up.
VMware Knowledge
Perform OS optimizations
Perform installation of View Agent and VMware Tools
Configure virtual machine hardware
Create and manage snapshots
Create customization specifications
Tools

Windows XP Deployment Guide
VMware Horizon with View Optimization Guide for Windows 7 and Windows 8
129
Perform OS optimizations
The first question youll ask Why optimize? Less services are active per VM = Better performance !!
Additionally, a lot of tweaks can be done through the VMware OS
Optimizing virtual desktops

Increases virtual desktop performance
Increases virtual desktop density, boosting the number of virtual desktops that can be hosted per
vSphere server, thereby reducing infrastructure costs
Improves the desktop experience for end users
Reduces desktop support because of fewer end-user calls to address Optimizing RDSH servers
Increases hosted desktop and application performance
Reduces the amount of system resources that each RDSH server requires
Increases the number of RDSH servers that can be hosted virtually on Windows Server 2008 R2 or
Windows Server 2012 (RDSH server density)
130
Increases the number of users that can be supported per RDSH server
Improves the hosted desktop and application experience for end users
Reduces system support
For All options, how-to, check out the Windows Optimization Guide (PDF). THIS is a very good PDF with a lot of
details. Id say its a MUST-HAVE.
Perform installation of View Agent and VMware Tools
The order of installation of those two components is essential. They have to be done in the correct order:
Step1: Install VMware Tools and then install View agent.
Additionally, A VMware KB has more details concerning an issue with resizing if not there is a problem and
cannot resize the screen:
To ensure that a pool has all of the correct PCoIP functionality:
1. Install Horizon View in a supported virtual infrastructure.

2. Create a Windows XP, Windows Vista, or Windows 7 virtual machine.
3. Ensure that VMware Tools is installed, then install the View Agent.
Note: The order is important. If you install any of these applications in the incorrect order, or if you do not know
the order in which they were installed, uninstall both and reinstall in the correct order.
131
4. In View Manager, set up this desktop as an individual desktop and entitle it.
5. Ensure that you have the PCoIP desired settings for monitor and max resolution in the pool.
6. Log in and ensure that there is basic functionality.
7. If PCoIP or screen resizing is not working, log out of the desktop and use the Reset option from View
Manager.
Note: Do not reboot by clicking Shutdown > Restart in the virtual machine. PCoIP is dependent upon the
appropriate amount of video memory being allocated to the virtual machine. Because this is a virtual hardware
setting (that must be in place before the virtual machine starts up), it is applied as a change in the .vmx file.
If the virtual machine has already been started, it is essential that this virtual machine be restarted so that the
.vmx file is re-read and the changes are used. Using the Shutdown >Restart option inside the virtual machine
does not force the .vmx to be re-read, as this does not cold boot the machine (from the Virtual Center
perspective) to refresh the virtual hardware. Using the Shutdown > Restart option from either Virtual Center or
View Manager (which issues the command via Virtual Center) is the best way to make sure this file gets read
properly.
8. Log in and ensure that screen resizing works.

9. Release the IP lease.
10. Shut down the virtual machine.
11. Take a snapshot.
12. Remove the individual virtual machine assignment from View Manager.
Note: If you do not perform this step, the virtual machine does not appear as an available parent in the pool
creation process.
13. Create your pool.
132
Configure virtual machine hardware
Follow the VMware recommendation concerning the OS type, the amount of memory, disk size and type.
Remember to configure only what will be used. For example, If your company policy does not allow USB thumbs
here is the perfect example not to include the USB devices in the template already.
Create and manage snapshots

Once you created a master image you have to go to and create snapshot. This will save the point-in-time which
will have a specific VMware tools and View Agent version as well as all configurations and modifications you
have done. Make sure to name this snapshot and use the description field to note the optimization done to this
VM image!
This is a bad example -:)
Create customization specifications

This is pretty straightforward. Follow the assistant
133
Then the assistant starts and you have the different options which allows to configure all the different things, so
at the end the machine is for example domain joined with DHCP enabled. Simple and effective.
134
Customization specification check out this post Quickprep or Sysprep Whats the difference?
The whole VCP6-DTM Study page is here. Dont hesitate to ask question or to contribute with an addition! Were
hoping this guide will help for studying, and especially passing the exam !!!
VCP6-DTM Objective 3.5 Configure RDSH (Remote Desktop Session Host)

Application Pools
Todays post will be focused towards VMware VCP6-DTM (Desktop and Mobility) exam VCP6-DTM Objective
3.5 Configure RDSH (Remote Desktop Session Host) Application Pools. Previously called Microsoft Terminal
Services pool, now RDSH pool. Its one of the tree types of desktop pools that you can create in Horizon View.
RDS desktop pool is associated with the group of RDS hosts (also called a farm). Each RDS host is Windows
server having multiple RDS desktops. So one session to an RDS host opens a session on this host as a TS session.
The TS host can open dozens of sessions and its still the same machine (VM or physical). Compared to other
types of pools which have VMs (or physical systems) there is the only single session to the desktop.
VMware Knowledge:
Configure Remote Desktop Services (RDS) farms

Configure RDS desktop settings
Given a scenario, configure and edit application pool settings
Documentation Tools for this lesson:

Configure Remote Desktop Services (RDS) farms

First one limitation:
RDS desktops do not support persona management.
But:
RDS host can be VM and so you can use snapshots as base images. Your vCenter server can manage
those snapshots and the management is transparent.
You need to install RDHS role. This is different on 2008 R2 or 2012 R2 Windows systems. Check the
documentation for each system. Basically the activation of RDS its quite straightforward
135
Restrict each user to single session (its done by default in 2008R2 apparently)
Click Start > Administrative Tools > Remote Desktop Services > Remote Desktop Session Host > Configuration.
Edit Settings pane > General, double-click Restrict each user to a single session > Properties dialog box, on
the General tab, select Restrict each user to a single session and click
OK.
136
Next youll need to Install View Agent on RDSH host. Note as a requirement is that the OS has to be a 2008
R2 with SP1 installed. Otherwise, the View agent wont installs. During installation, the installer registers the
RDS host with this View Connection Server instance. After registration, the specified View Connection Server
instance, and any additional instances in the same View Connection Server group can communicate with the
RDS host.
Two authentication methods to chose from:
Authenticate as the currently logged in user The Username and Password text boxes are disabled and you are
logged in to the View Connection Server instance with your current username and password.
Specify administrator credentials You must provide the username and password of a View Connection Server
administrator in the Username and Password text boxes. The user account must be a domain user with access to
View LDAP on the View Connection Server instance. Not a local user does not work.
Configure RDS desktop settings

As you can see the View composer and Persona management is not available for this desktop pool
137
You have a possibility to control Adobe Flash quality and throttling
You can chose new RDS farm or select rds farm from desktop pool
138
and then you have the identification and settings
139
select rdsh hosts (I have only one, but here is the reason to have a farm of hosts)
140
Recap page
Add RDSH applications.

Simple, go to the Catalog > Application pools > Add
141
And then add application from the apps installed on the RDSH farm. Note that if you want to add your own
application you have to do the proper installation in the TS environment (and the app has to be capable of
running in TS environment as well).
and then you find those apps on the connection screen.
Given a scenario, configure and edit application pool settings

Here it depends of whats asked. A scenario type question is usually asking for type of desktop pool. You might
want to check the other types of destkop pools we have already covered in our guide:
Configure Automated Pools using linked clones

142
Configure Manual Pools
VCP6-DTM Objective 4.1 Troubleshoot Desktop Imaging Issues

Another Objective today towards VCP6-Desktop and Mobility exam. VCP6-DTM Objective 4.1 Troubleshoot
Desktop Imaging Issues is todays post. Post after post were getting closer. Learning through PDFs, through
a live system in the lab, all this help to create the content which I hope will help folks to pass this VMware VCP6
Desktop and mobility exam.
Im coming from data center background and I always had the feeling that desktop exam shall be some kind of
. easier. But believe me, were about 3/4 through the exams topics and this is certainly not the case. Its not
easy exam because there is simply a lot to remember. But lets move on. After this topic is finished there will
be only six left.
Knowledge
Troubleshoot problems with Quickprep/Sysprep

Determine appropriate systems needed to remedy template issues
Given a scenario, remedy end user access issues
Tools

Windows XP Deployment Guide
Troubleshoot problems with Quickprep/Sysprep

In another Objective, we covered whats the difference between Quickprep and sysprep.
A few common causes exist for QuickPrep script failures:
The script times out

The script path refers to a script that requires an interpreter
The account under which the script runs does not have sufficient permission to execute a script task
Check the Quickpreps logs there is a customization scripts log in Windows temp directory:
C:\Windows\Temp\vmware-viewcomposer-ga-new.log
VMware Horizon View Administration p.187 Collect Diagnostic Information for View Composer Using the
Support Script
143
Quickprep Process Privileges For security reasons, certain Windows operating system privileges are removed
from the View Composer Guest Agent process that invokes QuickPrep customization scripts. A QuickPrep
customization script cannot perform any action that requires a privilege that is removed from the View
Composer Guest Agent process.
The following privileges are removed from the process that invokes QuickPrep scripts:
SeCreateTokenPrivilege
SeTakeOwnershipPrivilege
SeSecurityPrivilege
SeSystemEnvironmentPrivilege
SeLoadDriverPrivilege
SeSystemtimePrivilege
SeUndockPrivilege
SeManageVolumePrivilege
SeLockMemoryPrivilege
SeIncreaseBasePriorityPrivilege
SeCreatePermanentPrivilege
SeDebugPrivilege
SeAuditPrivilege
Check the time limit Sometimes it helps to solve the problem by increasing the time limit for the script and run
it again. Check if the scripts path is valid.
Example from VMware docs:
If you specify the path C:\script\myvb.vbs as a QuickPrep customization script, View Composer Agent cannot
execute the script. You must specify a path that starts with the interpreter binary path:
C:\windows\system32\cscript.exe c:\script\myvb.vbs
Check the accounts permission quickprep runs its script under an account that Composer guest agent server
service is configured to run. By default, its Local System. You should not change this account to something else
otherwise the script wont work
144
Determine appropriate systems needed to remedy template issues
ThinApp templates can create problems sometimes if for example they are assigned already to another machine
or desktop pool with a different installation type. In this case, youll have to:
Create a new template that does not contain the application or edit the existing template and remove
the application. Assign the new or modified template to the machine or desktop pool.
To change the installation type of a ThinApp application, you must remove the existing application
assignment from the machine or desktop pool. After the ThinApp application is uninstalled, you can
assign it to the machine or desktop pool with a different installation type.
Given a scenario, remedy end user access issues

Here I have no idea on whats could be the exams situation. Perhaps (certainly) a scenario question with drag-
and-drop reply type answer? Who knows.
Dont forget also about Events which logs any actions taken on Horizon View. We have configured Events DB
in Objective 2.2. View reports events whenever the state of the system changes or it encounters a problem. You
can use the information in the event messages to take the appropriate action.
145
Here I can invite you to revisit the documentation concerning the different access types and protocols:
PCoIP
RDP
HTML (Blast)
Moving forward VMware develops more and more Blast protocol. Recently announced Blast Extreme
has to get so far that PCoIP gets behind (as proprietary ). Blast extreme is optimized for mobile. All
existing Horizon View remote features work with Blast extreme and latest horizon 4 clients. Blast
extreme has lower requirements on bandwidth.
Blast extreme is optimized for NVIDIA GRID allowing very good graphics even on lower cost PCs
allowing better frame rate, higher server scalability, reduced latency or better bandwidth optimization.
Allows up to 4K resolution !!!
Supports NVIDIA GRID K1, K2, M6 and M60 graphics cards

H.264 encoder option on NVIDIA GRID GPUs to lower CPU consumption and increase scalability
VCP6-DTM Objective 4.2 Troubleshoot Account and Permissions

Today well get into another topic and details concerning VMware certification exam VCP6-Desktop and
mobility. Its a VCP6-DTM Objective 4.2 Troubleshoot Account and Permissions. All Objectives based on the
original exam blueprint are covered on the VCP6-DTM Study Page. Its work in progress, but were getting
close.
Todays topic covers accounts, permissions, groups Even if VMware Horizon 7 is out, this might not be a topic
which will change on the exam as AD entitlements, groups, permissions and those topics usually stays the
same
146
VMware Knowledge:
Troubleshoot issues with user accounts

Remedy entitlement issues
Given a scenario identify and remedy permission issues
Study Tools from the blueprint:

Troubleshoot issues with user accounts

User accounts has to be created in Active Directory (AD) for the users who have access to remote desktops and
applications. The user accounts must be members of the Remote Desktop Users group, but the accounts do not
require View administrator privileges.
User accounts for vCenter server and View composer has to be created. View Composer user for AD operations
allows View Composer to perform certain operations in Active Directory. Check the details in VCP6-DTM
Objective 1.5 Prepare Environment for Horizon (with View)
Further updates: http://kb.vmware.com/selfservice/microsites/microsite.do
Remedy entitlement issues

You can entitle users to desktop pool or to application pool. You can check current entitlements via admin
menu via Users and Groups > Entitlements
147
You can display informations about users via vdmadmin command too.
Syntax:
vdmadmin -U [-b authentication_arguments] -u domain\user [-w | -n] [-xml]
148
You can:
Details from Active Directory about the users account. Membership of Active Directory groups.
Machine entitlements including the machine ID, display name, description, folder, and whether
a machine has been disabled.
ThinApp assignments.
Administrator roles including the administrative rights of a user and the folders in which they
have those rights.
You can go further with -help .
149
Given a scenario identify and remedy permission issues
Create a Permission which includes specific administrator user or group To manage permissions in View, go
to the Administrators and groups tab where you can select administrator or user > add/remove permission >
select role > Finish. If the role applies to access groups, click Next, select one or more access groups, and
click Finish. A role must contain at least one objectspecific privilege to apply to an access group.
Create a permission that includes a specific role Roles tab > select role > click Permissions > add permission.
Click Add, select one or more search criteria, and click Find to find administrator users or groups that match your
search criteria. Select an administrator user or group to include in the permission and click OK. You can press the
Ctrl and Shift keys to select multiple users and groups.
If the role does not apply to access groups, click Finish.
If the role applies to access groups, click Next, select one or more access groups, and click Finish. A role must
contain at least one objectspecific privilege to apply to an access group.
150
Create a permission that includes a specific access group On the Access Groups tab, select the access group
and click Add Permission.
Click Add, select one or more search criteria, and click Find to find administrator users or groups that match your
search criteria.
Select an administrator user or group to include in the permission and click OK. You can press the Ctrl and Shift
keys to select multiple users and groups.
Click Next, select a role, and click Finish. A role must contain at least one object-specific privilege to apply to an
access group.
Depending of the scenario, youll have verify that this or that user has the right privilege, role or is part of the
specific access group. Within the same UI you can also delete permissions. A permission that includes a specific
administrator user or group, a specific role, or a specific access group.
To Review Permissions
Review the permissions that include a specific administrator or group Select the administrator or
group on the Administrators and Groups tab.
Review the permissions that include a specific role Select the role on the Roles tab and
click Permissions.
Review the permissions that include a specific access group Select the folder on the Access Groups
tab.
151
To Review Desktop Pools, App pools, frams in an access group
Desktop Pools Select Catalog > Desktop Pools.

Application Pools Select Catalog > Application Pools.
Farms Select Resources > Farms.
The Study Guide page for VCP6-DTM can be found here. The guide is no mean to be a
complete, but its here as a help for studying. Feel free to send me your feedback or opinion -:).
VCP6-DTM Objective 4.3 Troubleshoot connectivity between Horizon (with

View) components
VMware Desktop and Mobility certification exam continue today with a new topic. VCP6-DTM Objective 4.3
Troubleshoot connectivity between Horizon (with View) components. All exam topics can be found on VCP6-
DTM Study Guide page on this blog.
Difficult to do a post on troubleshooting when having a lab deployment only and not a large scale production
environment with more remote sites etc. But will try. Lets get started. The idea is to know what to
troubleshoot, from where to start and where to go. The help can be found in below PDFs, but there are also
some VMware KB articles which will be mentioned below the post. Feel free to add a comment if you found an
error or wrong statement. Im only a human too, and everyone does make errors.
VMware Knowledge for todays topic:
Troubleshoot Horizon View client connectivity issues

Troubleshoot Horizon View client protocol connectivity issues
Troubleshoot desktop connectivity issues
Generate and analyze log bundles
Documentation Tools:

Troubleshoot Horizon View client connectivity issues
There are different parts where you can encounter connectivity problems. The problem can be situated on any
of the parts of the infrastructure so its important to test against several places. it can be wrong internet settings
on the client PC, Issue with a DNS or a whole branch failure.
Issues with DNS can be one of those and its usually good to start with this. Check the resolution of DNS from a
virtual desktop. Open command prompt and type:
Start > run > type cmd > click OK > type nslookup IP_of_your_connection_server
152
Make sure that:
The DNS name matches the DNS name configured on the connection server
The port 4001 is opened (do a telnet IP_of_your_connection_server 4001 command)
If youre getting errors, you might have a firewall enabled or antivirus active on the virtual desktop, connection
server or on the part of the network between those two points.
Client Server Connectivity problems:
Wrong Internet settings on the client computer try the RDP client and if you cant connect, try
browser http, https. If you cant reach the login page, then do a general troubleshooting of the clients
connection. Eventually reset completely the connection, and (or) use ipconfig /release (/renew)
commands to refresh the DHCP stack.
Impossible to resolve DNS of the connection server when youre trying to connect and you have a
connection screen but an error after entering your credentials, then the problem might be in the DNS
settings of the client. The error is that the client or proxy server is unable to resolve the DNS name of
the connection server. When the client successfully authenticates to the connection server, the server
directs the client to open a secure connection, If it cannot be resolved by the IP address of the broker
computer, the secure connection setup fails. If the browser is configured with an HTTP proxy Web
access, the proxy server has to resolve the fully qualified domain name (FQDN). Configure the VDM
server to report its externally visible DNS name or IP address in the external URL setting.
Branch Failure if the client has an error in the connection (connection failed) or a secure connection
to the VDM server cannot be established.
There is another possibility of failure. The connection problem can be between the Connection server and the
VDI desktop.
Server Desktop communication problems:
In order to have a communication between the connection server and VDI desktop you should check
the following:
153
Connection server and security server has to be able to connect via RDP to the VDI desktop via the last
reported IP address and through port 3389. If there is a security server deployed, within a DMZ,
exception rules must be created in the inner firewall to allow RDP connectivity between the security
server and all desktop virtual machines. If you bypass the secure connection, the client must establish a
direct RDP communication to the desktop virtual machine over RDP (port 3389).
Security server can establish a JMS communication with its connection server
If secure connections are bypassed, verify that the firewall rules allow a client to establish either a direct RDP
connection to the desktop virtual machine on TCP port 3389, or a direct PCoIP connection to the desktop virtual
machine on TCP port 4172 and UDP port 4172.
Verify that exception rules are configured in the inner firewall to allow connections between each Security
Server and its associated View Connection Server host on TCP port 4001 (JMS) and TCP port 8009 (AJP13).
Troubleshoot Horizon View client protocol connectivity issues

Make sure that the ports on the firewall for the security server or View connection server:
Port Description
TCP 4172 From View Client to the security server or View Connection Server host.
UDP 4172 Between View client and the security server or View Connection Server host, in both directions.
TCP 4172 From the security server or View Connection Server host to the View desktop.
UDP 4172 Between the security server or View Connection Server host and the View desktop, in both directions.
UDP 50002 / PCoIP also uses UDP port 50002 from Horizon Client (or UDP port 55000 from the PCoIP Secure
55000 Gateway) to port 4172 of the remote desktop or application.
Troubleshoot desktop connectivity issues

The connectivity problems between a desktop and a View Connection Server instance can occur for different
reasons:
Lookup failure on the desktop for the DNS name of the View Connection Server host.
The ports for JMS, RDP, or AJP13 communication being blocked by firewall rules.
The failure of the JMS router on the View Connection Server host.
resolution: try nslookup: nslookup IP_of_your_connection_server
154
Generate and analyze log bundles
There is a support tool, in View, which allows you to set logging levels and generate log files for View Connection
Server. The support tool is not intended to collect diagnostic information for Horizon Client or View Agent. You
must instead use the support script.
The steps:
login to View connection server and go to Start > All programs > VMware > Set View Connection Server Log
Levels.
Then, in the command line window, enter the level you wish:
155
0 Resets the logging level to the default value.
1 Selects a normal level of logging.
2 Selects a debug level of logging (default).
3 Selects full logging.
The system will starts recording log information with the level of detail that you have selected.
After collecting enough informations you can create a log bundle:
Start > All Programs > VMware > Generate View Connection Server Log Bundle.
A new file will be created (on the desktop of the View connection Server) in a folder called vdm-sdct
To collect logs for View Agent, Horizon Client or View connection server from the console
You can use the support scripts to generate log files for View Connection Server, Horizon Client, or remote
desktops that are running View Agent. You must have direct access to the console.
Step 1 open command prompt and do a CD to a directory of your choice depending on which logs you want to
collect.
Step 2 for different components you need to CD to different directory as below:
View Agent Change to the C:\Program Files\VMware View\Agent\DCT directory.

Horizon Client Change to the C:\Program Files\VMware View\Client\DCT directory.
View Connection Server Change to the C:\Program Files\VMware View\Server\DCT directory.
Step 3 type a command to run the support script
.\support.bat [loglevels]
Where different log levels are proposed:
0 Resets the logging level to the default value.

1 Selects a normal level of logging.
2 Selects a debug level of logging (default).
156
3 Selects full logging.
4 Selects informational logging for PCoIP (View Agent and Horizon Client only).
5 Selects debug logging for PCoIP (View Agent and Horizon Client only).
6 Selects informational logging for virtual channels (View Agent and Horizon Client only).
7 Selects debug logging for virtual channels (View Agent and Horizon Client only).
8 Selects trace logging for virtual channels (View Agent and Horizon Client only).
The script writes the zipped log files to the folder vdm-sdct on the desktop.
A View Composer guest agent logs are in the C:\Program Files\Common Files\VMware\View Composer Guest
Agent svi-ga-support directory.
Further Troubleshooting via VMware KB:
https://kb.vmware.com/kb/2127396
VCP6-DTM Objective 4.4 Troubleshoot PCoIP Configuration

Todays objective will give you some details where well monitor PCoIP sessions, see where to troubleshoot
network packet loss, optimize performance etc.. VCP6-DTM Objective 4.4 Troubleshoot PCoIP Configuration is
todays topic.
Note that you can find all the VMware Certification Exam topics at our VCP6-DTM Study Guide page.
VMware Knowledge
Monitor PCoIP session statistics

Troubleshoot network packet loss and performance issues
Optimize visual settings
Tools

PCoIP Network Optimization Guide
157
Monitor PCoIP session statistics
There is over 30 PCoIP sessions statistics which can be monitored. You can use those to not only monitor but
also get trends or troubleshoot clients connections. These PCoIP counters give per-session feedback on
PCoIP protocol performance. When users report a problem or they experience high latency, admins can have a
look at these statistics. You have to run the perf monitoring from the Windows desktop. Its possible to import
the data into any standard WMI based tool (Windows Management Instrumentation) and then analyse whats
happening.
One of the tools that are present on Windows desktops is Windows performance monitor. Its Microsofts built-
in tool, but not really scalable. There are 5 major categories:
PCoIP Session General Statistics

PCoIP Session Imaging Statistics
PCoIP Session Network Statistics
PCoIP Session USB Statistics
PCoIP Session Audio Statistics
158
FYI, there are two ADM files concerning PCoIP. We have detailed how to import adm files inVCP6-DTM Objective
2.3 Configure PCoIP/RDP Protocol Settings. Those files are:
pcoip.adm View PCoIP Session Variables. Contains policy settings related to the PCoIP display
protocol. View PCoIP Client Session Variables.
pcoip.client.adm Contains policy settings related to the PCoIP display protocol that affects Horizon
Client for Windows.
Ex. of default protocol settings
159
Troubleshoot network packet loss and performance issues
PCoIP traffic is a real-time delivery of a rich user desktop experience, packet loss should be minimized wherever
possible. PCoIP is sensitive to delays in packet delivery and packet loss caused by congestion-avoidance
mechanisms.
Potential sources:
Network congestion triggering congestion avoidance algorithms. While this is expected behavior when
congestion avoidance policies are configured, excessive packet loss due to congestion is an indication
that additional optimization is required to increase the bandwidth available or to reduce PCoIP traffic.
PCoIP packets that arrive with a high latency due to network congestion may be considered as lost
packets by VMware View.
PCoIP packets that arrive sufficiently out of order may be considered as lost packets by VMware View.
Be sure to minimize packet reordering in the network.
Note: If network logs show no packet loss, but VMware View or PCoIP zero client logs show packet loss,
this indicates that packets with high latency, or sufficiently out-of-order packets, are being considered as lost.
Check logs:
They are located in the virtual desktop at c:\Documents and Settings\All Users\Application
Data\VMware\VDM\logs.
In Windows 7 the path has changed to c:\program data\application data\VMware\VDM\logs.
pcoip_server.txt Transactions concerning encoding, virtual channels, image management, bandwidth..

pcoip_agent.txt Client side transactions, such as connectivity, handshake etc.
160
Optimize visual settings
The visual settings on Windows desktops can be found in different VMware PDFs depending which desktop OS
systems youre going to optimize. Horizon View supports W7, W8.x, W10, Windows Server 2008, 2012 as
desktop systems.. So each system has different optimizations, as you know.
You may want to use a cool utility allowing to optimize all (or part of ) settings in once. The tool is
called VMware OS Optimization tool The tool has been newly updated. Its fast utility which can optimize
different settings which slowing down the VDI desktops when using default settings only. Many services, registry
settings, scheduled tasks etc.
The latest release has updated templates for Windows 7/8/10/Server 20089-2012 based on VMwares OS
Optimization Guide, New templates for Windows 2008/2012 RDSH servers for use as a desktop, Single portal
EXE design for ease of deployment and distribution, Combination of Remote and Local tools into one tool, Better
template management, with built-in and user-definable templates, Results report export feature. Various bug
fixes, usability enhancements, and GUI layout updates. Get your copy of VMware Os Optimization utility here.
I highly recommend going through the 3rd pdf listed PCoIP Network Optimization Guide. It has further
scenarios when it comes to optimizations, but also, basic network bandwidth planning for basic Office
productivity desktops.
Quick quote from the document:
When you consider your network bandwidth, plan with the following estimates:
100 to 150Kbps average bandwidth for a basic office productivity desktop: typical office applications
with no video, no 3D graphics, and the default Windows and VMware View settings
50 to 100Kbps average bandwidth for an optimized office productivity desktop: typical office applications
with no video, no 3D graphics, with Windows desktop settings optimized and VMware View optimized
400 to 600Kbps average bandwidth for virtual desktops utilizing multiple monitors, 3D, Aero, and Office
2010
500Kbps to 1Mbps minimum peak bandwidth to provide headroom for bursts of display changes. In
general, size your network using the average bandwidth, but consider peak bandwidth to accommodate
bursts of imaging traffic associated with large screen changes.
The document has also examples which calculate how many users you can have with the basic office desktops
on 1.5Mbps T1 line. I highly recommend going through the document before the exam.
161
VCP6-DTM Objective 5.1 Install and Configure VMware Mirage
Components
VCP6-DTM Certification exam from VMware continues with todays VCP6-DTM Objective 5.1 Install and
Configure VMware Mirage Components. VMware Mirage is fairly new product, which comes from Wanova
acquisition back from 2012. Wanova itself was founded in 2008. I tested already the program in the lab, back in
2012. But since then the product has evolved. Mirage allows to mass protect your enterprise endpoints and
create layers depending on which hardware youre running each group or hardware or users (you can create
different application layers for different groups of users, but also other layers which will have specific sets of
drivers depending of the hardware youre administering in your company.
Some of the capabilities allows for example a possibility to remote restore a changes to an endpoint after this
has been infected with a virus which has done some damages to a system or filesystem. Today well have a look
on whats the requirements and whats the steps to install this product (a several products in one, actually). The
different components has to be installed on different parts of the infrastructure which needs to meet the system
requirements. Well have a look into details on that.
VMware Mirage Knowledge
Identify firewall requirements for VMware Mirage

Install VMware Mirage Management server and console
Install VMware Mirage Web Manager
Install VMware Mirage server
Install VMware Mirage Gateway server
Install and configure file portal
Branch Reflector
Role-based delegations
Driver library and profiles
SSL
User State Migration Tool (USMT)
Storage volumes
Tools
VMware Mirage Administration Guide

VMware Mirage Installation Guide
VMware Mirage Web Manager Guide
Image Management for View Desktops using VMware Mirage
VMware Mirage Management console
162
Note that this post is not a detailed guide on how to install Mirrage as the individual chapters on the blueprint
are NOT in order. In case you want to do the simple lab setup Id avice to follow the VMware reviewers guide
PDF.
For example, its obvious that you must first install the Mirage server before installing the web manager portal.
Identify firewall requirements for VMware Mirage
VMware Mirage gateway server (delivered as an OVA) when used, is placed in a DMZ. The firewall configuration
needs to allow those three ports.
Mirage Gateway default tcp 8000

Management default tcp 8080
SSH default tcp 22
Install VMware Mirage Management server and console

Mirage supports SAN, NAS, or local storage.
Mirage has different components and servers, including Management console or web based portal:
Mirage server controls Mirage operations and objects, manages destkop images (VCDs), layers, and app.
layers.
Mirage Management server used for managing Mirage servers. (in case you have more than one, installed in
a cluster). Its also an interface between the DB and the Mirage server
Mirage Console The Management UI. The admin can manage the solution. Its a separate MSI. (a Snap-in).
Allows using built-in wizards for DR, assigning base layer, capturing base layer, Windows OS migration,
centralizing endpoints
Database for Mirage Mirage server needs SQL db. (local or remote).
The there is file portal and driver library, components which can reside on the Mirage server or on another
server in the domain. And finally the Mirage client which is installed on each endpoint.
System requirements: 2008r2 or higher.
Required AD groups and users:
create a local sec. AD group: l-mirageadmins (members: DOMAIN\mirage)
create a global AD sec. group: g-mirageadmins (members: DOMAIN\mirage; DOMAIN\l-mirageadmins)
create AD user: mirage
To the mirage management server Add the DOMAIN\g-mirageadmins to the local administartors group on the
server
163
Required components (before install of Mirage management server):
Install Microsoft .NET 3.5 Framework SP1 on > Control Panel > Turn Windows features on or off > Server
Manager > Features > Add feature > Select .NET Framework 3.5.1 feature
Select Add Required Role Services > Add features Wizard > Select Features > Click NEXT > Add features
Wizard Web Server (IIS) > Click NEXT > Add features Wizard > Select Role Services
Select Web Server Common HTTP features > Select Application Development ASP .NET > Select
Add Required Role Services > Select all options under Management Tools
Click NEXT > Add features Wizard > Confirm Installation Selections > Click INSTALL > Add features
Wizard > Wait for install to finish > Verify Installation results > Click CLOSE
Now log out and log in back as DOMAIN\mirage user (IMPORTANT) to:
Install SQLExpress
Install Mirage Management Server
Install SQL database management system (MS SQL Server 2008 R2; Standard, Express, or Enterprise 64-bits)
I just use the lab, so SQLExpress is the way to go for lab scenario(Supports up to 5000 mirage users). And its
actually a first step to create a Mirage database instance in the SQL database management system. So first
download SQLExpress (download from this link) and Launch SQLEXPRWT_x64_ENU.exe You can also check
my free tools page where you can find SQL server management studio direct links.
164
You can accept the defaults during the installation. Setup the SQL Server Browser windows service
to Automatic. (After installation this service is disabled and stopped).
Feature Selection > Select All features > Shared feature directory: c:\Program Files\Microsoft SQL
Server\ > Shared feature directory (x86): c:\Program Files (x86)\Microsoft SQL Server\ Click NEXT
Instance Configuration > Named instance: SQLEXPRESS > Instance ID: SQLEXPRESS > Instance root
directory: c:\Program Files\Microsoft SQL Server\ > Click NEXT
165
Server Configuration > Service Accounts: SQL Server Database Engine:
Account Name: NT AUTHORITY\NETWORK SERVICE

Startup Type: Automatic
SQL Server Browser:
Account Name: NT AUTHORITY\LOCAL SERVICE
Startup Type: Automatic
166
Database Engine Configuration
Authentication Mode: Windows authentication mode
Specify SQL Server Administrators
Add LAB\l-mirageadmins
Add current user > Click NEXT > Error Reporting > Click NEXT > Installation Process > Wait for install to finish
> Complete > Click CLOSE
Installation of Mirage Management Server Add firewall exception an inbound rule to enable the
communication of Mirage server with Mirage clients. To open port number 8000 and 8080. Launch the installer
and accept the defaults (if you follow this guide, of course).
167
Use mirage as the AD account for the Mirage service account that will access the storage and the database.
168
And then the assistant lets you to continue.
You just follow the assistant and you shouldnt have any surprises.
169
Install the Management console next. For a production environment, the best practice is to use a Windows
server solely for the Mirage Console or together with Web Manager.
Double-click the Mirage Console icon on the desktop. In the Mirage Console window, right-click VMware Mirage
in the root directory and select Add System. Enter the IP address or host name of the Mirage Management
server.
Youll be asked for a license. Make sure that you do have a trial on hand or if youre VMware partner you might
have an NFR.
If the Mirage Console and the Mirage Management server are on the same computer, use localhost. In the
Mirage Console, the status of the Mirage
Management server is Down until you install the server. The status then changes to Up.
170
Install VMware Mirage Web Manager
mirage.WebManagement.x64.05294.msi in our case is the installer.
The default HTTP port is 7080, and the default HTTPS port is 7443.
https://your_mirage_server:7443/VMwareMirage
Nice -:)
171
Install VMware Mirage server
Mirage server installation will need you to setup certificate. (if you want to use SSL). Install the server certificate
and private key in the Windows Certificate
Store. Restart each VMware Mirage server service. Configure the transport settings in the Mirage server options.
Enter the credentials for the Mirage services account that will access the storage and database. If you did not set
up a dedicated Mirage services account, enter Local System account.
Youll need to reboot after the end of the installation.
Install VMware Mirage Gateway server

The mirage gateway server is Linux OVA. Its a SLES 11 SP3 linux VM.
172
Install and configure file portal
Before installing the file portal you must Add IIS role with following components:
Common HTTP Features
Static Content
Default Document
Directory Browsing
HTTP Errors
HTTP Redirection
Application Development
ASP.NET
.NET Extensibility
ISAPI Extensions
ISAPI Filters
Health And Diagnostics
There are no required items for this role service.
Security
Request Filtering
After IIS installed, you can start the VMware installer (mirage.WebAccess.x64.05294.msi in our case).
The components are quite lightweight They are two of them
Web Access Gives end users access to their files stored in historical endpoint snapshots. IT determines which
files are uploaded to the
data center.
Admin Web Access Gives administrative access to all end-user endpoint snapshots.
173
The wizards asks for a server location. In our case its the same machine.
When installation finished, you will need to enable directory browsing before trying to connect to the portal
174
You should end with a portal running like this.
http://server:6080/Explorer for users
http://server:6080/AdminExplorer for admins
175
Branch Reflector The branch reflector allows to download files from VMware mirage main siteonly once. The
branch reflector downloads base layer images, app layers, driver files, and USMT files from the VMware Mirage
server and makes them available for transfer to other VMware Mirage clients in the site. Only files that reside on
the branch reflector machines disk are transferred and files are not requested from the VMware Mirage server
at all
To activate:
1. In the Mirage Management console tree, expand the Inventory node and select Assigned Devices.
2. Right-click an endpoint device and select Branch Reflector > Enable Branch Reflector.
Default values (modifiable) apply to the Maximum Connections, Cache Size, and Additional Networks
parameters for newly created branch reflectors.
You can use Reject (or accept) peer clients setting for branch reflector. This allows, in case the branch reflector
client performs slowly or using excessive bandwidth, to stop provide this service to its peer clients. In the
Mirage Management console tree, right-click System Configuration, select Settings, and click the Branch
Reflectors tab. Then Right-click the branch reflector device and reject or accept the peer clients.
176
Role-based delegations role-based access control (RBAC) to define which users can perform which operations
in the system. You can grant a role to one or more Active Directory (AD) groups. The Mirage server identifies
users by AD group membership and automatically assigns them roles in the Mirage system. See the
exact System Actions for which Role-Based Access can be Defined for a User at page 169 of the Mirage
administrators guide.
Driver library and profiles You use the driver library to manage hardware-specific drivers in a separate
repository, organized by hardware families. You add drivers with an import wizard and view them in the driver
librarys console. You can configure the system to add the necessary driver library to the relevant endpoints
based on matching rules between the library and the endpoint configuration.
The Mirage system can have multiple driver folders, multiple driver profiles, and many endpoints. A driver
profile can contain drivers from multiple driver folders and multiple driver profiles can use a driver folder. You
can apply a driver profile to one, many, or no endpoints.
Create driver folders: In the Mirage Management console tree, expand the Driver Library node > Right-
click Folders or any driver folder and select Add folder > Type a folder name and click OK. Those folders can be
organized, renamed, removed or you can add drivers to the folder.
177
To import drivers into a drivers folder, do a right click on the folder > Import drivers. As a requirement you must
verify that:
Mirage Management server has access to the UNC path where the drivers are stored.
Drivers were extracted from an archive (zip, rar etc..)
Driver profiles are used to select the driver folders to publish to a particular hardware model or set. Driver
profile rules check if a driver applies to a particular hardware, and can select one or more matching driver
profiles for a device.
Once rules created they function automatically. If devices that meet these criteria already exist in the Mirage
system, you must start a driver profile update on those systems.
178
SSL After you install the SSL Server certificate, you configure the Mirage server maximum CVD connections
and transport settings. Expand System configuration > Select servers >right click server > Configure.
Certificate Subject Typically the FQDN of the Mirage server.

Certificate Issuer Usually a known entity like VeriSign. Leave this blank if only one certificate is on this server.
179
User State Migration Tool (USMT) The migration installs a Windows 7 or Windows 8.1 base layer on each
target endpoint while preserving user profile data and settings through the Microsoft User State Migration Tool
(USMT v4.0, USMT v5.0 for Windows XP to Windows 7 migration, and USMT v6.3 for Windows 7 to Windows 8.1
migration). USMT (user state migration tool) which is present on the Microsofts WAIK (1.9Gb).
The migration moves existing content of a target endpoint to the C:\Windows.Old directory, which is
then processed by USMT. Application settings and data that are not handled by USMT are kept in
the C:\Windows.Old directory. You can manually restore this data, or delete it when you do not need it.
If encryption used the you must reconfigure to and un-encrypt before migration.
Youll need to extract the USMT. The USMT has to be imported into the Mirage Server through the Mirage MMC
Console. Select and right click the System Configuration > Settings > USMT TAB. From there, you can seek the
USMT folder, for the import.
180
Once done, the Windows 7 reference machine has to be checked as a reference machine. If youre migrating
to Windows 8.1 or Windows 10 youll have to create a Windows 8.1 or Windows 10 reference machines
accordingly.
To to that, right click the Mirage system tray icon (inside of the Windows 7 VM) and select Tools > Check
Reference Machine. Youll basically validate that the VM is able to have the Windows 7 migration Base Layer
captured.
If the check pass, then right click the Mirage system tray icon and select Tools > Windows 7 Migration
Setup. The OS will get prepared for use as a W7 Migration Layer.
Next Step: In the Mirage MMC, Select the Reference CDV > select the desired CDV and click Capture Layer.
181
The process takes some time, and should finish with this result
Storage volumes Mirage provides multiple storage volume support to help manage volume congestion. Each
storage volume can contain base layers, app layers, and CVDs. CVDs are assigned to a storage volume when they
are created. The storage volumes must be shared by the servers where Network-attached storage (NAS)
permissions must be in place.
You can view certain information about each storage volume, such as volume state, location,
description, metrics, and status. You can check the Storage volume parameters in the VMware Mirage
administrators guide (p.64). By right clicking you also have options like unmount,remove volumes etc
Block volume option (through the right click too) allows to stop populating it with new CVDs if you see that it
reaches its capacity. However, You cannot move a CVD or a base layer to a blocked volume. You can move a
CVD or a base layer from a blocked volume.
Again, you can also unblock a volume. In this case the volume can, again, accept new CVDs and base layers and
existing data can be updated.
182
Increase the storage capacity by adding additional storage volumes to the Mirage Management
console. Click System Configuration > Volumes to add storage volumes.
You can move CVDs to or from storage volume.
You can configure Mirage system settings for storage volume thresholds and alerts to enable you to
trigger events in the events log > System Configuration and select Settings.
VCP6-DTM Objective 5.2 Manage Layers
Today well treat a VCP6-DTM Objective 5.2 Manage Layers. In our previous post which was quite long we
have seen Mirage with its many settings and components to put in place. Its quite a big piece of software. This
gives an additional value to the VMware Desktop computing VCP level exam. There is more material to study
before being able to say yes, Im ready for the examSo today well have a look at the layers management in
Mirage.
Knowledge
Capture and update the App and Base layers

Assign Base and App layers
Given a scenario, determine the appropriate layer configuration to meet the customer requirements
Tools

183
Capture and update the App and Base layers
The layer management life cycle involves layer capture from a reference machine, layer assignment
to endpoints, and CVD synchronization. Mirage divides the desktop image into logical layers. IT has the option of
creating and managing standardized layers that are stored in the data center and applied to user endpoints.
To perform a base layer or app layer capture from the reference machine using the Mirage Management
console. Mirage collects the data from the reference machine to create the layer, which is
generalized for mass deployment.
Step 1. Create a reference CVD or a collection > Install Mirage client on an endpoint which will be used as
a reference machine > In mirage console click on Pending devices > Create a new Reference CVD
184
Select base layer > Follow the assistant until the end.
Once you have the reference machine you can create a base layer. You can see the reference machine in the
Reference CVDs
185
Step 2. Capture the Base Layer from the Reference CVD You can have multiple base layers for different sets
of users. Base layers are hardware independent.
Click Common Wizards, and in the right pane, click Capture Base Layer.
Select the reference CVD you created previously and click Next. The Capture Base Layer page appears.
186
Put some meaningful name for your new layer and description. click next to see if any compatibility issues exists
> click next for recap > Finish
Done, you just created a base layer.
For application layers. You must capture app layers separately for Windows XP, Windows 7 32-bit, and Windows
7 64-bit. An app layer captured on Windows XP cannot be deployed on a
Windows 7 (32-bit or 64-bit) machine, and the reverse. An app layer captured on Windows 7 32-bit cannot be
deployed to Windows 7 64-bit, and the reverse.
After you complete the prerequisite steps of preparing a virtual machine, capture an app layer from it. Use the
wizard from the wizards dashboard Capture app layer.
187
You can go to the Task monitoring menu to follow the progression.
The app layer invites you to install a software
And then follow to finish the assistant.
In the app layers you should see the newly created layer.
188
Assign Base and App layers
When provisioning new endpoints you have the possibility to assign an app layer, depending who will work on
this endpoint. Assigning a base layer to an endpoint, or collection of endpoints, applies the contents of the base
layer to the designated endpoints. Any applications, updates, or patches built in the base layer will also be
pushed to the endpoint device.
Before a new or updated base layer is applied, the VMware Mirage server takes a CVD snapshot so that it can
roll back in case of post-update problems. Before and during base layer download, VMware Mirage verifies that
enough disk space is available to proceed with the operation.
Mirage management console > select Common Wizards > Assign Base Layer
The assistant will start. You are able to select the layer and click the select button. So the selection will show up
in the bottom window. Follow the assistant then Done.
189
All applications installed in the base layer are deployed to the endpoint(s) you have selected.
The application layer is similar.
In the Mirage Management console, select Common Wizards > Update App Layer > Select individual or multiple
CVDs, or a collection of CVDs that you want to update, and click Select.
When you finish selecting CVDs or a CVD collection, click Next. > Select the app layers with which you want to
update the CVDs.
The app layer details appear in the bottom pane. You select a layer in the Available Layers pane and click the
right arrow to move it to the Assigned Layers pane. To remove a layer, select it in the Assigned Layers pane and
click the left arrow.
190
Given a scenario, determine the appropriate layer configuration to meet the
customer requirements
Depending the scenario youll have to determine how many base images youll need to create, how many
hardware profiles and how many applications layers too. But having already the knowledge, plus with additional
re-reading the Mirage Administration guide, the success shall be yours
VCP6-DTM Objective 5.3 Manage Endpoints

VCP6-DTM Study guide continues today with another chapter covering VMware Mirage which is part of the
exam. VCP6-DTM Objective 5.3 Manage Endpoints is todays topic. Installation of Mirage components as well
as their configuration was covered in previous chapter. Then in the follow-up chapter we dived into
the management of Mirage layers.
Mirage is very powerful product allowing to protect or migrate endpoints at scale as you can have a cluster of
Mirage servers to handle the load. The distributed architecture allows leveraging branch reflectors which makes
the downloads from the main site to the branch site very efficient.
Knowledge
191
Create and manage upload policies
Restore snapshots
Create, manage, and archive collections
Install the Mirage Client
Migrate and centralize endpoints
Tools

Create and manage upload policies

Upload policy is a policy which defines which files and directories are uploaded to the main datacenter. Those
policies has to be defined before the endpoint is activated.
You can create upload policies by defining whether files are unprotected or local to the endpoint, or protected.
Protected files are uploaded to the Mirage server in the data center. To make things simple its best to specify
the unprotected files only. Like this everything else is protected.
There is an upload policy are to define:
Unprotected Area has files and directories which are unprotected. All other files are protected.
User Area this area is for user files (My Documents usually). This area is excluded from restoration and
is kept on the endpoint, as is. (No restoration).
There are two default policies in Mirage which you can customize to fit your needs:
1. Mirage default upload policy its on Mirage servers that are managing CVDs on
distributed physical devices
2. View optimized upload policy its on Mirage servers that manages VMs. Its basically the same policy
as default policy except there is a checkbox specifying the Optimize for Horizon View.
192
The upload policy is composed with built-in factory policy and administrator modifications. The built-in
factory is not modifiable whether the administrator modifications is. You should check if the built-in
policy fits your needs as the built-in policies, for example, do not upload .MP3 and .AVI files to the CVD.
Example when clicked the show factory rules checkbox (plus I added c:\test folder rule as not to be
included as a test)
193
Create new policy: Mirage console > System Configuration > CVD Policies > Add
Check the advanced options p. 20 of VMware Mirage Administrators Guide.
Restore snapshots
You can archive CVDs so they retain its state. Those archived CVDs can be restored. You can reinstate archived
CVD and assign it to another endpoint. Archived CVDs does not need Mirage license.
To archive CVD: MMC > Inventory > All CVDs > Right click CVD > Manage CVD >Archive > Confirm. The CVD is
transferred to CVD archive.
194
You can then restore the snapshoted CVD to a different device
To restore CVD reassign to different device: MMC > Wizard > Hardware Migration > Select CVD > Next > Select
device where you want to mirate the CVD > Next > define Hostname, domain to join > OU > select domain
account for joining the endpoint to a domain > next >finish.
Full system restore Use this option for systems with Windows volume licenses or Windows OEM SLP
licenses. Any existing files on the replacement device are lost
or overwritten.
Restore applications, user data and settings Use this option only when replacing a device that has a
different Windows OEM license. Only for the Same OS.
Only restore user data and settings Use this when migrate users from Windows XP, Windows Vista,
and Windows 7 machines to new Windows 7 machines, or Windows 7 to Windows
8.1 machines.
195
Create, manage, and archive collections
Static collections you can add CVDs manually.
Dynamic collections assignments to dynamic collections are calculated based on predefined
filters every time an operation is applied to a collection.
Static collections: Mirage console > Inventory > Select All CVDs > Right click a client >Manage CVD > Manage
Collection
196
Then you select one of the collections (that you previously created) and you add the CVDs to be included in this
collection.
197
And you can see that the collection called Developers now has the CVD we have just assigned
For example, you can aggregate all CVDs of users in the marketing department to a folder under a
collection called Marketing. Then you can change with a single action the upload policy that all the Marketing
CVDs share.
198
You can use Active Directory (AD) to add a dynamic CVD collection.
You can add CVDs to the collection by Active Directory group, organizational unit, or domain. You can create a
filter for multiple Active Directory elements, for example, filter CVDs whose users belong to the Human
Resources AD group or to the Marketing AD group. The Active Directory is updated whenever a device is
authenticated. Active Directory information might change if the Active Directory is updated for that user or
device.
In the Mirage Management console > Inventory node, right-click Collections > Add a Collection > Name
it > select Dynamic Collection
In the Column drop-down > set the filter to define the dynamic collection by AD group, OU, or Domain
> Click Apply > OK.
Install the Mirage Client

Installation the Mirage client is easy. The only option you have is to specify the mirage server and (if) the SSL
option.
You can do silent install via command line. The MSI package has to be hosted on a shared accessible to the
endpoint.
199
If youre not using SSL then dont use the USESSLTRANSPORT=true option.
If you are using the command line options to install on clients that are external to the corporate network you
will need Horizon Mirage Edge Server, so users can contact the Mirage servers without the need to dial into a
VPN.
200
Migrate and centralize endpoints
Once the client installed, the PC (endpoint) waits to be assigned to a CVD. You must centralize the device.
The centralization of an endpoint can be one-by-one or automatically via CVD Autocreation.
Manual centralization of an endpoint:
MMC > Commmon Wizards > Centralize Endpoint > Select the device > Select the upload policy > add a base
layer > Select one or more app layers to which you want to add to the device and click Next. (This step only
appears when you have selected a base layer from the previous step).
201
Verify that the administrator enabled CVD autocreation. CVD autocreation is disabled by default. See Enable
CVD Auto Creation, on page 36.
System Configuration > Settings > CVD Auto Creation tab. > Enable automatic CVD creation > Click OK.
202
VCP6-DTM Objective 6.1 Install VMware Workspace Portal
Todays objective is VCP6-DTM Objective 6.1 Install VMware Workspace Portal. Workspace Portal provides a
central, integrated repository where end users can access COMPANY
resources from a variety of endpoint devices.
These resources can include software-as-a-service (SaaS) applications, Windows applications, View desktops,
RDS-hosted applications, ThinApp packages, and Citrix published applications. The end users can use to access
their applications and content at any time as they move between desktops, laptops, tablets, phones, or cars
VMware Knowledge
Describe minimum hardware and software requirements

Determine firewall requirements
Understand forward and reverse DNS requirements for VMware Workspace virtual appliances
Create IP pools
Deploy OVA/OVF files
Configure initial installation (console, web)
Setup external database
Setup high availability
Tools
VMware Workspace Portal Reviewers Guide

Installing and Configuring VMware Workspace Portal
VMware Workspace Portal Administrators Guide
vSphere Virtual Machine Administration Guide
VMware Workspace Admin Console
Describe minimum hardware and software requirements

Since the 2.1 release its a single VM packaged as OVA for easy deployment as all config + disks are present in
single OVA. The previous release has had a connector-va as a VM where the latest release has a single
Connector-va service within the vApp.
Hardware requirements VMware recommends 2 Quand core CPUs with 16G RAM, 1Gb NIC with 500 Gb
storage. Id say that those days anyone to deploy such a product needs a hardware which will assure enough
performance for the solution so take this as such.
Software Requirements 2vCPU with 6Gb of RAM. 36 Gb of Disk space.
203
Determine firewall requirements
There is quite a lot of ports used by the product. In addition to the 443, there is also 8443 for administration, 25
for SMTP, 389, 636, 3268, 3269 for AD and more. Check all the details in the Installation PDF p.9
Understand forward and reverse DNS requirements for VMware Workspace

virtual appliances
A proper Static DNS records must be created on your DNS servers. Forward (A) and reverse (PTR). Example here:
my-workspace-va.company.com A 10.28.128.3
128.28.10.in-addr.arpa. IN PTR my-workspace-va.company.com
make sure that you can do forward and reverse resolution by using nslookup command.
1. Start Nslookup by typing Nslookup at the command prompt and then pressing ENTER.
2. Switch to the server you want to query by typing the following:
server < Server IP Address >
3. Enter the IP address of the computer whose PTR resource record you want to verify, and then press
ENTER.
If the reverse lookup zone and PTR resource record are configured correctly, Nslookup returns the name
of the computer.
4. To quit Nslookup, type exit and then press ENTER.
Create IP pools
IP Pools act like Dynamic Host Configuration Protocol (DHCP) servers to assign IP addresses from the pool to the
workspace-va virtual appliance. To enable the Workspace appliance to use IP Pools, you need to edit appliance
OVF properties. You can also check my post on the blog How-to Configure IP Pools.
Deploy OVA/OVF files

01. First Download the OVA, create your DNS records and then deploy via vSphere Client (file > deploy OVA)
02. Set correct time zone, IP settings and keep the settings Connector only install unchecked.
Configure initial installation (console, web)
Once finished, open the console where youll see how to connect to the web interface
should be in format: https://<IP_of_the_VM>:8443
204
Youre invited to setup admin, SSH and root passwords (previously not possible).
205
Setup external database
Workspace can be set up with an internal or an external database. A vPostgres database is embedded in the
Workspace appliance. The internal database is the default. You can select to connect to an external
database when you configure the Workspace Setup wizard.
You must point Workspace to an initialized, populated database. For example, you can use a
database configured as the result of a successful run of the Workspace Setup wizard, a database from a backup,
or an existing database from a recovered snapshot.
You can connect to the external database connection when you run the Workspace Setup wizard. You can also
go to the Appliance Configurator Database Connection page to configure the connection to the
external database later.
Setup high availability

Licensed users can use an external vPostgres virtual appliance or Oracle database to set up a high availability
environment.
Additionally, you can configure redundancy/failover for the Worskspace appliance within the same datacenter
by cloning existing workspace appliance > changing its IP addres and configuring load balancer at the very
top. The virtual appliance must be configured behind a load balancer. Make sure that the load balancer port is
443. Do not use 8443 as this port number is the Workspace administrative port and is unique to each virtual
appliance. Check further steps on the Worskpace Install Pdf p.14
The Workspace appliance can use either the built-in vPostgres DB or external DB.
There is also a VMware KB detailing the steps Using embedded vPostgres in Production for VMware
Workspace Portal VA 2.1 (and VMware Identity Manager 2.4)
206
VCP6-DTM Objective 6.2 Configure VMware Workspace Portal
This is a follow-up post concerning VMware Workspace portal. Well going through another certification
objective for VCP6-Desktop and mobility exam. VCP6-DTM Objective 6.2 Configure VMware Workspace
Portal. Another lesson towards VMware Desktop and Mobility VCP6 level certification exam.
More Simple Deployment Since the 2.1 release its a single VM packaged as OVA for easy deployment as all
config + disks are present in single OVA. The previous release has had a connector-va as a VM where the latest
release has a single Connector-va service within the vApp.
AirWatch and Desktone AirWatch 7.3 and Desktone 6.1 now can be fully integrated with SSO using Workspace
Portal 2.1. But those products stays external for this release.
New Dashboard with reports New Admin Dashboard shows all necessary reporting data historical trends,
system health, and active users and users interactions. The dashboard is dynamic and refreshes the informations
automatically.
Knowledge for todays topic is:

High availability
SSL certificates
NTP
Users and groups
Web links and SaaS application authentication
VMware ThinApp access and delivery
Approvals
Documentation Tools

VMware Workspace Portal End User Guide
Check the previous post where we start the deployment VCP6-DTM Objective 6.1 Install VMware Workspace
Portal. From there, if you want more details before well continue with todays topics, check the AD part below
as it needs some specific attributes to look at..
01. Look at my Administrators accounts properties (Attribute editor the DistinguishedName field)
207
02. I had to modify the properties of that account to include First and Last name, because those were blank and
I had an error like this:
208
Note also that I used different port than the default one. The 3268 is used in my case. Its because the
AD server is also a Global Catalog then the default port listed in the setup (389) wont work. So in case
youre using an AD/GC server, change the port to 3268 (or 3269 if using SSL).
The wizard walks you with all the steps and finishes (or should finish) like this.
209
You can then login into the Workspace by entering the Bind DN user name and password that you entered when
you set up the connection to Active Directory.
The Workspace VM did not come up with latest VMware tools installed, but even if its linux appliance, all you
have to do is just right click > Guest > Install/update VMware tools and the tools gets updated automatically. All
Green now !!
High availability
Add additional identity provider instances to your Workspace deployment for high availability purposes. By
adding and configuring identity provider instances to your Workspace deployment, you can provide high
availability, support additional user authentication methods, and add flexibility in the way you manage the user
authentication process based on user IP address ranges.
Deploy Workspace with a single Active Directory domain during the proof-of-concept phase of your deployment,
then prepare additional identity provider instances for your Workspace.deployment.
210
Log in to the Workspace Admin Console and Select Settings > Identity Providers > Click Add Identity Provider.
This option prompts you for information that enables Workspace to register an existing third-party identity
provider instance. Edit the identity provider instance settings.
Click Edit Order of Identity Providers > Use the up and down arrows to move an identity provider instance to
the appropriate location > Click Save.
SSL certificates
When the Workspace appliance is installed, a default SSL server certificate is automatically generated. You can
use this self-signed certificate to test Workspace. VMware strongly recommends that you generate and install
commercial SSL certificates when Workspace is used in a production environment.
What is CA?
A certificate of authority (CA) is a trusted entity that guarantees the identity of the certificate and its
creator. When a certificate is signed by a trusted CA, users no longer receive messages asking them to verify
the certificate.
You can download the Workspace root CA from
https://workspacehostname.com/horizon_workspace_rootca.pem
Appliance Configurator > Install Certificate page. You can also add the load balancers root CA certificate on this
page as well.
211
Apply Public Certificate Authority to Workspace
Some enterprises use certificates generated by their own company or other certificate authorities.
These certificates are not included in the trusted certificate authority list.
You can add new certificates to Workspace.
If Workspace FQDN points to a load balancer, the SSL certificate is applied to the load balancer.
Generate a Certificate Signing Request (CSR) and obtain a valid, signed certificate from a CA. If your organization
provides SSL certificates that are signed by a CA, you can use these certificates.
Workspace Admin Console, click Settings and select VA > Click Manage Configuration > Log in to the Appliance
Configurator with the Workspace administrator password > Select Install Certificate > In the Terminate SSL on
212
Workspace appliance tab, paste the complete certificate chain and private key > Ensure that the certificate
includes the Workspace FQDN hostname.
Save the SSL certificate. Check if you can log in
NTP
You must turn on time sync at the ESX host level using an NTP server. Otherwise, a time drift will occur between
the virtual appliances.
Users and groups

In order to sync with Microsoft AD, youll have to base setup a base DN as the point from where to search for
users. This search includes all users. To restrict the number of users that sync with
Workspace, you can create user-attribute-based search filters to exclude specific types of users.
Web links and SaaS application authentication
VMware ThinApp access and delivery

The URL to directly log in to the admin console is
https://WorkspaceFQDN/SAAS/admin
This includes setting up the integration to the View connection server, ThinApp repository, and Citrix
published applications resources. From these pages you can also check directory sync status and alerts. You log
in as the Workspace administrator, using the user name admin and the admin password you created when you
set up Workspace. A link to the Connector Services Admin pages can be found at
https://Workspace_FQDN .com:8443
enter an admin as a user name.
213
Approvals
Select Settings > Approvals to enable or disable license approval. Enabling license approval applies when you
integrate your license-management system with Workspace.
VCP6-DTM Objective 6.3 Manage VMware Workspace Portal

Horizon Workspace config and manage. Like other VMware products, Workspace is evolving. The current release
2.1 shall be updated with upcoming Workspace one that we reported already and which will be integrated with
Horizon 7 and Cloud Volumes 3.0. But today we (still) focusing on VMware certification exam for desktop and
mobility: VCP6-DTM Objective 6.3 Manage VMware Workspace Portal.
Were covering all the exam topics here Check the VCP6-DTM Study page here.
VMware Knowledge for the exam topic:
Define and promote administrators

Package VMware ThinApp applications
Entitle and deploy applications
Enable Horizon View desktop access through VMware Workspace Portal
Configure reporting for usage and entitlement
Deploy and update VMware Workspace Portal clients
Documentation Tools:
214
Setting Up Resources in VMware Workspace Portal
VMware Workspace Portal End User Guide
Define and promote administrators

Its possible to promote users to be an administrator. The users can be promoted to the administrator role and
access the Workspace admin console. Users that have that administrators role can still access their apps within
their app portal as users. Its just the different url that has to be used
Workspace Admin Console:
https://WorkspaceFQDN/admin
Workspace App Portal User:
https://WorkspaceFQDN/web
The steps:
Select Users and Groups within the admin console > select user > click the role link
215
Package VMware ThinApp applications
To sync with ThinApp, the Workspace virtual machine must join the Active Directory domain and connect to the
ThinApp Repository share. This is normally the case. Required port 443 has to be opened between Workspace
and RSA SecurID system
You populate your catalog with Windows applications captured as ThinApp packages by performing
the following tasks:
Create ThinApp packages that are compatible with Workspace. See the VMware ThinApp documentation.
Create a network share and populate it with the compatible ThinApp packages. After you do that, the ThinApp
packages that you added to the network share, are now available as resources in your catalog. You can then
entitle users to those newly added resources. To launch and run the ThinApp packages that are distributed and
managed by Workspace, users must have the Workspace for Windows installed on their Windows systems.
If an end user has entitled ThinApp applications and is on a Windows system where the Workspace for Windows
program is installed and active, they can view and launch their entitled ThinApp packages from this app portal.
216
Entitle and deploy applications
For ThinApp packages, click Edit to change the groups entitlements to the ThinApp packages or the type of
deployment for the groups entitled ThinApp packages. Select Automatic to
have the ThinApp package displayed by default in the My Apps area of the user portal. Select User-Activated to
allow the users to manually add the ThinApp package from the App Catalog to their
My Apps area.
Enable Horizon View desktop access through VMware Workspace Portal
Configure reporting for usage and entitlement

You can use Workspace to generate several reports:
Recent activity
Resource usage
Resource entitlements
Group membership
Audit events
217
Deploy and update VMware Workspace Portal clients
Download the Workspace Desktop client zip file from the VMware Web
site,https://my.vmware.com/web/vmware/downloads, to a computer that can access the workspace-va virtual
appliance. Then, copy the zip file to a temporary location on the workspace-va virtual appliance.
scp clients-n.n.n-nnnnnnn.zip root@workspace-va.com:/tmp/
Log in to the workspace-va virtual appliance as the root user and unzip and install the new clients to the
Downloads directory.
/usr/local/horizon/scripts/check-client-updates.pl install clientfile /tmp/clients.n.n.n-nnnnn.zip
This script automatically unzips the file and copies the Desktop clients installer file for the Windows computers
to the /opt/vmware/horizon/workspace/webapps/ROOT/client directory. It automatically updates to
the/opt/vmware/horizon/workspace/webapps/ROOT/client/cds directory, and updates the URL parameter
value for the downloads link.
Restart the Tomcat service on the workspace-va virtual appliance. Repeat these steps on each workspace-va
virtual appliance in your environment. Users can download the Desktop clients from their Workspace accounts
218
or via the download link, https://WorkspaceFQDN/download. Each users Desktop clients are automatically
updated.
I hope that you enjoyed this

VCP6-DTM Study Guide. This
guide is no mean to be a
complete and guaranteed
solution for to pass the
VMware Certification exam.
The ESX Virtualization blog has

started in 2008 as a simple
bookmarking site. I needed a place to save my stuff. My
how-to configs and tutorials, etc. At first I thought that Ill
just store that at some Online bookmarking site
(delicio.us was a popular site at that time). But then I
thought that Id prefer to have my own space. I knew how
to create websites before, I use to work with
Dreamweaver software, html, Flash etc but then Wordpress was a relief for me as I no longer had to worried
about how to correctly format a page, etc. So I created my site under Wordpress and picked up a cheap shared
storage. But then after few weeks the blog has started to pick up more and more traffic. I thought, people are
reading what Im bookmarking for myself? Wow. -. I kept going, adding more posts, and I got better at writing
as Im not native English writer. Here is my vExpert Spotlight: http://blogs.vmware.com/vmtn/2012/08/vexpert-
spotlight-vladan-seget.html
Feel free to get in touch! Get our vSphere Nested Lab Guide and Subscribe to the Weekly newsletter. Stay in
touch via the social media
Twitter: http://www.vladan.fr/twitter
Linkedin: http://www.vladan.fr/linkedin
YouTube: http://www.vladan.fr/youtube
219

W Vlad03

Hochgeladen von

Dokumentinformationen

Originaltitel

Copyright

Verfügbare Formate

Dieses Dokument teilen

Dokument teilen oder einbetten

Freigabeoptionen

Stufen Sie dieses Dokument als nützlich ein?

Sind diese Inhalte unangemessen?

Copyright:

Verfügbare Formate

W Vlad03

Hochgeladen von

Copyright:

Verfügbare Formate

VCP6-DTM STUDY GUIDE

Describe hardware and software requirements for installation

Horizon View Administration Guide

Describe hardware and software requirements for installation

Screenshot from View Installation PDF.

Explain functionality of the following components:

Differentiate Horizon View client access options

VCP6-DTM Objective 1.2 Install Horizon (with View) Composer Server

VMware Horizon View Knowledge in this Objective:

Explain Horizon View Composer database and connectivity

Horizon View Installation Guide

Explain Horizon View Composer database and connectivity

Composer database stores connections for:

Describe View Composer service and dependencies

Navigate the Horizon View Composer installation wizard

Once done, create a new database

Do a right click on Databases > New database,

.Net 3.5 SP1

Then follow the assistant

1. Account in AD which is used for composer service to communicate with View.

VCP6-DTM Objective 1.3 Install Horizon (with View) Connection Server

Determine required firewall rules

Horizon View Installation Guideins

Determine required firewall rules

TCP 4001 Standard and replica

Install Horizon View Connection servers

Follow the installation guide..

Let the Windows firewall to be configured automatically.

youll get a warning that your certificate is not valid.

You can do that like this:

VCP6-DTM Objective 1.4 Install Horizon (with View) Security Server

Lets have a look what we will cover today:

Horizon View Knowledge

Determine required firewall rules

Horizon View PDF Documentation Tools

Horizon View Installation Guide

Determine required firewall rules

TCP 4001 Standard and replica

And then last two screens here

VCP6-DTM Objective 1.5 Prepare Environment for Horizon (with View)

Horizon View Installation Guide

Explain characteristics of required Active Directory domain accounts, groups,

Youll need few things:

1. Create an OU for Remote desktops

You see the required steps through the screenshot here.

Describe Organizational Units for machine accounts

Describe DHCP requirements for Horizon View desktops

VCP6-DTM Objective 1.6 Install, Configure and Manage vRealize Operations

VMware vRealize Operations for Horizon Administrator Guide

Describe software requirements for vRealize Operations Manager for Horizon

vRealize Operations Manager 6.0.3 and 6.1

Broker Agent Software Requirements

View Connection Server 6.0.1 or later

Desktop Agent Software Requirements

Then just follow When finish hit the configure button.

Install and configure a Horizon Broker agent

What you should have done previously is:

Install the vRealize Operations for Horizon solution

TCP PORTS 3091:3095

If not you wont be able to finish the config wizard

The wizard starts like this:

VCP6-DTM Objective 2.1 Configure Horizon (with View) Composer

Describe default port settings for View Composer