Student Guide (1 of 2)

VMware View 5.
0:
Install, Configure, Manage
Student Guide
(1 of 2)
HL273S A.00
VMware View 5.0:

Student Guide
(1 of 2)
HL273S A.00
Use of this material to deliver training without

prior written permission from HP is prohibited.
These materials, developed and copyrighted by VMWare, Inc., are licensed to Hewlett-Packard
Company for customer delivery. Restrictions on use and reproduction are described on the VMWare
legal page.
The information contained herein is subject to change without notice. The only warranties for HP
products and services are set forth in the express warranty statements accompanying such products
and services. Nothing herein should be construed as constituting an additional warranty. HP shall
not be liable for technical or editorial errors or omissions contained herein.
UNIX is a registered trademark of The Open Group.
Export Compliance Agreement
Export Requirements. You may not export or re-export products subject to this agreement in violation
of any applicable laws or regulations.
Without limiting the generality of the foregoing, products subject to this agreement may not be
exported, re-exported, otherwise transferred to or within (or to a national or resident of) countries
under U.S. economic embargo and/or sanction including the following countries:
Cuba, Iran, North Korea, Sudan and Syria.
This list is subject to change.
In addition, products subject to this agreement may not be exported, re-exported, or otherwise
transferred to persons or entities listed on the U.S. Department of Commerce Denied Persons List;
U.S. Department of Commerce Entity List (15 CFR 744, Supplement 4); U.S. Treasury Department
Designated/Blocked Nationals exclusion list; or U.S. State Department Debarred Parties List; or to
parties directly or indirectly involved in the development or production of nuclear, chemical, or
biological weapons, missiles, rocket systems, or unmanned air vehicles as specified in the U.S.
Export Administration Regulations (15 CFR 744); or to parties directly or indirectly involved in the
financing, commission or support of terrorist activities.
By accepting this agreement you confirm that you are not located in (or a national or resident of)
any country under U.S. embargo or sanction; not identified on any U.S. Department of Commerce
Denied Persons List, Entity List, US State Department Debarred Parties List or Treasury Department
Designated Nationals exclusion list; not directly or indirectly involved in the development or
production of nuclear, chemical, biological weapons, missiles, rocket systems, or unmanned air
vehicles as specified in the U.S. Export Administration Regulations (15 CFR 744), and not directly or
indirectly involved in the financing, commission or support of terrorist activities.
Printed in US
VMware View 5.0: Install, Configure, Manage
Student guide part 1
January 2012
View5ICMGuideVol1.book Page 1 Monday, December 19, 2011 4:41 PM
VMware View:
Student Manual Volume 1
View 5.0
VMware Education Services

VMware, Inc.
www.vmware.com/education
VMware View:
View 5.0
Part Number EDU-ENG-VICM5-LEC1-STU
Student Manual Volume 1
Revision A
Copyright/Trademark
Copyright 2011 VMware, Inc. All rights reserved. This manual and its accompanying
materials are protected by U.S. and international copyright and intellectual property laws.
VMware products are covered by one or more patents listed at http://www.vmware.com/go/
patents. VMware is a registered trademark or trademark of VMware, Inc. in the United States
and/or other jurisdictions. All other marks and names mentioned herein may be trademarks of
their respective companies.
The training material is provided as is, and all express or implied conditions,
representations, and warranties, including any implied warranty of merchantability, fitness for
a particular purpose or noninfringement, are disclaimed, even if VMware, Inc., has been
advised of the possibility of such claims. This training material is designed to support an
instructor-led training course and is intended to be used for reference purposes in conjunction
with the instructor-led training course. The training material is not a standalone training tool.
Use of the training material for self-study without class attendance is not recommended.
These materials and the computer programs to which it relates are the property of, and
embody trade secrets and confidential information proprietary to, VMware, Inc., and may not
be reproduced, copied, disclosed, transferred, adapted or modified without the express
written approval of VMware, Inc.
www.vmware.com/education
View5ICMGuideVol1.book Page i Monday, December 19, 2011 4:41 PM
TA B L E
OF
C ONTENTS
MODULE 1
Course Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1
Importance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2
Learner Objectives. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3
You Are Here . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4
Typographical Conventions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5
Housekeeping Items . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6
MODULE 2
Introduction to VMware View . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7

You Are Here . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .8
Importance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9
Learner Objectives. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .10
VMware vSphere . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
Virtual Desktop Infrastructures and VMware View . . . . . . . . . . . . . . . .12
What Is View? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .14
Key Benefits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .16
View Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .18
Internationalization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .20
Use Cases. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .21
View Components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .23
PCoIP Supports the Broadest Coverage of Use Cases . . . . . . . . . . . . . .24
View Connection Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .25
View User Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .27
View Client with Local Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .28
View Composer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .29
ThinApp and Virtual Printing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .31
vShield Endpoint Integration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .32
Extensibility to Third-Party Management Tools . . . . . . . . . . . . . . . . . . .33
View Licensing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .34
vSphere Desktop Edition . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .35
Required vSphere Components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .36
Required AD Components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .37
Review of Learner Objectives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .38
Key Points . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .39
MODULE 3
View Connection Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .41

You Are Here . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .42
Importance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .43
Module Lessons . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .44
Lesson 1: Installing View Connection Server . . . . . . . . . . . . . . . . . . . . .45
Deploying View (1) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .47
Deploying View (2) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .48
You Are Here in View . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .49
VMware View: Install, Configure, Manage
View5ICMGuideVol1.book Page ii Monday, December 19, 2011 4:41 PM
View Connection Server Requirements . . . . . . . . . . . . . . . . . . . . . . . . .50

View Connection Server Prerequisites . . . . . . . . . . . . . . . . . . . . . . . . . .52
SSL Certificate Requirements for View Administrator . . . . . . . . . . . . .54
Preinstallation Checklist . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .55
Starting the Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .57
Selecting the Type of Connection Server . . . . . . . . . . . . . . . . . . . . . . . .58
Accepting the ADAM or AD LDS License . . . . . . . . . . . . . . . . . . . . . .59
Opening Firewall Ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .61
Lesson 2: Configuring View Connection Server. . . . . . . . . . . . . . . . . . .63
Connecting to View Connection Server with Browser . . . . . . . . . . . . . .65
Logging In to View Administrator . . . . . . . . . . . . . . . . . . . . . . . . . . . . .66
Initial Login . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .67
Licensing View Manager and Components . . . . . . . . . . . . . . . . . . . . . .69
View Servers: vCenter Server Systems . . . . . . . . . . . . . . . . . . . . . . . . . .70
Adding vCenter Server Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .71
View Event Database . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .73
Integrating with the Event Database . . . . . . . . . . . . . . . . . . . . . . . . . . . .75
Configuring the View Event Database . . . . . . . . . . . . . . . . . . . . . . . . . .76
Modifying Event Database Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . .77
Lab Environment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .78
Lab 1 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .80
Key Points . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .82
MODULE 4
ii
View Desktops. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .83

You Are Here . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .84
Importance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .85
Module Lessons . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .86
Lesson 1: Configuring Virtual Machines as Desktops . . . . . . . . . . . . . .87
Multiple vCPUs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .89
RAM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .90
Creating a Windows Virtual Machine . . . . . . . . . . . . . . . . . . . . . . . . . . .91
Windows 7 and Windows Vista Activation . . . . . . . . . . . . . . . . . . . . . .92
Windows 7 Sysprep . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .93
Disabling Power Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .94
ESX/ESXi Virtual Switches . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .95
General Windows Performance Tuning (1) . . . . . . . . . . . . . . . . . . . . . .96
vCenter Server Resource Pools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .99
View5ICMGuideVol1.book Page iii Monday, December 19, 2011 4:41 PM
Group Policy Objects and Roaming Profiles. . . . . . . . . . . . . . . . . . . . .100

Disabling the Themes Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .101
Review of Learner Objectives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .102
Lesson 2: Remote Display Protocols . . . . . . . . . . . . . . . . . . . . . . . . . . .103
Learner Objectives. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .104
PCoIP Remote Display Protocol . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .105
Highly Efficient Encoding for Desktop Display . . . . . . . . . . . . . . . . . .106
PCoIP Progressive Build . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .108
Progressive Build Example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .109
VMware PCoIP Remote Display Options . . . . . . . . . . . . . . . . . . . . . . . 110
PCoIP Architecture . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 111
PCoIP Display Protocol Features (1) . . . . . . . . . . . . . . . . . . . . . . . . . . 112
Video, Audio, and USB . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 115
Configuring PCoIP Optimization Controls . . . . . . . . . . . . . . . . . . . . . . 116
PCoIP Administrative Template . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 117
PCoIP Policy Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 118
PCoIP Optimization Controls . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 119
Disabling the Build-to-Lossless Feature . . . . . . . . . . . . . . . . . . . . . . . .121
Configuring Image Cache Size on the Client System . . . . . . . . . . . . . .123
Configuring the PCoIP Audio Bandwidth Limit . . . . . . . . . . . . . . . . . .124
Configuring PCoIP Image Quality Levels . . . . . . . . . . . . . . . . . . . . . .125
Example of Overriding PCoIP Image Quality Levels . . . . . . . . . . . . . .127
Configuring Maximum PCoIP Session Bandwidth . . . . . . . . . . . . . . . .128
Configuring the PCoIP Session Bandwidth Floor . . . . . . . . . . . . . . . . .129
Remote Desktop Protocol . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .130
Latest Available Version of Remote Desktop Connection . . . . . . . . . .131
Remote Enabled Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .132
Firewall Ports. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .133
Lesson 3: View Agent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .135
Preparing Virtual Desktops . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .137
Creating a Standardized Virtual Machine . . . . . . . . . . . . . . . . . . . . . . .138
Choosing the Time-Synchronization Method . . . . . . . . . . . . . . . . . . . .139
Joining the AD Domain . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .140
Disable Windows Time? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .141
Installing Applications and Tuning the Desktop . . . . . . . . . . . . . . . . . .142
Enabling Remote Connections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .143
Installing the View Agent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .144
Custom Setup. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .145
Enabling Remote Desktop . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .147
Contents
iii
View5ICMGuideVol1.book Page iv Monday, December 19, 2011 4:41 PM
View Agent on Virtual Machines with Multiple NICs . . . . . . . . . . . . .148

Lab 2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .149
Lesson 4: Manual Pool Deployment and Entitlement . . . . . . . . . . . . . .151
Creating a Virtual Desktop . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .153
Creating a Template and Customization Specification . . . . . . . . . . . . .154
Testing Deployment and Customization . . . . . . . . . . . . . . . . . . . . . . . .156
Adding a Virtual Desktop to a Manual Pool . . . . . . . . . . . . . . . . . . . . .157
Starting the Add Pool Wizard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .158
Creating a Manual Pool . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .159
Selecting the Type of Pool . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .160
Selecting Type of User Assignment . . . . . . . . . . . . . . . . . . . . . . . . . . .161
Selecting the Type of Desktop Sources . . . . . . . . . . . . . . . . . . . . . . . . .162
Selecting the vCenter Server Instance . . . . . . . . . . . . . . . . . . . . . . . . . .163
Creating the Pool Identification. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .164
Configuring Pool Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .165
General and Remote Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .166
Remote Display Protocol Configuration . . . . . . . . . . . . . . . . . . . . . . . .167
Adobe Flash Bandwidth Reduction . . . . . . . . . . . . . . . . . . . . . . . . . . . .169
Adobe Flash Bandwidth Control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .170
Adobe Flash Quality . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .171
Adobe Flash Throttling . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .172
Overriding Bandwidth Reduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . .173
Adobe Flash Bandwidth Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . .174
Adding Virtual Machines . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .175
Reviewing the Pool Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . .176
Pool Is Now in the View Inventory . . . . . . . . . . . . . . . . . . . . . . . . . . . .177
Entitling Users to Connect to Desktops. . . . . . . . . . . . . . . . . . . . . . . . .178
Adding Users and Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .179
Entitled Users or Groups Are Listed . . . . . . . . . . . . . . . . . . . . . . . . . . .180
Pool Is Entitled . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .181
Unmanaged Desktops in a View Environment . . . . . . . . . . . . . . . . . . .182
Types of Unmanaged Systems That View Supports . . . . . . . . . . . . . . .183
Terminal Services Pools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .184
Preparing an Unmanaged Desktop Source . . . . . . . . . . . . . . . . . . . . . .185
Registering the Unmanaged Desktop . . . . . . . . . . . . . . . . . . . . . . . . . .186
Lab 3 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .187
Key Points . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .189
iv
View5ICMGuideVol1.book Page v Monday, December 19, 2011 4:41 PM
MODULE 5
Contents
View Client Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .191

You Are Here . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .192
Importance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .193
Module Lessons . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .194
Lesson 1: View Client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .195
View Client Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .197
Installing View Client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .198
Default Login Behavior . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .200
Before Using View Client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .202
Connecting to View Connection Server . . . . . . . . . . . . . . . . . . . . . . . .203
View Client SSL Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .205
Entering User Credentials . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .207
Selecting a Desktop and Display Option . . . . . . . . . . . . . . . . . . . . . . . .208
Unblocking Windows Firewall . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .209
Common Login Issues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .210
Login Successful . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 211
Menu Bar . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .212
USB Device Status Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .214
Flexible Monitor Support with PCoIP . . . . . . . . . . . . . . . . . . . . . . . . . .216
Session Disconnect . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .217
View Client for Mac . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .218
SSO Timeout Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .219
View Portal . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .220
Client Information Available to Desktop . . . . . . . . . . . . . . . . . . . . . . .221
What Is a Thin Client? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .223
What Is a Zero Client? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .224
Thin Clients That Are Compatible with View . . . . . . . . . . . . . . . . . . .225
Troubleshooting Unavailable Desktops . . . . . . . . . . . . . . . . . . . . . . . .226
Lab 4 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .227
Lesson 2: Virtual Printing with View Clients . . . . . . . . . . . . . . . . . . . .229
What Is Virtual Printing?. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .231
Benefits of the Virtual Printing Feature . . . . . . . . . . . . . . . . . . . . . . . .232
Reasons to Use the Virtual Printing Feature . . . . . . . . . . . . . . . . . . . . .233
Transparency for the User . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .234
Virtual Printing Functions at the Desktop and Client Systems . . . . . . .235
Additional Virtual Printing Functions . . . . . . . . . . . . . . . . . . . . . . . . . .236
Virtual Printing Architecture . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .237
Installation of Virtual Printing Feature . . . . . . . . . . . . . . . . . . . . . . . . .238
Searching for Printers on the Desktop . . . . . . . . . . . . . . . . . . . . . . . . . .239
Reinstalling Virtual Printing on the Desktop . . . . . . . . . . . . . . . . . . . .240
v
View5ICMGuideVol1.book Page vi Monday, December 19, 2011 4:41 PM
Reinstalling Virtual Printing on the Client System . . . . . . . . . . . . . . . .241

Configuring Virtual Printing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .242
Adjusting the Compression Level . . . . . . . . . . . . . . . . . . . . . . . . . . . . .243
Location-Based Printing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .244
Setting Up Location-Based Printing . . . . . . . . . . . . . . . . . . . . . . . . . . .246
The Name-Translation Table . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .247
Lab 5 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .248
Key Points . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .250
MODULE 6
vi
View Administrator . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .251

You Are Here . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .252
Importance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .253
Module Lessons . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .254
Lesson 1: Initial View Configuration . . . . . . . . . . . . . . . . . . . . . . . . . .255
Logging In to View Administrator . . . . . . . . . . . . . . . . . . . . . . . . . . . .257
View Configuration Objects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .258
Servers Panes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .259
VMware vCenter Server Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . .260
Editing vCenter Server: Basic . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .261
Editing vCenter Server: Advanced . . . . . . . . . . . . . . . . . . . . . . . . . . . .262
View Connection Server Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . .263
Restricted Entitlements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .265
Restricted Entitlements: Example . . . . . . . . . . . . . . . . . . . . . . . . . . . . .266
Rules for Creating Tags . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .268
Tagging a Pool . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .269
Tag-Matching Rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .270
Authentication Options: Smart Cards . . . . . . . . . . . . . . . . . . . . . . . . . .271
Connecting to View Connection Server with Smart Cards . . . . . . . . . .272
Smart-Card Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .274
Configuring Smart-Card Authentication . . . . . . . . . . . . . . . . . . . . . . . .276
Certificate Revocation Checking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .278
Smart-Card Removal Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .279
Authentication Options: RSA SecurID . . . . . . . . . . . . . . . . . . . . . . . . .280
Configuring RSA SecurID Authentication . . . . . . . . . . . . . . . . . . . . . .281
Adding or Removing View Administrators . . . . . . . . . . . . . . . . . . . . .282
Global Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .283
Lesson 2: Managing Users and Groups . . . . . . . . . . . . . . . . . . . . . . . . .286
Users and Groups Page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .288
Summary Tab for a Selected Group . . . . . . . . . . . . . . . . . . . . . . . . . . .289
View5ICMGuideVol1.book Page vii Monday, December 19, 2011 4:41 PM
Entitlements Tab for a Selected Group . . . . . . . . . . . . . . . . . . . . . . . . .290

Summary Tab for a Selected User . . . . . . . . . . . . . . . . . . . . . . . . . . . . .291
Details of a User's Persistent Disk . . . . . . . . . . . . . . . . . . . . . . . . . . . . .292
Sessions Tab for a User . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .293
Global Policies. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .294
Policies at the Pool Level . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .296
Overriding Pool Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .297
Overriding Policies at the User Level . . . . . . . . . . . . . . . . . . . . . . . . . .298
Group Policy ADM Templates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .299
View ADM Template Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .300
Lab 6 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .302
Lesson 3: Automated Pools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .304
User Assignment to a Desktop . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .306
Desktops in a Pool . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .307
Dedicated-Assignment Pools. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .309
Creating an Automated Pool . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .310
Adding a Desktop or Pool . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 311
Selecting the Type of Desktop . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .312
Selecting the User Assignment for Desktops . . . . . . . . . . . . . . . . . . . .313
Selecting the vCenter Server System . . . . . . . . . . . . . . . . . . . . . . . . . .314
Entering Pool Identification Parameters . . . . . . . . . . . . . . . . . . . . . . . .315
Pool Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .317
Available Desktops . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .319
Provisioning Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .320
Specifying Names Manually . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .322
vCenter Server Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .324
Selecting a Template . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .325
Selecting the Virtual Machine Folder . . . . . . . . . . . . . . . . . . . . . . . . . .326
Selecting a Host or Cluster . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .327
Selecting a Resource Pool . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .328
Selecting a Datastore . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .329
vCenter Server Settings Completed. . . . . . . . . . . . . . . . . . . . . . . . . . . .330
Selecting the Customization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .331
Ready to Complete Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .332
Entitling the Desktops in the Pool . . . . . . . . . . . . . . . . . . . . . . . . . . . . .333
vCenter Server Creates Desktops . . . . . . . . . . . . . . . . . . . . . . . . . . . . .334
New Desktop Is Available to View Client . . . . . . . . . . . . . . . . . . . . . .335
Desktop Problems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .336
Floating-Assignment Pools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .337
Floating-Assignment Pool Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . .338
Lab 7 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .339
Contents
vii
View5ICMGuideVol1.book Page viii Monday, December 19, 2011 4:41 PM

Lesson 4: Role-Based Delegated Administration . . . . . . . . . . . . . . . . .341
View Connection Server Roles and Privileges . . . . . . . . . . . . . . . . . . .343
Using Folders to Delegate Pool Administration . . . . . . . . . . . . . . . . . .345
Example: Different Administrators for Different Folders . . . . . . . . . . .347
View Connection Server Permissions . . . . . . . . . . . . . . . . . . . . . . . . . .348
Examples of Permissions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .349
Predefined Roles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .350
Creating an Administrative User . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .352
Adding Permissions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .353
Adding a Pool to a New Folder . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .354
Adding a Custom Role . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .356
Selecting Privileges for a Custom Role . . . . . . . . . . . . . . . . . . . . . . . . .357
Best Practices for Administrator Users and Groups . . . . . . . . . . . . . . .358
Lab 8 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .359
Lesson 5: Monitoring the View Deployment . . . . . . . . . . . . . . . . . . . .361
View Administrator Dashboard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .363
Dashboard Page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .364
Examining Component Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .365
Desktop Status from the Dashboard . . . . . . . . . . . . . . . . . . . . . . . . . . .366
Monitoring Sessions and Events . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .367
Events Page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .368
Remote Sessions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .369
Local Sessions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .370
Monitoring a Pool . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .371
Monitoring a Desktop: Summary Tab . . . . . . . . . . . . . . . . . . . . . . . . . .372
Monitoring a Desktop: vCenter Settings Tab . . . . . . . . . . . . . . . . . . . .373
Monitoring PCoIP Session Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . .374
Windows Management Instrumentation . . . . . . . . . . . . . . . . . . . . . . . .375
Commonly Used PCoIP Statistics (1) . . . . . . . . . . . . . . . . . . . . . . . . . .377
Commonly Used PCoIP Statistics (2) . . . . . . . . . . . . . . . . . . . . . . . . . .378
Key Points . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .380
viii
MODULE 1
Cou se
Slide 1-1
Course Introduction
t oduct o
Course Introduction
Module 1
Importance
Slide 1-2
Server-oriented system administrators should be equipped with the

knowledge, skills, and abilities to build and run their first VMware
virtual desktop infrastructure using VMware View
View .
This course focuses on View configuration and management using
View Connection Server and View Composer.
Learner Objectives
Slide 1-3
Course Introduction
After this course, you should be able to do the following:
Identify the View components.

Install and configure View Connection Server.
Install and configure virtual desktops.
Configure
g
and manage
g View Clients.
Use View Administrator to configure the View environment.
Configure and manage pools of linked-clone desktops.
C fi
Configure
secure access tto Vi
View d
desktops.
kt
Configure a local-mode desktop deployment.
Describe the steps to deploy View Persona Management to manage user profiles.
Manage the performance and scalability of a View deployment.
Use VMware ThinApp to package and deploy applications.
Module 1 Course Introduction
You Are Here

Slide 1-4
Course Introduction
Configuring and Managing Linked Clones
Introduction to View
Local-Mode Desktops
View Connection Server
Managing View Security

View Persona Management
View Virtual Desktops

Command-Line Tools and Backup
p Options
p
View Client Options
View Connection Server Performance
View Administrator
VMware ThinApp
Typographical Conventions
Slide 1-5
Course Introduction
The following typographical conventions are used in this course:

Monospace
Filenames, folder names

Filenames
names, path
names, command names:
the bin directory
Monospace bold
What the user types:

Type ipconfig and press Enter.
Boldface
Graphical user interface items:

the Configuration
g
tab
Italic
Book titles and emphasis:

vSphere Datacenter
Administration Guide
<filename>
Placeholders:
<ESXi_host_name>
You can find course timing suggestions in the file View5ICM_class_timings_RevA.xlsx. An estimated time for each lab
exercise is also included as an instructor note at the end of the lab.
Module 1 Course Introduction
Housekeeping Items
Slide 1-6
Sign-in sheet
Daily start and end times
R t
Restrooms
Fire exits
Meals
Class introductions
Questions
MODULE 2
Introduction to VMware View

t oduct o to
Slide 2-1
ae
Module 2
2
You Are Here

Slide 2-2
Course Introduction
Local-Mode Desktops


p Options
p
View Client Options
View Administrator
VMware ThinApp
Importance
Slide 2-3
Module 2 Introduction to VMware View
VMware View offers many features for supporting distributed

desktops. View consists of several components. To ensure a
successful deployment of View,
View you must understand the
relationships between the components.
Learner Objectives
Slide 2-4
After this module, you should be able to do the following:
10
Describe the differences between a virtual desktop infrastructure and

Server.
Describe the features and benefits that View offers.
Identify View components:
View Connection Servers

Virtual desktops
Client systems
View Composer
Explain the major function of each View component.

List the system requirements for a successful View installation.
VMware vSphere
Slide 2-5
Existing Applications
VMware vSphere:
VMware ESX/ESXi
App
App
VMware vCenter Server
vCenter Server templates for

management of virtual machine
deployment
App
App
App
Security
App
VMware vSphere
Availability
Scalability
App
VMware vCenter Suite
Features:
App
Future Applications
Availability
Application
Services
vMotion
Storage vMotion
HA
Fault Tolerance
Data Recovery
Compute
Infrastructure
Services
ESX and ESXi

DRS and DPM
Memory
Overcommit
Private Cloud Resource Pools
Security
vShield Zones
VMSafe
Storage
VMFS
Thin Provisioning
Storage I/O
Control
Scalability
DRS
Hot Add
Network
Distributed
Switch
Network I/O
Control
Public Cloud
The VMware vSphere product family is designed for building and managing virtual
infrastructures. It consists of VMware ESX/ESXi and VMware vCenter Server (used for
configuration and management). Many features that are essential for a virtual desktop infrastructure
are available in vCenter Server. For example, the vCenter Server system is used to manage the
deployment of virtual machines by using templates and cloning. Cloning is a key feature for virtual
desktop deployment.
11
Virtual Desktop Infrastructures and VMware View

Slide 2-6
VMware Virtual Desktop Infrastructure (VDI):
A solution that virtualizes user desktops within a datacenter infrastructure

Can use various operating systems, remote access protocols, and management
tools
Highly customizable but not a packaged solution
VMware View:
A VMware solution for VDI

Uses PCoIP and Remote Desktop Protocol (RDP) for remote access protocol
Focuses on Windows desktops
Provides View Connection Server, a connection broker and management
componentt for
f VDI
Packaged solution that includes desktop pool management, virtual printing,
application virtualization, storage management, assignment of VMware ThinApp
MSI packages
packages, offline desktop capabilities
capabilities, and more
VMware View is different than VMware Virtual Desktop Infrastructure, but it relies on many
aspects of VDI operating on the vSphere platform.
Major characteristics of VDI include:
Any guest operating system that is supported by ESX/ESXi can be used as a desktop. As a
result, if your enterprise uses Windows, Ubuntu, Red Hat, or Solaris x86 desktops, you can use
those in a virtual environment.
A vCenter Server system can manage resources and help deploy desktops. Components like
vSphere Distributed Resource Scheduler (DRS), vSphere High Availability, and VMware
vSphere vMotion are available for resource management, load balancing, and high
availability. vCenter Server features like templates can be used to help deploy virtual desktops.
Various connection brokers can be used. A connection broker (also called a connection server)
automates the connection of client PCs to a virtual desktop. Some connection brokers can allow
a user to connect to any one of several identical desktops in a pool of desktops. This situation is
ideal for environments like help desks, kiosks, and departments where everyone needs the same
desktop.
Any remote protocol can be used: Virtual Network Computing (VNC), Remote Desktop
Protocol (RDP), Independent Computing Architecture (ICA), or X Window System. Anything
12
that is built on the TCP/IP protocol can be used to connect a remote client to a virtual desktop.
Windows systems normally use Microsoft RDP. Citrix systems use ICA. UNIX and Linux
systems can use SSH, VNC, or X Window System (sometimes in combination).
View is the VMware solution for a virtual desktop infrastructure. As such, it relies on VDI elements
but necessarily focuses on certain features and capabilities. Major features include:
View offers two display protocols for remote access: PCoIP and RDP.
View focuses on Windows XP, Windows Vista, and Windows 7 desktops.

View provides View Connection Server, which is the connection server and management
component for physical and virtual desktops.
View supports secure access to desktops from the Internet.
View is a packaged solution that includes desktop pool management, virtual printing,
application virtualization, storage management, integration of VMware ThinApp MSI
packages, and offline desktop capabilities.
13
What Is View?
Slide 2-7
An integrated solution that

includes:
vSphere 5 and vSphere 4
vCenter Server
View Composer
ThinApp
VMware vShield Endpoint
Unmanaged desktops
Local Mode
The term universal client describes a new desktop or personal computing model. Users want to
access applications, data, and workspaces in a personalized and dedicated manner, from anywhere,
anytime, using any device. The old model of tightly coupled applications, operating systems, and
hardware is not efficient, secure, or adaptable. And end users want applications that can be accessed
from multiple devices anywhere, anytime. Enterprises need to provide access to applications and
data that are independent of devices or location, in a secure and controlled model.
End users want MyView: a single familiar view of all their applications and data, independent of
the device.
View is a universal client solution that enables you to manage operating systems, hardware,
applications, and users independently of one another, wherever they might reside. View streamlines
desktop and application management, reduces costs, and increases data security through
centralization, resulting in greater end-user flexibility and IT control. By encapsulating the operating
system, applications, and user data into isolated layers, View enables IT staff to change, update, and
deploy each layer independently for greater business agility. View enables customers to extend the
value of vSphere and its enterprise-class features (high availability, disaster recovery, and business
continuity) to the desktop.
14
With View, you get vSphere software, which includes vCenter Server. A View Premier bundle
includes:
View Composer
VMware vShield Endpoint

View Client with Local Mode
View Connection Server is an enterprise-class desktop management server that securely connects
users to desktops running on vSphere virtual machines, physical PCs, blade PCs, or Microsoft
Terminal Services. With View Connection Server, rolling out desktops and applications to existing
users, new users, or groups is fast. It is done from a single Web-based management console in a
centralized location.
View Composer works with View Connection Server and vCenter Server. View Composer enables
scalable management of virtual desktops that are provisioned from a single master image. It reduces
storage cost by using VMware linked-clone technology. It streamlines desktop management by
enabling automatic updating and patching of hundreds of images from the master image.
vShield Endpoint enables offloading and centralizing antivirus and antimalware solutions for
desktops. It also provides the ability to integrate with antivirus solutions from third-party partners.
(vShield Endpoint is not a View component, but it is included with a View Premier license.)
View Client with Local Mode works with View Connection Server. It provides designated end users
the ability to download (or check out) their virtual desktop onto a Windows desktop or laptop,
update files locally, and check the desktop back in to the datacenter for resynchronization.
Administrators have the ability to extend the security and encryption policies of the datacenter to the
end users local computer.
Application virtualization with ThinApp further streamlines the management of applications.
ThinApp enables organizations to create fewer desktop images by developing a basic image and
allowing after-the-fact deployment of applications into those images, with no retesting needed of
those images. Fewer View desktop images means fewer images to configure, test, and maintain.
(ThinApp is not a View component but is available as part of a View Premier license bundle.)
Additional components that are necessary for a View deployment are a vCenter Server system and
Microsoft Active Directory (AD), both of which are shown on the slide.
The slide is key because it is the only one that shows all the View components and ThinApp in context. The
relationships among the components is confusing the first time through, so spend adequate time explaining each and
their interaction. Recommendation: Discuss the elements on the slide, but defer details until later slides. After you
have discussed the major components, return to the slide and talk through a few possible scenarios. Examples
include (1) creating a desktop using templates, (2) creating desktops using linked clones, (3) accessing a desktop from
a client, (4) managing desktops or pools, and (5) using ThinApp to virtualize an application.
15
ThinApp
Key Benefits
Slide 2-8
Creates an individual,
personal view of all of a
users applications and data
on any device
d i ffrom any
location
Unmanaged desktops
Reduces costs of overall

desktop computing
Increases security
Greater management and
control
t l
Increased business agility
and flexibility
Implicit business continuity
and disaster recovery
Local Mode
Decreased power
consumption
View enables IT organizations to decouple a desktop from specific physical devices or locations.
View creates a universal client that has an individual, personal view of a users applications and
data. The client devices can be Windows and Mac laptops or desktops, Apple iPads, and Androidbased tablets, usable from any location.
This capability enables IT organizations to reduce the overall cost of desktop computing by
centralizing management, administration, and resources.
Another key benefit is increasing security by:
Understanding and mitigating risk of data loss by maintaining all data within the corporate
firewall
Enabling all corporate desktops to be at the highest level of patching and antivirus updates
Providing secure access to View desktops for both PCoIP and RDP through security server
Using the View Client with Local Mode virtual rights management and centrally managed
security policies
16
View also offers greater management and control by:
Managing all desktops centrally in the datacenter instead of at distributed, remote sites
Provisioning desktops instantly to new users and new departments and facilitating office moves
Managing large numbers of desktops as one entity
Using the View Composer ability to create clones from a central image that automatically join
the domain
Using View Connection Server to create dynamic pools of desktops for quick provisioning and
rapid updating
Using the ThinApp application sync and application link utilities to dynamically and
automatically update applications without the need for an agent
Integrating with AD so that no schema changes are needed
Another key benefit is increased business agility and user flexibility:
View provides flexibility in regard to the changing needs of the business by providing
consistent desktops to all users from any network connection.
View provides flexibility to manage business reorganizations, office moves, and expansion into
new territories or changing work patterns.
View provides user access from the same desktop from any location, from any device.
ThinApp agentless deployment allows users to install applications on locked-down PCs.
View also provides implicit business continuity and disaster recovery. An alternative work site that
has network connectivity can be a recovery site. View guarantees business continuity because the
same desktop that is accessed during a disaster recovery scenario is also accessed in the normal
workplace. View takes advantage of key components of the vSphere platform, such as vMotion,
vSphere HA, and DRS.
View offers decreased power consumption by reducing financial and carbon costs of desktop power
used with thin clients, which typically use one-tenth the power of a PC.
17
View Features
Slide 2-9
vSphere 5.0, 4.1, and 4.0 integration

Enterprise-class connection brokering
W bb
Web-based
d managementt user iinterface
t f
Full Microsoft Active Directory (AD) integration
Support
pp for existing
g desktops
p as well as new desktop
pp
pools
Advanced automated pool management features
Flexible deployment options
Support for USB client devices
Ability to cluster many connection servers for high availability and
redundancy
S
Support
for
f RSA SecurID
S
ID and
d smart card
d authentication
h i i
View Persona Management to manage user profiles
View is built around vSphere and View Connection Server. View has many significant features:
vSphere integration View uses the vCenter Server system and ESX/ESXi hosts to create an
end-to-end virtual desktop solution.
Enterprise-class connection brokering Enterprises use connection brokering to connect their
remote clients to their centralized virtual desktops. Connection brokering is also used by
administrators for managing View Connection Servers and configuring virtual desktops.
Web-based management user interface Designed for a desktop administrator, View
Administrator provides a user-friendly interface that enables central administration of desktops
from any location.
Full AD integration View connects to the AD infrastructure to find user and user group
accounts. It uses the authentication features of AD to control which users can access virtual
desktops.
Support for existing desktops as well as pools of new desktops Manual pools contain existing
virtual or physical desktops that have users manually assigned. Users and desktops have a oneto-one relationship. Automated desktop pools provision either dedicated-assignment or floatingassignment virtual desktops. Dedicated desktops mean that users log in to the same desktop
every time. Floating desktops are returned to the pool when a user logs out.
18
Advanced pool management features View pool management features enable you to use the
desktop cloning features in vCenter Server and View Composer and save power by suspending
desktops that are not in use. Suspending desktops this way also frees memory and processing
power on the ESX/ESXi host.
Ability to cluster connection servers together for high availability and redundancy Creating a
high availability environment avoids a single point of failure. And it adds scalability that eases
expanding the environment to support a larger number of users.
Support for RSA SecurID and smart cards Both provide strong, two-factor authentication for
added security for end users accessing virtual desktops from clients.
View Persona Management Dynamically associates a user persona to virtual desktops. You
can deploy easier-to-manage stateless floating desktops to more use cases while enabling user
personalization to persist between sessions.
19
Support for USB client devices and multimedia redirection USB devices can be locally
connected to clients and accessed through the virtual desktop.
Flexible deployment options This flexibility enables deploying critical components of View to
different parts of the network to improve security and scalability of the environment.
Internationalization
Slide 2-10
View Client and online help for View Client are available in the
following languages:
Japanese
French
German
Simplified Chinese
Korean
The following documents are available in these languages:
VMware View Administration

VMware View Installation
VMware View Upgrades
VMware View Architecture Planning
View Client and online help for View Client are available in Japanese, French, German, Simplified
Chinese, and Korean.
Documents that is available in these languages include VMware View Administration, VMware View
Installation, VMware View Upgrades, and VMware View Architecture Planning. All documents are
available at http://www.vmware.com/support/pubs.
20
Use Cases
Slide 2-11
Offshore development
Remote office and telecommuting
C ll centers
Call
t
Office hotelling
Desktop
p replacement
p
Brokerage firms
Health care industry
Business continuity and disaster recovery
Any scenario where cost savings, centralized management, security,
user flexibility, and green computing are drivers
Many use cases appropriate are for View. Only two are discussed in detail here.
One use case is to use View to relocate development and operational functions outside the country.
In this use case, View:
Provides centralized, static desktops and test systems while eliminating the risk of data
movement or loss
Simplifies the provisioning process for users traveling between locations
Improves application performance and data movement by moving client systems closer to the
servers and data typically accessed and supported
A View implementation involves the following:
View virtual desktops are provided to remote users.
Data and applications are moved to servers and storage arrays in the corporate datacenter. Data
containment features then prevent data and applications from leaving the datacenter.
Users moving between locations are served by one of the standard desktop images, with data
serviced in the datacenter.
21
Business continuity (BC) and disaster recovery (DR) planning is required to support users offsite
from alternative offices and home computers. Comprehensive BC/DR plans achieve:
Reduction in support effort and hardware cost to support exception scenarios
Consolidation of work effort, support, and cost of BC, DR, and production requirements into a
single computing model
Simplification of client computing by providing a single interface and access to all applications
regardless of location or scenario
Stateless devices provisioned to reduce setup complexity and reduce support effort and cost
A View implementation enables the following:
BC/DR sites can be provisioned ahead of time with appropriate network access.
Thin client devices can be provisioned at BC/DR sites much less expensively than traditional
(thick) clients.
Thin client setup is much faster than setup of a standard PC.
Virtual desktops can be migrated or failed over from exception sites, if adequate resources are
available at a DR site.
The ability to deploy virtual desktops from a single virtual machine instance reduces virtual
desktop setup time.
22
View Components
Slide 2-12
Self-service, single sign-on

PCoIP remote display protocol
Support for thick and thin client devices
Support for Windows and Mac client devices
View Persona Management (roaming profiles)
Local Mode
Secure, offline desktop capability
Storage-saving linked clones

Tiered storage options
Rapid desktop deployment
Quick update/patch management
View user interface
Automated desktop provisioning/decommissioning

Secure connections to desktops
Desktop pools that can expand on demand
Desktop session timeouts
View Composer
Thi
ThinApp
A
Application virtualization
View Administrator can
assign and install
ThinApp MSI packages.
Virtual Printing
Universal print driver
These components are discussed on the following pages.
23
PCoIP Supports the Broadest Coverage of Use Cases

Slide 2-13
LAN delivery
WAN delivery
High
Hi h b
bandwidth
d idth
PC experience
Low
L
b
bandwidth
d idth
Productivity desktop
RDP
RDP
VMware View Connection Server
Task
T k worker
k
Knowledge worker
Developers
2-D, 3-D, Flash, multimedia
Power user
Designer
High resolution 3-D
RDP
virtual desktops
blade PCs
IT departments are faced with many deployment options and use cases. As the slide shows, the
display protocols are designed to solve specific challenges for specific use cases.
View Connection Server using PCoIP is designed to provide a flexible solution that is capable of
addressing the broad set of use cases and deployment scenarios shown on the slide.
24

Slide 2-14
Desktop connection broker maintains desktop assignment

Supports SSL connection to desktop using RDP
S
Supports
RSA S
SecurID
ID and
d smart card
d authentication
h i i
Uses vCenter Server to provision virtual desktops as needed:
Existing virtual desktops (dedicated to a user)
Dedicated-assignment pools (dedicated to a user)
Floating-assignment
g
g
p
pools ((available to any
y user))
Supports multiple desktop operating systems:
Supports virtual desktops operating locally on physical client systems
Windows 7
Windows XP
Windows Vista
Administered from a Web-based interface
View Connection Server can run on either a physical or a virtual machine, although running View
Connection Server on a virtual machine has many advantages.
View Connection Server works with vCenter Server systems to manage virtual desktops. Desktops
can be individual virtual machines that are dedicated to a user. The desktops can also be members of
an automated pool that is deployed on demand. An automated pool can deploy dedicated-assignment
or floating-assignment desktops:
Dedicated-assignment desktop Users are allocated a desktop that retains all of their
documents, applications, and settings between sessions. The desktop is statically assigned the
first time that the user connects and is then used for all subsequent sessions. No other user is
permitted access to the desktop.
Floating-assignment desktop Users might be connected to different desktops from the pool
each time that they connect. Environmental or user data does not persist between sessions.
View Connection Server supports the use of a virtual desktop that operates on a physical client
system. This capability is called local-mode desktops. First, you check out a vCenter Server virtual
desktop, which moves the desktop image to your client system. You can then disconnect from View
Connection Server and use the desktop in local mode until you are ready to upload all changes and
reconnect to the online version.
25
Desktops, whether virtual machines or physical machines, must be Windows 7, Windows XP, or
Windows Vista systems. View Connection Server also manages desktops from a Microsoft Terminal
Services server.
For DMZ deployments, View Connection Server provides a security server. The security server can
be deployed using RDP as the remote display protocol.
For high availability deployments, more View Connection Servers can be deployed. They are called
replica instances of a View Connection Server. All View servers use a replicated database to remain
coordinated.
View Administrator, a Web-based management interface, enables View administrators to perform all
the configuration, deployment, and administrative tasks for View.
26
View User Interface

Slide 2-15
View Client for Windows, Mac systems, iPad, Android tablets, and certain
tthin client
c e t devices
de ces
View Client with Local Mode for Windows client systems
View API Embedded in certain thin client devices
Access:
Single sign-on to remote desktop session

Unified access to:
Desktop virtual machines

Ph i l d
Physical
desktops
kt
(PC or blade
bl d systems)
t
)
Terminal Server sessions
Three types of clients can access View desktops:

View Client Software that installs into a Windows or Mac client system. The client system
can be Windows 7, Windows XP, Windows Vista, Mac OS X Leopard 10.5, Mac OS X Snow
Leopard 10.6, Android-based tablets, and Apple iPads.
Thin clients and zero clients.
View Client with Local Mode Permits an image of an online virtual desktop to be moved to a
local system, used as if it is a remote desktop, and then moved back.
After a user authenticates with View server, the sign-on can be passed through to the virtual desktop.
The user sees a single sign-on process. If a smart card is used for authentication to access the client
system, those credentials are passed to the connection server and on to the assigned desktop.
27
View Client with Local Mode

Slide 2-16
Checkout of virtual desktops to physical devices

Supported on Windows client systems
S
Supports
t devices
d i
th
thatt can lose
l
network
t
k
connectivity or work offline, such as laptops
Extends security and encryption policies to offline
users
Uses a heartbeat to View Connection Server for:
Synchronization of desktops
Policy enforcement
View Client with Local Mode addresses the challenge of providing continuous access that is implicit
in any online desktop solution. Through circumstance or choice, users might find themselves in
environments where network availability is limited or absent.
Local mode offers mobile users the ability to check out a cloned instance of certain types of View
desktops onto a local physical system, such as a laptop, that is running Windows. After the local
copy has been checked out, it behaves like a standalone desktop system and can be used with or
without a network connection. The virtual desktop is now considered to be offline. When the user is
ready, the updated instance of the desktop can be checked in and the user can then access the online
virtual desktop. Only the changes are uploaded to the online version.
28
View Composer
Slide 2-17
Disk savings
Supports tiered storage
Shared operating system disk:
base
image
read-only
Replicates
R
li t changes
h
quickly
i kl across
dependent virtual machines
Persistent user data disk:
parent
Installed on each vCenter Server

system (but not vCenter Server
Appliance)
desktop B
delta
disk B
desktop A
Retains user-specific
user specific data
QuickPrep or Sysprep for user

personalization
Image separation:
desktop A
delta
disk A
Uses linked-clone technology:
desktop B
persistent
disk
persistent
disk
View Composer enables View Connection Server administrators to rapidly clone and deploy
multiple desktops from a single centralized base image, called a parent virtual machine. After the
desktops have been created, they remain indirectly linked to a snapshot residing on the parent virtual
machine. View Composer is a separate Windows service that must be installed on the same system
that hosts vCenter Server. It is a colocated service.
The link is indirect because the first time a desktop clone is created, a uniquely identified copy of
the parent virtual machine (called a replica) is also created. All the desktop clones are anchored to
the replica, not to the parent virtual machine. Desktops of this type are called linked-clone desktops.
Because all the linked-clone desktops in this environment are connected to a common source (the
replica virtual machine), View Composer permits the centralized management of desktops while
maintaining a seamless user experience. Tasks like resetting each system to its default configuration,
balancing storage, installing software, and applying service packs are greatly accelerated by this
type of deployment.
When a View administrator configures an automated dedicated pool that uses linked-clone
technology, an option is to attach a persistent user data disk to the clone. The user data disk retains
user-specific data and is never affected by normal centralized-update operations.
29
View Composer will use either the VMware QuickPrep process or Microsoft Sysprep to personalize
each deployed desktop. Although QuickPrep is similar to Microsoft Sysprep and is much faster, it
does not generate a new system ID for each linked-clone desktop.
View Composer must be installed on the same system that hosts vCenter Server. Using vCenter
Server Appliance with View Composer is not supported.
30
ThinApp and Virtual Printing

Slide 2-18
ThinApp:
Virtualizes and encapsulates applications:
Decouples
D
l applications
li ti
and
dd
data
t ffrom th
the operating
ti system
t
Allows one copy of application to be run by multiple users
View Connection Server enables deployment of ThinApp MSI

packages
k
di
directly
tl tto specific
ifi desktops
d kt
or allll d
desktops
kt
iin a pool.
l
Virtual Printing:
Uses the Cortado ((renamed from ThinPrint)) virtualized p

printer driver,,
included in the View Client
Eliminates the need for specific printer drivers in each desktop users
y have access to the right
g p
printer.
always
Uses compression to minimize network use
Supports location-based printing
Application virtualization using ThinApp streamlines the management of applications. ThinApp

enables organizations to create fewer desktop images by developing a basic image and allowing
deployment of applications into those images with no retesting needed. Another benefit is that
upgrading an operating system is easier without so many resident, installed applications. ThinApp
further increases the storage savings that a flexible virtual desktop architecture already provides.
ThinApp enhances the deployment of applications in a View environment. View Connection Server
can assign a ThinApp package to one or more desktops and then remotely install the package on
these desktop systems.
The Virtual Printing feature of View enables View Client users to transparently use local or network
printers from their desktop systems. Yet it removes the requirement for installing proprietary printer
drivers on each virtual desktop.
Virtual Printing is a plug-and-play solution. After a printer has been installed on the local client
system, it is automatically added to the list of available printers on the View-managed virtual
desktop. No further configuration is required.
VMware licenses this capability from Cortado (previously known as ThinPrint).
31
vShield Endpoint Integration

Slide 2-19
Improves performance and

effectiveness of existing
endpoint security solutions:
Offloads antivirus (AV) activity

to security virtual machine
(SVM)
Eliminates desktop agents and
AV storms
SVM
AV
VM
VM
VM
persona
app
OS
persona
app
OS
persona
app
OS
kernel
BIOS
OS
hardened
kernel
BIOS
kernel
BIOS
introspection
Enables comprehensive
desktop virtual machine
protection
VMware vSphere 4.1

41
Centrally manages AV service

across virtual machines with
detailed logging of AV activity
Partner integration
g
vShield Endpoint delivers an introspection-based antivirus solution. vShield Endpoint uses the
hypervisor to scan guest virtual machines from the outside without a bulky agent. vShield Endpoint
is efficient in avoiding resource bottlenecks while optimizing memory use.
vShield Endpoint installs as a hypervisor module and security virtual machine from a third-party
antivirus vendor (VMware partners) on an ESX/ESXi host.
The vShield Endpoint thin agent must be installed on each guest virtual machine to be protected.
Virtual machines with the thin agent installed are automatically protected whenever they are started
on an ESX/ESXi host that has the security solution installed. That is, protected virtual machines
keep the security protection through shutdowns and restarts and even after a vMotion migration to
another ESX/ESXi host with the security solution installed.
Centralization of an antivirus solution through vShield Endpoint eliminates agent sprawl across
desktop virtual machines. Centralization also helps eliminate the antivirus storm issues that are
typically associated with antivirus services distributed across virtual machines.
vShield Endpoint requires vCenter Server 4.1 or later.
32
Extensibility to Third-Party Management Tools

Slide 2-20
Automation and integration with Windows PowerShell:
View PowerCLI cmdlets can be used to administer View from the

Windows PowerShell command line
line.
Allows:
Configuration of vCenter Server systems

M
Management
off licensing,
li
i
global
l b l configuration,
fi
i
connection
i servers, pools,
l
entitlements, and desktop-user assignments
Integration with Microsoft System Center Operations Manager

(SCOM)
Third-party management tools can be used to manage the View environment. View includes
automation and integration with Windows PowerShell and integration with Microsoft System Center
Operations Manager (SCOM).
View PowerCLI provides Windows PowerShell cmdlets to administer View from the command line.
Windows PowerShell uses the Microsoft .NET object model and provides administrators with
management and automation capabilities. As with any console environment, you work with
Windows PowerShell by running commands, which are called cmdlets.
View Connection Server includes more than 45 Windows PowerShell-based cmdlets. You can use
these cmdlets with the VMware vSphere PowerCLI cmdlets. You can also use the View cmdlets to
examine the configuration of vCenter Server systems and management of licensing, global
configuration, connection brokers, pools, entitlements, and desktop-user assignment. This
enhancement allows for automation and scripting and provides extensibility to administration tasks.
View PowerCLI is installed during the View Connection Server installation.
For more about using View PowerCLI, see VMware View Integration at http://www.vmware.com/
support/pubs.
33
View Licensing
Slide 2-21
Enterprise and Premier editions:
Enterprise vSphere Desktop edition, vCenter Server system, and View

Connection
Co
ect o Se
Server
e
Premier vSphere Desktop edition, vCenter Server system, View
Connection Server, View Composer 2.7, View Persona Management, View
Client with Local Mode, ThinApp 4.6, and vShield Endpoint.
Licensed per concurrent user:
Number of desktop machines that are simultaneously receiving remote

connections from client systems
Additional licensing required:
Support and subscription services

Guest operating system licensing for desktops
View is sold in two editions, Enterprise and Premier, either as a bundled solution that includes
vSphere or as a desktop add-on to a separate or existing vSphere purchase. View Enterprise offers
the View desktop management product. View Premier includes several additional components to
substantially lower the costs of managing applications and desktops.
For further information, see VMware View 4.5 FAQ: Pricing, Licensing and Support at
http://www.vmware.com/technical-resources/products/view.html.
34
vSphere Desktop Edition

Slide 2-22
vSphere Desktop edition provides:
All capabilities of vSphere Enterprise Plus

Unlimited vRAM entitlement
vSphere Desktop edition is designed for licensing vSphere in VDI

deployments.
vSphere Desktop edition can be:
Used for only VDI deployments

Leveraged with both View and other third-party VDI connection brokers
vSphere Desktop edition is licensed based on the total number of

powered-on desktop virtual machines.
vSphere Desktop edition is designed for licensing vSphere in VDI deployments. vSphere Desktop
licensing is based on the total number of powered-on desktop virtual machines.
vSphere Desktop edition provides all the capabilities of vSphere Enterprise Plus, as well as an
unlimited vRAM entitlement.
vSphere Desktop edition can be used for only VDI deployments. It can also be used with View and
third-party VDI connection brokers.
35
Required vSphere Components

Slide 2-23
ESX/ESXi hosts
vCenter Server system
S ft
Software:
VMware vSphere 5.0 or later

VMware vSphere 4.1 Update 1 or later
VMware vSphere 4.0 Update 3 or later
vCenter Server
systems
If Sysprep is used to provision a desktop:
For Windows XP desktops, Microsoft Sysprep

tools must be installed on the vCenter Server
system.
A customization specification that permits
cloned virtual machines to join the AD domain
ESX/ESXi hosts
View requires vSphere 5.0, vSphere 4.1, or vSphere 4.0. Current versions of ESX/ESXi hosts must
be present and managed by current vCenter Server instances.
If Sysprep is used for template-based Windows desktop deployment or linked-clone deployment, the
vCenter Server system must have Microsoft Sysprep tools installed. All Sysprep customization
requires a vCenter Server customization specification that permits cloned virtual machines to join an
AD domain.
Requirements for View Connection Server:
vSphere 5.0 or later
vSphere 4.1 Update 1 or later
36
Required AD Components
Slide 2-24
A Microsoft AD domain must be present.
Domain membership is required for:

All desktops
Domain membership is not required for:
vCenter Server systems

View Clients
View security servers
Required components:
AD domain controllers
DNS with both forward and reverse lookup zones
DHCP
View Connection Server relies on Active Directory for authentication. The virtual desktops and the
View Connection Servers (standard and replica instances) must be members of a domain. But
domain membership is not required for vCenter Server, View clients, or View security servers.
To add users to a different AD domain, you must establish a two-way trust relationship between the
domain and the domain in which View Connection Server is located.
37
Review of Learner Objectives

Slide 2-25
You should be able to do the following:
38
Describe the differences between a virtual desktop infrastructure and

Server.
Describe the features and benefits that View offers.
Identify View components:
View Connection Servers

Virtual desktops
Client systems
View Composer
Explain the major function of each View component.

List the system requirements for a successful View installation.
Key Points
Slide 2-26
View features include:
vSphere integration
Enterprise-class connection brokering and simplified desktop

management
Support for existing desktops and automatically provisioned desktops

Superior end
end-user
user experience with PCoIP
Flexible end-user access
View components include :
View Connection Servers, which manage View desktops

View Composer, which creates and manages linked-clone desktops
View desktops,
desktops which are installed with View Agent
View client options, which include View Client, View Client with Local
Mode, Apple iPad, and Android-based tablets
39
40
MODULE 3

e
Slide 3-1
Co
ect o Se e
Module 3
3
41
You Are Here

Slide 3-2
Course Introduction
Local-Mode Desktops


p Options
p
View Client Options
View Administrator
42
VMware ThinApp
Importance
Slide 3-3
Installing and properly configuring VMware View Connection

Server is essential for a successful View deployment.
3
Module 3 View Connection Server
43
Module Lessons
Slide 3-4
Lesson 1:
Installing View Connection Server
Lesson 2:
Configuring View Connection Server
44
Lesson 1: Installing View Connection Server

Slide 3-5
Lesson 1:
Installing View Connection Server
45
Learner Objectives
Slide 3-6
After this lesson, you should be able to do the following:
46
Compare the types of connection servers.

List the recommended hardware requirements for View Connection
Server.
Identify the VMware vSphere requirements for a connection server.
Describe the network and firewall configurations for View Connection
Server.
Discuss the role and use of the Active Directory Application Mode
(ADAM) and AD Lightweight Directory Service (AD LDS).
Deploying View (1)

Slide 3-7
1. Set up vSphere infrastructure.

2. Configure the AD domain:
a. C
Create
t one or more domain
d
i global
l b l groups ffor Vi
View users.
b. Add these groups to Remote Desktop Users group.
c. Identify and add existing users to the appropriate domain users group.
3. Configure
C f
DNS
S and DHCP
C services to support View.
4. Install and configure View Connection Server:

a. Join the connection server system to the domain.
b. Install View Connection Server software.
c. License View Manager.
The View Transfer Server does not need to be a member of the domain. You might want to omit this detail here
because the View Transfer Server and its function have not been discussed. The View Connection Server instance in
this case is the standard connection server, the first connection server that is installed.
47
Deploying View (2)

Slide 3-8
5.
Create virtual desktops:

a.
b
b.
c.
d.
Join desktop systems to the domain.

Enable Remote Desktop access
access.
Add the View users group to the remote access list.
Install View Agent.
6 Configure pools of desktops:

6.
a. Add manual or automated pools.
b. Entitle users to access the desktops in each pool.
7. Install the View Client on a client system.

8. Test connectivity and functions.
9. Go live.
48
You Are Here in View

Slide 3-9
View
Administrator
VMware vCenter
Server systems
virtual desktops
with View Agents
thin client
VMware ESX
/ESXi hosts
View Client with
Local Mode
View
Connection
Server
View Client
AD domain controllers
49
View Connection Server Requirements

Slide 3-10
Hardware:
Dedicated physical or virtual server

Minimum Pentium IV 2.0GHz CPU:
View
Connection Server
Dual processors recommended
Memory:
Minimum 4GB for Windows Server 2008 R2, 64-bit

Minimum 2GB for Windows Server 2003 R2, 32-bit
Minimum of 10/100Mbps
p NIC
Operating systems:
Windows Server 2008 R2 Editions, 64-bit

Windows Server 2008 R2 Editions with SP1, 64-bit
Windows Server 2003 R2 Editions with SP2, 32-bit
Requirements for a computer that is running the VMware View Connection Server include:
Dedicated physical or virtual server
Minimum Pentium IV 2.0GHz CPU (dual processors recommended)
Minimum 4GB of RAM (at least 10GB recommended for deployments of 50 or more View
desktops) for a Windows 2008 R2 64-bit host
Minimum 2GB of RAM (at least 3GB recommended for deployments of 50 or more View
desktops) for a Windows 2003 R2 32-bit host
Minimum 10/100Mbps network interface card (NIC) (1Gbps NIC recommended)
None of these hardware requirements are checked before installation. View Connection Server can
be installed on the following operating systems:
Windows Server 2008 R2 Standard Edition, 64-bit
Windows Server 2008 R2 Enterprise Edition, 64-bit
Windows Server 2008 R2 Standard Edition with SP1, 64-bit
Windows Server 2008 R2 Enterprise Edition with SP1, 64-bit
50
Windows Server 2003 R2 Standard Edition with SP2, 32-bit

Windows Server 2003 R2 Enterprise Edition with SP2, 32-bit
3
51
View Connection Server Prerequisites

Slide 3-11
A supported version of vSphere, which can be:
vSphere 5.0 or later

vSphere 4
4.0
0 Update 3 or later
At least one ESX/ESXi host
At least one vCenter Server instance
Host systems that are running View Connection Server must be members of
an AD domain, which can be:
Windows 2000 Active Directory

Microsoft Sysprep tools for Windows XP desktops

A customization specification that joins clones of virtual machines to the AD
domain
View Composer, if linked-clone desktops are to be deployed
A valid license key for View
The View Connection Server has several prerequisites:

VMware vSphere (current versions of VMware ESX/ESXi and VMware vCenter
Server), with at least one ESX/ESXi host and one vCenter Server instance. You can have a
single View Connection Server with connections to multiple vCenter Server instances, each
managing multiple ESX/ESXi hosts.
Servers running View Connection Server must be members of an Active Directory (AD)
domain. View Connection Server supports the following versions of AD:
For Sysprep-based desktop deployments, Microsoft Sysprep tools must be installed on your
vCenter Server system if Windows XP desktops are used. All template-based clones use
Sysprep and, optionally, linked clones can use Sysprep.
For Sysprep-based desktop deployments, a customization specification must already exist that
permits cloned virtual machines to join the AD domain. This customization specification must
be configured to force a virtual machines deployed with it to join the AD domain.
52
For linked-clone desktop deployments, View Composer must reside on the same system as
vCenter Server.
A valid license key for View.
The View Transfer Server does not have to be a member of the domain. You might want to omit this detail here
because the View Transfer Server and its function have not been discussed. The View Connection Server instance
referenced here performs the broker functions.
3
53
SSL Certificate Requirements for View Administrator

Slide 3-12
View comes with a self-signed

certificate when View Connection
Server is installed.
The self-signed certificate displays
a security warning message when
you access View Administrator
because it is:
Not secure
Prone to allow untrusted
parties
ti tto intercept
i t
t the
th data
d t traffic
t ffi
Organizations using View must create a CA-signed certificate.

CA-signed certificates ensure that:
Data is secure
The organizations server is not intercepted by untrusted parties
A self-signed certificate is included when View Connection Server is installed.

Because of the self-signed certificate, a security warning message is displayed when you access
View Administrator. You may ignore the warning on the page to open View Administrator. A selfsigned certificate can allow untrusted parties to intercept traffic by masquerading the organizations
server.
Thus, organizations must create a CA-signed certificate after installing View Connection Server.
When a CA-signed certificate is created, the certificate error message is no longer displayed while
accessing View Administrator. CA-signed certificates also ensure that the data is secure and not
prone to interception from untrusted parties.
54
Preinstallation Checklist
Slide 3-13
An AD domain controller
A Microsoft IIS server or any other Web server using port 80 or 443
A vCenter Server instance
A Microsoft Terminal Services server
Another View component
The Windows 2003 R2 or Windows 2008 R2 system that is hosting

View Connection Server cannot perform any other function or role,
such as:
Host system requirements:
Host must be in a Windows domain

Host must have a static IP address
The host
host's
s FQDN must be resolvable from any point on the network
network.
To install View Connection Server, use a domain user account with

administrator privileges on the server system.
You must check several things before installing View Connection Server.
Make sure that you pick the right Windows 2003 R2 or Windows 2008 R2 system. The system can
be a physical machine or a virtual machine, but the system cannot be one of the following:
An AD domain controller
A Microsoft Internet Information Services (IIS) server (or any other Web server using port 80
or 443)
A vCenter Server instance
A Microsoft Terminal Services server
Other requirements include:
The View Connection Server system must be a member of the Windows domain. The View
Connection Server system must be a member of an AD domain. To add users to a different
domain, a two-way trust must exist between the two domains. It is possible to limit the domains
that are searched by using domain filtering, a feature that is discussed later.
55
The host system should have only one network interface. You can install View Connection
Server on a system with multiple NICs, but View Connection Server will use only one NIC and
the NIC cannot be specified.
The host system must use a static IP address.
Systems elsewhere in the network must be able to resolve the fully qualified domain name
(FQDN) of the connection server host system. That is, the connection server system must be
reachable.
You must be able to browse to http://localhost on this system.
56
Starting the Installation

Slide 3-14
Begin the installation of the View Connection Server by running

VMware-viewconnectionserver-x86_64-<build>.exe.
You are p
prompted
p
to select the destination folder.
The folder contains only program binaries and files.
An LDAP directory contains the View Manager configuration data.
Begin the installation of the View Connection Server by downloading and running VMwareviewconnectionserver-<build>.exe (32-bit systems) or VMwareviewconnectionserver-x86_64-<build>.exe (64-bit systems).
You are prompted to select the destination folder for the software. This folder is only the destination
of binaries. Data that is used by View is stored in the vCenter Server database, AD, and an
Lightweight Directory Access Protocol (LDAP) directory. The LDAP directory is an embedded
directory that serves as the LDAP data repository for all View Connection Server configuration
information. The LDAP directory is created when the View Connection Server is installed.
57
Selecting the Type of Connection Server

Slide 3-15
For the first View Connection Server in a connection server group,

select View Standard Server.
Four types of View Connection Server are possible. If this is your first View Connection Server,
select View Standard Server. The other three options:
View Replica Server A connection server that operates as a peer to the standard connection
server
View Security Server A version of View Connection Server that operates as a security
gateway for desktop access from the public network
View Transfer Server A version of View Connection Server that handles the transfers of
virtual desktops for local-mode access
These three options are discussed later in the course.
58
Accepting the ADAM or AD LDS License

Slide 3-16
ADAM and AD LDS are

Microsoft products AD addons:
ADAM is for Windows 2003
AD LDS is for Windows 2008
View uses ADAM or AD LDS to

create an embedded LDAP
directory.
No changes to the AD schema
occur.
Active Directory Application Mode (ADAM) is a Microsoft product for Windows 2003 that is an
LDAP extension of AD. AD Lightweight Directory Service (LDS) is the name of the same product
for Windows 2008. It allows user software (in this case, View Connection Server) to store LDAP
data in a database that has the same basic structure as AD. But because this is a separate LDAP
directory, View Connection Server does not have to change the AD schema. ADAM and AD LDS
share the same code base as AD but have smaller resource requirements.
For a View Connection Server running on a Windows 2003 R2 or Windows 2008 R2 server system,
ADAM or AD LDS is an embedded LDAP directory that is created during the connection server
installation.
The View LDAP directory contains the following components that are used in View Connection
Server:
Specific View Connection Server schema definitions
Directory information tree (DIT) definitions
Access control lists (ACLs)
59
View LDAP contains entries that represent the following View Connection Server objects:
Virtual desktop entries that represent each accessible virtual desktop
Virtual desktop pool entries that represent multiple virtual desktops managed together
Virtual machine entries that represent each virtual desktop
View Connection Server component configuration entries that are used to store configuration
settings
You use the ADSI Edit utility to modify View LDAP. The ADSI Edit utility is installed with View Connection Server.
When you change the View LDAP directory on a View Connection Server instance, the change is propagated to all
replicated View Connection Server instances.
See the Microsoft TechNet Web site for information about using the ADSI Edit utility.
After starting ADSI Edit (Start > Programs > ADAM > ADAM ADSI Edit), select or connect to DC=vdi,
DC=vmware, DC=int. See VMware View Manager Configuration Data Export and Import at http://
www.vmware.com/pdf/viewmanager_data_exp_imp.pdf for a few details on the View LDAP directory. The document
was written for View Manager 3.0 and, as of December 2011, has not been updated.
60
Opening Firewall Ports

Slide 3-17
For Windows Server 2008 R2, the installation program can configure
the required Windows firewall rules.
For Windows
F
Wi d
Server
S
2003 R2
R2, you mustt configure
fi
th
the required
i d
Windows firewall rules manually and open these incoming ports:
80 for HTTP
443 for HTTPS

4172 for PCoIP
4001 for JMS

4100 for JMSIR
8009 for AJP13
By default, Windows 2003 R2 and Windows 2008 R2 servers have the Windows Firewall service
active.
When you install View Connection Server on Windows Server 2008 R2, the installation program
can configure the required Windows firewall rules for you. But when you install View Connection
Server on Windows Server 2003 R2, you must configure the required Windows firewall rules
manually.
The incoming TCP ports that must be opened on the firewall for View Connection Server instances
and security servers are:
Port 80 HTTP is used by the standard, replicated, and security servers.
Port 443 HTTPS is used by the standard, replicated, and security servers.
Port 4172 PCoIP is used by the standard and security servers.
Port 4001 JMS (Java Message Service) is used by the standard and replicated servers.
Port 4100 JMSIR (Java Message Service Internode Router) is used by the standard and
replicated servers.
Port 8009 AJP13 (Apache JServ Protocol) is used by the standard and replicated servers.
61

Slide 3-18
62
Compare the types of connection servers.

List the recommended hardware requirements for View Connection
Server.
Identify the VMware vSphere requirements for a connection server.
Describe the network and firewall configurations for View Connection
Server.
Discuss the role and use of the Active Directory Application Mode
(ADAM) and AD Lightweight Directory Service (AD LDS).
Lesson 2: Configuring View Connection Server

Slide 3-19
Lesson 2:
Configuring View Connection Server
63
Learner Objectives
Slide 3-20
Outline the steps to initially configure View Connection Server:

1.
1
2.
3.
4
4.
64
Perform
P
f
an initial
i iti l llogin.
i
Enter the license key.
Establish vCenter Server associations.
C fi
Configure
access to the
h events d
database.
b
Connecting to View Connection Server with Browser

Slide 3-21
https://<FQDN_of_connection_server>/admin
admin must be lowercase.
3
Supported browsers:
Internet Explorer 7, 8, and 9

Firefox 3.0 or 3.5
Adobe Flash Player 10 or later must be installed.

Set screen resolution to 1024x768 or higher.
To begin setup of the View Connection Server, use one of the supported browsers to open a Web
page. Go to https://<host_name_or_IP_address>/admin. Make sure that you end the URL with
lowercase admin. The Web page name (admin) is case-sensitive.
Depending on your browsers security level, you might see a Web site security certificate error.
Click Continue to this Web site.
View Administrator is written in Adobe Flex, which requires Adobe Flash Player 10.
View Administrator is best displayed with a screen resolution of at least 1024x768.
65
Logging In to View Administrator

Slide 3-22
Log in to View Administrator.

Initially, can be any domain user in the local Administrators group:
Can be restricted later
Log in to View Administrator. Initially, all domain users who are members of the local
administrators group on the View Connection Server are allowed to log in to View Administrator
(BUILTIN/Administrators group). You can change the list of View Connection Server
administrators later.
66
Initial Login
Slide 3-23
The first login requires basic configuration.
3
The slide shows what the View Administrator looks like on first login. Navigation links in the left
pane are organized by object category and then by type of object:
Inventory Contains information about pools, desktops, persistent disks, and VMware
ThinApp applications.
Monitoring Contains events, remote sessions, and local sessions information.
Policies Global policies are configured from this selection.
View Configuration:
Servers goes to a page to configure vCenter Server systems, View Connection Servers,
security servers, and View Transfer Servers.
Product Licensing and Usage displays the page shown on the slide.
Global Settings enables View administrators to modify settings that apply to this
connection server.
Registered Desktop Sources displays details about Microsoft Terminal Services, physical
machines, and virtual machines that are not running on ESX/ESXi hosts. These sources are
registered with a specific View Connection Server when View Agent is installed.
67
Administrators goes to a page that enables you to grant permissions to administrators to

perform selected operations on pools or global settings.
ThinApp Configuration goes to a page where the repository of ThinApp application
packages can be configured.
Event Configuration goes to a page where the event database can be configured.
Transfer Server Repository goes to a page where you can configure access to a repository
of encrypted and compressed copies of View Composer base images. Linked-clone
desktops can be downloaded to client systems to enable local-mode desktops.
You will have to perform basic configuration of the View Connection Server. Configuration
includes:
Adding a valid license serial number
Connecting to a vCenter Server system
Configuring the event database
68
Licensing View Manager and Components

Slide 3-24
License View Manager.
3
License your View Connection Server and verify that the proper View components are enabled. A
single serial number can also license View Composer and View Client with Local Mode. Although
many configuration operations can be performed without a license, including the addition of
desktops and pools, a client connection to a desktop requires a license.
69
View Servers: vCenter Server Systems

Slide 3-25
S
Select
View Configuration
C f
> Servers
S
to add a vCenter
C
S
Server system.
To configure vCenter Server associations, select View Configuration > Servers in the navigation
pane on the left. The panels display the four kinds of servers that can be used in a View deployment:
View Connection Servers The connection server appearing in this panel is the standard View
Connection Server that was installed. This View Administrator session is supported by this
connection server.
vCenter Servers This panel shows all the vCenter Server systems that are associated with
this connection server group. Click Add to add a vCenter Server system.
Security Servers This panel shows the optional View security servers that are paired with this
connection server instance. Security servers are discussed in a later module.
Transfer Servers View Transfer Server is an optional View Connection Server component
that supports check-in, checkout, and replication of desktops that run in local mode. View
Transfer Server is discussed in a later module.
70
Adding vCenter Server Systems

Slide 3-26
Add the
th vCenter
C t Server
S
systems
t
that
th t are managing
i
the
th virtual
it l
desktops.
The vCenter Server system does not have to be a member of the

domain.
The user name must have certain vCenter Server privileges.

Customize a role for View Manager
g use.
Add the vCenter Server systems. You associate a vCenter Server system with this View Connection
Server by entering the FQDN of the vCenter Server system. This vCenter Server system must be the
system that is managing the ESX/ESXi hosts that will be hosting the virtual desktops. View does not
require that the vCenter Server system be a member of the domain.
If a View administrator is not an administrator in vCenter Server, you must assign a vCenter Server
role that allows View Connection Server to perform its operations. The vCenter Server role (named
ViewAdministrator, for example) that is assigned to the user name (viewadmin, in the screenshot)
must, at a minimum, have these privileges assigned:
Folder group:
Select Create Folder.
Select Delete Folder.
Virtual Machine group:
Inventory Select Create and Remove.
Interaction Select Power On, Power Off, Suspend, and Reset.
71
Configuration Select Add new disk, Add or Remove Device, Modify Device Settings,
and Advanced.
Provisioning Select Customize, Deploy Template, and Read Customization
Specifications.
Resource group:
Select Assign Virtual Machine to Resource Pool.
The Advanced link sets the number of virtual desktops to power on and clone at any one time for
pools. During the initial setup, you do not need to configure these limits.
72
View Event Database

Slide 3-27
View 5.0 uses an event database to record information about View

Manager events.
If the event database does not exist,, log

g files contain limited information.
Log files are not accessible from View Administrator.
The database server can reside on View Connection Server host or on a

dedicated server.
Can be on the same database server as View C
C
Composer database or
vCenter Server database
SQL Server authentication, not Windows authentication, must be used.
Database user must have permission to create tables and views, and
permission to read and write to these objects.
View uses an event database to record information about View Connection Server events. The View
event database should be configured on first login to ensure that detailed event information is
captured for all View Connection Server activities.
The event database stores information about View events as records in a database rather than in a
log file. If you choose not to configure an event database, you must look in the log file to get
information about events. The log file contains limited information.
You create an event database by adding it to an existing database server. In addition to reviewing
events with View Administrator, you can also use enterprise reporting software to analyze the events
in the database. The database server for the event database can reside on a View Connection Server
host or on a dedicated server. Or you can use an existing database server, such as the server that
hosts a View Composer database. You cannot use an ODBC data source for this database. View
Connection Server uses the appropriate database server API, instead.
To establish an event database:
1. Add a database to the database server and give it a descriptive name like ViewEventsDB.
2. Add a user for this database who has permission to create tables, views, and, in Oracle, triggers
and sequences, as well as permission to read from and write to these objects.
73
The event database can be a SQL Server database or an Oracle

database.
database
For a Microsoft SQL Server database, you must use the SQL Server authentication method of
authentication. The Integrated Windows Authentication security model method of
authentication is not supported by View Connection Server.
After the database is created, the schema is installed when you configure the database in View
Administrator.
Before you can use View Administrator to configure an event database on Microsoft SQL Server,
you must configure the TCP/IP properties and verify that the server uses SQL Server authentication:
1. Open SQL Server Configuration Manager and expand SQL Server
<YYYY_network_configuration>.
2. Select Protocols for <server_name>.
3. In the list of protocols, right-click TCP/IP and select Properties.
4. Set Enabled property to Yes.
5. Verify that a port is assigned or, if necessary, assign one. The default port for SQL Server is port
1433.
For information about the static and dynamic ports and how to assign them, see the online help
for the SQL Server Configuration manager.
6. Verify that this port is not blocked by a firewall.
At the time this course was developed there were no guidelines available for sizing the event database. The historical
tables are not capped, so the growth must be monitored.
Open Database Connectivity (ODBC) is a widely accepted API for database access. ODBC is designed for maximum
interoperability. It allows a single application to access different database management systems with the same source
code. If an application is to support various database systems, ODBC simplifies application development. vCenter
Server and View Composer use ODBC because both support nearly the same choice of databases. View
Connection Server supports only two database servers and uses the appropriate API. So ODBC and a data system
name are not necessary when configuring the event database.
74
Integrating with the Event Database

Slide 3-28
Event database tables:
event Metadata and search optimization data for recent events

event_data Data values for recent events
event_data_historical Data values for all events
event_historical Metadata and search optimization

p
data for all events
Details about events are recorded in all database tables:

After the configured period of time has elapsed for an event, the event
is deleted from the event and event
event_data
data tables
tables.
Growth of historical tables is not restricted.

You can use business intelligence
g
reporting
p
g engines,
g
, such as Crystal
y
Reports, to access and analyze the event database.
The event database consists of four tables:

event Contains metadata and search optimization data for recent events
event_data Contains the data values for recent (one, two, or three days) events
event_data_historical Contains the data values for all events
event_historical Contains metadata and search optimization data for all events
The event database prepends the names of these tables with a prefix that you define when you
configure the database.
View records details about events to all the database tables. After a period of time has elapsed since
writing an event record, View deletes the record from the event and event_data tables. You can use
View Administrator to configure the time period for which the database keeps a record in the event
and event_data tables.
View does not restrict the growth of the event_historical and event_data_historical tables. You must
implement a space management policy for these tables.
For details about the schema for each of the tables and the events that are recorded, see VMware
View Integration at http://www.vmware.com/support/pubs/.
75
Configuring the View Event Database

Slide 3-29
The event database must exist and be configured to capture events.

Select View Configuration > Event Configuration and click Edit.
You need the following information to configure an event database:

The DNS name or IP address of the database servers host system.
The type of database server Microsoft SQL Server or Oracle.
The port number that is used to access the database server. The default is 1521 for Oracle and
1433 for SQL Server. If the database server is a named instance of SQL Server, or if you use
SQL Server Express, you might have to configure the port number, as described on the previous
page. See Microsoft knowledge base article 265808 about connecting to a named instance of
SQL Server at http://support.microsoft.com.
The name of the event database that you created on the database server, for example,
ViewEventsDB.
The user name and password of the user that you created for this database. Use SQL Server
authentication for this user. Do not use the Integrated Windows Authentication security model
method of authentication.
An arbitrary prefix for the tables in the event database, for example, VE_. The prefix enables
the database to be shared among View installations.
76
Modifying Event Database Settings

Slide 3-30
Length of time to show events in View Administrator

Number of days
y to classifyy events as new
Events are never deleted from the database.

View Administrator displays only the most recent 2,000 events.
After the event database is configured, you can modify settings:
To configure the aging settings for events in View Administrator, click Edit in the Event Settings
window. Change the length of time to show events (1 week to 6 months) and the number of days to
classify events as new (1, 2, or 3 days), and click OK.
These settings pertain to the length of time the events are listed in the View Administrator interface.
The events are never deleted from the database.
The Event Database panel displays the current configuration of the event database.
Select Monitoring > Events in the navigation pane to verify that the connection to the event
database is successful. If the connection is unsuccessful, an error message appears. If you are using
SQL Express or if you are using a named instance of SQL Server, you might need to determine the
correct port number, as described earlier.
To improve performance, View Administrator displays only the most recent 2000 events from the
event and event_data tables. You can change this limit by adjusting the value of an attribute in
ADAM. If you increase the limit, View Administrator requires more time and system resources to
fetch and display the records. For more details, see VMware knowledge base article 1026196 at
http://kb.vmware.com/kb/1026196.
77
Lab Environment
Slide 3-31
Each ESXi host is preconfigured with the following:
Two Windows 2008 R2 SP1, 64-bit virtual machines:
One Windows 2003 R2 virtual machine:
rs-<ESX/ESXi_host_name> Replica server
Three Windows XP SP3 virtual machines:
cs-<ESX/ESXi_host_name>
ESX/ESXi h t
Connection
C
ti server
sec-<ESX/ESXi_host_name> Security server
cla-<ESX/ESXi_host_name> Client machine

dt1-<ESX/ESXi_host_name> Desktop machine (all Windows XP
desktops are derived from this virtual machine)
cnb-<ESX/ESXi_host_name> Capture-and-build machine for VMware
Thi A
ThinApp
One Windows 7 virtual machine Parent machine for linked clones

Two networks Privnet and Public
Each ESX/ESXi host is preinstalled with seven virtual machines and two networks.
The virtual machines that are used as the View infrastructure systems in this course are Windows
2003 R2 and Windows 2008 R2 machines. You install the appropriate View Connection Server
component on each machine:
cs-<ESX/ESXi_host_name> Connection server
rs-<ESX/ESXi_host_name> Replica server
sec-<ESX/ESXi_host_name> Security server
Three Windows XP SP3 virtual machines are preinstalled:
cla-<ESX/ESXi_host_name> Client A system. This machine is cloned to create a second
client system (client B) after View Client is installed.
dt1-<ESX/ESXi_host_name> Desktop 1 system. After View Agent is installed on this system,
a template is created, which becomes the source for all other Windows XP desktop systems.
cnb-<ESX/ESXi_host_name> Capture-and-build machine for ThinApp. This virtual machine
is used to create the ThinApp project so that it can be deployed to one of the desktop systems.
78
One Windows 7 virtual machine is preinstalled. It will be the parent virtual machine for the linked
clones.
The two networks are:
Privnet Mimics an internal network. All virtual machines are connected to this port group.
Public Mimics an external network. The security server is connected to this port group.
3
79
Lab 1
Slide 3-32
In this lab, you will install and configure the View Connection Server.
1. Add an ESXi host to the vCenter Server inventory.
2. Confirm setup of the virtual machine to be used as the connection
server.
3. Install View Connection Server software.
4. License View Manager.
5. Associate a vCenter Server system with the View Connection Server.
6 Configure an event database
6.
database.
80

Slide 3-33
Outline the steps to initially configure View Connection Server:

Perform
P
f
an initial
i iti l llogin.
i
Enter the license key.
Establish vCenter Server associations.
C fi
Configure
access to the
h events d
database.
b
1.
1
2.
3.
4
4.
81
Key Points
Slide 3-34
82
Installing the View Connection Server is uncomplicated.

TCP port 443 must be opened for View Administrator access to the
Server.
An LDAP directory retains all View Manager configuration information,
such as pool configurations and desktop connection data.
Initial configuration steps include adding a license serial number and
associating a vCenter Server system.
MODULE 4
View Desktops
Slide 4-1
Module 4
4
View Desktops
83
You Are Here

Slide 4-2
Course Introduction
Local-Mode Desktops


p Options
p
View Client Options
View Administrator
84
VMware ThinApp
Importance
Slide 4-3
Desktop systems that are to be managed by VMware View

Connection Server must be properly configured and added to the
View inventory
inventory. Otherwise,
Otherwise they are not visible to a client
client.
4
View Desktops
Module 4 View Desktops
85
Module Lessons
Slide 4-4
Lesson 1:
Configuring Virtual Machines as Desktops
Lesson 2:
Remote Display Protocols
Lesson 3:
View Agent
Lesson 4:
Manual Pool Deployment and Entitlement
86
Lesson 1: Configuring Virtual Machines as Desktops

Slide 4-5
Lesson 1:
Configuring
g
g Virtual Machines as
Desktops
4
View Desktops
87
Learner Objectives
Slide 4-6
Outline the process and choices to set up VMware vCenter Server

managed desktops:
88
Assigning virtual CPUs (vCPUs) and RAM.

Creating Windows 7 virtual machines.
Configuring VMware ESX/ESXi host virtual switches.
switches
Tuning the performance of virtual machines.
Configuring vCenter Server resource pools.
Multiple vCPUs
Slide 4-7
Windows 7, Windows XP, and Windows Vista can be configured with

two virtual sockets.
Each virtual socket can have multiple cores

cores, or vCPUs
vCPUs.
The total number of vCPUs is limited to eight.
All Windows desktops should be configured with only one vCPU, unless a
q
multiple
p vCPUs.
use case requires
For Windows 7 desktops that need to play 720p video using the PCoIP
display protocol, at least two vCPUs are recommended.
Virtual machines with multiple vCPUs can create VMware vSphere

scheduling problems.
View Desktops
Multiple vCPUs might provide better performance for power desktop

users with CPU-intensive applications.
Most desktops operate well with only a single virtual CPU (vCPU). But sometimes a power
desktop user with CPU-intensive applications might perform better with multiple CPUs. Windows
7, Windows XP, and Windows Vista virtual machines are limited to two virtual sockets. Each virtual
socket can have multiple cores. A vCPU equates to a CPU socket.
Using multiple vCPUs per virtual machine might cause problems on VMware ESX/ESXi hosts
that have a limited number of physical CPU cores. All of a virtual machines vCPUs must be
scheduled at the same time on physical cores. So a multi-vCPU virtual machine might spend more
CPU cycles swapped out on a busy system.
Each version of VMware vSphere (4.0, 4.1, or 5.0) has different maximums for the number of
vCPUs that are supported per ESX/ESXi host and for the number of virtual machines. Even if
enough vCPUs are available, the maximum number of virtual machines might impose a limit.
VMware strongly recommends that you consult the appropriate documentation at http://
www.vmware.com/support/pubs for the latest information about configuration maximums and
installation requirements.
Assign a single vCPU for all Windows desktops. Dual virtual CPUs are recommended for computeintensive tasks and use cases and for Windows 7 desktops that need to play 720p video using the
PCoIP display protocol.
89
RAM
Slide 4-8
Analyze the memory requirements for each use case to determine

the best RAM setting for the virtual desktops.
R
Recommended
d d RAM allocations:
ll
ti
32-bit Windows 7 and Windows Vista virtual machines 1GB

64-bit Windows 7 virtual machines 2GB
Windows XP virtual machines 1GB
RAM that is defined at virtual machine creation becomes the
maximum:
The maximum RAM can be changed at any time.

The RAM that is used depends on the applications and use case.
ESX/ESXi memory management provides each virtual machine with only
the RAM it needs, not the RAM given as the maximum.
Utilization can be improved with the use of vCenter Server resource

pools, limits, and shares.
p
When you create a virtual machine, you define its RAM size. The RAM size is a maximum memory
that the virtual machine receives. Arbitrarily creating virtual machines with high RAM might cause
other problems because virtual machines with more RAM are by default given higher priority. The
default values assigned to virtual machines are based on the choice of operating system. Windows
XP virtual machines are assigned 256MB. Windows Vista virtual machines are assigned 512MB.
Windows 7 virtual machines are assigned 1GB. Each use case should be analyzed to determine the
best memory allocation, but a good starting point is to allocate 1GB for Windows XP, Windows
Vista, and 32-bit Windows 7. A 64-bit Windows 7 system should be allocated 2GB of RAM.
ESX/ESXi and VMware vCenter Server have a large number of tuning features, such as resource
pools, limits, and shares, that can improve overall use and performance.
90
Creating a Windows Virtual Machine

Slide 4-9
Create a virtual machine (or deploy a virtual machine from a template).

Choose the appropriate Windows operating system for the virtual
machine and install the operating system
system.
Windows 7 versions supported by View Agent:
64-bit and 32-bit versions

Wi d
Windows
7E
Enterprise
t
i and
d Wi
Windows
d
7P
Professional
f
i
l
Service Pack1
Windows Vista versions supported by View Agent:

32-bit versions only
Windows Vista Business and Windows Vista Enterprise
Service Pack 1 and Service Pack 2
View Desktops
Windows XP Professional SP3 is supported by View Agent.
Begin by creating a virtual machine (or deploy a virtual machine from a gold template). Select the
appropriate Windows guest operating system in the Create New Virtual Machine wizard. The
following versions of Windows are supported by VMware View Connection Server for View
Agent:
Windows 7 32-bit and 64-bit versions of Windows Enterprise and Professional, without a
service pack or with Service Pack 1 (SP1)
Windows Vista 32-bit versions of Windows Vista Business or Enterprise, either SP2 or SP3
Windows XP Professional SP3
After creating the virtual machine, install Windows.
91
Windows 7 and Windows Vista Activation

Slide 4-10
To make sure that View Composer properly activates Windows 7

systems on desktops, use Microsoft volume activation.
The volume-activation
volume activation technology requires a volume license key
key.
To activate with volume activation, use Key Management Service

(KMS), which requires a KMS license key.
To make sure that View Composer properly activates Windows 7 and Windows Vista operating
systems on linked-clone desktops, you must use Microsoft volume activation on the parent virtual
machine. The volume activation technology requires a volume license key.
To activate Windows 7 or Windows Vista with volume activation, you use Key Management Service
(KMS), which requires a KMS license key. See your Microsoft dealer to acquire a volume license
key and configure volume activation.
The activation procedures for linked clones are discussed more later.
92
Windows 7 Sysprep
Slide 4-11
Both Windows Vista and Windows 7 have Sysprep built in to the

operating system:
C:\Windows\system32\sysprep
No additional steps are necessary before customizing desktop
deployments from Windows Vista or Windows 7 templates.
4
View Desktops
Windows Vista and Windows 7 come with Sysprep already present in the operating system. No
additional steps are necessary.
93
Disabling Power Options

Slide 4-12
Power options might put a guest operating system to sleep.

When a guest operating system sleeps, remote computers cannot
connect.
t
Best practice: Do not enable power options for virtual desktops.
For Windows 7 and Windows Vista virtual machines that are going to be virtual desktops, you
should not enable power options. Instead, allow View Connection Server to suspend the virtual
machine when it is not in use. The suspend option must be enabled when the desktop pool is
configured. If a Windows system is in a sleep or hibernation state, View Connection Server is unable
to manage it.
94
ESX/ESXi Virtual Switches

Slide 4-13
The default number of ports for a virtual switch:
For vSphere 5.0, the default is 120 ports.

Depending
p
g on the number of virtual desktops
p on each ESX/ESXi host,,
you might need to increase these values.
Customization might fail.
View Desktops
A desktop that cannot get a connection to a virtual switch still

powers on but is unreachable by View Connection Server. The client
can never connect to the desktop.
The default number of ports for a virtual switch on an ESX/ESXi host is:
120 ports for the vSphere 5.0 platform
A maximum of 56 or 120 virtual desktops can connect to a switch.
Desktops that cannot get a connection still power on, but customization fails if you have specified
automatic joining of an Active Directory (AD) domain. Without a network connection, the virtual
machine is useless in a virtual desktop environment because no user can connect to it.
95
General Windows Performance Tuning (1)

Slide 4-14
Configuration changes to improve virtual machine performance:
Do not connect a floppy drive or CD-ROM drive at startup.

Disable unused ports, such as COM1, COM2, and LPT. Delete them if
not needed.
Disable WinSAT so that tuning changes persist.
Adjust display properties:
Choose a basic theme.

Set the background to a solid color.
Set the screen saver to None.
Verify that full hardware acceleration is enabled.
Select a high
high-performance
performance power option.
Do not specify a sleep timer, standby, hibernation, or any other power
option that might make the desktop unreachable.
For more about desktop performance issues, see Windows XP Deployment Guide and VMware View
Optimization Guide for Windows 7 at http://www.vmware.com/technical-resources/products/
view.html.
For Windows 7 and Windows Vista systems, WinSAT periodically auto-tunes the system by
enabling or disabling features and services, based on the Windows Experience Index (WEI) score.
Some of the performance tuning steps that are suggested here might be reversed by WinSAT, so
consider disabling it. To disable WinSAT, from the Task Scheduler, select Task Scheduler Library
> Microsoft > Windows > Maintenance. Right-click WinSAT, select Properties, and make the
change.
96

Slide 4-15
Additional changes to improve virtual machine performance:
Remove or minimize system restore points.

Turn off system protection on C:\.
Disable unnecessary services.
Set the sound scheme to No Sounds.
Open Windows Media Player and use the default settings
settings.
Turn off automatic computer maintenance.

Adjust performance settings for best performance.
Delete hidden uninstall folders in C:\Windows.
View Desktops
Disable the Indexing Service component, unless there are user

requirements for itit.
97

Slide 4-16
Additional changes to improve virtual machine performance:
Delete all event logs.

Delete all hidden update folders
f
except $hf_mig$.
Disable paging of the Windows operating system itself.
Remove Microsoft Messenger.
g
Turn off disk performance counters (diskperf n).
Run Disk Cleanup to remove temporary files, empty the Recycle Bin,
and remove other unneeded files.
files
To disable paging of the Windows operating system itself, go to

HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management and
change the DisablePagingExecutive key to a value of dword:00000001.

To optimize the Windows paging file:
1. Right-click My Computer and select Properties.
2. Click the Advanced tab.
3. Under Performance, select Settings.
4. Click the Advanced tab.
5. Under Virtual memory, click Change.
6. Select the Custom Size option and set Initial size and Maximum size to 512MB or to the size
of the configured memory (whichever is greater).

7. Click OK at each level to exit the wizard.
98
vCenter Server Resource Pools

Slide 4-17
Parent pool: targeted for 100 users:
80GHz CPU reservation across cluster of 8 ESX/ESXi hosts

64GB RAM reservation
Low-Priority child pool: 45 desktops, ~500MHz/user (22.5GHz):
No CPU/RAM reservation
reservation, low shares
shares. Virtual machines have 512MB
defined.
Medium-Priority child pool: 30 desktops, ~750MHz/user (22.5GHz):

N CPU/RAM reservation,
No
ti
normall shares.
h
Vi
Virtual
t l machines
hi
h
have
756MB defined.
View Desktops
High-Priority child pool: 25 desktops:

CPU reservation = 50GHz, unlimited borrowing, high shares
RAM reservation = 25GB
Each virtual machine has 1
1.5GB
5GB of RAM
Another way to improve virtual desktop performance is to assign virtual desktops to resource pools.
The example shows three resource pools under the root resource pool. The Low-Priority and
Medium-Priority resource pools might contain virtual desktops for general use. Desktops in a
public-kiosk environment might be assigned to the Low-Priority resource pool. The MediumPriority resource pool might be used for individual desktops that are assigned to average users.
The High-Priority resource pool might be reserved for individual desktops that are assigned to
power users.
View desktop pools (discussed later in the course) are different from resource pools. The slide refers
only to resource pools.
The example is relatively elaborate, to convey what can be done. Practically, one might create a couple of resource
pools: one for higher-priority desktops and one for the rest.
99
Group Policy Objects and Roaming Profiles

Slide 4-18
Use Group Policy objects (GPOs) to enforce where users store their
data.
Store all user data outside the virtual desktop

desktop, on a secure managed
file server.
Deliver applications dynamically (if possible, stream them), based on
group entitlements.
entitlements
Redirect user profiles, using View Persona Management.
Group Policy objects (GPOs) and roaming profiles should be used to enforce where users store data.
A roaming profile can specify a home drive for all users that stores data in a file servers shared
directory. You learn more about Views roaming profiles feature, View Persona Management, in a
later module.
100
Disabling the Themes Service

Slide 4-19
Use an administrator account

on the desktop template to
permanently
p
y stop
p the Themes
service.
Stopping the Themes service is
much easier and less costly
than using a GPO.
4
View Desktops
Disabling the Themes service on virtual desktops can boost performance. If you disable the Themes
service from an administrator account and build a template from these settings, users cannot
reactivate Themes. Disabling the Themes service is also less performance-intensive than stopping
the Themes service with a GPO.
101

Slide 4-20
Outline the process and choices to set up vCenter Server managed

desktops:
102
Assigning vCPUs and RAM.

Creating Windows 7 virtual machines.
Configuring ESX/ESXi host virtual switches
switches.
Tuning the performance of virtual machines.
Configuring vCenter Server resource pools.
Lesson 2: Remote Display Protocols

Slide 4-21
Lesson 2:
Remote Display Protocols
4
View Desktops
103
Learner Objectives
Slide 4-22
104
Compare the remote display protocols that are available in View:
PCoIP
PC
IP
Microsoft Remote Desktop Protocol (RDP)
Outline the steps to enable a desktop for remote access from View
Cli t
Client.
List the ports that must be opened in the desktops firewall for View
operations.
PCoIP Remote Display Protocol

Slide 4-23
PCoIP is a high-performance protocol that greatly enhances the user

desktop experience.
PCoIP is the default remote display protocol in View

View.
PCoIP is a protocol that is suitable for the task worker through the
designer use cases.
PCoIP is designed for use in both the LAN and the WAN:
On WANs, the display protocol can compensate for an increase in latency

or a reduction in bandwidth.
View Desktops
PCoIP is a secure protocol that uses encryption and compression.

compression
Flexible software and hardware deployment options are available.
PCoIP is p
provided by
y VMware through
g codevelopment
p
with Teradici.
VMware PCoIP is the preferred and recommended protocol for addressing the broadest set of use
cases and deployments options. VMware and Teradici codeveloped PCoIP for use in View and
ensured compatibility between hardware- and software-based solutions. PCoIP delivers an
uncompromised user experience and a single display protocol suitable for all use cases. The speed
and display quality that are supported by the PCoIP display protocol rival those of a physical
desktop. By offering the flexibility and choice of hardware and software deployment options
managed by View, organizations can meet the needs of their most demanding and transactional
users.
PCoIP provides an optimized PC experience for the delivery of images, audio, and video content for
a wide range of users on the LAN or across the WAN. PCoIP can compensate for an increase in
latency or a reduction in bandwidth, ensuring that end users are productive regardless of network
conditions. PCoIP is supported as the display protocol for View desktops with virtual machines and
with physical desktop machines containing Teradici host cards.
View administrators can configure the View Client to allow end users to select PCoIP or Microsoft
Remote Desktop Protocol (RDP).
On LANs, the rendering is faster and smoother than traditional remote

displays.
p y
105
Highly Efficient Encoding for Desktop Display

Slide 4-24
At the desktop, PCoIP applies the correct imaging codec to the correct
pixels. The encoded pixels are delivered to the client system to be displayed.
icons
motion video
text
photos
graphics
PCoIP assures high performance partly due to its choice of codec for the information that is being
transferred. Choosing a codec for each type of information is important because the codec is
optimized for that type of data and will minimize the bandwidth and latency constraints.
This intelligent capability is important because images can be encoded individually, instead of as
part of an entire screen image. The benefit is that the pixel encoding is optimized for each image
type. This optimization results in superior image quality for the available bandwidth when compared
with protocols with only a single imaging codec.
With PCoIP, all pixels are rendered and encoded in the desktop agent. Encoded pixels are then
transmitted to the client device, for example, View Client, which is installed on a PC.
Host rendering has several distinct advantages:
Independence from network latency and bandwidth.
No application dependencies. Future applications work because client side rendering (which
requires specific codecs) is not needed.
Application performance is not affected.
106
PCoIP offers many advantages over client-rendered protocols like Citrix HDX and Microsoft
RDP:
Similar or superior experience over any network.
Always builds to lossless quality, unless this feature is disabled.
No application dependencies.
WAN optimizations built into the protocol.
Simple, stateless, secure zero-management clients are possible.
4
View Desktops
107
PCoIP Progressive Build

Slide 4-25
Progressive build is an efficient and responsive display process.

PCoIP provides low latency and high quality with limited network
bandwidth.
bandwidth
The initial image frame is highly compressed and is transmitted quickly
to minimize latency.
The image continues to improve:
It quickly builds to perceptually lossless using efficiently coded, transformed

data.
It builds to a lossless form after the image stops changing,
changing as network
bandwidth permits.
Fully lossless image transfer might never occur if the user changes the
display (for example, while Web browsing or paging).
A significant characteristic of the PCoIP display protocol is its progressive build operation. The
image quality that is displayed to the user at the client system progressively improves. A progressive
build is especially important for Web applications because the user can take an action, such as
clicking a link, before the image is fully downloaded. Often, the initial frame gives the user enough
of the content to enable a decision about moving on or waiting for the image to complete. Other
display protocols force the user to wait until the image is fully formed before responding to the
mouse action.
Key attributes of progressive build:
Dynamic image quality adjustment
Automatically reduces image quality on congested networks
Responsiveness is maintained by reducing screen update latency.
Resumes maximum image quality when network is no longer congested
Experience similar or superior for same network constraints
108
Progressive Build Example

Slide 4-26
2.
1.
3.
3. Lossless
2 Perceptually
2.
lossless
Built over a few frames
High quality picture
Lossless text
1 3 bits/pixel
13
View Desktops
Low BW and latency

Grainy picture
Lossless text
0.20.5 bits/pixel
1 Initial image
1.
Built as BW permits
Lossless picture
Lossless text
515
5
15 bits/pixel
The images on the slide show the progressive stages in a PCoIP display at the client system. The
initial image is grainy, although you can easily see what the general content is. The second image is
called perceptually lossless because it is a high-quality image that most people would rate as
satisfactory. It is not a perfect reproduction of the original image. The last image is lossless, which is
as good as it can be. The source image is no better than the lossless version. The downloaded image
can be only as good as the source.
The text is always lossless. It matches the text on the remote desktop.
By default, PCoIP always builds to lossless images. You can disable the build-to-lossless setting to
change the default policy.
109
VMware PCoIP Remote Display Options

Slide 4-27
PCoIP soft
clients
rack workstations
with Teradici host cards
PCoIP soft
clients
virtual desktops
with soft PCoIP
PCoIP-enabled
clients
PCoIP-enabled
displays
VM
VMware
Vi
View
Connection Server
blade PCs
with Teradici host cards
View has a combined software and hardware PCoIP solution available, all managed by View
Connection Server. View Connection Server can broker Teradici hardware-based solutions for the
most-demanding users while also providing a software PCoIP solution and uncompromised user
experience for virtual desktops for less-demanding users.
VMware supplies the software versions of PCoIP in View Client and View Agent. If you have a
physical system that is going to be a View desktop, you must install a Teradici host card to use
PCoIP.
PCoIP-enabled displays are often called zero clients. A Teradici chipset or Teradici microcode
supports PCoIP. Zero clients are discussed in more detail later in this module.
110
PCoIP Architecture
Slide 4-28
PCoIP
server
RDP virtual
channel server
service
redirectors
PCoIP portal
USB
driver
VMware
Tools
View
Agent
View
printing
Service
service
Redirectors
redirectors
remote MKS
View Client
View Desktops
virtual
it l
audio
PCoIP client
RDP virtual
channel client
SVGA
driver
PCoIP
client
View
printing
The diagram shows the components that are embedded in the PCoIP server and client software.
Support for video, audio, USB, and RDP channels are always present in PCoIP. This integration
allows PCoIP to optimize their performance.
On the client system (PCoIP client, on the right), the PCoIP feature is always installed. The PCoIP
software client is built in to the client system and is installed with the other View Client files.
On the virtual desktop (PCoIP server, on the left), PCoIP is an optional component. It is installed by
default. If you install the PCoIP server, new SVGA and audio drivers are installed, with several
PCoIP server files.
111
PCoIP Display Protocol Features (1)

Slide 4-29
Display and graphics:
2560x1600 resolution adjustable per monitor

True multimonitor support (up to four), with monitor pivot and autofit
32-bit color supported for virtual displays
Automatic display
p y scaling
g and dynamic
y
resizing
g
Clear Type fonts supported
Text copy and paste between local system and desktop:
Cannot copy and paste system objects

objects, such as folders or files
Progressive build for images

Lossy and lossless compression
PCoIP virtual channels
Multimedia redirection (MMR) integration and support
Adobe Flash quality and throttling configurations are observed
observed.
This slide and the next two outline benefits that PCoIP offers. PCoIP is bundled with View.
The PCoIP protocol is optimized for delivery of images, audio, and video content. It provides the
following features:
You can use up to four monitors and adjust the resolution for each monitor separately, up to
2560x1600 resolution per display. PCoIP also supports monitor pivot and autofit, which allows
automatic adjustment of the display image if the monitor is rotated. You can, for example, have
one monitor in a landscape orientation and a second monitor in a portrait orientation.
32-bit color is supported.
You can copy and paste text between the local system and the View desktop. But you cannot
copy and paste system objects, such as folders and files, between systems.
Multimedia redirection is integrated, so videos, for example, can be streamed from the desktop
to the client system.
You can configure the amount of bandwidth that is used by Adobe Flash content and thereby
improve the overall Web browsing experience and make other applications more responsive.
112

Slide 4-30
Device redirection:
Dynamic audio quality adjustment for LAN and WAN:
Transmits audio either compressed or uncompressed, switching

dynamically based on the available bandwidth
Video streaming
USB redirection Mass storage and human interface devices
RDP virtual channel compatibility
p
y
Bidirectional audio
Desktop and client support:
Windows systems with the View Agent, View Client, or View Client with
Local Mode
View Client for Mac and Apple iPad
Teradici host card compatibility for physical desktop systems
Bidirectional audio, for example, for dictation support, is supported.

Recording-quality, stereo audio output is supported. Audio is transmitted either compressed or
uncompressed, switching dynamically based on the available bandwidth.
PCoIP supports video streaming. Several options are available in the PCoIP protocol that can be
used to constrain video streaming operations without having a significant effect on the video quality.
USB storage devices and human interface devices, such as a mouse and keyboard, are supported.
Desktop and client operating systems support is for Windows 7, Windows XP, and Windows Vista.
View Client for Mac and the Apple iPad are also supported for PCoIP. A Teradici host card must be
used for a physical system that will be incorporated into a manual pool. The PCoIP capabilities are
embedded in View Agent for virtual desktops and for View clients.
113
View Desktops

Slide 4-31
User experience:
Excellent experience for task worker to designer

PC-like performance across a LAN
WAN characteristics:
100250ms of latency
.5 percent packet loss
50150Kbps of bandwidth per session
Security and authentication:
Encryption AES-128-GCM or Salsa20-256round12

Remote access support Virtual Private Network or View Security Server
Single sign-on support
Smart card support
PCoIP is an adaptive bandwidth protocol that dynamically adjusts both to bandwidth and to latency
constraints. Performance across a LAN rivals a direct desktop experience, as if the user were sitting
at the remote desktop. WAN performance might not be as good, because of bandwidth, latency, and
jitter constraints. But even with latency reaching 250 milliseconds, the performance is still
satisfactory.
PCoIP always encrypts traffic. The Salsa20-256round12 and AES-128-GCM (Galois/Counter
Mode) algorithms are available for negotiation between the endpoints. Encryption cannot be
disabled even if the client-desktop connection is a direct connection.
Two choices are available for more secure connections. One choice is to use PCoIP over your
companys Virtual Private Network. The VPN should handle User Datagram Protocol traffic. UDP
is the protocol that is used by PCoIP. The second choice is to use the View security server.
When users connect to View desktops with the PCoIP display protocol, View Client can make a
further connection to the PCoIP Secure Gateway on the View Connection Server or security server
host. The PCoIP Secure Gateway ensures that only authenticated users can communicate with View
desktops over PCoIP.
114
Video, Audio, and USB

Slide 4-32
Video settings are inherited from View pool configuration and can be
used with Adobe Flash settings.
PCoIP uses the standard USB framework
framework.
PCoIP can use MMR with Windows XP and Windows Vista clients and
some thin clients.
4
View Desktops
Video settings are inherited from the desktop and pool settings. PCoIP can be used with the Adobe
Flash optimization settings, but it performs well without them.
PCoIP uses the standard USB framework to support HID and USB storage devices.
Multimedia redirection (MMR) can be used with Windows XP and Windows Vista systems and
some thin clients. MMR enables full-fidelity playback when multimedia files are streamed to a View
desktop. File formats include MPEG2, WMV, AVI, and WAV. For best quality, use Windows Media
Player 10 or later. Install Windows Media Player on both the local computer, or client access device,
and the View desktop. PCoIP renders the image and data at the virtual desktop and transmits the
encoded pixels to the client system, where they are displayed. MMR transmits (redirects) the files
from the desktop to the client system. The client system then renders the images for display. Fullfidelity playback at any screen size is assured.
MMR is not supported on Windows 7 virtual desktops or Windows 7 clients. But if the Windows 7
desktop has 1GB of RAM and two vCPUs, you can use PCoIP to play 480p and 720p videos at
native resolutions. For 1080p video, you might have to make the window smaller than full screen to
improve the image quality.
115
Configuring PCoIP Optimization Controls

Slide 4-33
The benefits of configuring PCoIP optimization controls include:
Up to 75 percent reduction in bandwidth usage

Improved scalability on WAN links
Increased user density on WAN connections
Configuration is by:
Use case
User expectations
Network requirements
Configuring the PCoIP optimization controls can result in a 75 percent reduction in bandwidth
usage.
Optimizing PCoIP also improves scalability on WAN links and increases user density on WAN
connections.
PCoIP optimization controls enable you to configure the user experience based on the use case, user
expectations, and network requirements.
116
PCoIP Administrative Template

Slide 4-34
The PCoIP Administrative template file (pcoip.adm) contains policy

settings that control the authentication and environmental components
of View Agent.
g
You can gain significant reduction in bandwidth usage by configuring
settings in the PCoIP group policies.
You can configure the group policies in one of the following:
Active Directory
The virtual machine that will be the parent or template for a desktop pool
You must import the pcoip.adm

pcoip adm template into the environment where
you will configure the policies. The template is located at:
<install_directory>\VMware\VMware
View\Server\extras\GroupPolicyFiles\pcoip adm
View\Server\extras\GroupPolicyFiles\pcoip.adm
View Desktops
The PCoIP Administrative template (pcoip.adm) file contains settings related to the authentication
and environmental components of View Agent. By configuring the pcoip.adm group policy
settings, a significant reduction in bandwidth utilization can be achieved.
You must import the pcoip.adm template into the environment where you will configure the View
PCoIP settings. You can configure pcoip.adm group policies in one of the following ways:
In AD You choose to configure the PCoIP group policy settings in AD when one of the
following is true:
You want to apply the policies to the desktop pools.
You want to apply the policies to the entire View environment.
In the individual virtual machine that will be the parent or template for the desktop pool You
choose to configure the PCoIP group policy settings on an individual virtual machine when you
want to apply the policies to one desktop pool.
The pcoip.adm template is installed on the host system where you install View Connection Server
at <installation_directory>\VMware\VMware
View\Server\extras\GroupPolicyFiles\pcoip.adm.
You configure the View PCoIP policy settings after installing the ADM template.
117
PCoIP Policy Settings

Slide 4-35
VMware recommends that you configure the following PCoIP policy

settings to reduce bandwidth usage, but only if the use case requires it:
Turn off the build

build-to-lossless
to lossless feature
feature.
Adjust the PCoIP client image cache size setting.
Set the PCoIP session audio bandwidth limit setting.
Additional settings that you can configure to improve performance:
PCoIP image quality levels

Maximum PCoIP session bandwidth
PCoIP session bandwidth floor
These settings are discussed on the next slides.
You can tune PCoIP settings in several ways to optimize PCoIP performance when the network
bandwidth is constrained.
VMware recommends that you configure the following PCoIP settings in the pcoip.adm template
to reduce bandwidth usage:
Turn off the build-to-lossless feature.
Adjust the PCoIP client image cache size setting.
Enable the PCoIP session audio bandwidth limit setting.
Other advanced settings that you can configure in the pcoip.adm template include:
PCoIP image quality levels
Maximum PCoIP session bandwidth
PCoIP session bandwidth floor
The default values for these settings have been carefully selected to give maximum performance in
most environments. VMware recommends that you do not change these settings unless you have
carefully determined that the overall effect will be beneficial. These settings should be configured
only in certain specialized use cases.
118
PCoIP Optimization Controls

Slide 4-36
Optimization controls to reduce bandwidth:
Disable the Build-to-Lossless setting.
F users who
For
h wantt tto maximize
i i b
bandwidth
d idth reduction,
d ti
di
disable
bl th
the b
build-toild t
lossless feature.
Configure client-side image cache size.
Vi
View
caches
h iimages and
d portions
ti
off th
the d
desktop
kt composition
iti tto minimize
i i i
retransmission of pixel information across the network.
Configure an audio compression bandwidth limit.

A di compression
Audio
i is
i normally
ll automatically
t
ti ll controlled.
t ll d
View Desktops
The PCoIP lossless codec that is used for text improves

compression and reduces bandwidth requirements.
The lossless codec is enabled by default and is not configurable.
Using the settings described on this and later slides, the average
bandwidth usage per desktop can be tuned to 50Kbps.
The PCoIP optimization controls reduce bandwidth by:
Disabling the Build-to-Lossless policy setting:
By default, the Build-to-Lossless setting is enabled, thus providing a rich user experience. All
images are built to a lossless stage. Disabling the setting means that images are built only to the
perceptually lossless stage, which is satisfactory for most users and applications. The total
bandwidth that is required is much less.
Configuring client-side caching:
PCoIP caches image content on the View client system to minimize retransmission of pixel
information across the network. The cache captures both spatial and temporal redundancy in the
screen updates. You can disable the setting or enable it and configure the amount of cache that
can be used.
Configuring the audio compression bandwidth limit:
The lower the bandwidth assigned for audio, the higher the compression and the lower the
quality. Audio compression is normally automatically controlled, with the best audio quality
provided for the given network bandwidth that is available. If a limit is set, the audio quality is
reduced to fit within the bandwidth limit.
119
The PCoIP text codec uses an efficient lossless compression algorithm that has been developed with
text compression as a key consideration in order to minimize both bandwidth and CPU utilization.
120
Disabling the Build-to-Lossless Feature

Slide 4-37
The build-to-lossless feature in PCoIP provides the highest quality,

most precise images.
VMware recommends that you
disable the feature for all use
cases except medical imaging
and graphic artists.
Building images to only the
perceptually lossless stage
significantly reduces bandwidth
usage.
View Desktops
You must explicitly confirm

turning the feature off.
The build-to-lossless feature in PCoIP gives high quality, precise images that are suitable for the
medical imaging and graphics professions. The images are built to lossless by default.
The build-to-lossless feature provides the following characteristics:
Dynamically adjusts image quality
Reduces image quality on congested networks
Maintains responsiveness by reducing screen update latency
Resumes maximum image quality when the network is no longer congested
Most users do not require this image quality and cannot differentiate perceptually lossless from fully
lossless. VMware recommends that you disable the build-to-lossless feature for all users except
those who require great precision of images. For example, medical technicians and illustrators need
fully lossless images.
You can configure the build-to-lossless setting in the Turn off Build-to-Lossless feature policy
setting in the pcoip.adm template. Disabling the build-to-lossless feature yields a significant
reduction in bandwidth usage.
121
To enable this setting, you must click Enabled and then click I accept to turn off the Build-toLossless feature. This agreement confirms that you understand that images and desktop content are
never built to a lossless state.
122
Configuring Image Cache Size on the Client System

Slide 4-38
Client-side image caching is enabled by default in View.
You can further reduce the bandwidth usage by adjusting the View
client cache size.
size
4
View Desktops
You can reduce the bandwidth usage by adjusting the cache size on the View client. The Configure
PCoIP client image cache size policy setting allows you to adjust the clients cache size.
Client-side image caching stores portions of transmitted image content on the client system to avoid
retransmission. Image caching reduces bandwidth usage. You can set a cache size between 50 and
300MB, if you enable the setting. A large cache size reduces bandwidth usage but requires more
memory on the client. A small cache size results in more bandwidth usage. The default value for the
cache size in the pcoip.adm template is 250MB if the setting is Not Configured or Disabled.
Client-side caching applies only to Windows and Linux clients when View Client, View Agent, and
View Connection Server are a View 5.0 or later release.
123
Configuring the PCoIP Audio Bandwidth Limit

Slide 4-39
Configure the audio compression bandwidth limit to further reduce

bandwidth usage.
In this example
example, the limit
has been set to 250Kbps.
The PCoIP session audio bandwidth limit policy setting specifies the maximum bandwidth that
can be used for the audio stream. To allow for uncompressed high-quality stereo audio, set this value
to higher than 1600Kbps. A value of 450Kbps and higher allows for stereo, high-quality,
compressed audio. A value between 50Kbps and 450Kbps results in audio that ranges between FM
radio and phone-call quality. A value below 50Kbps might result in no audio playback.
This setting applies to the server only. You must enable audio on both endpoints before this setting
has any effect. This setting has no effect on USB audio.
If the audio bandwidth limit is configured, then PCoIP recognizes only the amount of available
bandwidth and the audio quality is reduced until the audio bandwidth limit is respected. The audio
quality is reduced by changing the compression algorithm.
If the PCoIP session audio bandwidth limit setting is disabled or not configured, a default audio
bandwidth limit of 500Kbps is configured to constrain the audio compression algorithm selected.
This setting applies to View 4.6 and later. It has no effect on earlier versions of View.
124
Configuring PCoIP Image Quality Levels

Slide 4-40
The PCoIP image quality levels policy setting allows you to control
how PCoIP renders images during periods of network congestion,
particularly
p
y over a WAN.
Configuring PCoIP image quality levels allows you to adjust the
following values:
Minimum Image
g Quality
Q
y
You can specify a value between 30 and 100.
Maximum Initial Image

g Quality
Q
y
The default value is 90.

View Desktops
Maximum Frame Rate

The PCoIP Image Quality Levels policy controls how PCoIP renders images during periods of
network congestion. PCoIP Image Quality Levels includes the following three key settings:
Minimum Image Quality Use this setting to balance the image quality and frame rate for
limited bandwidth scenarios. The default value for this setting is 50. You can specify a value
between 30 and 100.
A lower value allows higher frame rates but with potentially lower image quality display. A
higher value provides a higher image quality but with potentially lower frame rates when
network bandwidth is constrained.
When network bandwidth is not constrained, PCoIP maintains maximum quality regardless of
the value that you have specified for the Minimum Image Quality setting.
Maximum Initial Image Quality Use this setting to reduce the network bandwidth peaks
that are required by PCoIP by limiting the initial quality of the changed regions of the display
image. The default value for this setting is 90. You can specify a value between 30 and 100.
A lower value reduces the image quality of content changes and decreases peak bandwidth
requirements. A higher value increases the image quality of content changes and increases peak
bandwidth requirements. A value of 90 or lower best uses the available bandwidth.
125
The unchanged regions of the image progressively build to lossless quality regardless of the
value specified for Maximum Initial Image Quality setting.
Maximum Frame Rate Use this setting to manage the average bandwidth consumed per user
by limiting the number of screen updates per second. The default value for Maximum Frame
Rate is 30. You can specify a value between 1 and 120 frames per second.
A lower Maximum Frame Rate value uses less bandwidth but results in more jitter. A higher
value uses more bandwidth but reduces the jitter, which allows smoother transitions in fastchanging images, such as videos.
When these setting are disabled or not configured, the default values are used.
126
Example of Overriding PCoIP Image Quality Levels

Slide 4-41
The use case is a periodic YouTube-like presentation by the CEO,

to all employees.
Maximum Initial Image

Quality is reduced to 70
70.
Maximum Frame Rate
is reduced to 18.
Audio
A
di b
bandwidth
d idth iis
reduced from 500Kbps
to 250Kbps.
Maximum Image Quality

remains at 50.
View Desktops
Total
T
t l bandwidth
b d idth dropped
d
d
from 10Mbps to 3Mbps.
The use case in this example is a live presentation by the chief executive officer of a company to all
employees. To the employees, the session appears similar to a YouTube playback. The objective is
to minimize the concurrent bandwidth demand without losing visual and audio fidelity. The
following settings were made:
The Maximum Image Quality remains at 50.
The Maximum Initial Image Quality is reduced to 70.
The Maximum Frame Rate is reduced to 18. For smooth perception, a minimum of 1516
frames per second is necessary, so 18FPS is good.
The PCoIP session audio bandwidth limit is reduced from 500Kbps to 250Kbps, which is FM
quality.
The total bandwidth demand for each session dropped from 10Mbps to 3Mbps.
127
Configuring Maximum PCoIP Session Bandwidth

Slide 4-42
The Maximum PCoIP Session Bandwidth policy setting specifies the

maximum bandwidth in a PCoIP session for all of the following traffic:
Imaging
Audio
Virtual channels
USB data
PCoIP control
You can configure this setting between 0Kbps and

1 000 000Kbps (1Gbps)
1,000,000Kbps
(1Gbps).
The default value is 1,000,000Kbps (1Gbps).
The Maximum PCoIP Session Bandwidth policy setting specifies the maximum bandwidth, in
kilobits per second, in a PCoIP session. The Maximum PCoIP Session Bandwidth value includes
all imaging, audio, virtual channel, USB, and PCoIP control traffic.
Setting this value prevents the server from attempting to transmit at a higher rate than the link
capacity. You can set this value equal to the overall capacity of the link. For example, for a client
that connects through a 4Mbps Internet connection, set this value to 4Mbps, or 10 percent less than
this value.
You can set the Maximum PCoIP Session Bandwidth value between 0 and 1,000,000Kbps
(1Gbps). A value of 0Kbps specifies no maximum bandwidth constraint. The default Maximum
PCoIP Session Bandwidth setting value is 1,000,000Kbps (1Gbps). This setting applies to both the
server and the client.
When this setting is disabled or not configured, bandwidth is not constrained.
128
Configuring the PCoIP Session Bandwidth Floor

Slide 4-43
The PCoIP Session Bandwidth Floor policy setting specifies the

lower limit for the bandwidth that is reserved for the PCoIP session.
The setting configures the minimum

minimum-expected
expected transmission rate from the
client system or the desktop.
This setting can improve session responsiveness by setting aside the
bandwidth.
You can set the value between 0 and 100,000Kbps (100Mbps).

The default value is 0Kbps.
Ensure that the sum of bandwidth floors for all connections does not
exceed the network capacity.
View Desktops
The PCoIP Session Bandwidth Floor setting specifies the lower limit, in kilobits per second, for
the bandwidth that is reserved for a PCoIP session. This setting configures the minimum-expected
bandwidth transmission rate from the endpoint (client or server). When you use this setting to
reserve bandwidth for an endpoint, the user does not have to wait for bandwidth to become
available, which improves session responsiveness.
The default PCoIP Session Bandwidth Floor setting value is 0Kbps, which means that no
minimum bandwidth is reserved. You can set this value between 0 and 100,000Kbps (100Mbps).
When this setting is disabled or not configured, no minimum bandwidth is reserved.
While setting the PCoIP Session Bandwidth Floor value for different connections, you must
ensure that the sum of bandwidth floors for all connections in your configuration does not exceed
the network capacity.
129
Remote Desktop Protocol

Slide 4-44
RDP is extension of the ITU T.120 family of protocols.

Separate virtual channels for:
Device
D
i communication
i ti
Presentation data from the server
Encrypted client mouse and keyboard data
S
Sound,
d d
drive,
i
port,
t and
d network
t
k printer
i t redirection
di ti
encrypted
t d keyboard
k b
d and
d mouse
video
sound
local disk drives
printer redirection
shared clipboard
RDP is a multichannel protocol that provides separate channels for different devices and types of
communication between the client (left side of graphic) and the RDP virtual channel server (right
side). The server converts the video display into rendering information that is sent over the network
to the client. On the client, the video data is converted into corresponding Microsoft Win32 graphics
device interface API calls.
130
Latest Available Version of Remote Desktop Connection

Slide 4-45
Must have RDC 6.0 or higher installed in the View desktop:
Always use the latest version that is available for your operating system.
Many thin client devices require RDC 6

6.0.
0
Windows XP SP 3 ships with RDC 6.1.
Windows Vista ships with RDC 6.1.
Windows 7 ships with RDC 7.0.
4
View Desktops
If you use Microsoft RDP display protocol, you must have Microsoft Remote Desktop Connection
6.0 or higher installed in the View desktop to have multimonitor support.
131
Remote Enabled Users

Slide 4-46
User must be a member of the Remote Desktop Users group.

Can be added individually or by group
B t practice:
Best
ti
1. Create a domain global group, with a name like ViewUsers.
2. Add this group to the Remote Desktop Users group (VDC Remote
Desktop Users in this example)

example).
3. Place all View user accounts in this group.
For a user to make a connection to a Windows computer, two requirements must be met:
The user must be a member of the built-in AD group called Remote Desktop Users. This
requirement exists even if only PCoIP is used because View Connection Server uses RDP.
The user must individually (or as a member in a group) be added to the Remote Users on the
Remote tab of My Computer properties of the virtual desktop.
One way to satisfy these requirements is to create a global group in the AD domain, named
something like ViewUsers. Then do the following steps:
1. Make the ViewUsers group a member of the built-in Remote Desktop Users group.
2. Add users who will be allowed to use View desktops to the ViewUsers group.
3. Add this group with the Select Remote Users button (Windows XP) or the Select Users
(Windows 7 or Windows Vista) button on the Remote tab of My Computer properties for the
virtual desktop system.
Alternatively, and more efficiently, use GPO Restricted Groups to populate the Built-in group rather
than doing it for each virtual machine.
132
Firewall Ports
Slide 4-47
Firewall ports should be opened

automatically when you enable
remote connection and install
View Agent.
If you are having trouble
connecting, confirm that the
firewall ports are open.
Default ports:
4172 for PCoIP (TCP and UDP)
3389 for RDP
32111 for USB redirection
9427 for MMR
4
View Desktops
Most Windows operating systems come with internal firewalls. After you have enabled a computer
to receive connections from remote desktops and install View Agent, the ports should automatically
be opened for incoming traffic. The screenshot shows the Windows Firewall in Windows 7 and
Windows Vista.
Windows Firewall is included with Windows XP, but Windows Firewall is not enabled by default.
Windows Firewall firewall can be accessed from the Advanced tab on the local network interface
properties.
You should not have to adjust the firewall settings on the desktop system, because the View Agent
automatically creates the appropriate rules. For example, View Agent creates a rule for the PCoIP
Server process (pcoip_server_win32.exe), so the exact port does not have to be known.
If you change domain membership after installing the client or agent, you lose the firewall rules
because Windows reapplies firewall policies configured for your domain.
133

Slide 4-48
134
Compare the remote display protocols that are available in View:
PCoIP
PC
IP
RDP
Outline the steps to enable a desktop for remote access from View
Cli t
Client.
List the ports that must be opened in the desktops firewall for View
operations.
Lesson 3: View Agent

Slide 4-49
Lesson 3:
View Agent
4
View Desktops
135
Learner Objectives
Slide 4-50
Describe the purpose of the View Agent.

List the steps to prepare the virtual desktop before installing View
Agent:
1. Install and tune the virtual machine.
2. Enable
E bl remote connections.
i
136
3. Select remote users.
Outline the configuration choices when installing the View Agent.
Preparing Virtual Desktops

Slide 4-51
1. Create a virtual machine as a template for virtual desktops.

2. Install the latest VMware Tools.
3. Select a time-synchronization method.
4. Join the AD domain.
5. Iff using VMware time synchronization, disable Windows time.
6. Install appropriate applications and tune.
7 Enable remote connections.

7.
connections
8. Patch Windows desktops.
View Desktops
Before you install the View agent, prepare the virtual desktops:
1. Create a virtual machine that you can use as a desktop template. Now is a good time to create
and test a template that is suitable for View Connection Server to use to automatically provision
full-clone desktops.
2. Install the latest version of VMware Tools.
3. Select a time-synchronization method appropriate for your environment and policies.
4. Join the virtual machine to the AD domain.
5. Disable Windows time synchronization if you choose to use VMware time synchronization.
This step is necessary because joining the domain in the previous step activates Windows Time
Service.
6. Install your standard application set. Tune your desktop for optimal performance as a View
desktop.
7. Enable Remote Connections to the desktop.
8. Patch systems so that they can be used as View desktops.
137
Creating a Standardized Virtual Machine

Slide 4-52
1. Define the virtual machine
hardware:
Disk
Network
RAM
CPU
2. Install the supported operating
system (Windows 7, Windows XP,

)
or Windows Vista).
3. Disconnect the CD-ROM drive.
4. Disconnect (preferably remove) the
floppy drive
drive.
Plan carefully your virtual machines virtual hardware. A great deal of performance gain can be
realized by setting the proper combination of disks, networking, RAM, and CPU.
Then install the supported operating system (Windows 7, Windows XP, or Windows Vista).
Disconnect the CD-ROM drive when the installation is complete. Remove any virtual hardware that
will not be used.
138
Choosing the Time-Synchronization Method

Slide 4-53
Time synchronization for virtual desktops is critical.
One option is to use VMware Tools to synchronize to the ESX/ESXi

h t
host.
4
View Desktops
Time synchronization for virtual desktops is extremely critical. If you fail to synchronize all of your
desktops and your domain controllers, login authentication fails.
For information about time-synchronization practices, see VMware knowledge base article 1318 at
http://kb.vmware.com/kb/1318.
If you use VMware Tools to synchronize a virtual machine, remember that VMware Tools cannot
move the virtual machines clock backward. It can synchronize only by moving the virtual machine
clock forward. Set the virtual machine time to a little behind the ESX/ESXi host and then enable
synchronization. The virtual machine synchronizes within 60 seconds.
139
Joining the AD Domain

Slide 4-54
In Windows 7:
1. Click Start.
2. Right-click Computer.
3. Select Properties.
4. Under Computer
p
name,, domain,,
and workgroup settings,
select Change Settings.
Join the AD domain that you plan to use.
140
Disable Windows Time?

Slide 4-55
If your virtual machine has VMware Tools set to synchronize time to

the ESX/ESXi host, make sure that you disable Windows time.
Virtual desktop Stop the Windows Time Service
Service.
Do not just stop the Windows Time Service. Use the Registry editor to
make a permanent change:
Go to HKLM\SYSTEM\CurrentControlSet\Services\W32Time\
Parameters.
Set Type to NoSync.
4
View Desktops
If you are synchronizing your virtual machine to the ESX/ESXi host, disable Windows time after
joining the domain (joining the domain enables Windows Time Service). This approach is the best
practice for a virtual machine. Although time synchronization is crucial, having both
synchronization strategies active is not a good idea. In Windows virtual machines, do not merely
stop or disable the Windows Time Service. Instead, make the change in the Registry. Open the
Registry Editor and navigate to
HKEY LOCAL MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Parameters
Look for the Type subkey and set it to NoSync (case-sensitive). NoSync means that the time service
does not synchronize with other time sources.
141
Installing Applications and Tuning the Desktop

Slide 4-56
Install your standard applications.

Install the latest patches (operating system and applications).
S t up required
Set
i d llocall GPO
GPOs.
If a standard desktop background or screen saver is required, set it.
If yyou plan
p
to tune the desktop
p for best p
performance in a virtual
environment, do so now.
Now install your standard applications, such as Microsoft Office. You should also install all the
latest patches to your Windows operating system and to all applications.
Some environments use local GPOs. Setting GPOs in the domain is a best practice.
Virtual desktops perform better without screen savers and special desktop backgrounds. But if your
company mandates them, set them up.
142
Enabling Remote Connections

Slide 4-57
By default, the View Agent installer

enables Remote Desktop.
You can manually
Y
ll enable
bl Remote
R
t
Desktop:
Select remote users.

In Windows 7, do not specify NLA,
unless all desktops are the same.
4
View Desktops
After the operating system and applications are installed and the desktop is tuned, you enable remote
connections. You enable Remote Desktop in System Properties. The View Agent installer enables
Remote Desktop by default, but sometimes you might want to enable Remote Desktop manually.
Users should be members of the Remote Desktop Users group in order to use a remote display
protocol. But they also must be authorized for View. Under Remote Desktop Users, select Select
Users and specify the users. You can also specify groups as well as users.
Unlike Windows XP, Windows 7 and Windows Vista have multiple Remote Desktop settings. If you
have a mixed environment (not all Windows 7 or Windows Vista computers), it is best not to require
Network Level Authentication (NLA). Select Allow connections from computers running any
version of Remote Desktop (less secure), instead. But this configuration is vulnerable to man-inthe-middle attacks.
143
Installing the View Agent

Slide 4-58
Install the View Agent by running VMware-viewagent<build>.exe.

A
Accept
t th
the li
license agreement.
t
Begin your installation by running the installer file named VMware-viewagent-4.5.0xxxxxx.exe or VMware-viewagent-x86_64-4.5.0-xxxxxx.exe, where xxxxxx is the build
number. The 32-bit version of the installer is used for the 32-bit versions of Windows 7, Windows
XP, and Windows Vista. The 64-bit version of the installer is used for the 64-bit version of
Windows 7.
144
Custom Setup
Slide 4-59
1. Select View Agent features:
USB Redirection Optional

View Composer Agent
Necessary for linked clones
Virtual Printing
R
Recommended
d d
PCoIP Server Strongly
recommended

Optional
View Desktops
PCoIP Smartcard Enable only

if using smart cards.
2. Confirm the program location.
Several View features are installed during the View Agent installation. The screenshot shows the
default settings. All features except the support for smart cards with PCoIP will be installed. You
can change the default installation directory on this page.
USB Redirection is optional. It gives users access to locally connected USB devices on their
desktops.
USB redirection means that a user can plug a USB device into the client system and the virtual
desktop can access the device. USB redirection is also available for most thin clients. A USB device
that is present when View Client is started is visible to the virtual desktop.
View Composer Agent is necessary if linked-clone virtual desktops are deployed from this desktop.
Virtual Printing is strongly recommended because it enables seamless printing from a virtual
desktop to a printer that is accessible from the client device.
PCoIP Server is strongly recommended. This feature enables users to connect to the View desktop
with the PCoIP display protocol. A process that handles all display communication from and to the
View Client (pcoip_server_win32) is installed on the desktop system.
145
Installing the PCoIP Server feature disables sleep mode on Windows 7 and Windows Vista desktops
and standby mode on Windows XP desktops. When a user navigates to either the Power Options
menu or the Shut Down menu, sleep mode or standby mode is not an option.
PCoIP Smartcard must be installed if you intend to use smart cards with PCoIP. Smart-card support
with RDP is automatically installed.
View Persona Management synchronizes the user profile on the desktop with a remote profile
repository, so that users have access to their profiles whenever they log in to a desktop.
146
Enabling Remote Desktop

Slide 4-60
If Remote Desktop capability has not already been enabled, the View
Agent installer will request that you enable it now.
Vi
View
Connection
C
ti
Server
S
requires
i
remote
t desktop
d kt
access.
4
View Desktops
If Remote Desktop has not already been enabled, the View Agent requests that you enable it now.
View requires the Remote Desktop capability. If Remote Desktop has already been enabled, you will
not see this page.
147
View Agent on Virtual Machines with Multiple NICs

Slide 4-61
To use the View Agent on a virtual machine with multiple network

interfaces, configure which subnet the View Agent will use.
Determine which network address the View Agent provides to the View
Connection Server for client connections.
In the Registry subkey:
HKLM\S ft
HKLM\Software\VMware,
\VM
I
Inc.\VMware
\VM
VDM\Node
VDM\N d M
Manager,
set the Subnet subkey to n.n.n.n/m, where:
n.n.n.n is the IP subnet
m is the number of bits in the subnet mask
Example:
If the DHCP-assigned IP address for the interface is 192.168.100.4,

set Subnet to 192.168.100.0/24.
192 168 100 0/24
For desktop systems with more than one virtual network interface, View Agent needs to know which
interface should be used. You must configure the guest operating system to use the correct subnet.
The interface that you configure determines which network address the View Agent provides to the
View Connection Server for client PCoIP or RDP connections. To configure the correct access,
create the following Registry subkey in the virtual machine on which the View Agent is installed:
HKLM\Software\VMware, Inc.\VMware VDM\Node Manager\Subnet
The Subnet subkey should have a REG_SZ value of n.n.n.n/m, where n.n.n.n is the IP subnet
and m is the number of bits in the subnet mask.
VMware VDM is the correct node name. This name is a legacy from a View predecessor.
148
Lab 2
Slide 4-62
In this lab, you will install the View Agent in a Windows XP desktop.
1. Create a vCenter Server resource pool for View desktop pools.
2. Prepare the Windows XP desktop.
3. Install the View Agent.
4. Establish a Remote Desktop
p Connection to the virtual desktop.
p
4
View Desktops
149

Slide 4-63
Describe the purpose of the View Agent.

List the steps to prepare the virtual desktop before installing View
Agent:
1. Install and tune the virtual machine.
2. Enable
E bl remote connections.
i
150
3. Select remote users.
Outline the configuration choices when installing the View Agent.
Lesson 4: Manual Pool Deployment and Entitlement

Slide 4-64
Lesson 4:
Manual Pool Deployment
y
and
Entitlement
4
View Desktops
151
Learner Objectives
Slide 4-65
152
Identify the steps to set up a template for desktop pool deployment.

List the steps to add one or more desktops to the View Connection
Server inventory.
Define desktop entitlement.
Explain how unmanaged desktops can be incorporated in View.
Creating a Virtual Desktop

Slide 4-66
To create a virtual desktop:

1. Install the operating system Windows 7, Windows XP, or
Windows Vista.
Vista
2. Install required service packs.
3. Install appropriate applications.
4. Enable remote desktop connections.
5. Join the domain.
6 Install the View Agent

6.
Agent.
7. Customize for performance.
View Desktops
Begin by creating a standard desktop for the pool. Install all of your standard applications. (If you
have a gold master template for a desktop, use it to deploy this virtual machine.) Enable remote
desktop connections. (You might have to authorize individual or groups to be remote desktop users.)
Join the domain and then install View Agent. Joining the domain and installing as a domain
administrator ensures that all GPOs are executed. Finally, make any changes, such as local policies
or performance customizations.
Your virtual machine might have more than one network adapter. If so, you should connect the
network adapters to the proper virtual networks in the correct order. Although you might have more
than one adapter, all of them must receive IP addresses through DHCP.
After you finish configuring your virtual machine, remove it from the domain and power it off.
Why join the virtual machine to the domain, only to remove it? You must verify that the domain join
has no problems before you use this virtual machine as a template or desktop.
153
Creating a Template and Customization Specification

Slide 4-67
Use a virtual machine to create a template for use in an automated pool:

1. Remove the virtual machine from the domain.
2. Shut down the virtual machine.
3. Convert the new virtual machine to a template.
4. Create a customization specification:
p
a. Set the computer name to the virtual machine name.
b. Use DHCP.
cc. Jo
Join tthe
e AD do
domain.
a
d. Enter Microsoft Windows volume license key (Windows XP).
e. Generate a new security identifier.
f.
Delete existing user accounts.
g. Do not log in automatically as Administrator.

h. Save the customization specification.
If you have a virtual machine that is suitable for automatic provisioning in an automated pool, now
would be a good time to create a template.
Convert the new virtual machine to a template. If you clone the virtual machine to a template, store
it in normal format instead of compact format. Although the compact format requires less space, it
takes more time to deploy a virtual desktop.
A customization specification must exist for automatic desktop provisioning. You can create one
directly in the VMware vSphere Client. Or you can create one during the deployment of a
virtual machine from the template. Configure the following in your customization:
1. Set the computer name to the virtual machine name.
2. Enter the Microsoft Windows volume license key. If you do not enter it, Windows will require it
on the first power-on, which makes the virtual machine difficult to use in a View pool.
3. Enter a password for the administrator account. But do not log in automatically as
Administrator. If anyone is logged in to this virtual machine when it powers on, it will not be
available for connection to a View client.
4. Use typical network settings. DHCP should be used.
154
5. Join the AD domain automatically. You must include a user name and password in the
customization that has the authority to join the computer to the domain.
6. Generate a new security identifier. A unique SID is not required by View. If you are creating
full-clone desktops, as in this example, an SID should be created. Without the SID, you might
have problems joining the desktops to the domain, especially with Windows XP virtual
machines.
7. Save the customization specification.
Delete existing local user accounts. All logins in View are done through the AD domain. Local user
accounts cannot be used.
4
View Desktops
155
Testing Deployment and Customization

Slide 4-68
1. Deploy a new virtual machine from the template, to test the
customization specification.
2 Confirm that the new virtual machine:
2.
Successfully deploys
Automatically joins the AD domain
Is registered in the DNS forward and reverse zones
3. Power off the virtual machine.

4. Confirm that deployed virtual machine is a valid View desktop by
creating
ti a manuall pool.
l
Now you have:
A custom desktop that can be managed by View Connection Server

A template and customization specification
A deployed virtual machine that is suitable as a View desktop
Deploy a new virtual machine from the template using the new customization specification. This
step ensures that the template and specification are both valid.
After the virtual machine is deployed, confirm the following:
Does the virtual machine successfully deploy? Can you power it on and log in? (As part of the
customization process, you have to wait until the virtual machine finishes the Sysprep process
before you can log in.)
Did the virtual machine properly join the AD domain? If you can, log in to the domain
controller and review AD Users and Computers under Computers. Is this virtual machine now
listed? Go to the DNS management tool. Is this virtual machine listed in both the forward and
reverse zones?
Test the virtual machine as a View desktop. Use the View Administrator to create a manual pool
with this virtual desktop. You must entitle it for a test user or test group. Then power it on and see
whether you can access it from View Client.
156
Adding a Virtual Desktop to a Manual Pool

Slide 4-69
After a virtual machine has been set up for desktop deployment,

create a manual pool.
Manual pool You select desktops to include

include.
Automated pool View Connection Server creates the desktops from a

template and customization specification.
Log in to View Administrator as a View administrator:
https://FQDN of View_Connection_Server/admin
Main steps:
1. Start the Add Pool wizard.
3. Entitle users or groups to access the desktop in the pool.
After you have confirmed that the virtual machine is suitable as a virtual desktop, you can create a
manual pool.
You must explicitly select existing desktops for a manual pool. A manual pool can contain a single
desktop or many desktops. A manual pool is the easiest type of pool to set up.
View Connection Server provisions desktops in an automated pool. The number that can be
provisioned is configured in the Add Pool wizard. A template is used to provision full-clone
desktops in an automated pool. If linked-clone desktops are deployed in an automated pool, a parent
virtual machine is used as the anchor for all linked clones.
A pool is configured in View Administrator. Use a browser to access View Administrator at
https://FQDN of View_Connection_Server/admin. Log in with your View administrator credentials.
The Add Pool wizard requests various parameters that are used to configure the pool.
157
View Desktops
2. Specify desktop and pool parameters, such as the unique identifier and
vCenter Server system.
system
Starting the Add Pool Wizard

Slide 4-70
To set up a manual pool, select Inventory > Pools.

The Pools pane is empty. Click Add.
Set up your first manual pool. In the left navigation pane, select Inventory > Pools to open the
Pools pane. Click the Add link to start the Add Pool wizard.
158
Creating a Manual Pool

Slide 4-71
Pool definition:
1. Select the type of pool (Automated Pool, Manual Pool, or Terminal
Services Pool)
Pool).
2. Determine how desktop assignment will occur.
3. Select whether desktops are managed by vCenter Server.
4. Select the vCenter Server instance, if desktops are managed.
Settings:
1 Enter the pool ID.

1.
ID
2. Determine various pool settings, such as the default remote display
View Desktops
protocol.
3 Select
3.
S l t th
the d
desktops
kt
tto add
dd tto th
the pool.
l
4. Review and accept the pool configuration.
The Add Pool wizard proceeds through several pages that request configuration information and
parameters. The pages are grouped into pool definition pages and pages that configure the pool
settings.
159
Selecting the Type of Pool

Slide 4-72
There are three types of pools:
Automated Pool View Connection Server provisions the desktops.

Manual Pool You select the desktops to include in the pool.
Terminal Services Pool Microsoft Terminal Services desktops.
The Add Pool wizard begins by presenting options for three types of pools:
Automated Pool A pool that contains one or more dynamically generated desktops that are
automatically created and customized by View Connection Server from a vCenter Server virtual
machine template. Another option is to use View Composer to deploy linked clones. Desktops are
provisioned automatically.
Manual Pool A manual desktop pool provides access to a set of virtual machines, physical
computers, or blade PCs. Multiple users can be mapped to multiple desktops. A desktop can have
only one active user at a time. Desktops are not provisioned automatically. Virtual machines that are
managed by a vCenter Server instance are called managed desktop sources. Virtual machines that
are not managed by vCenter Server (for example, machines that are managed by VMware Server),
physical computers, and blade PCs are called unmanaged desktop sources.
Terminal Services Pool A pool of terminal server desktop sources that are served by one or more
terminal servers. A terminal server desktop source can deliver multiple desktops.
160
Selecting Type of User Assignment

Slide 4-73
Select Dedicated because the desktops will be for specific users.

The Enable Automatic assignment option still permits manual
assignment of the desktops
desktops.
4
View Desktops
You select how the desktop will be assigned to a user on the User Assignment page. The assignment
type applies to both an existing desktop in a manual pool or a provisioned desktop in an automated
pool. If the desktop is to be used by only one user, select Dedicated. If the desktop can be used by
multiple users, select Floating. A floating desktop can be used by only one user at a time.
If the desktops are dedicated desktops, you have the option of assigning desktops to specific users or
allowing the system to make the assignment on a first-come, first-served basis. For example, you
might assign a specific desktop to a specific user if a desktop has unique applications, databases,
files, or capabilities.
161
Selecting the Type of Desktop Sources

Slide 4-74
Desktops in manual pools must already exist:
Virtual machines that are managed by a vCenter Server instance

Existing physical computers (PCs or blades)
Desktops in a manual pool must already exist. They can be vCenter Server virtual machines
(managed systems) or other types, such as physical systems or virtual machines from other
hypervisor systems (unmanaged systems). In this case, the existing virtual machines were created
through the vSphere Client, so accept the default option, vCenter virtual machines.
162
Selecting the vCenter Server Instance

Slide 4-75
View Connection Servers can use multiple vCenter Server instances.
Select the vCenter Server instance that will control this virtual desktop.
Each
E
h virtual
it ld
desktop
kt can b
be managed
db
by only
l a single
i l vCenter
C t S
Server
instance.
4
View Desktops
Select the vCenter Server instance that will manage this virtual desktop. View Connection Servers
can use multiple vCenter Server instances. Each individual virtual desktop can be managed by only
a single vCenter Server instance.
163
Creating the Pool Identification

Slide 4-76
Enter a unique ID and display name for the pool:
ID Internal name, visible to vCenter Server

Display name Displayed to users in View Client
Both names can be the same.
Alphanumeric:
p
AZ,
, az,
, 09,
, -,
, _
You must uniquely identify the pool to View Connection Server and the users. Create two names:
ID Visible only to users of the vCenter Server system and View Administrator
Display name Visible to users as a selection option when they log in to the View Connection
Server from View Client
Both names are alphanumeric: they can be composed of uppercase and lowercase letters, the digits
09, the hyphen, and the underscore. Other symbols are not allowed.
164
Configuring Pool Settings

Slide 4-77
4
View Desktops
The screenshot shows all the options for desktop settings for individual desktops and automated
pools. Each of the panels shown is discussed in the next pages:
General Determines the initial state of the deployed desktop. Connection Server
restrictions enables the View administrator to restrict user access to pools that are associated
with specific View Connection Servers. This option is discussed in a later module.
Remote Settings Determines what View Connection Server should do when the virtual
desktop is not in use and whether to allow users to reset their desktops. These settings are called
remote settings because they refer to the online virtual desktops, not desktops running in local
mode with View Client with Local Mode.
Remote Display Protocol Determines which remote display protocol is to be used between
the desktop and client and its configuration.
Adobe Flash Settings for Remote Sessions Allows the View administrator to control the
bandwidth consumed by Adobe Flash objects.
The slide is an introductory slide. Refrain from describing all the options, because they are detailed in later slides.
Mention the four panels. Note the default settings for PCoIP and allowing the user to select the protocol.
165
General and Remote Settings

Slide 4-78
Decide, for example, whether to allow users to reset their desktops.

These settings apply to all desktops in the pool.
You must specify the general settings for desktop and the settings that control the virtual desktops.
These settings can be changed after the desktop or pool has been created. For now, you will use
Enabled and Take no power action when the virtual machine is not in use. And a disconnect from
the desktop will never automatically log out the user.
If you want to allow users to reset their desktops, select Yes, as shown on the slide. This option is set
to No by default. If the option is enabled, the user can select Reset Desktop in the desktop menu bar
for the active virtual desktop.
166
Remote Display Protocol Configuration

Slide 4-79
The default display protocol is PCoIP.
The maximum number of monitors is four.
The alternative is Microsoft RDP.

The Windows 7 3D Rendering option is available only with
vSphere 5.0 or later.
4
View Desktops
You can select a default display protocol for the user and choose to give the user the option to
change it and to modify the monitor parameters. PCoIP, highlighted in the drop-down menu, is the
users default.
When would you want to give the user a protocol choice? This option would be necessary if, for
example, a user accesses a desktop in the corporate network with PCoIP but occasionally needs to
connect through a security server, which requires RDP.
If you plan to use 3-D applications like Windows Aero themes or Google Earth, you must enable the
Windows 7 3D Rendering option. This option is available only with vSphere 5.0 or later. Your
Windows 7 View desktop must have virtual hardware version 8 enabled for 3-D rendering to work.
Windows 7 3D Rendering is a graphics feature that is not hardware-accelerated. This feature enables
you to run DirectX9 and OpenGL 2.1 applications without requiring a physical graphics processing
unit (GPU).
167
Multimonitor configurations:
Max number of monitors Select the maximum number of monitors on which users can
display the desktop. You must power off and then power on existing virtual machines for this
setting to take effect.
Resolution of each monitor Select the pixel dimensions of the highest resolution monitor.
You must power off and then power on existing virtual machines for this setting to take effect.
168
Adobe Flash Bandwidth Reduction

Slide 4-80
Adobe Flash is the most common codec:
Flash-embedded video YouTube

Flash animation Web sites
Interactive Flash Training material
Improve Adobe Flash performance by reducing Flashs

Flash s bandwidth
consumption.
Different timings are possible for the video, but audio quality is not
affected.
affected
Settings can be for an entire pool or a single desktop.
View Desktops
PCoIP observes these settings.

g
You can reduce the amount of bandwidth used by Adobe Flash content that runs in PCoIP and RDP
desktop sessions. This reduction can improve the overall browsing experience and make other
applications running in the desktop more responsive.
Adobe Flash content is common:
Flash-embedded video Users want Flash video movies (for example, YouTube videos).
Flash animation Users want Flash animations commonly found on Web sites.
Interactive Flash Users want interactive Flash animations such as training material.
The bandwidth demand from Adobe Flash content can be reduced without significantly degrading
the level of user experience. Audio quality is independent of the video and is not affected.
Generally, PCoIP performs well without the bandwidth reduction parameters for Adobe Flash. But if
the parameters are configured, PCoIP observes them.
169
Adobe Flash Bandwidth Control

Slide 4-81
Adobe Flash bandwidth control can apply to any PCoIP or RDP

connection.
Bandwidth control is performed by an Internet Explorer plug-in:
The plug-in is listed as VMware Adobe Flash Optimizer.
A Registry entry sets quality and throttling on virtual desktop:
HKEY_LOCAL_MACHINE\SOFTWARE\VMware, Inc.\VMware Adobe

Flash Optimizer
When Internet Explorer starts, it detects whether it is running in the

remote session:
If so, Adobe Flash optimization mode is enabled.

Otherwise, the Adobe Flash optimization mode is not applied.
Adobe Flash bandwidth reduction is available for Internet Explorer versions 8 and 9 for Adobe
Flash versions 9 and 10 over PCoIP and RDP sessions. Also, to make use of Adobe Flash bandwidth
reduction settings, Adobe Flash must not be running in full-screen mode.
The Internet Explorer plug-in that handles the bandwidth reduction can be viewed through the
Internet Explorer add-on manager. The plug-in is listed as VMware Adobe Flash Optimizer.
When Internet Explorer starts, and is running in the RDP session, the Adobe Flash optimization
mode is enabled. Otherwise, the optimization is not applied.
The Registry settings for both Adobe Flash throttling and quality:
HKEY_LOCAL_MACHINE\SOFTWARE\VMware, Inc.\VMware Adobe Flash
Optimizer\FlashThrottling
Possible values are 0 (no throttling), 1 (conservative mode), 2 (moderate), or 3 (aggressive).

HKEY_LOCAL_MACHINE\SOFTWARE\VMware, Inc.\VMware Adobe Flash Optimizer\
FlashQuality
Possible values are 0 (default: use the settings from content provider), 2 (low) 3 (medium), and
4 (high).
170
Adobe Flash Quality

Slide 4-82
Adobe Flash quality:
The content creator has the option to make available different qualities
of the Flash presentation.
presentation
View administrators can limit the quality, and therefore the bandwidth,
through View Administrator.
4
View Desktops
The Adobe Flash quality is set by the content creator, and different quality levels might be available.
You can specify a maximum allowable level of quality for Adobe Flash content that overrides Web
page settings. If Adobe Flash quality for a given Web page is higher than the maximum level
allowed, quality is reduced to the specified maximum. Lower quality results in greater bandwidth
savings.
If no maximum level of quality is specified, the system defaults to a value of low.
171
Adobe Flash Throttling

Slide 4-83
Determines the frame rate of Adobe Flash movies.

Adobe Flash uses timer services to update the screen:
Usually
U
ll 4
450
0 milliseconds
illi
d
Throttle-timing choices in a View session:
Disabled No throttling,
g, timer interval is not modified.
Conservative Timer interval is set to 100ms.
Moderate Timer interval is set to 500ms.
Aggressive Timer interval is set to 22,500ms.
500ms
Throttling mode does not affect audio.
g is disabled in full-screen mode.
Throttling
If the Adobe Flash window is moved, the optimization follows it.
Adobe Flash uses timer services to update what is displayed on the screen at a given time. A typical
timer interval value for Adobe Flash is 450 milliseconds. Adobe Flash Throttling determines the
frame rate of Adobe Flash movies. If you enable this setting, you can reduce or increase the number
of frames displayed per second by selecting an aggressiveness level. By throttling, or prolonging,
the interval, you can reduce the frame rate and thereby reduce bandwidth. The available throttling
settings:
Disabled Adobe Flash content throttling is disabled. The timer interval is not modified.
Conservative Timer interval is 100 milliseconds. This setting results in the lowest number of
dropped frames.
Moderate Timer interval is 500 milliseconds.
Aggressive Timer interval is 2,500 milliseconds. The setting results in the highest number of
dropped frames.
Except in disabled mode, audio speed remains constant, regardless of the throttling mode.
Adobe Flash quality limits and throttling are disabled if the content is displayed in full-screen mode.
172
Overriding Bandwidth Reduction

Slide 4-84
Depending on the Adobe Flash settings, the user might see low
playback quality.
When the
Wh
th user moves the
th pointer
i t into
i t the
th Ad
Adobe
b Flash
Fl h content
t t area,
the display quality improves.
When the user moves the pointer out of the Adobe Flash content
area, bandwidth reduction returns and quality can be affected.
When the user double-clicks in the Adobe Flash content area, the
user p
permanently
y cancels the throttling
g for this object.
j
Refreshing the Web page restores the throttling.
View Desktops
By moving the pointer, a user can override Adobe Flash content display settings.
Depending on how Adobe Flash settings are configured, the user might notice dropped frames or
low playback quality in Internet Explorer:
When the user moves the pointer into the Adobe Flash content while it is playing, the display
quality is improved while the pointer remains in the Adobe Flash content.
The user can keep the improvement in quality by double-clicking in the Adobe Flash content.
But refreshing the Web page reactivates the bandwidth optimization.
173
Adobe Flash Bandwidth Settings

Slide 4-85
Select quality and throttling in Desktops/Pools Settings.
The Pool Settings page of the Add Pool or Edit Pool wizard enables View administrators to set the
Adobe Flash settings. On the slide, The drop-down menu options are shown for both the quality and
throttling settings.
The following Adobe Flash render-quality modes are available:
Do not control Quality is determined by Web page settings.
Low
Medium
High
As discussed earlier, the following throttling modes are available:
Disabled No throttling is performed.
Conservative Timer interval is 100 milliseconds.
Moderate Timer interval is 500 milliseconds.
Aggressive Timer interval is 2,500 milliseconds.
174
Adding Virtual Machines

Slide 4-86
Select the virtual machines to include in the pool.

The virtual machines must already exist in the vCenter Server
i
inventory
t
and:
d
They must be members of the domain

Theyy must have the View Agent
g
installed
4
View Desktops
You now select the desktop, which should be the virtual machine that you have already created. For
the virtual machine to be included in the virtual machine list, it must meet the following criteria:
It must be managed by the vCenter Server instance that you selected earlier.
It must have the View Agent installed.
Virtual machines that are already in the pool do not appear in the list. You can add existing machines
to an existing manual pool by using the Edit Pool wizard and selecting the new desktops on this
page.
175
Reviewing the Pool Configuration

Slide 4-87
Review the selected options before proceeding.
After reviewing the summary, click the Finish button to complete the wizard sequence.
176
Pool Is Now in the View Inventory

Slide 4-88
Pool is present, but no users are entitled yet to use the desktops.
4
View Desktops
The manual pool is now displayed in the Pools inventory. But desktops in the pool cannot be used
until the pool is entitled. Entitlement enables View administrators to specify which users or groups
are allowed to connect to this desktop. Unless a user is entitled to connect, the pool does not appear
in the list of available desktops when the user starts View Client.
177
Entitling Users to Connect to Desktops

Slide 4-89
1. Select the virtual desktop to highlight it, which activates the links.
2. Click Entitlements.
Select the pool (anywhere in the row) to highlight it and click the Entitlements link.
The ID (in this case, Payroll-XP) is a link and is highlighted in blue. Clicking the ID opens a detail
pane for that pool.
178
Adding Users and Groups

Slide 4-90
1. In the Entitlements dialog box, click Add. The default is to find Users
and Groups.
2 (Optional) Narrow search.
2.
search
3. Enter a few letters in the Name/User Name box or Description box, or
both.
View Desktops
4 Press the Enter key or click Find.

4.
Find
5. Select users or groups to entitle and click OK.
Click Add in the Entitlements window to begin adding users or groups or both. A new window
opens (shown in the slide) to help you find users or groups to entitle to this pool.
The Domain box enables you to narrow the search if you have multiple AD domains.
You can use the Name/User name box, the Description box, or both to find users and groups.
When a list of users or groups is displayed, click the ones that you want to entitle. You do not have
to use the Control key or Shift key as you select or deselect users or groups.
When you have finished, click the OK button.
179
Entitled Users or Groups Are Listed

Slide 4-91
A best practice is to assign users to a group and entitle the group.
The entitled users are now displayed on the Entitlements page. This example shows a pool with a
group entitled to use it. Desktops are like physical PCs. A single individual is assigned to an
individual desktop (a dedicated desktop). But you might want more than one person to share a single
virtual desktop but at different times (a floating desktop), for example, people who work on different
shifts. Multiple users can use this desktop but only one user at a time.
You can also entitle a single user to use multiple desktops.
180
Pool Is Entitled
Slide 4-92
The pool is now marked as entitled.
Users now see Payroll-XP Desktop in the list of entitled desktops in

Vi
View
Client.
Cli t
4
View Desktops
The pool is now marked as entitled.
181
Unmanaged Desktops in a View Environment

Slide 4-93
Incorporating unmanaged desktops allows system that are not

controlled by vCenter Server to be
used with View Connection Server.
unmanaged desktops
A single interface to multiple

systems:
Physical systems:
Blade PCs
Desk side servers
Desk-side
Virtual systems:
Virtual servers other than vCenter Server, such as VMware Server

S
Servers
running
i Mi
Microsoft
ft T
Terminal
i lS
Services
i
Enterprises use a mix of physical PCs, server-based desktops or applications that are published using
Microsoft Terminal Services, virtual desktops, and blade PCs. Users requiring access to more than
one platform must use several interfaces. View provides a consistent interface to users. Users can
access desktops that are delivered by multiple back-end systems.
182
Types of Unmanaged Systems That View Supports

Slide 4-94
View supports the following systems:
Physical PCs and blade PCs through PCoIP or RDP:
PC IP requires
PCoIP
i
a Teradici
T di i h
hostt card.
d
Microsoft Terminal Services shared desktops through RDP
Supported operating systems in virtual machines on VMware Server

Desktop systems running on other virtualization software
View supports the following operating systems:

Wi d
Windows
7
7, Wi
Windows
d
XP
XP, and
d Wi
Windows
d
Vi
Vista
t
Windows 2003 Standard Terminal Server R2 SP 2 (32-bit)

Windows 2003 Standard Terminal Server SP 2 (32-bit)
View Desktops
Windows 2008 Standard Terminal Server R2 (64-bit)

Windows 2008 Standard Terminal Server SP 2 (64-bit)
View supports the following back-end systems:

Physical PCs through PCoIP or RDP.
Blade PCs through PCoIP or RDP
Microsoft Terminal Services shared desktops
Desktop operating systems running in virtual machines on VMware Server
Desktop operating systems running on other virtualization software
If PCoIP is to be used for a physical desktop or blade system, a Teradici host card is required.
Desktop operating systems running in virtual machines on VMware Server include the following:
Windows 7, Windows XP, and Windows Vista
Windows 2003 and Windows 2008 systems with the Windows Terminal Server (WTS) role
The main advantage WTS offers is the number of concurrent sessions that can be supported. For
servers without the WTS role, the limit is two.
183
Terminal Services Pools

Slide 4-95
A Terminal Services pool is a pool of desktops that are served by a

group of one or more terminal servers.
A Terminal Services pool can include only terminal servers that are not
virtual machines that are managed by vCenter Server:
Floating pools Used in conjunction with roaming profiles
View Connection Server load

load-balances
balances across terminal servers in a
pool:
Chooses the terminal server that has the least number of active sessions
The desktop pool is entitled as a single entity to users or groups

groups.
Use case: Multiple users need access to applications compatible with
Terminal Services (for example, Microsoft Office):
More users are served per hardware unit

unit.
Fewer copies need to be managed and upgraded.
A Terminal Services pool is a pool that has one or more terminal servers.
A pool that includes terminal servers has the following characteristics:
Least-session-count-based load balancing: View Connection Server load-balances connection
requests across terminal servers in a pool by choosing the terminal server that has the least
number of active sessions on it.
The View administrator entitles the entire pool to users or user groups.
View administrators should deploy a roaming profile solution to enable user settings and
personalization to be propagated to the currently accessed desktop.
An example use case: Multiple users needing access to applications compatible with Terminal
Services (for example, Microsoft Office). Using Terminal Services results in a higher number of
users served per hardware unit. Moreover, fewer copies of the applications have to be upgraded or
patched.
Although View supports Terminal Servers, VMware does not encourage their use, because of the limited flexibility
and exclusive use of RDP.
184
Preparing an Unmanaged Desktop Source

Slide 4-96
For an unmanaged desktop to be deployed as a View desktop, it

must have the following characteristics:
Be reachable by View Connection Server

Have the appropriate remote display protocol enabled
Be an operating system supported by View Connection Server
Be in the same AD forest as View Connection Server, to enable single

sign-on.
The desktop does not have to be in the same domain.
Users should be enabled for remote connection to the system.
View Desktops
Each unmanaged desktop must meet certain criteria before the View Agent can be installed and the
desktop can be added to a manual pool. The requirements are:
The desktop source must be reachable by View Connection Server. Otherwise, the desktop
cannot be contacted.
As necessary, the appropriate display protocol must be enabled. If the desktop source is a
physical system and PCoIP is to be used, a Teradici card must be installed and configured.
The operating system that is running on the desktop must be a supported version.
The desktop must be a member of the same AD forest as View Connection Server, but it does
not have to be in the same domain.
Remote access must be enabled on the unmanaged desktop so that users can connect to the desktop.
185
Registering the Unmanaged Desktop

Slide 4-97
There are two visible differences

ff
ffrom installing View Agent on
virtual machines managed by vCenter Server:
View Composer Agent is not an option during the install.

The desktop must be registered with a View Connection Server.
You must have administrative rights on the unmanaged system

before installing.
Username, if specified, must be one of the following:
A View administrator in the

f
form
<domain_name>\<user>:
<d
i
>\<
>
For example, vmeduc\viewadmin
Local Administrator
Installing View Agent on a physical machine or on a terminal server is nearly identical to installing
the View Agent on a virtual machine. The differences are:
The View Composer Agent cannot be installed, which is logical because an unmanaged system
cannot be a linked clone.
You must enter the connection servers FQDN or IP address so that View Agent can explicitly
register the physical system with the View Connection Server.
The Register with View Connection Server window prompts you to enter the FQDN of the View
Connection Server (either the standard or a replica instance). You must also provide administratorlevel authentication credentials. The installation on the slide was started after logging in as local
Administrator, so it can be authenticated with the currently logged-in user.
You are not prompted for the View Connection Server address when installing View Agent on a
virtual machine that is managed by vCenter Server. vCenter Server can provide the DNS name and
IP address of the virtual desktops to View Connection Server.
186
Lab 3
Slide 4-98
In this lab, you will create a desktop virtual machine from a template
and entitle it.
1. Clone a Windows XP virtual machine to a template.
2. Modify the customization specification that will be used to clone
Windows XP desktops.
3 Deploy a second Windows XP desktop virtual machine from the
3.
template.
4. Confirm correct deployment of the virtual machine.
5 Create ttwo
5.
o man
manual
al pools,
pools each with
ith one desktop virtual
irt al machine
machine.
6. Entitle the manual pools.
View Desktops
187

Slide 4-99
188
Identify the steps to set up a template for desktop pool deployment.

List the steps to add one or more desktops to the View Connection
Server inventory.
Define desktop entitlement.
Explain how unmanaged desktops can be incorporated in View.
Key Points
Slide 4-100
PCoIP for high performance over LANs and WANs

RDP in an environment where public access is necessary
The View Agent is the connection endpoint at the desktop and

communicates with the connection server.
Adding a desktop to the View Connection Server inventory and
entitling its use is a quick process.
process
View supports Terminal Services, physical PCs, blade PCs, and other
systems that are not managed by vCenter Server.
View Desktops
View supports several remote display protocols:
A virtual machine can be prepared in several ways for effective

desktop use.
Vi
View
provides
id a uniform
if
user iinterface
t f
ffor allll b
back-end
k d systems
t
(desktops and sessions).
189
190
MODULE 5
View Client Options

Slide 5-1
Module 5
5
View Client Options
191
You Are Here

Slide 5-2
Course Introduction
Local-Mode Desktops


p Options
p
View Client Options
View Administrator
192
VMware ThinApp
Importance
Slide 5-3
VMware View Client, View Client with Local Mode, or a thin client
can be used to access View desktops. In each case, the client must
be properly configured.
configured Failure to correctly configure the client will
prevent connecting to the desktops.
5
View Client Options
Module 5 View Client Options
193
Module Lessons
Slide 5-4
Lesson 1:
View Client
Lesson 2:
Virtual Printing with View Clients
194
Lesson 1: View Client

Slide 5-5
Lesson 1:
View Client
5
View Client Options
195
Learner Objectives
Slide 5-6
196
Describe the requirements for a View Client installation.

E l i USB redirection
Explain
di ti and
d options.
ti
Describe the power states for desktops.
Define a thin client and compare
p
it with a system
y
running
g View
Client.
Explain what a zero client is and the benefits of a zero client.
View Client Options

Slide 5-7
View Client or View Client with Local Mode:
Mac OS X 10.5 or greater
Compatible thin clients and zero clients

View Client for Linux:
Available only through certified partners
View Client for Android-based tablets
Android 3 and later

Android 2.2 on Cisco Cius tablets
View Client for Apple iPad
All models of Apple iPad 1 and iPad 2 with iOS 4.2 or later
Users run the VMware View Client to connect to their View desktops. You must install View
Client or View Client with Local Mode on a supported operating system.
The client software for accessing View desktops runs either on a Windows or a Mac PC as a native
application or on a thin client system from VMware partners.
View Client is also available for Android-based tablets and Apple iPads. View Client can be
installed on Android-based tablets that run on the Android 3.0 or later operating system. Cisco Cius
tablets support View Client even though they run on the Android 2.2 operating system. View Client
is also available for Apple iPads that run on iOS 4.2 or later.
View Client with Local Mode is a version of View Client that allows users to download virtual
desktops and use them on their local systems. Users can run the local-mode desktop regardless of
whether they have a network connection.
View Client with Local Mode is supported only on Windows systems and only on physical client
systems. To use the feature, your VMware license must include View Client with Local Mode.
A thin client runs a trimmed version of an operating system for the purpose of connecting to other
computers. A new option is a zero client, which uses a firmware version of an operating system. The
operating system initializes the network, begins the networking protocol, and handles the display of
the virtual desktops output. Many zero clients support PCoIP directly.
197
View Client Options
Windows 7 Home, Enterprise, Professional, and Ultimate editions, 32-bit

and 64-bit
Windows XP Home or Professional editions SP3, 32-bit
32 bit
Windows Vista Home, Business, Enterprise, and Ultimate editions, SP1,
SP2, 32-bit
View Client for the Mac:
Installing View Client

Slide 5-8
Steps to install View Client include:

1. Install View Client by starting VMware-viewclient-<build>.exe.
2. Select the View Client features:
a. USB Redirection is optional, but works only if it was selected during View
Agent installation.
b Log
b.
L in
i as currentt user offers
ff
single
i l sign-on
i
choices.
h i
3. (Optional) Add a default View Connection Server fully qualified domain
name. The FQDN can be specified or overridden when View Client is

started.
started
4. Select the default behavior for logging in as the current user on the
client system.
View Client is the software that allows a physical desktop to access a virtual desktop in the View
system. The client software must be installed on any system that will be used to access View
desktops. The steps to install View Client include:
1. Begin your installation by selecting the appropriate installer file that came with the View
package: VMware-viewclient-x86_64-4.5.x-xxxxxx or VMware-viewclient-4.5.xxxxxxx.exe. The same software is used on Windows 7, Windows XP, and Windows Vista.
The 32-bit version of View Client cannot be installed on a 64-bit system.

2. Select your custom setup options:
If you do not want users to access locally connected USB devices through their View
desktops, deselect USB Redirection. USB redirection does not work if the USB
Redirection component was not installed by View Agent on the View desktop.
If you want to require all users to provide identity and credential information to log in to a
View Connection Server and again to access a View desktop, deselect Log in as current
user.
If smart-card authentication is set to Required on View Connection Server, users who
select the Log in as current user check box must still reauthenticate with their smart card
and PIN.
198
3. You are given the option of setting a default View Connection Server during View Client
installation. Preconfiguring the fully qualified domain name (FQDN) of the connection server
saves time when you open View Client the first time to connect to the connection server. If you
do not set the FQDN, you are prompted for it when View Client starts. You can change the
default FQDN at any time.
4. Select the default login behavior for the user of View Client. The options are discussed on the
next slide.
5
View Client Options
199
Default Login Behavior

Slide 5-9
Select the default action for logging in as the current user on the
client system.
If you chose to install the Log in as current user feature, you can further configure the default
behavior when a user logs in using View Client:
Select Show in connection dialog to display the Log in as current user option in the View
Client connection dialog box. When the option is selected, the users login identity and
credential information is passed to the View Connection Server and ultimately to the View
desktop. If the client system is not a member of the domain, the user does not see the Log in as
current user check box.
Select Set default option to login as current user to make the Log in as current user check
box selected by default in the View Client connection dialog box.
When View Client users select Log in as current user, their login credentials are used to authenticate
to the View Connection Server and to the View desktop. No further user authentication is required.
To support logins as the current user, user credentials are stored on both the View Connection Server
instance and the client system.
On the View Connection Server instance, user credentials are encrypted and stored in the user
session with the user name, domain, and optional UPN. The credentials are added when
authentication occurs and they are purged when the session object is destroyed. The session object is
destroyed when the user logs out, the session times out, or authentication fails. The session object
200
resides in volatile memory and is not stored in Active Directory Application Mode (ADAM)/AD
Lightweight Directory Service (AD LDS) or in a disk file.
On the client system, user credentials are encrypted and stored in a table in the Authentication
Package, which is a component of View Client. The credentials are added to the table when the user
logs in and are removed from the table when the user logs out. The table resides in volatile memory.
The Log In as Current User feature requires that the primary DNS suffix portion of the client
computers FQDN be the same as the name of the Active Directory (AD) domain that the client
computer belongs to.
5
View Client Options
201
Before Using View Client

Slide 5-10
Confirm the prerequisites for the target desktop:
Remote desktop access should be granted.

Users or groups must be specifically authorized.
User prerequisites:
User must be members of the Remote Desktop Users group

group.
User must be entitled by View Connection Server to connect to a View
desktop.
Before the client can be used to access a View desktop, the desktop must authorize Remote Desktop
access. In addition, remote users or groups must be specifically authorized.
A user can be a member of a group that is specifically entitled to connect to a virtual desktop. But
the user must also be a member of Remote Desktop Users, either as an individual or as a member of
a group, such as the AD Remote Desktop Users group. The group must be a domain global group.
202
Connecting to View Connection Server

Slide 5-11
1. Enter the FQDN of the View Connection Server.

2. Set options by clicking Options and expanding the dialog box:
Leave Port blank.

blank
SSL is selected by default.
Selecting Autoconnect saves the View Connection Server address and
options so that subsequent logins will skip this dialog box
box.
You can select Autoconnect to save the View Connection Server information to make future
connections easier. The dialog box is skipped when the View Client is next started.
View Client displays a security message every time that it attempts a connection with View
Connection Server. The security message states that View cannot verify the identity of the View
Connection Server IP address. You must select Continue to allow View Client to connect to the
View Connection Server. A connection is established between View Client and View Connection
Server that is not secure.
A self-signed certificate for View Connection Server connection to View Clients is included with
View. The security message is displayed when the client attempts to connect with the View
Connection Server. You may ignore the security message and allow the client to establish
connection with View Connection Server. However, a self-signed SSL certificate can allow
untrusted parties to intercept traffic by masquerading as the organizations server. The organization
should create a CA-signed certificate.
203
View Client Options
Enter the FQDN or IP address of the View Connection Server. Leave Port blank, unless the View
Connection Server was set to use a different port. Use SSL by default. Whether SSL is used to
connect to View Connection Server is configured in Inventory > Global Settings in View
Administrator. The option is Require SSL for client connections and View Administrator and it
is enabled by default.
A security message is not displayed with CA-signed certificates. Also, with CA-signed certificates
the data is secure and not prone to interception from untrusted parties.
More details about View Clients SSL configuration are discussed on the next slide.
204
View Client SSL Configuration

Slide 5-12
If the Require SSL for client connections and View Administrator global
setting in View Administrator is enabled, View Client verifies the SSL
certificate when the user connects to View Connection Server.
A group policy setting can force verification, warn the user, or omit the
verification.
This version of the dialog box is displayed because the Group Policy
object (GPO) is not installed.
5
A group policy setting can be configured to allow users to view the selected certificate verification
mode in View Client but not configure the setting. The SSL configuration dialog box informs users
that the administrator has locked the setting.
When the group policy setting is not configured or is disabled, View Client users can configure SSL
and select a certificate verification mode. The user sees what is shown on the slide. The choices for
the user are:
Reject the unverifiable connection Enforces the presence of a valid certificate.
Warn if the connection may be insecure The default setting. As shown on the previous
slide, the dialog box is displayed and the user must click Continue to proceed.
Allow the unverifiable connection Allows connections even if the connection might be
compromised. If the connection is to a security server, rather than a connection server, the
option must selected. The default option is valid only for connections to a connection server.
205
View Client Options
View Client performs certificate checking if you have selected the Require SSL for client
connections and View Administrator global setting in View Administrator.
If the Group Policy object (GPO) is installed, you can select one of these modes in the group policy
setting. The user cannot override the setting.
Full Security If any type of certificate error occurs, the user cannot connect to View
Connection Server. View displays certificate errors to the user.
Warn But Allow (default value) When the following server certificate issues occur, a
warning is displayed, but the user can continue to connect to View Connection Server:
A self-signed certificate is provided by View. In this case, it is acceptable if the certificate
name does not match the View Connection Server name provided by the user in View
Client.
A verifiable certificate that was configured in your deployment has expired or is not yet
valid. If any other certificate error condition occurs, View displays an error message and
prevents the user from connecting to View Connection Server.
No Security View does not perform certificate checking.
206
Entering User Credentials

Slide 5-13
The red line overstriking https indicates that the connection

between the View Client and View Connection Server is not secure.
Enter your authentication information, which must be for the AD domain user account that you are
going to use to access the virtual desktop. The user principal name (UPN) format of
username@domain is also accepted in User name. In the example, the UPN would be
viewuser01a@vmeduc.com.
The dialog box is immediately displayed if you chose Autoconnect the first time you started the
View Client (shown on the previous slide). To change the default View Connection Server, click
Cancel to return to the first dialog box.
207
View Client Options
The connection between View Client and View Connection Server is not secure. This state is
visually confirmed by a red line that overstrikes https in the View Connection Server FQDN.
Selecting a Desktop and Display Option

Slide 5-14
This user is entitled to

connect to two different
p
desktops.
From the Display menu,
select how you want the
desktop to appear on your
client desktop.
The Custom item displays a
dialog box where you can set
th window
the
i d
size.
i
Users can be entitled to multiple desktops. But even if they only have a single desktop, they must
still select it and click Connect (unless they have specified automatic connection to the desktop at
startup).
The Display drop-down menu allows the user to preset the size of the window that will display the
remote desktop. The user selects Multimonitor if PCoIP is the display protocol and he or she has
multiple monitors at the client system. Up to four monitors are supported. The number allowed is
controlled by the View administrators in the Desktop/Pools Settings dialog box when they add an
individual desktop or an automated pool.
208
Unblocking Windows Firewall

Slide 5-15
209
View Client Options
As the View Client connects for the first time, you might get a warning from Windows Firewall. If
so, unblock the firewall or examine the open ports and make adjustments. The View Client opens all
necessary ports during installation, but the firewall settings might have been reset because of other
activities in the client system.
Common Login Issues

Slide 5-16
Only one user can log in to a specific desktop at a time.

A user must be entitled to at least one desktop in order to connect to
the View Connection Server
Server.
A user is not specifically authorized to log in remotely to this system.
The user is not a member of the Remote Desktop Users group.
An error message is displayed if the virtual desktop is already in use. Before it can be used by you,
the other user must log out, including users who have logged in from the remote console on the
VMware vSphere Client.
You must be entitled to at least one pool of desktops. A message saying that you are not entitled to
use the system is displayed if you are not entitled to any pools. Even a domain administrator account
receives the message unless the pool is specifically entitled through View Administrator.
All View users should already be in the domain global group Remote Desktop Users. A user must be
specifically authorized, or be a member of a group that is specifically authorized, as a Remote
Desktop User.
210
Login Successful
Slide 5-17
211
View Client Options
The desktop has an image as wallpaper for contrast. The recommendation is to use a plain, singlecolor wallpaper to improve performance.
Menu Bar
Slide 5-18
desktop display
name
desktop options
USB devices
After the remote desktop window has opened, a menu bar is displayed at the top of the window. The
menu bar can be locked or set to auto-hide by clicking the push pin in the left corner. The menu bar
contains the following elements:
The display name that is assigned to the desktop.
The Options menu, which has the following items:
Help Opens a browser window to online documentation.
Support Information Displays product, host, and connection information for this
session. The option also allows you to collect and bundle extensive information that can be
forwarded to VMware Support.
About VMware View Client Displays information about the version of View Client.
Switch Desktop If you have more than one desktop open at a time, you can switch
between them.
Autoconnect to this Desktop Whether autoconnect is available depends on the type of
desktop. The variations are discussed later in the course.
212
Send Ctrl-Alt-Delete Sends the key combination to the desktop. The client machine
itself intercepts the key combination when it is entered at the keyboard.
Reset Desktop The user can reset the desktop if the View Administrator has granted the
right in the Pool Settings page.
Disconnect or Disconnect and Log Off Gives the user the choice of disconnecting but
leaving the desktop logged in or of disconnecting and logging out.
The Connect USB Device menu, which is discussed on a later slide.
5
View Client Options
213
USB Device Status Examples

Slide 5-19
Option to autoconnect USB

devices:
Shows devices present

present,
authorized, and enabled
Authorized, software enabled,

but no devices present
The View Administrator has

disabled USB device use.
The Connect USB Device option allows users to select USB devices.
Administrators can configure the ability to use USB devices, such as thumb flash drives and
printers, from a View desktop. The feature is called USB redirection. The drivers for the USB
devices that a user accesses must be preinstalled on the desktop image.
When you use the feature, most USB devices that are attached to the local client system become
available from a menu in the View Client. You use the menu to connect and disconnect the devices.
Multiple devices can be connected and in use at one time. All available USB devices on the client
system can be connected to the desktop after user identification. USB devices can also be connected
to the desktop when they are plugged in to the client system.
USB devices that do not appear in the menu, but are available in a View desktop, include smart card
readers and human interface devices such as keyboards and pointing devices. The View desktop and
the local computer use these devices at the same time.
The feature has the following limitations:
When you access a USB device from a menu in the View Client and use the device in a View
desktop, you cannot access the device on the local computer.
214
USB redirection is not supported on Windows 2000 systems or for View desktops sourced from
Microsoft Terminal Servers.
On the virtual desktop menu bar, click Connect USB Devices. The first option in the menu is
whether to autoconnect USB devices to the desktop. Two types of automatic USB redirection are
available:
Automatically redirecting all devices upon connection to a desktop
Automatically redirecting an inserted device to the current desktop, which is the desktop in the
foreground window
The list of available devices is also displayed. Select the device that you want to use. The device is
loaded into the virtual desktop. The process can take up to 20 seconds. The first time the desktop is
connected to the device, drivers might be installed.
In the middle screenshot, you see the message that is displayed if a user is authorized and the
software is enabled but no devices are present.
In the bottom screenshot, you see the message that is displayed if the View administrator has
disabled the use of USB devices.
5
View Client Options
215
Flexible Monitor Support with PCoIP

Slide 5-20
support for
up to four
monitors
monitor pivot
support
2560x1600
resolution per
monitor
variable
resolution
per monitor
Clear Type
font support
32-bit color
View with PCoIP can support up to four monitors simultaneously. Each monitor can support a
resolution up to 2560x1600 and each supports Clear Type fonts. Clear Type fonts help improve the
appearance of text.
Monitor pivot enables monitors to be used in landscape (horizontal) or portrait (vertical) mode. The
orientation can be changed in real time.
Variable resolution per monitor allows simultaneous monitors to be set to different resolutions. With
support for up to four monitors, each monitor can be a different physical size and set to a different
resolution.
32-bit color provides the ability to reproduce true color images for up to 4.2 billion distinct colors
per pixel.
216
Session Disconnect
Slide 5-21
To end your desktop session, use the Options menu.
Disconnect:
You remain
Y
i llogged
d iin. N
No one else
l can use th
the d
desktop.
kt
Programs continue to run.
Disconnect and Log Off:
You log out. Other users can now use this desktop.
Disconnect You stay logged in and any programs that you were running continue to run. No
one else (except for an Administrator) can connect to the desktop.
Even though you are still logged in, the virtual desktop is no longer available in the Switch
Desktop item. But you can reconnect from the View Client by selecting that desktop after you
log in to View Manager.
You can also reconnect to a disconnected virtual desktop through Remote Desktop Connection
(RDC).
Disconnect and Log Off You log out, and now other users can use the desktop. Clicking the
Close button in the upper-right corner of the window also disconnects and logs you out the
desktop.
Other disconnect options:
Click the close box in the upper-right corner of the desktop window. The action is equivalent to
selecting Options > Disconnect.
Select Start > Log off in the desktop. The action is equivalent to selecting Options >
Disconnect and Log Off.
217
View Client Options
To end your virtual desktop session, use one of the disconnect items on the Options menu:
View Client for Mac

Slide 5-22
View Client for Mac has the following features:
It offers a Mac user access to a View-hosted Windows desktop.

It is supported on Mac OS X 10.5 or later.
It supports PCoIP and Remote Desktop Connection (RDC).
It supports
pp
RSA SecurID authentication.
It supports single sign-on.
Specific features that are included in View Client for Mac:

Support for Mac OS X 10.5, Mac OS X 10.6, and Mac OS X 10.7
PCoIP, including PCoIP optimizations in View 5 or later
Dynamic screen resizing
Support the full-screen mode in Lion
Cut, copy, and paste text and graphics between the View desktop and the Mac
The following capabilities are not supported with the View Client for Mac:
USB redirection USB devices cannot be redirected from the client system to the desktop.
Virtual Printing The Virtual Printing feature is not supported.
Smart cards Smart cards are not supported, but RSA SecurID feature is supported.
Multimedia redirection (MMR) Multimedia content cannot be redirected to the Mac OS, so all
multimedia must be run in the virtual machine.
Local-mode desktops View Client with Local Mode is supported only on Windows systems.
Users cannot access their virtual desktops on the Mac while offline.
218
SSO Timeout Configuration

Slide 5-23
When a View Client connects with View Connection Server, single

sign-on (SSO) is enabled by default.
You can configure a time limit after which a users

user s SSO credentials
time out.
Configuring SSO timeout ensures that no one can use the desktop
session of another user
user.
The SSO timeout limit is set in minutes.
SSO timeout limit is configured by setting a time limit in View LDAP.
5
The SSO timeout limit is set in minutes. The SSO time-limit counter starts when the user logs in to
View Connection Server.
When you configure the SSO timeout, you configure a time limit after which the users SSO
credentials are no longer valid. For example, if you set a SSO timeout time limit as 10 minutes, then
the users SSO credentials are invalidated 10 minutes after the user logs in to View Connection
Server.
You configure the SSO timeout limit by setting a value in View LDAP. When you change View
LDAP on a View Connection Server instance, the change is propagated to all replicated View
Connection Server instances. For more details about setting up SSO timeout value in View LDAP,
see VMware View Administration at http://www.vmware.com/support/pubs.
On remote desktops, the new SSO timeout limit takes effect immediately. You do not have to restart
the View Connection Server service or the client computer.
219
View Client Options
By default, when a user logs in to View Connection Server from View Client, single sign-on (SSO)
is enabled. During the desktop session, the user can leave the desktop or allow it to become inactive.
The SSO timeout configuration ensures that when the user returns to the desktop, the user has to
authenticate the credentials again. The timeout reduces the risk of someone else using the desktop
while the user has left the desktop unattended.
View Portal
Slide 5-24
Enter the View Connection Server address in the address box of a

browser. You are given the option to download a suitable version of
View Client.
The screenshot shows the options for a 32-bit Windows system.

Mac systems have only one option: View Client for Mac.
An expedient way of installing the View Client or View Client with Local Mode application is to
open a browser and go to the View Portal Web page. You can use View Portal to download the full
View Client installer for both Windows and Mac client computers. The download choices are
tailored to your client system. View Portal does not support Linux. A native client for Linux is
available only through certified VMware partners.
Internet Explorer can determine whether an upgrade is available. Firefox and Safari cannot. Also, in
the list of installers, Internet Explorer lists 32-bit installers if the client has a 32-bit system and lists
64-bit installers if the client has a 64-bit system. Firefox lists both 32-bit and 64-bit installers.
If the version available from View Connection Server is newer than that installed on the client
system, you can choose to upgrade. If the version is the same as that on the client device, View
Portal starts the View Client installed on the client computer.
220
Client Information Available to Desktop

Slide 5-25
Exposes client device information to desktop through the Registry.

Examples:
Client device machine name

Client device IP address
Client device MAC address
Logged-in
Logged
in user name
Client type (thin client or operating system type)
Client time, offset from GMT
Use case: These values might be used by third

third-party
party software to find
closest secure printer to the client device.
5
For Windows clients, the information is made available by using the Registry in the remote desktop.
Third-party tools can be used to create custom scripts, such as to map local printers to devices at
login and reconnect. Details are held in Windows Registry keys for which you can set a GPO.
The information sent to the guest machine agent includes:
ViewClient_IP_Address The IP address of the client device.
ViewClient_MAC_Address The MAC address of the client device.
ViewClient_Machine_Name The machine name of the client device.
ViewClient_Machine_Domain The domain of the client device.
ViewClient_LoggedOn_Username The user name of the user logged in to the client
device.
ViewClient_LoggedOn_Domainname The domain of the user logged in to the client
device.
221
View Client Options
The View Client passes information about the client machine and the method by which the user
entered the View session to the remote desktop.
ViewClient_Type The thin client name or operating system type of the client device.
ViewClient_Broker_DNS_Name The DNS name of the connection server (broker).
ViewClient_Broker_URL The connection server URL.
ViewClient_Broker_Tunneled The tunnel status of the connection server. The value is
either true or false.
ViewClient_Broker_Tunnel_URL If the broker tunnel status is true, the URL of the
tunnel.
ViewClient_Broker_Remote_IP_Address The remote IP address of the client.
ViewClient_TimeOffset_GMT The time offset from GMT, expressed as HH:MM.
222
What Is a Thin Client?

Slide 5-26
A thin client system has the following attributes:
It is a low-cost, centrally managed computer.

Usually there is no disk drive (or a very small disk drive).
There is no CD-ROM drive.
Normally,
y, the system
y
cannot be customized byy the user.
The operating system is either in ROM or is a small operating system

like Windows XP Embedded, preinstalled on a small hard drive.
Its operation is simple Attach a keyboard and monitor
monitor, power it on
on,
and connect to a View desktop.
5
From Mac and Windows laptops and PCs, end users open the View Client to display their View
desktop. Thin client devices use View thin client software and can be configured so that the only
application that users can start directly on the device is the View Client. Repurposing a legacy PC
into a thin client desktop can extend the life of the hardware by three to five years. For example, by
using View on a thin desktop, you can use a newer operating system such as Windows 7 on older
desktop hardware.
223
View Client Options
A thin client is typically a hardware terminal. Thin clients are low cost and designed to be centrally
managed. They have no CD-ROM drive and usually no hard disk. They are designed not to be
customized by the user. In many ways, they are ideal for giving users access to virtual desktops.
What Is a Zero Client?

Slide 5-27
Zero clients do not have a Windows or Linux

operating system:
No operating system patches are needed

needed.
No anti-virus, anti-spyware is required.
No local device drivers are necessary.
The PCoIP protocol is built in.
Zero clients have a long life cycle.
Zero clients enable fewer devices on the
desktop (in the case of the flat-panel zero
client).
There are many choices from more than a

dozen vendors.
Wyse-P20
Through the View Client, View supports software-enabled devices like PCs, laptops, netbooks, and
thin clients. View also supports Teradici hardware-based endpoints. The Teradici hardware-based
endpoints are known as zero clients because they have no Windows or Linux operating system
resident. Zero clients have several significant advantages:
No operating system patches are required.
No antivirus or antispyware is required.
No local device drivers exist.
Zero clients have a longer life cycle because there is less software to update and less demand on
the hardware.
Zero clients allow a reduced number of devices on the desktop (in the case of the flat-panel zero
client).
These benefits are important because they lead to simpler deployments and lower cost of ownership.
Zero clients come in two basic versions:
A version that is integrated into a flat-panel display
A version that looks like a thin client and drives external monitors
224
Thin Clients That Are Compatible with View

Slide 5-28
Examples of thin client providers
Chip PC
DevonIT
HP
Igel
g
PanoLogic
Sun Microsystems
W
Wyse
225
View Client Options
Several VMware partners offer thin client devices for View deployments. The features that are
available for each thin client device are determined by the vendor and model and the configuration
that an enterprise chooses to use. For information about the vendors and models for thin client
devices, see View Compatibility Guide at http://www.vmware.com/resources/compatibility/
search.php.
Troubleshooting Unavailable Desktops

Slide 5-29
Make sure that the virtual desktop is powered on, not suspended.
If the desktop is powered on, take these steps:
V if that
Verify
th t the
th desktop
d kt is
i nott hibernating
hib
ti or sleeping.
l
i
After the desktop has been powered on

on, try to connect to the desktop with
RDC and log in with a View administrator domain user name. A successful
connection verifies the availability of the desktop.
Open a VMware vSphere Client remote console to verify the state of the
desktop.
Logging in as an administrator logs out a user.
Reset the desktop from View Administrator.
Only one user at a time can be logged in to a virtual desktop.
Power states can cause several problems when users are trying to connect to virtual desktops. Here
are some troubleshooting procedures:
Use the vSphere Client to confirm that the virtual machine is powered on and not in a
suspended state.
If the virtual machine is powered on, try to connect either by a remote console from the Sphere
Client or directly, using RDC. Connecting by RDC is the best test to determine whether the
desktop is reachable and you can log in. If you can log in with RDC, look at either the client or
the connection server to determine the source of the problem.
If you can log in with an administrative account, the user will be logged out.
Only one user at a time can be logged in to a virtual desktop.
226
Lab 4
Slide 5-30
In this lab, you will install the View Client and connect to a virtual
desktop.
1 Install the View Client
1.
Client.
2. Connect to a virtual desktop.
3. Clone a second client virtual machine.
5
View Client Options
227

Slide 5-31
228
Describe the requirements for a View Client installation.

E l i USB redirection
Explain
di ti and
d options.
ti
Describe the power states for desktops.
Define a thin client and compare
p
it with a system
y
running
g View
Client.
Explain what a zero client is and the benefits of a zero client.
Lesson 2: Virtual Printing with View Clients

Slide 5-32
Lesson 2:
Virtual Printing with View Clients
5
View Client Options
229
Learner Objectives
Slide 5-33
230
Discuss the benefits of Virtual Printing.

Explain the Virtual Printing architecture.
List the steps to install the Virtual Printing feature.
Describe the configuration
g
options
p
for Virtual Printing.
g
Explain the location-based printing feature.
Discuss use cases where location-based printing is desirable.
Listt the
Li
th client
li t system
t
parameters
t
that
th t can be
b used
d tto make
k the
th
assignment to a printer.
What Is Virtual Printing?

Slide 5-34
A software solution that provides driver-free printing:
Consists of a server component on the virtual desktop and a client

component on the View Client
DSSOLFDWLRQ
SULQWHU
client with Virtual Printing

component, connected to
print resources
virtual
i t l desktop
d kt with
ith
Virtual Printing
component
UHQGHULQJ
The application running on the virtual desktop generates print data, which is passed over a PCoIP or
RDP channel to the client system. The Virtual Printing component on the client machine renders the
print images and directs them to a locally accessible print resource.
231
View Client Options
Virtual Printing uses a client-server architecture. A print server component is installed on the
desktop when the View Agent is installed. A print client component is installed on the View Client
system when View Client software is installed.
Benefits of the Virtual Printing Feature

Slide 5-35
Virtual Printing automatically discovers, connects, and prints from a

virtual desktop to any local or network printer defined on the client.
Universal print drivers are provided
provided, so no compatibility issues exist
with nonstandard print devices.
Virtual Printing includes compression to deliver high-quality printing
with enhanced performance even over suboptimal networks
networks.
Some key benefits of Virtual Printing:

Virtual Printing discovers, connects, and prints from a virtual desktop to any local or network
printer defined on the client.
Universal print drivers are provided so that there are no compatibility issues with nonstandard
print devices, such as those connected to home PCs.
Virtual Printing includes compression to deliver high-quality printing with enhanced
performance even over suboptimal networks.
After a printer is added on the local computer, View adds that printer to the list of available printers
on the View desktop. No further configuration is required. Users who have administrator privileges
can still install printer drivers on the View desktop without creating a conflict with the Virtual
Printing component.
232
Reasons to Use the Virtual Printing Feature

Slide 5-36
Printing in a virtual desktop infrastructure without the Virtual Printing

feature can have several issues:
A virtual desktop must have the right set of printer drivers

drivers.
A virtual desktop must have a network printer or client-connected local

printer mapped correctly.
Typically, the View desktop is locked down and end users cannot
install printer drivers and map to network printers.
The user might connect to the desktop from different locations and use
diff
different
t printers.
i t
Large print jobs might consume considerable network bandwidth:
5
View Client Options
Why is a Virtual Printing feature so important in a virtual desktop environment?

Complex printer setup is one of the problems with a virtual desktop infrastructure.
Virtual Printing offers several performance and transparency advantages.
If a virtual desktop lacks the correct set of printer drivers, users cannot print to network or
client-connected local printers.
If a virtual desktop does not have a network- or client-connected local printer added or mapped
correctly, users cannot print.
Users can manually install the printer drivers and map the printers if they have administrator
rights. But to expect a user to configure the properties every time the make and model of client
or network printers changes is unreasonable. Reconfiguration might occur frequently in a
virtual desktop environment because users use different client systems to connect to the virtual
desktops.
Large print jobs might consume considerable network bandwidth.
233
Transparency for the User

Slide 5-37
client system
View desktop
Printing from the View desktop looks exactly like

printing from a physical desktop.
The slide shows what the choice of printers looks like on the client system and the virtual desktop.
234
Virtual Printing Functions at the Desktop and Client Systems

Slide 5-38
Functions on the desktop:
Bandwidth control
Conversion of print data to a common data format
Encryption
Compression
Virtual printer driver,
driver which replaces the need for individual printer drivers
and enables driver-free printing
Functions on the machine that hosts the print resources:
Reception of print data

Decompression/decryption
Conversion of the common data format into printer-specific formats
Sending the data to the print device
5
View Client Options
The Virtual Printing components on the virtual desktop perform these functions:
Control the consumption of bandwidth
Convert the print data from the application to a common data format
Encrypt and compress the print data
Use a single virtual printer driver, which then communicates with the client side of the data path
The Virtual Printing components that are installed on the View Client machine, the one that is
hosting the print resources, perform these functions:
Receive the print data from the Virtual Printing component running in the virtual desktop
Decompress and decrypt the data flow
Convert the common data format into whatever format the locally accessible printer resource
requires
Send the data to the print resource
235
Additional Virtual Printing Functions

Slide 5-39
Supports online and offline virtual desktops:
PCoIP or RDP is available for online sessions

Virtual serial port for local
local-mode
mode sessions
Checks every 30 seconds for new print resources

Licensed from Cortado:
Completely integrated into View

Proven technology used in multiple VMware products
http://www.thinprint.com
Virtual Printing supports both online and offline (local-mode) desktops. But the data exchange path
is different. A PCoIP or RDP channel is used for the online desktop and View Client exchange. A
virtual serial port is used for the exchange between an offline desktop and the client machine. The
local-mode image is running on the local machine, so the virtual serial port is local and not across
the network. The printing operation occurs locally.
Every 30 seconds, the two Virtual Printing components determine whether new print resources have
been installed on the View Client.
The technology that is used in the Virtual Printing feature is licensed from Cortado, a company that
has been providing proven virtual printing capabilities for some time under the ThinPrint name.
VMware Fusion also uses ThinPrint technology.
The URL http://www.thinprint.com takes you to the ThinPrint page on the Cortado Web site.
236
Virtual Printing Architecture

Slide 5-40
Architecture consists of two parts:
PCoIP or RDP
Initialized by
View Client
Server component runs on the

d kt
desktop.
Client component runs on the

machine that is connected to print
resources.
resources
Connection through a named pipe for

local-mode desktop or RDP channel
f online
for
li View
Vi
desktop
d kt
5
TPOG ThinPrint Output Gateway is a printer driver for virtualizing printer on Windows hosts.
TPOGPS ThinPrint Output Gateway PostScript is a printer driver for virtualizing printers on
Linux or Mac hosts.
TPVMMon.dll ThinPrint PORT VMware monitor.
TPVMW32 Protocol adapter to serial port.
TPRDPW32 Protocol adapter to RDP.
TPAutoConnect Creates, tracks and deletes virtualized printers.
The Virtual Printing components on the client system side:
TPInVM and TPCIntRDP Redirect .print Server commands from the virtual desktop to the
client protocol interpreter
TPCInt Keeps track of real printer configuration changes and receiving and printing print
jobs
TPView Interprets (converts from common data format) TPOG-generated print jobs
237
View Client Options
The Virtual Printing components on the virtual desktop side:
Installation of Virtual Printing Feature

Slide 5-41
For the client system, Virtual Printing client components are always
installed on the client system by the View Client installer if the USB
Redirection feature is selected.
For the desktop, Virtual Printing server components are installed on
the desktop if:
The Virtual Printing

g feature is selected during
g View Agent
g
installation
VMware Tools is present
The default installation of the View Client always installs the Virtual Printing components. If you
deselect the USB redirection feature, the Virtual Printing components are not installed.
The default installation of the View Agent on the desktop template, parent virtual machine (for
linked clones), or unmanaged desktops installs the Virtual Printing feature, as shown on the slide.
238
Searching for Printers on the Desktop

Slide 5-42
Do the following as Administrator:

1.
Remove all the printers:
C:\Program
\
Files\VMware\VMware
\
\
Tools\TPAutoConnect
\
d
2.
Stop the connection service:

net stop TPAutoConnSvc
3.
Printers are removed.
Restart connection service:

net start TPAutoConnSvc
Printers are seen. Be patient. The operation might take a few minutes.
5
View Client Options
To make the virtual desktop refresh its inventory of virtual printers, log in to the desktop as an
administrator, open a Command Prompt window, and do the following:
1. Remove all printers by typing C:\Program Files\VMware\VMware
Tools\TPAutoConnect d.
2. Stop the connection service by typing net stop TPAutoConnSvc.
3. Restart the connection service by typing net start TPAutoConnSvc.The restart might take a
few minutes.
239
Reinstalling Virtual Printing on the Desktop

Slide 5-43
1.
At the command prompt, remove all the printers:

C:\Program Files\VMware\VMware Tools\TPAutoConnect d
2
2.
Stop the connection service:

net stop TPAutoConnSvc
3.
Remove the View Agent and VMware Tools.
4.
Install VMware Tools.
5.
Install the View Agent.
To reinstall Virtual Printing on a desktop or the desktop template or parent virtual machine that is
used for automated pools:
1. Remove all printers.
2. Stop the connection service.
3. Use Add or Remove Programs to remove the View Agent and VMware Tools.
4. Install VMware Tools.
5. Install the View Agent.
240
Reinstalling Virtual Printing on the Client System

Slide 5-44
You must install the View Client with USB redirection for Virtual
Printing to work:
1 In Add or Remove Programs

1.
Programs, remove the View Client components
components.
2. Reinstall View Client.
5
View Client Options
To reinstall Virtual Printing support on the client system:

1. Use Add or Remove Programs to remove the View Client.
2. Install the View Client.
241
Configuring Virtual Printing

Slide 5-45
Available options:
Page Setup:
Resolution
R
l ti
B/W or color
Advanced:
Preview
Adjustment:
Scale to fit
Adjust margins
Virtual Printing supports the common configuration options for a printer resource. The Thinprint
Output Gateway on the desktop adopts the printer properties (for example, paper trays, duplex,
color/black-and-white, punching or stapling) from the original driver.
You can then configure these options at the virtual desktop, but the options require administrator
privileges. The best way to change the printer properties is to change them at the client, where the
printer is located.
242
Adjusting the Compression Level

Slide 5-46
On the virtual desktop, right-click the printer and select Properties.
Requires administrator privileges
To change the compression setting from the desktop:

1. From the virtual desktop, click Start and click Printers and Faxes.
2. Right-click a printer and select Properties.
3. Click the ThinPrint Device Setup tab, and select the print data compression:
No images Only text is printed.

Extreme Images are compressed with maximum possible compression rate without
regard to image quality.
Maximum Images are compressed with good quality.
Optimal Images are compressed with optimal quality.
Normal
243
View Client Options
The compression level for the print data stream between the virtual desktop and the client system
can be adjusted at the desktop. But the user must have at least Manage Printer permissions to change
the setting. The compression ratio, in particular, affects system performance. During compression,
the print job is divided into its components. Different compression methods are applied to text and
images to ensure that an optimal, very small file can be sent.
Location-Based Printing
Slide 5-47
Location-based printing allows IT organizations to map View desktops

to the printer that is closest to the endpoint client system.
A GPO setting is used to configure location-based printing so that the
desktop uses the nearest printer.
The AutoConnect Location-based Printing for VMware View policy
setting is implemented as a name translation table
table.
Each row in the table identifies a specific printer and defines a set of
translation rules for that printer.
When a user connects to a View desktop,
p, View compares
p
the client system
y
to the translation rules associated with each printer in the table.
Translation rules are based on the client systems IP address, name, and
MAC address, and on the users name and group.
The location-based printing feature maps printers that are physically near client systems to View
desktops, enabling users to print to their local and network printers from their View desktops. For
example, as a health professional moves from room to room in a hospital, each time the person
prints a document, the print job is sent to the nearest printer.
You set up location-based printing by configuring the AD group policy setting AutoConnect
Location-based Printing for VMware View. The group policy is in the Microsoft Group Policy
Object Editor in the Software Settings folder under Computer Configuration.
AutoConnect Location-based Printing for VMware View is a computer-specific policy.
Computer-specific policies apply to all View desktops, regardless of who connects to the desktop. In
the example, either a doctor or nurse could use a mobile client workstation and anything that is
printed by either user would be directed to the printer at the nurses station.
AutoConnect Location-based Printing for VMware View is implemented as a name translation
table. You use each row in the table to identify a specific printer and define a set of translation rules
for that printer. The translation rules determine whether the printer is mapped to the View desktop
for a particular client system.
When a user connects to a View desktop, View compares the client system to the translation rules
associated with each printer in the table. If the client system meets all of the translation rules set for
244
a printer, View maps the printer to the View desktop during the users session. If a printer has no
translation rules, it is mapped to the desktop.
You can define translation rules based on the client systems IP address, name, and MAC address,
and on the users name and group. You can specify one translation rule, or a combination of several
translation rules, for a specific printer.
5
View Client Options
245
View5ICM_M05_Clients.fm Page 246 Friday, January 6, 2012 8:53 AM
Setting Up Location-Based Printing

Slide 5-48
1. Register the group policy DLL for location-based printing:

Copy the appropriate file to the AD server and register it.
2. Configure the group policy for location-based

location based printing:
a. Do the configuration on your AD server or on the computer that you use
to configure group policies.

b. Enable the g
group
pp
policy
y setting.
g
c. Add printers that you want to map to View desktops and define
associated translation rules: client IP addresses, clients computer name,
MAC address, user or group name, printer name, printer driver, and IP
printer port
port.
To configure location-based printing:
1. Register the group policy DLL for location-based printing. Before you can configure the group
policy setting for location-based printing, you must register the DLL file TPVMGPoACmap.dll.
View Manager provides 32-bit and 64-bit versions of TPVMGPoACmap.dll in the directory
<installation_directory>\VMware\VMware
View\Server\Extras\GroupPolicyFiles\ThinPrint on the connection server host.
Copy the appropriate version of TPVMGPoACmap.dll to your AD server or to the domain

computer that you use to configure group policies. Use the regsvr32 utility to register the
TPVMGPoACmap.dll file.
2. Configure the group policy. Enable the GPO setting and enter the information about the client
systems for each printer. These entries become the translation rules that View uses to determine
which printer the View desktop should use.
For more details, see VMware View Administration at http://www.vmware.com/support/pubs.
246
The Name-Translation Table

Slide 5-49
U th
Use
the ttable
bl iin th
the AutoConnect
A t C
tM
Map Additi
Additionall Printers
Pi t
for
f
VMware View policy setting to define the printer mappings.
The network printer in the first row is mapped to a desktop for any client
system.
system
The network printer in the second row is mapped to a desktop only if the
client system has an IP address in the range 10.112.116.140
10.112.116.145.
Because print jobs are sent directly from the View desktop to the printer,
the HP printer driver must be installed on the desktop.
Print jobs are sent from the View desktop to a network printer, so the appropriate print drivers must
already be installed in the desktop.
247
View Client Options
The network printer specified in the first row is mapped to a View desktop for any client system
because asterisks appear in all of the translation rule columns. The network printer specified in the
second row is mapped to a View desktop only if the client system has an IP address in the range
10.112.116.14010.112.116.145.
Lab 5
Slide 5-50
In this lab, you will configure desktops and clients to use the Virtual
Printing feature.
1 Install and use a virtual printer
1.
printer.
2. Configure a virtual printer instance on the virtual desktop.
Virtual Printing
248

Slide 5-51
Discuss the benefits of Virtual Printing.

Explain the Virtual Printing architecture.
List the steps to install the Virtual Printing feature.
Describe the configuration
g
options
p
for Virtual Printing.
g
Explain the location-based printing feature.
Discuss use cases where location-based printing is desirable.
Listt the
Li
th client
li t system
t
parameters
t
that
th t can be
b used
d tto make
k the
th
assignment to a printer.
5
View Client Options
249
Key Points
Slide 5-52
250
Users can use the View Client to access desktops.

The View Client is a full-featured client for Windows and Mac systems.
Thi clients
Thin
li t and
d zero clients
li t ffrom a variety
i t off manufacturers
f t
can also
l
be used to access desktops.
Virtual Printing solves one of the most common problems in a virtual
desktop infrastructure
infrastructure. Virtual Printing allows seamless access to local
printers from the desktop.
Location-based printing is the assignment of a network printer from
the View desktop to a printer that is located close to a client system
system.
MODULE 6
View Administrator
Slide 6-1
Module 6
6
View Administrator
251
You Are Here

Slide 6-2
Course Introduction
Local-Mode Desktops


p Options
p
View Client Options
View Administrator
252
VMware ThinApp
Importance
Slide 6-3
VMware View Administrator is used to manage View Connection

Servers and the View environment. Improper use of View
Administrator affects the entire View environment
environment.
6
View Administrator
Module 6 View Administrator
253
Module Lessons
Slide 6-4
Lesson 1:
Initial View Configuration
Lesson 2:
Managing Users and Groups
Lesson 3:
Automated Pools
Lesson 4:
Role-Based Delegated Administration
Lesson 5:
Monitoring the View Deployment
254
Lesson 1: Initial View Configuration

Slide 6-5
Lesson 1:
Initial View Configuration
6
View Administrator
255
Learner Objectives
Slide 6-6
Describe the purpose of View Administrator.

Describe the objects that can be configured in the View Configuration
pages, such as servers, administrators, and global settings.
Explain how restricted entitlements can be used to control a users
access to
t pools.
l
Compare the authentication and security options View Connection
Server supports:
256
Tunneling
Smart-card authentication
RSA authentication
Logging In to View Administrator

Slide 6-7
View Administrator is a Web-based interface. You can log in from

anywhere.
Use one of the following browsers:
Internet Explorer 7, 8, 9
Firefox 3.0 or 3.5
Adobe Flash Player 10 or later

is required.
SSL encryption is enabled
by default.
default
https://<View_Connection_Server_FQDN>/admin
After VMware View Administrator has been set up, you can log in from anywhere with a
browser. Use Internet Explorer (version 7, 8, or 9) or Firefox (version 3.0 or 3.5).
The page name admin must be in lowercase. Choose a user name that is in the Active Directory
(AD) domain and that has been granted View administration rights on the View server. Initially,
anyone who has Administrator privileges on the View Connection Server has View administration
rights.
The first few slides in the module are included for completeness. These slides were briefly discussed in an earlier
module when setting up a manual pool.
257
View Administrator
Connect using https://<View_Connection_Server_FQDN>/admin.
View Configuration Objects

Slide 6-8
Begin by entering your View license key. Select View Configuration > Product Licensing and
Usage, click Edit License, and enter the key.
258
Servers Panes
Slide 6-9
Four types of servers: vCenter Servers, View Connection Servers,

Security Servers, Transfer Servers
The servers panes enable you to manage the VMware vCenter Server instances, View security
servers, View Connection Servers, and Transfer Servers.
View Administrator
259
VMware vCenter Server Systems

Slide 6-10
Three options for VMware vCenter Server systems:
Add
Edit
Remove
The vCenter Servers pane enables you to add, edit, or remove the vCenter Server instances that this
View Connection Server cluster uses to manage vCenter Server virtual machines.
260
Editing vCenter Server: Basic

Slide 6-11
vCenter Server Settings:
Configure the host address.

Supply vCenter Server credentials.
Enable or disable SSL tunneling.
Change
g the default p
port ((which must
then be changed on the vCenter
Server instance).
View Composer
p
Settings:
g
Enable View Composer.

Change the default port.
E t a list
Enter
li t off View
Vi
administrators
d i i t t
who
h
have the necessary permissions for
View Composer operations.
The TCP port that the View Connection Server uses to connect to the vCenter Server system can be
modified if necessary. If you modify that port here, you must also modify the port in the vCenter
Server instance. The modification might affect other vCenter Server operations.
If you select Enable View Composer, you must confirm the port to be used between View
Connection Server and View Composer. You must also enter credentials for View administrators
who have the necessary permissions for View Connection Server to work with the specified vCenter
Server instance and with AD. View Composer is discussed in more detail in a later module.
261
View Administrator
SSL is the default communication protocol between this View Connection Server and this vCenter
Server system. SSL provides a secure end-to-end tunnel.
After you select Add or Edit in the vCenter Servers pane, the Edit vCenter Server dialog box is
displayed. The dialog box enables you to specify or update the user name and password that View
Connection Server uses to authenticate with the vCenter Server system. (Click Advanced for the
advanced view.)
Editing vCenter Server: Advanced

Slide 6-12
Change the maximum values for vCenter Server virtual machine

provisioning and power operations.
The vCenter Server Settings advanced dialog box adds two important fields:
Max concurrent provisioning operations Determines the largest number of concurrent
requests that View Connection Server can make to provision full virtual machines in this
vCenter Server instance. The default value is 8. The setting does not control linked-clone
provisioning.
Max concurrent power operations Determines the largest number of concurrent power
operations (startup, shutdown, suspend, and so on) that can take place simultaneously on virtual
machines that are managed by View Connection Server in this vCenter Server instance. The
default value is 5. The setting controls power operations for full virtual machines and linked
clones.
262
View Connection Server Settings

Slide 6-13
Configure optional settings that apply to this View Connection

Server:
Enter free-form
free form tag labels for configuring restricted entitlements
entitlements.
Set up external URLs for client access from the Internet.
Disable secure tunnel
connections to the desktop.
To access the settings page:
Select View Configuration >

Servers.
Select a connection server
and click Edit.
In the General tab, you can set an external URL, which is used by a View Client that is outside the
corporate network. The fully qualified domain name (FQDN) in the URL must be resolvable by the
View Client system for connection to a desktop. Setting the external URL is a required step if you
plan to access the View Connection Server with systems from an external network. The option is
explained in more detail in a later module that discusses View security.
You have the option of defining restricted entitlement tags for this connection server. Restricted
entitlements are discussed on the next slides. In the example, two tags are defined for the connection
server: InternalUsers and Contractors.
The Use secure tunnel connection to desktop option enables you to specify per View server
whether client-to-desktop connections are to use SSL or not. The option is enabled by default. If the
263
View Administrator
In View Administrator, select View Configuration > Servers, select the connection server whose
configuration you want to change, and click Edit. The Edit View Connection Server Settings dialog
box has four tabs: General, Local Mode, Authentication, and Backup. Backup and Local Mode
options are discussed in a later module.
Some configuration settings apply to each specific connection server, rather than to the entire group.
One example is the authentication requirements that are necessary when connecting to the
connection server.
option is deselected, clients and desktops communicate in direct connection mode. Although direct
connection has higher performance because of lower overhead, it should be used only if the clients
and desktops are on a secure network behind the corporate firewalls. The option is discussed in
more detail in the View security module.
The Local Mode tab and its options are discussed in a later module that is devoted to the Local
Mode feature.
The authentication options are discussed on the following slides.
The backup options are discussed in a later module about View backup capabilities.
264
Restricted Entitlements
Slide 6-14
Restricted entitlements are a form of location-based entitlements.

Normally, all pools are accessible through any connection server.
Entitlements are assigned to pools

pools.
Restricted entitlements enable you to associate one or more pools with

a specific connection server.
The user can access a desktop in a pool only if the user is entitled for the
desktop and is connected to the correct connection server.
The same tag label is assigned both to a pool and to a connection server.
View Client displays only pools whose tags match the connection
servers tag.
If a user logs in to a connection server and has not been entitled to any
gg p
pools, an error message
g is g
generated.
of the tagged
A tagged pool must match at least one connection server with
the same tag.
You can use the restricted entitlements feature to restrict View desktop access based on the View
Connection Server instance that a user connects to.
A tagged pool must have at least one connection server with the same tag. A View administrator is
not allowed to remove from the connection server the last tag that is associated with a pool.
Otherwise, there would be no tag match and no user would be able to access the desktops in the
pool.
265
View Administrator
With restricted entitlements, you assign one or more tags (alphanumeric character strings) to a View
Connection Server instance. Then, when configuring a desktop pool, you select the tags that are
associated with the View Connection Servers that you want to match with the pool. When users log
in to a tagged View Connection Server, they can access only the desktop pools that have at least one
matching tag or desktops pools that have no tags assigned.
Restricted Entitlements: Example

Slide 6-15
Users are directed to a desktop pool

based on the connection server used
for access
access.
For example, all users can access
desktops inside the firewall, but only
some users can access their
desktops from outside the firewall.
Two tags are used: Internal and

External
External.
connection servers
Internal and
External tags
External tag
2
pools
Internal tag
External tag
Assume, as an example, a health-care deployment that includes two View Connection Server
instances to support doctors (the user icon on the right) and nurses (the icon on the left).
The connection server on the right (connection server B) supports both sets of users in the hospital.
The connection server on the left (A) is paired with a security server and supports doctors who
might need to access their desktops from their offices, which are outside the hospital. The nurse
population is not allowed to access their desktops unless they are on hospital premises. To control
access, set up restricted entitlements as follows:
Use the normal entitlement process to entitle the nurse population to use desktops in pool 1.
Use the normal entitlement process to entitle the doctor population to use desktops in pool 2.
Assign the tags Internal and External to View Connection Server instance B. Anyone logging in
to that connection server can access a desktop in his or her entitled pool.
Assign the tag External to the View Connection Server instance that is paired with the security
server and supports authorized external users. That is connection server A.
Assign the Internal tag to pool 1 and the External tag to pool 2.
266
If either a nurse or a doctor logs in to connection server B, he or she can connect to a desktop in the
appropriate pool. If a doctor logs in to the security server, he or she will be connected to a desktop
because the External tag is common to both connection server A and pool 2. But if a nurse attempts
to log in to the security server, the connection will be refused because no tags match between
connection server A and either of the pools, even though the user is entitled to pool 1.
Other pools, for other categories of users, can also be tagged with the Internal and External tags.
After the tags have been defined in any connection server, they are available for assignment to any
pool.
The restricted entitlements feature only enforces tag matching. You must design your network
topology to force certain clients to connect through a particular View Connection Server instance.
6
View Administrator
267
Rules for Creating Tags

Slide 6-16
Tags have the following characteristics:
268
No spaces are allowed.

64 characters is the maximum for a tag.
Tags are not case-sensitive.
Alphanumeric
p
characters and other common characters are valid.
Tagging a Pool
Slide 6-17
Select the connection server tags to associate with this pool.
The user must be entitled to access desktops in this pool.

The user must connect to a connection server with the selected tag.
269
View Administrator
When you click Browse, next to Connection server restrictions, the Connection Server
Restrictions dialog box is displayed. No Restrictions is the default. When Restricted to these tags
is selected, a list of tags associated with all connection servers is shown. Selecting one or more tags
defines which connection servers can be used to access this pool. If a user connects to a connection
server with a selected tag, then and only then will the user have access to the desktops in this pool.
For a desktop connection to occur:
The slide shows how to entitle a pool to work with a tagged connection server. A pool is available
through all connection servers in a connection server group because of Active Directory Application
Mode (ADAM) replication, unless restricted entitlements are configured. The tags for a pool are set
in the Pool Settings page of the Add Pool or Edit Pool wizard. When a user logs into the assigned
connection server, the server first determines which pools the user is entitled to use. Then, if the
connection server has tags, the tags are used to further limit which pools the user can access.
Tag-Matching Rules
Slide 6-18
Connection server
Pool
Access permitted?
No tags
No tags
Yes
No tags
One or more tags
No*
No
One or more tags
No tags
Yes
One or more tags
One or more tags
Only when tags match
*If a pool has a tag, then at least one connection server must
have the same tag.
At a basic level, tag matching determines whether a user connecting to a View Connection Server
instance that has a specific tag can access a pool. The user can access the pool only if the pool has
the same tag as the connection server.
The absence of tag assignments can also affect whether a View Connection Server instance can
access a pool. For example, View Connection Server instances that do not have tags can access only
pools that do not have tags.
The table shows how the restricted entitlement feature determines when a user connecting to a View
Connection Server can access a desktop pool.
270
Authentication Options: Smart Cards

Slide 6-19
You can configure View Connection Server or a security server

instance to allow View desktop users to authenticate themselves by
g smart cards.
using
A smart card contains secure storage data that includes private key
and public key certificates.
Smart-card
Smart
card authentication provides two-factor
two factor authentication by
verifying:
What the user has (the smart card)

What the user knows ((the PIN))
With smart-card authentication, the user inserts a smart card into a smart card reader attached to the
client system and enters a personal identification number (PIN). Smart-card authentication provides
two-factor authentication by verifying both what the user has (the smart card) and what the user
knows (the PIN).
When a user inserts a smart card into a smart-card reader, the user certificates on the smart card are
copied to the local certificates store on the client system. These stored certificates are available to all
applications running on the client system.
271
View Administrator
A smart card is a small plastic card that contains a computer chip. The chip contains secure storage
for data that includes private key and public key certificates.
Many organizations require personnel to pass multiple stages of authentication before allowing them
to connect to their systems. View provides support for high-security environments by offering
smart-card authentication of client sessions.
Connecting to View Connection Server with Smart Cards

Slide 6-20
When a user initiates a connection to a View Connection Server or a

security server instance, the following actions occur:
1 Upon card insertion,
1.
insertion View Connection Server or the security server
sends a list of trusted certificates to View Client.

2. View Client checks the list of trusted certificates against the available
user certificates that were copied from the smart card

card.
3. View Client selects a suitable certificate and prompts the user to enter
a smart-card PIN.
4 View
4.
Vi
Client
Cli t sends
d the
th user certificate
tifi t to
t View
Vi
Connection
C
ti Server
S
or the
th
security server.
5. View Connection Server or the security server verifies the certificate by
checking the certificate

certificatess trust and validity period
period.
Smart-card authentication works by presenting a trusted set of client credentials (a user certificate)
to View Connection Server. A user certificate is an encrypted set of authentication credentials that
includes the digital signature of the trusted root certificate authority (CA) that issued the certificate.
The user certificate is stored on the smart card and can be retrieved and passed to the server only
after the user has verified ownership by entering a PIN. Certificates are then authenticated by using
a public key to verify the included digital signature. The expected digital signature is contained in a
trusted CA certificate that is stored on View Connection Server.
When a user initiates a connection to a View Connection Server or a security server instance that is
configured for smart-card authentication, the following sequence occurs:
1. Upon card insertion, View Connection Server or the security server sends a list of trusted
certificates to View Client.

2. View Client checks the list of trusted CAs against the available user certificates.
3. View Client selects a suitable certificate and prompts the user to enter the smart-card PIN.
4. View Client sends the user certificate to View Connection Server or the security server.
5. View Connection Server or the security server validates the certificate by checking the
certificates trust and validity period.

272
Typically, users can successfully authenticate if their user certificate is signed and valid. But when
certificate revocation checking is configured, users who have revoked user certificates are prevented
from authenticating.
6
View Administrator
273
Smart-Card Requirements
Slide 6-21
Client systems that use smart cards for user authentication must
have the following software and hardware installed:
View Client
A Windows-compatible smart-card reader
Smart-card middleware
Product-specific application drivers
Smart-card authentication is not supported by:
View Client for Mac

View Administrator
View supports
pp
smart cards and smart-card readers that use PKCS#11
or Microsoft CryptoAPI provider.
Client systems that use smart cards for authentication must meet certain requirements. Each client
system must have the following software and hardware installed:
View Client
A Windows-compatible smart-card reader
Smart-card middleware Smart-card middleware is an application layer between the smart card
and the client system. The application layer allows the client-system hardware to communicate
with the smart-card hardware.
Product-specific application drivers You must install product-specific application drivers on
the View desktop.
Smart-card authentication is not supported by View Client for Mac or View Administrator.
View supports smart cards and smart-card readers that use a PKCS#11 or Microsoft CryptoAPI
provider. You can install the ActivIdentity ActivClient software suite, which provides tools for
interacting with smart cards.
Users that authenticate with smart cards must have a smart card or USB smart-card token. Each
smart card must contain a user certificate.
274
To install certificates on a card, you must set up a computer that meets the following criteria:
Has the authority to issue smart cards for users
Is a member of the domain for which you are issuing certificates
6
View Administrator
275
Configuring Smart-Card Authentication

Slide 6-22
To configure smart card authentication:

1. Obtain the root certificate from the certificate authority (CA).
2. Add the root certificate to a servers truststore file.
3. Modify View Connection Server configuration properties.
4. Configure
g
smart-card settings
g in View Administrator.
5. Prepare Active Directory for smart-card authentication.
To configure smart-card authentication:

1. Obtain the root certificate from the CA. You must obtain the root certificate from the CA that
signed the certificate on the smart card presented by the user.

If you do not have the root certificate of the CA that signed the certificate on the smart card that
is presented by the user, you have two solutions. You can export a root certificate either from a
CA-signed user certificate or from a smart card that contains one.
2. Add the root certificate to a servers truststore file. You must add the root certificate for all
trusted users to a servers truststore file. You perform this action so that View Connection
Server and security server instances can authenticate smart-card users and connect them to their
View desktops. (A truststore file is a key database file that contains public keys.)
3. Modify View Connection Server configuration properties. To enable smart-card authentication,
you must modify View Connection Server configuration properties on your View Connection
Server and security server host.
4. Configure smart-card settings in View Administrator. You must select the Require SSL for
Client connections in View Administrator check box in the Global Settings dialog box in
View Administrator.
276
5. Prepare Active Directory for smart-card authentication. When you implement smart-card
authentication, you must perform the following tasks in AD:

Add the user principal names (UPNs) for smart card users.
Smart-card logins rely on UPNs. So the AD accounts of users that use smart cards to
authenticate in View must have valid UPNs.
Add the root certificate to Enterprise NTAuth Store and Trusted Root Certification
Authorities.
If you use a CA to issue smart-card login or domain controller certificates, you must add
the root certificate to the Enterprise NTAuth Store. The root certificate must also be added
to the Trusted Root Certification Authorities group policy in AD.
Add an intermediate certificate to the Intermediate Certification Authorities. If you use an
intermediate certification authority to issue smart-card login and domain controller
certificates, you must add the intermediate certificate to the Intermediate Certification
Authorities group policy in AD.
6
View Administrator
277
Certificate Revocation Checking

Slide 6-23
Configure certificate revocation checking to prevent users that have a

revoked user certificate from authenticating with smart cards.
Configure certificate revocation checking on a View Connection Server
or security server instance.
Certificates are often revoked when a user:
Leaves an organization
Loses a smart card
Moves from one department to another
Vi
View
supports
t certificate
tifi t revocation
ti checking
h ki with:
ith
Certificate revocation lists

Online Certificate Status Protocol
You can prevent users with revoked certificates from authenticating with smart cards. To do so,
configure certificate revocation checking on a View Connection Server or security server instance.
User certificates are revoked when the user leaves the organization, loses a smart card, or moves
from one department to another in the same organization.
View supports certificate revocation with certificate revocation lists (CRLs) and Online Certificate
Status Protocol (OCSP).
A CRL is a list of revoked certificates published by the CA that issued the certificates.
OCSP is a certification validation protocol that is used to get the revocation status of X.509
certificates.
278
Smart-Card Removal Policy

Slide 6-24
A View administrator configures the logout behavior for each

connection server.
Smart-card authentication must be Optional

p
or Required.
q
The default action is to allow the user to remain logged in to the
connection server when the smart card is removed.
Select Disconnect user session on smart card removal to log out

the user when the user removes the smart card.
Select Disconnect user session on smart card removal if you want users to be disconnected
from the View Connection Server instance when they remove their smart cards. Users must then
reauthenticate to gain access to their View desktops.
The smart-card removal policy does not apply to users who connect to View Connection Server with
the Log on as a current user check box selected. The policy does not apply even if users log in to
their client system with a smart card.
You must restart the View Connection Server service for changes to smart-card settings to take
effect. Users currently logged in are not affected by changes to smart-card settings.
279
View Administrator
Deselect Disconnect user session on smart card removal to allow users to remain connected
to their View Connection Server instance when they remove their smart cards. Users can start
new View desktop sessions without reauthenticating. The option is not enabled by default.
If smart-card authentication is enabled, you configure the smart-card removal policy in one of two
ways:
Authentication Options: RSA SecurID

Slide 6-25
You can configure a View Connection Server instance so that users

are required to use RSA SecurID authentication before providing their
AD credentials.
RSA SecurID authentication works with RSA Authentication Manager.
To use RSA SecurID authentication, each user must have a SecurID
token that is registered with RSA Authentication Manager.
RSA SecurID provides two-factor authentication by requiring:
A PIN that is entered by the user

An authentication code that is generated by hardware or software
View is certified through the RSA SecurID Ready program and

supports a full range of SecurID capabilities, including:
New PIN mode

Next Token Code mode
RSA Authentication Manager
Load balancing
g
You can configure a View Connection Server instance so that the users are required to use RSA
SecurID authentication before entering their AD credentials. For example, you might configure RSA
SecurID authentication only for users who access View desktops remotely over the Internet.
Because RSA SecurID authentication works with RSA Authentication Manager, an RSA
Authentication Manager server is required. The RSA Authentication Manager server must be
directly accessible from the View Connection Server host.
To use RSA SecurID authentication, each user must have a SecurID token that is registered with the
RSA Authentication Manager. An RSA SecurID token is a piece of hardware or software that
generates an authentication code at fixed intervals.
RSA SecurID provides a two-factor authentication by requiring the knowledge of a PIN and an
authentication code. The authentication code is available only on the RSA SecurID token.
See the RSA Authentication Manager documentation for more information.
280
Configuring RSA SecurID Authentication

Slide 6-26
To enable a View Connection

C
S
Server instance ffor RSA
S S
SecurID
authentication:
1. Install and configure the RSA SecurID software.
2. Enable RSA Secure ID 2-Factor Authentication in View
Administrator.
3. Upload the sdconf.rec file in View Administrator from RSA
Authentication Manager.
To enable a View Connection Server instance for RSA SecurID authentication:

1. Install and configure the RSA SecurID software on the View Connection Server.
Select Enable if you want to require RSA SecurID authentication for users to access
desktops.
Select Enforce SecurID and Windows user name matching if you want RSA SecurID to
check names against Windows user names and deny access to those that do not match.
Select Clear node secret when the states of the View Agent and the RSA Authentication
Manager are not synchronized. When you select the check box, ADAM clears the node
secret on the View Agent and resets the Lightweight Directory Access Protocol (LDAP)
value.
3. Upload the sdconf.rec file into View Administrator from RSA Authentication Manager.
281
View Administrator
2. Enable RSA Secure ID 2-Factor Authentication:
Adding or Removing View Administrators

Slide 6-27
Select View Configuration > Administrators.
You can add or remove View administrators. Initially, only an administrator who is a member of
BUILTIN\Administrators can log in to View Administrator. After you are logged in, you can add
anyone in the AD domain as a View administrator. For these administrator credential to be usable by
View Connection Server, vCenter Server, or View Composer, certain vCenter Server and AD
permissions must be assigned to the user name. The specific permissions are discussed later.
282
Global Settings
Slide 6-28
Global settings affect all View Connection Servers in the connection

server group.
Changing the requirement for SSL requires a restart of the View
Connection Server service.
Require SSL for client connections and View Administrator Determines whether SSL is
used to create a secure communication channel between the View Connection Server and the
client and between a browser user and View Administrator. By default, the option is enabled for
both types of connections. It can be overridden per individual View server. Changing this
option requires a restart of the View Connection Server service. In a group of replicated View
Connection Server instances, you must restart the View Connection Server service on all
instances in the connection server group. You do not have to restart the Windows host systems.
283
View Administrator
Session timeout Determines how long (in minutes) users are allowed to keep sessions open
after they log in to the View Connection Server. The setting does not control the session interval
for a session between a client and desktop. The field must contain a value, and the default is
600. When 5 minutes are left before the user is logged out, View Connection Server sends a
pop-up message: The secure connection to the View Connection Server will time out in 5
minutes. The message is not the warning message that is configured on the Global Settings
page. The five-minute warning is not configurable.
The Global Settings dialog box controls all View servers in the domain. In View Administrator,
select View Configuration > Global Settings. You can set the following options in the dialog box:
Reauthenticate secure VPN connections after network interruption Determines whether

tunnel client user credentials must be reauthenticated after a network interruption. The setting
has no effect when direct connection is being used.
Message security mode Determines whether the Java Message Service (JMS) messages
passed between View Connection Server 3.x or 4.x components are signed and verified. If a
security server exists in your View Connection Server environment and you enable the setting,
you must have an appropriately configured config.properties file on the security server.
(Configuring the file is discussed later in the course.)
If any component in your View environment predates View Connection Server 3.0, signing and
verification is not possible.
Disable Single Sign-on for Local Mode operations Determines whether single sign-on is
enabled when users log in to their local desktops. If you disable the setting, users must
manually log in to their desktops to start their Windows sessions after they log in. When you
change the setting, the change takes effect for each user at the next user operation.
Enable automatic status updates Determines whether View Connection Server updates the
global status pane in the upper-left corner of View Administrator every few minutes. The
Dashboard page of View Administrator is also updated every few minutes. When you enable
the setting, idle sessions do not time out for any user who is logged in to View Administrator.
Disabling idle-session timeouts increases the risk of unauthorized use of View Administrator.
Use caution when you enable the setting. By default, the setting is not enabled. Idle-session
timeouts do occur.
Display a pre-login message Displays a disclaimer or another message to View Client users
when they log in. Enter your information or instructions in the text box in the Global Settings
dialog box. To display no message, leave the text box blank.
Display a warning before forced logoff Displays a warning message when users are forced
to log out because a scheduled or immediate update such as a desktop-refresh operation is about
to start. The setting also determines how long to wait after the warning is shown before the user
is logged out. Select the box to display a warning message. Enter the number of minutes to wait
after the warning is displayed and before logging out the user. The default is 5 minutes.
The warning time is adjusted for local time. For example, the local time on the View
Connection Server system does not have to match the local time on the client or desktop
system.
284

Slide 6-29
Describe the purpose of View Administrator.
Describe the objects that can be configured in the View Configuration

pages, such as servers, administrators, and global settings.
Explain how restricted entitlements can be used to control a users
access to
t pools.
l
Compare the authentication and security options View Connection
Server supports:
Tunneling
Smart-card authentication
RSA authentication
6
View Administrator
285
Lesson 2: Managing Users and Groups

Slide 6-30
Lesson 2:
Managing Users and Groups
286
Learner Objectives
Slide 6-31
Describe how information in the Users and Groups page can be used
to control and monitor View users.
users
Explain the hierarchy of global policies, pool-level policies, and userlevel policies.
Li t th
List
the Vi
View G
Group P
Policy
li administrative
d i i t ti (ADM) template
t
l t files.
fil
6
View Administrator
287
Users and Groups Page

Slide 6-32
In View Administrator, select Users and Groups.

This page displays all users and groups who are entitled to pools.
For each user or group, the number of entitlements, remote sessions,

and local sessions that are active is shown
shown.
If a trust relationship changes, click Update General User
Information to update the View Connection Server LDAP directory
from AD
AD.
You manage users on the Users and Groups page in View Administrator. Select Users and Groups
in the navigation pane to display the Users and Groups page. The page enables you to access pools
and desktops from the perspective of the users who access the desktops.
For example, you can review the desktop pools that a user or group is entitled to and you can
determine a users active desktops. Double-clicking the entry in the User Name column opens a
page that displays the pools, entitlements and desktops for that group or user.
Click Update General User Information to update View Connection Server with the current user
information that is stored in AD. The name, phone, email, user name, and default Windows domain
are updated. The trusted external domains are also updated.
Use the update option if you modify the list of trusted external domains in AD, especially if the
altered trust relationships between domains affect user permissions in View Connection Server. The
update option scans AD for the latest user information and refreshes the View Connection Server
configuration.
288
Summary Tab for a Selected Group

Slide 6-33
In the Users and Groups page,

double-click the group name.
The page shows general

information about the group.
It shows pools that this group is
entitled to access.
access
Double-click the group entry in the User Name column to open the <group> page, which displays
the pool entitlements and sessions for the group.
The Summary tab displays basic information about the AD group and the pools for which the group
is entitled. In the example, the group is entitled for four pools.
View Administrator
289
Entitlements Tab for a Selected Group

Slide 6-34
Click the Entitlements tab.

It displays more details about each entitlement.
The Sessions tab lists the active sessions.
You can review the desktop pools that a group is entitled to:
In View Administrator, select Users and Groups and click the name of a group.
Select the Entitlement tab.
The page lists the pools that the user or group is entitled to and information about each pool. Click a
pool name to open the page for that pool.
The Sessions tab displays the active sessions for users in the group.
290
Summary Tab for a Selected User

Slide 6-35
On the Users and Groups page, double-click a user name.
The <user> page displays information unique for this user: group
memberships,
b
hi
entitlements,
titl
t assigned
i
d desktops,
d kt
and,
d if linked-clone
li k d l
desktops, the names of the persistent disks.
You can review the pools, desktops, and other information that pertains to a user to. In View
Administrator, select Users and Groups and click the name of the user.
General information for the user

The groups that this user is a member of
The pools that the user is explicitly entitled to or entitled to because of group membership
It also displays desktops that the user is assigned to, and if the desktop is a linked-clone desktop, the
users persistent disks. Click a pool name to open the <pool_ID> page. Click the desktop name to
open the <desktop_name> page.
The links to the persistent disks for this user are useful when there is a problem with the desktop and
the persistent disk must be detached or archived. If a View administrator needs to manage a
persistent disk for a user, this summary is a quick way to see what disks the user has across all
desktops.
291
View Administrator
The Summary page displays:
Details of a User's Persistent Disk

Slide 6-36
Click the name of the

persistent disk in the
Summary tab of the users
user s
page.
You immediately learn the full
name and location of the
persistent disk.
You can detach the disk if

the users
user s desktop has a
problem.
Click the name of the persistent disk in the <user> page to display information about the disk. You
can quickly identify the disk and the datastore on which it is stored.
292
Sessions Tab for a User

Slide 6-37
Click the Sessions tab to display desktops that are active for this
user.
This tab
Thi
t b allows
ll
a View
Vi
administrator
d i i t t to
t quickly
i kl access and
d manage a
users desktop if a user reports a problem.
Click the Sessions tab to display all desktops assigned to the user. After you select a desktop, the
buttons that perform the standard operations are active.
View Administrator
293
Global Policies
Slide 6-38
Global policies apply to all desktops in this View deployment.
In View Administrator, select Policies > Global Policies.
Global policies can be overridden at the pool or desktop level.
In View Administrator, select Policies > Global Policies to display the Global Policies page. Global
policies re applied to all desktops and pools that are managed by all View Connection Servers in the
group. These policies can be overridden for any pool or desktop. Select a pool in the Pools page
(select Inventory > Pools) and click the Policies tab in the <pool_ID> page.
Global View policies:
Multimedia redirection (MMR) Determines whether MMR is enabled for client systems.
MMR is a Microsoft DirectShow filter that forwards multimedia data from specific codecs on
View desktops directly through a TCP socket to the client system. The data is then decoded
directly on the client system, where it is played. The default value is Allow. If client systems
have insufficient resources to handle local multimedia decoding, change the setting to Deny.
USB access Determines whether desktops can use USB devices connected to the client
system. The default value is Allow. To prevent the use of external devices for security reasons,
change the setting to Deny.
Remote mode Determines whether users can connect to and use desktops running on vCenter
Server instances. If the policy is set to Deny, users must check out the desktop on their local
computers and run the desktop only in local mode. Restricting users to running desktops only in
294
local mode reduces the costs associated with CPU, memory, and network bandwidth
requirements of running the desktop on a back-end server. The default value is Allow.
PCoIP hardware acceleration Determines whether to enable hardware acceleration of the

PCoIP display protocol and specifies the acceleration priority that is assigned to the PCoIP user
session. The setting has an effect only if a PCoIP hardware acceleration device is present on the
physical computer that hosts the desktop. The default value is Allow at Medium priority.
6
View Administrator
295
Policies at the Pool Level

Slide 6-39
Double-click the pool ID in the Pools pane and click the Policies tab.
Click Edit Policies to override each set of policies.
Policies for local-mode use are discussed in a later module.
Policies are Allow, Inherit,

or Deny.
In View Administrator, select Inventory > Pools and double-click the pool ID to open the
<pool_ID> page. Click the Policies tab to display the policies for the pool. The example shown on
the slide is for the SalesDesks pool. All pool policies are inherited from the global policies settings.
The applied policies match the global policies. Pool policies override global policies, so to make an
adjustment click Edit Policies and configure the changes.
296
Overriding Pool Policies

Slide 6-40
Click Edit Policies and change USB access to Deny. The USB
access policy does not allow any user of a desktop in this pool to use a
y
USB device from the client system.
1. On the <pool_ID> page, click Edit Policies.

2. In the Edit View Policies dialog box, for USB access select Deny from the drop-down menu.
The applied policy for USB access changes to Deny, overriding the global policy. All other policies
are unchanged.
297
View Administrator
To override the USB access policy at the pool level:
In the example, you can set a policy for the SalesDesks pool not to allow any user to access a USB
device on the client system. The global policy is to allow USB access, but you can override the
policy at the pool level, which will apply to all desktops in the pool.
Overriding Policies at the User Level

Slide 6-41
1. Click User Overrides.

2. Use the Add User dialog boxes to find each user who will have
overrides.
overrides
3. Apply the overrides for each user.
The selected user will never

have USB access, regardless of
the pool-level
pool level or global policies
policies.
You can configure user-level policies to affect specific users. User-level policy settings take
precedence over the equivalent global and pool-level policy settings. To override a pool policy for
one or more individuals, click User Overrides and change one or more policies. The procedure is
more involved than changing a pool-level policy:
1. Click User Overrides and click Add User.
2. To find a user, click Add, enter the name or description of the user, and click Find.
3. Select one or more users from the list, click OK, and click Next. The Add Individual Policy
dialog box is displayed.

4. Configure general session policies on the General tab.
5. Configure policies for local-mode clients on the Local tab.
The policy overrides are not directly displayed. To determine the policy changes requires reviewing
the user list that is displayed by clicking User Overrides.
In the example, the selected user has been allowed USB access. Regardless of the pool-level or
global policy settings, the user will always be able to use USB devices for the client system.
298
Group Policy ADM Templates

Slide 6-42
View includes several component-specific Group Policy ADM

template files.
Vi
View
ADM template
t
l t files
fil contain:
t i
Computer Configuration policies that apply to all View desktops,

regardless of who connects to the desktop.
User Configuration policies that apply to all users, regardless of
desktop they connect to. User Configuration policies override
Computer Configuration policies.
Policies are applied at desktop startup and when users log in.
The ADM template files are installed on each View Connection Server
host in:
<installation_directory>\VMware\VMware View\Server\Extras\GroupPolicyFiles
The View ADM template files contain both Computer Configuration and User Configuration group
policies.
The Computer Configuration policies set policies that apply to all View desktops, regardless of who
connects to the desktop.
The User Configuration policies set policies that apply to all users, regardless of the View desktop
they connect to. User Configuration policies override equivalent Computer Configuration policies.
View applies policies at View desktop startup and when users log in.
The View ADM template files are installed in the
<installation_directory>\VMware\VMware View\Server\Extras\GroupPolicyFiles
directory on your View Connection Server host.
299
View Administrator
The Group Policy Object Editor is a Microsoft Management Console (MMC) snap-in. The MMC is
part of the Microsoft Group Policy Management Console (GPMC). See the Microsoft TechNet Web
site for information on installing and using the GPMC.
View includes several component-specific Group Policy administrative (ADM) template files. You
can optimize and secure View desktops by adding the policy settings in these ADM template files to
a new or existing Group Policy object (GPO) in AD.
View ADM Template Files

Slide 6-43
Template name
Template file
Description
View Agent Configuration
vdm agent.adm
vdm_agent.adm
Policy settings related to

authentication and
environmental components
of View Agent
Vi
View
Cli
Clientt C
Configuration
fi
ti
vdm_client.adm
d
li t d
P li settings
Policy
tti
related
l t d tto
View Client
View Server Configuration
vdm_server.adm

View Common Configuration
vdm_common.adm
Policy settings related to all

View components
View PCoIP Session Variables
pcoip.adm
Policy settings related to the

PCoIP
C
display protocol

Configuration
ViewPM.adm

The View Agent Configuration ADM template file (vdm_agent.adm) contains policy settings
related to the authentication and environmental components of View Agent. The template contains
both Computer Configuration and User Configuration settings. The User Configuration setting
overrides the equivalent Computer Configuration setting.
The View Client Configuration ADM template file (vdm_client.adm) contains policy settings
related to the View Client configuration. The settings include scripting definition settings, security
settings, Remote Desktop Protocol (RDP) settings, and general settings. The template provides
Computer Configuration and User Configuration settings.
The View Server Configuration ADM template file (vdm_server.adm) contains policy settings
related to all View Connection Server instances. The template contains only Computer
Configuration settings.
The View Common Configuration ADM template file (vdm_common.adm) contains policy settings
common to all View components. The settings include log configuration settings, performance alarm
settings, and general settings. The template contains only Computer Configuration settings.
The View PCoIP Session Variables ADM template file (pcoip.adm) contains policy settings related
to the PCoIP display protocol, including the tuning parameters.
300
The View Persona Management ADM template file (ViewPM.adm) contains policy settings that you
add to the group policy configuration individual systems or an AD server. After the policy settings
have been added, View Persona Management can be enabled and configured. View Persona
Management is discussed in a later module.
For more details about each of the ADM template files, see VMware View Administration at
http://www.vmware.com/support/pubs/view_pubs.html.
6
View Administrator
301
Lab 6
Slide 6-44
In this lab, you will use View Administrator to configure global

View parameters and manage users and sessions.
1 Modify three global settings values
1.
values.
2. Limit vCenter Server provisioning operations.
3. Use View Administrator to disconnect a logged-in user and reset
a virtual desktop.
4. Retrieve information about specific users.
5. Examine recent connection server events.
302

Slide 6-45
Describe how information in the Users and Groups page can be used
to control and monitor View users.
users
Explain the hierarchy of global policies, pool-level policies, and userlevel policies.
Li t th
List
the Vi
View G
Group P
Policy
li administrative
d i i t ti (ADM) template
t
l t files.
fil
6
View Administrator
303
Lesson 3: Automated Pools

Slide 6-46
Lesson 3:
Automated Pools
304
Learner Objectives
Slide 6-47
Describe how an automated pool operates.

Compare dedicated-assignment and floating-assignment pools.
Outline the steps to create an automated pool.
Explain
p
the entitlement of desktops
p in automated p
pools.
6
View Administrator
305
User Assignment to a Desktop

Slide 6-48
A dedicated-assignment desktop pool allows users to log in to the

same desktop every time.
Users can save documents and files on dedicated desktops because they
always return to the same desktop.
Use case: An employee is assigned a desktop for exclusive use.
A floating
floating-assignment
assignment desktop pool contains stateless desktops:
The desktop returns to the pool when the user logs out.
A user might be logged in to a different desktop each time and should not
save documents or files on the desktop.
Multiple users can access the same desktop (but not concurrently).
Use cases:
Call center desktops

p
A kiosk on the manufacturing floor
When desktops are deployed, they are permanently assigned to a single user or are assigned
dynamically to any authorized user who requests a desktop. Permanently assigned desktops are
called dedicated-assignment desktops. Dynamically assigned desktops are called floatingassignment desktops.
306
Desktops in a Pool
Slide 6-49
Using templates, vCenter Server can create virtual machines on

demand.
A desktop virtual machine template is used

used.
vCenter Server does the customization:
The desktop joins the AD domain automatically.

The desktop uses DHCP.
The computer name is set to the virtual machine name.
View Composer
p
can create linked-clone desktops
p on demand.
A virtual machine with a snapshot is used to create the linked-clone

desktop.
Desktop deployment occurs in minutes
minutes.
QuickPrep or Sysprep modifies the desktop to make it unique.
View supports two options for deploying virtual desktops in pools: template-based desktop
deployment and linked-clone desktops.
The customization specification has three requirements:

The provisioned virtual machine must join the AD domain automatically. The domain must be
the same domain that the View Connection Server is a member of.
The virtual machine must use DHCP to acquire an address.
The computer name of the desktop should be the same as the virtual machine name.
Linked clones share a base system disk in a virtual machine that is created for this purpose. Linked
clones require much less space because of the common system disk and they take much less time to
create. Linked clones are discussed in detail in a later module.
307
View Administrator
To create a template-based pool, you must have a template and customization specification ready.
The desktops in the pool are created on demand by the vCenter Server system or are provisioned all
at once. The virtual desktop is deployed from the template and is a full, normal clone of the original
virtual machine. The clone operation uses the Sysprep process.
Linked-clone desktops are created on demand by View Composer, which is running on the same
host system as the vCenter Server system. Linked-clone provisioning differs from the templatebased deployment in the following ways:
Neither a template nor a customization specification is used. Instead, a virtual machine that has
a snapshot, called the parent virtual machine, is used as the base image for every linked-clone
desktop in the automated desktop pool.
A linked-clone virtual desktop uses much less disk space than is required by a template-based
full clone.
The time to provision a linked-clone virtual desktop is a fraction of the time required for
template-based deployment. Typically, a linked-clone desktop can be deployed in a matter of
minutes, irrespective of the size of the parent virtual machines system disk.
The new linked-clone desktop is customized by a special VMware process called QuickPrep
or by Sysprep. The choice of customization is configured when the automated pool is created.
308
Dedicated-Assignment Pools
Slide 6-50
Users log in to the same desktop every time.

A desktop is permanently assigned to a specific user.
Users can personalize the virtual desktop in the normal way:
Saving documents and files on the virtual desktop

Customizing settings like background and screen savers
Installing unique software
Best practices:
Do not allow users to store data on the virtual machine.

Store user data on file servers.
309
View Administrator
Dedicated-assignment desktops are ideal for work environments where everyone must start with the
same desktop configuration and the same tools. Users have the freedom to customize their desktop
within their assigned limits and permissions. But if a user has a problem with a desktop, a new
desktop can be easily and quickly provisioned.
Dedicated-assignment desktop pools assign a user to the same desktop each time he or she connects
to the pool. It is like having a PC on the desk. The virtual desktop becomes a PC that is permanently
assigned to the user. Users can save documents and files on persistent desktops because they return
to the same desktop.
Creating an Automated Pool

Slide 6-51
1. In View Administrator, select Inventory > Pools.

2. Click the Add link to start the Add Pool wizard.
3 Specify
3.
S
if the
th automated
t
t d pooll parameters:
t
a.
b.
c.
d.
e.
f.
g
g.
h.
Type of pool Automated

User assignment Dedicated or floating
vCenter Server Full virtual machines and select vCenter Server instance
Pool identification The pools ID, display name, and View Connection
Server folder
P l settings
Pool
tti
Remote
R
t d
desktop
kt settings,
tti
default
d f lt remote
t display
di l protocol
t
l and
d
settings, and Adobe Flash settings
Provisioning settings Virtual machine names and pool sizing parameters
vCenter Server settings Template,
Template virtual machine folder
folder, VMware
ESX/ESXi host or cluster to use, resource pool, and datastores
Guest customization Which customization specification to use
4 Entitle users to use this pool of desktops

4.
desktops.
The slide outlines the major steps to create an automated pool of desktops. Each step is discussed on
the next pages.
310
Adding a Desktop or Pool

Slide 6-52

2. Click Add.
To start the Add Pool wizard, in View Administrator, select Inventory > Pools button and click the
Add link.
Adding an automate pool is similar to adding a manual pool, the steps for which were discussed
earlier in the course. Many of the pages in the wizard are identical.
View Administrator
311
Selecting the Type of Desktop

Slide 6-53
The navigation list

in left pane
changes as you
make selections.
The help content in
the right column
changes as you
make selections.
Automated desktop pools contain one or more dynamically generated desktops that are
automatically created and customized by View Connection Server from a vCenter Server virtual
machine template. Desktop pools of this type can be either dedicated or floating desktops.
Automated pools can also use the linked-clone feature to rapidly deploy desktops from a single
parent virtual machine.
A manual pool provides access to an existing set of virtual machines, physical computers, or blade
PCs. Each entitled user is connected to an appropriate desktop when he or she logs in.
A Terminal Services pool provides Terminal Services sessions as desktops to View users. Terminal
Services sessions are managed by View Connection Server in the same way as virtual machine
desktops.
312
Selecting the User Assignment for Desktops

Slide 6-54
A desktop can be assigned to a user on demand, assigned at the

time of provisioning, or assigned after provisioning.
Select the type of desktop assignment for the pool.
You can also manually assign desktop names and users. You input a list of desktop name and user
name combinations. When a specified user tries to connect the first time, the desktop is provisioned
with the name and is assigned to the user. More details about option are discussed in later pages.
313
View Administrator
If the desktops are dedicated, View Connection Server can automatically assign the desktops on first
connection. Because all desktops in the pool are identically configured, any desktop is suitable for
first assignment. After a user has connected to a desktop, it is dedicated to that user. Subsequent
connection requests from the user are always directed to the dedicated desktop. A user can have
only one desktop assigned. The names of the desktops are generated by View Connection Server,
according to a naming pattern that you assign later in the wizard.
Selecting the vCenter Server System

Slide 6-55
View Connection Server can connect to multiple vCenter Server

instances.
All desktops in this pool must belong to the same vCenter Server
instance.
Each View Connection Server can connect to multiple vCenter Server instances. A vCenter Server
instance handles the deployment and management of virtual desktops, all on request from View
Connection Server. The number of View Connection Servers and vCenter Server instances depends
on the desktop deployment throughout the organization.
The Add Pool wizard needs to know which vCenter Server system will be handling the virtual
machine deployments for the automated pool. Only one vCenter Server instance can handle the
management of the virtual machines for each automated pool.
If linked-clone desktop deployment is the choice for this automated pool, the View Composer
linked clones option must be enabled. For the option to be active, View Composer must be
installed, and you must explicitly configure the View Composer settings for this vCenter Server
instance. Do the configuration in the vCenter Servers pane of the Servers page of View
Administrator (View Configuration > Servers).
314
Entering Pool Identification Parameters

Slide 6-56
ID:
Identifies desktop or pool within View Connection Server

Must be unique
Display name:
What the user sees when connecting to a View Connection Server

C b
Can
be used
d with
ith multiple
lti l d
desktops
kt
Can be the same as the unique ID
View folder
Enter the ID, the display name, and the description in the fields. Select a View folder in which to
place the pool of desktops.
The ID is unique for each pool in the entire View Connection Server inventory. The inventory of
desktops that is managed by all the View Connection Servers using the same LDAP database.
The display name does not have to be unique. A View administrator can reuse display names, if
necessary, but should ensure uniqueness for any one user. The ID and display name should correlate
to something meaningful in your environment. From the View Client, the user is connecting to a
single desktop, and a pool name might not be helpful. A display name suggesting a single desktop in
the users assigned area would be useful.
Select a View folder in which to place the pool or leave the pool in the default root folder. If you use
View folders, you can delegate managing pool to specific administrators with a specific role. Folders
are a way to partition pool management. A folder must already exist for the selection to be made
here. A pool can also be assigned to a folder any time after the pool is configured and operating.
315
View Administrator
The ID is the name that is used by View Connection Server to identify the desktop. The desktop
display name is what the end user sees when connecting to a View Connection Server. After the user
has been authenticated, the user sees a list of all the desktops that he or she is entitled to use.
View folders are different from vCenter Server folders that store desktop virtual machines. You
select a vCenter Server folder later in the wizard with other vCenter Server settings.
316
Pool Settings
Slide 6-57
Settings for an automated pool

are similar to those for a
p
manual pool.
For this pool:
The Contractors and

g are
InternalUsers tags
associated with the pool.
Users cannot reset their
desktops.
PC IP iis th
PCoIP
the d
default
f lt protocol,
t
l
but the user can change to
Remote Desktop Protocol.
3-D
3
D rendering for Windows 7 is
not available.
The default settings for Adobe
Flash are used.
Setting the pool to Enabled means that the pool is automatically enabled after it is created.
Setting it to Disabled means that you must manually change the setting to Enabled to activate
the pool after it is created. By default, the desktop is enabled as soon as you create it.
Connection server restrictions The pool is being tagged to match one or more View
Connection Servers. Users are allowed to connect to desktops in the pool if they log in to a
connection server that has the Consultant tag or the InternalUsers tag. The tags are configured
in the View Administrator Edit dialog box for a View Connection Server. The tags determine
which pools users can access when they log in to a specific connection server.
Remote Desktop Power Policy Determines how a virtual machine behaves when the user
logs out of the associated desktop. The virtual machines that are powered off will be started
when required and will remain on, even when not in use, until they are shut down.
317
View Administrator
State If the pool is not enabled, desktops are not available for immediate use. The disabled
state enables you to create a desktop and configure it, including who is entitled to use it. But
because the desktop is not enabled, no one can use it until it is enabled.
The Desktop/Pools Setting window controls desktop and pool settings, which for an automated pool
that uses full clones is identical to the pool settings for a manual pool. The following parameters
were selected for the pool:
Take no power action (default) means that View Connection Server does not enforce a power
policy after a user logs out. For example, if a user shuts down the virtual machine, the virtual
machine remains powered off. If a user out off without shutting down, the virtual machine
remains powered on. The virtual machine restarts when a user connects to the desktop.
Ensure desktops are always powered on means that all virtual machines in the pool remain
powered on, even when they are not in use. If they are shut down, they will immediately restart.
Select Suspend if you want the desktop to enter a suspended state when the user logs out, but
not when a user disconnects.
Select Power off if you want all virtual machines in the pool to shut down when the user logs
out but not when the user disconnects.
A best practice is to select Suspend. A suspended virtual machine returns to service faster than
one that is powered off, but it still conserves CPU, network, and RAM resources on the
VMware ESX/ESXi host.
Automatically logoff after disconnect Immediately means that users are logged out as soon
as they disconnect. Never means that users are never logged out. Selecting After pops up a
request to enter the wait time in minutes.
Allow users to reset their desktops Users are allowed to reset their desktops. The default
value is No.
Remote Display Protocol The default values are accepted. Connections between a View
Client and a desktop default to use the PCoIP display protocol. Users can change that protocol
to RDP. If PCoIP is used, the number of monitors and the resolution for each are the default
values.
Windows 7 3D Rendering If you plan to use 3-D graphics applications, such as Windows
Aero themes, Microsoft Office 2010, or Google Earth, you should turn on the option in the Pool
Settings window. The option is available only with vSphere 5.0 or later when Windows 7 virtual
machines use virtual hardware version 8. The pool must use PCoIP as the default display
protocol and users cannot be allowed to select their protocol.
When you select this feature, you can configure the amount of VRAM that is assigned to
desktops in the pool. You can select at most two monitors for your View desktops. The
maximum resolution of any one monitor is set to 1920x1200 pixels. You cannot configure this
value.
You must power off and power on existing virtual machines for this setting to take effect.
Restarting a virtual machine does not cause the setting to take effect.
Windows 7 3D Rendering is a graphics feature that is not hardware-accelerated. It enables you
to run DirectX9 and OpenGL 2.1 applications without requiring a physical graphics processing
unit (GPU).
Adobe Flash Settings for Remote Sessions The default values are accepted.
318
Available Desktops
Slide 6-58
You configure desktops to be created on demand or provisioned all at

once after the Add Pool wizard is completed.
If a user requests a desktop from a pool and one is not available

available, View
server requests that vCenter Server create one.
Creating a desktop is a cloning/customization operation.
Depending on the size of the desktop virtual disks

disks, this operation might
take some time (for template-based deployments).
A reserve of available desktops can be provisioned.
Y can control
You
t l th
the size
i off your reserve.
319
View Administrator
If the desktops are provisioned on demand, View Connection Server can create a reserve of
available desktops when the pool is created. The reserve reduces the wait time for the user. As
additional desktops are placed into service, more desktops are created so that the prescribed reserve
of available desktops is always ready. The behavior continues until the maximum pool size is
reached. These provisioning parameters can be overridden when the pool is created. They can be
edited after pool creation.
Pool desktops can be created on demand or provisioned all at once. If a user requests a desktop from
a pool and it is not available, View Connection Server requests that the vCenter Server system create
one, if the provisioning parameters allow the action. The desktop creation process consists of the
vCenter Server system cloning a new virtual machine from a template and customizing it.
Depending on the size of the virtual desktop hard drives and the speed of your system, the
deployment time varies. Meanwhile, the View Client continues to wait until the virtual desktop has
been created and powered on and is ready for use.
Provisioning Settings
Slide 6-59
Virtual Machine Naming:
Can specify desktop names and user

assignments explicitly or use dynamic
naming
{n:fixed=m} construct in Naming
Pattern:
Desktop number positioned in virtual

machine name wherever {} appears
fixed=m specifies
p
number of digits.
g
15-character limit on final virtual
machine name
Pool Sizing:
Maximum desktops in pool

Number of spares provisioned
Provisioning can be enabled or disabled. Selecting the Enable provisioning setting means that
desktops in the pool are immediately created on completion of deployment or after a desktop is
deleted, depending on the pool-sizing parameters. Deselecting the setting means that the desktops in
the pool are not immediately created on completion of deployment or after a desktop is deleted.
Provisioning is suspended. Enable provisioning is selected by default.
Stop provisioning on error is selected by default. If a problem occurs when a virtual desktop is
being created for the pool, all provisioning in the pool stops. The Enable provisioning check box is
deselected. A View administrator has to investigate the problem, such as lack of storage space for
new virtual machines. The administrator then has to manually select Enable Provisioning.
You select whether you want to manually specify machine names or want View Connection Server
to use a naming pattern in the Virtual Machine Naming panel. The process to specify names
manually is described on the next slide.
The pattern you enter in the Naming Pattern box determines the actual name of each virtual
machine when it is provisioned by the vCenter Server system. A constant prefix is used to identify
all desktops in a pool as part of the same group. The prefix can be up to 13 characters in length. By
default, a numeric suffix is appended to the entry to distinguish each desktop from others in the
same pool.
320
You can override the behavior by entering a name that contains a token representing the pool
number. The token can appear anywhere in the name. For example, you could type amber-{n}desktop. After deployment {n} is replaced with the number of the desktop.
Fixed-length tokens can be entered with the n:fixed= construction. For example, type amber{n:fixed=3}. After deployment, {n:fixed=3} is replaced with a fixed-length pool number for each
desktop: amber-001, amber-002, amber-003, and so forth.
A 15-character limit applies to names that contain a token but only to the replaced form where the
token length is fixed. For example, my-view-system{n:fixed=1} would be acceptable. The pattern is
25 characters, but the final virtual machine name would be only 15 characters (for example, myview-system1). Virtual machine names would vary from my-view-system1 to my-view-system9,
and then provisioning would halt, regardless of the number that should be provisioned. After a
virtual machine has been deleted, another would be created to reuse an available virtual machine
name.
Where the token length is not fixed, a buffer of 1 is applied to the token, so the maximum replaced
length is 14 characters. Example: a-view-system{n}. If more than 99 desktops are created, duplicate
computer names will exist.
The Pool Sizing panel offers greater control over the number of desktops to create in the pool:
Max number of desktops Specify the total number of virtual machines that can be
provisioned for the pool. Set this number to the maximum number of virtual machines that are
to be deployed in the pool at any point. The setting is necessary to prevent overburdening
hardware resources.
321
View Administrator
Min number of desktops If you use a naming pattern and provision desktops on demand,
specify a minimum number of desktops in the pool. If you provision desktops on demand, View
Connection Server creates desktops as users connect to the pool for the first time. View
Connection Server creates the minimum number of desktops when you create the pool.
Number of spare (powered on) desktops Specify the number of desktops that View
Connection Server keeps available and powered on for new users. The setting should match the
rate at which users are added to the environment. If you add two users per day, the number
should be set to 2 for dedicated-assignment pools.
Specifying Names Manually

Slide 6-60
Enter names manually or copy from a text file.
Start the desktops in maintenance mode

y can be customized.
so that they
The usual method for virtual machine naming for an automated pool is to enter a naming pattern and
the number of desktops that you want in the pool. But you can also provision desktops by specifying
their names manually. The two approaches offer different advantages.
If you name desktops by specifying a list, you can use your company's naming scheme, and you can
associate each desktop name with a user. When you explicitly specify desktop names, users can see
familiar names based on their company's organization when they log in to their desktops. If you
provide a naming pattern, View Connection Server can dynamically create and assign desktops as
users need them. You must use one of these naming methods to provision automated pools that
contain full virtual machines or linked clones.
Follow these guidelines for manually specifying desktop names:
Enter each desktop name on a separate line.
A desktop name can have up to 15 alphanumeric characters.
You can add a user name to each desktop entry. Use a comma to separate the user name from
the desktop name.
322
In the example on the slide, five desktops are specified and three of them are associated with a user
name. The list was entered into a Notepad file and copied and pasted into the box in the Enter
Desktop Names dialog box. When the list is complete, click Next and the Add pool wizard verifies
each AD user name. Errors are identified with the red diamond. An error is shown in the example.
There was a mistake in one of the user names. After you correct the list, the wizard returns to the
Provisioning Settings page and displays the number of desktops in the list.
In a floating-assignment pool, you cannot associate user names with desktop names. The desktops
are not dedicated to the associated users. In a floating-assignment pool, all desktops that are not
currently in use remain accessible to any user who logs in.
6
View Administrator
323
vCenter Server Settings

Slide 6-61
Identify and configure the vCenter Server components that View

Connection Server uses for desktops.
Th
These
settings
tti
mustt b
be entered
t
d iin sequence.
Most of the vCenter Server components that are necessary for an automated pool are configured
from the vCenter Settings page. The selections for the template, the virtual machine folder, the host
or cluster, the vCenter Server resource pool, and the datastores are configured in the Add Pool
wizard page. The selections are discussed on the following slides.
You cannot change vCenter Server settings for existing virtual machines. You can change vCenter
Settings settings in the Edit <pool_name> dialog box, but the values affect only new virtual
machines that are created after the settings are changed. Effectively, the pool can have a
combination of settings for each component, which might be confusing.
324
Selecting a Template
Slide 6-62
To select a template:
1. On the vCenter Server page, click Browse to the right of the Template
box Only templates with supported Windows systems are displayed in

box.
the list.
2. Select the template to use for this pool.
The Add Pool wizard sequence is for an automated pool that creates full-clone desktops, so a
template must be selected for the vCenter Server system to use.
1. On the vCenter Server page, click the Browse button to the right of the Template box. By
default, a list of templates that are compatible with supported desktop Windows systems are
displayed. For example, Windows 2003 and Windows 2008 templates would not appear in the
list.
2. Select a template that has been tested.
325
View Administrator
To select a template:
Selecting the Virtual Machine Folder

Slide 6-63
Create vCenter Server folders for virtual machines and templates that
will be used for virtual desktops.
Subdivide these folders as desired

desired.
The default folder name is the ID of the pool.
All desktops are stored in the selected vCenter Server folder.
In the View environment are three types of folders:

The folders in the Hosts and Clusters view in the vSphere Client are used to segregate ESX/
ESXi hosts or clusters.
The folders in the VMs and Templates view in the vSphere Client are used to segregate virtual
machines or vCenter Server templates.
The folders in View Connection Server are used to delegate administrator permissions to a View
administrator to manage one or more pools. View folders and role-based administration are
discussed in the next lesson.
The vCenter Server datacenters form a hierarchy directly under the root node. These vCenter Server
datacenters allow users to group their datacenters in convenient ways. In each datacenter are one
hierarchy of folders with virtual machines and templates and one hierarchy of folders with hosts and
clusters.
You might want to create special folders for virtual machines and templates being used for virtual
desktops. These can be further subdivided by department, function, or operating system. If you do
not create a virtual machine folder before starting the Add Pool wizard, View Connection Server
creates one for you, using the pool ID as the virtual machine folder.
326
Selecting a Host or Cluster

Slide 6-64
Select a host or cluster on which

to run the virtual machines
provisioned by
p
y this p
pool.
A vSphere Distributed Resource
Scheduler/vSphere High
Availability cluster can have up to
32 hosts.
Maximum of eight hosts per

cluster for linked-clone pools
The number of virtual desktops

that a host can support varies.
A single View Connection Server
can manage virtual
it ld
desktops
kt
on
multiple vCenter Server instances.
Most desktops do not require more than a single CPU.

A good starting point for memory size is to allocate 1GB for Windows XP desktops and 32-bit
Windows Vista and Windows 7 desktops and 2GB for 64-bit Windows 7 desktops. During a pilot,
monitor the performance and disk space used with various types of workers and make adjustments
until you find the optimal setting for each pool of workers. You must also factor in such things as
virtual machine virtualization overhead and RAM overcommitment.
The limit of eight hosts per cluster is an ESX/ESXi and VMware vSphere VMFS limitation, not a View limitation.
Only eight hosts can share a file in a VMFS datastore. All linked clones in a VMFS datastore use the base virtual disk
from the replica virtual machine, so linked clones are limited to eight ESX/ESXi hosts.
327
View Administrator
In the case of an automated pool that uses template-based deployment, the number of virtual
desktops that you can run per host varies greatly. The number depends on the host hardware
configuration, use of resource management, and the size and requirements of the virtual desktop.
Select a host or cluster on which to run the virtual machines that will be deployed in this pool. A
vSphere Distributed Resource Scheduler (DRS) cluster adds resource management and loadbalancing capabilities, which improves desktop performance. A vSphere High Availability cluster
gives you ESX/ESXi host failover. You can have up to 32 hosts per DRS/HA cluster. If linked-clone
desktops are specified, the maximum number of hosts in a cluster is eight.
Selecting a Resource Pool

Slide 6-65
Select a resource pool in which to run

the virtual machines that are used by the
pp
pool.
desktop
Do not confuse resource pools with
desktop pools.
The use of resource pools and other resource management tools in ESX/ESXi and the vCenter
Server system can dramatically improve the performance of virtual desktops and the use of
resources on the host.
If you have created resource pools, you must select the resource pool that the desktop pool will run
in. Even if you have resource pools created, you do not have to run virtual desktops in them. But it
is a best practice to configure resource pools for your virtual desktops.
The screenshot on the right is from the VMware vSphere Client, which is displaying the current
setting in the Payroll Virtual Desktops resource pool. Resource pool settings cannot be accessed by
the View Administrator.
Do not confuse resource pools and View desktop pools. A resource pool is used by ESX/ESXi hosts
and DRS clusters to manage CPU and RAM resources on ESX/ESXi hosts. A desktop pool is a
group of virtual desktops grouped together for management and deployment purposes.
328
Selecting a Datastore
Slide 6-66
Select a datastore in which to store the virtual machine files.
All files are stored in the same location.
If multiple datastores are selected

selected, View Connection Server distributes
desktops across them.
Free space on selected datastores is compared with an estimate of the

storage that is required if the maximum desktops are provisioned
provisioned.
You can specify a default virtual machine swap file location on each ESX/ESXi host. In this case,
the default swap file location is used.
If you specify that the virtual desktop pool should store virtual machine files on local ESX/ESXi
host storage, you cannot use VMware vMotion with the virtual desktops. So, in the case shown
in the screenshot, you can use vMotion on any virtual machine stored on any of the datastores
except datastore1 (the local datastore).
329
View Administrator
If multiple datastores are selected, View Connection Server distributes the virtual desktops across
the datastores. Any single virtual machine is placed on only one datastore.
Select the datastore in which to store your virtual desktops files. Normally, it is possible to create a
virtual machine with multiple virtual disk drives and to specify that each virtual disk be stored in a
different location. But with virtual desktops that are created from a template, all virtual disks must
be on the same datastore. You can have multiple virtual disks, but all must reside on the same
datastore.
vCenter Server Settings Completed

Slide 6-67
The screenshot shows the vCenter Settings page with all components configured.
330
Selecting the Customization

Slide 6-68
Select a customization specification.
A single customization specification can be used with multiple desktop

pools and with multiple templates
templates.
Customization specification must match the operating system in the
template.
The final vCenter Server component that must be specified is the type of customization to perform
on a new desktop.
The default selection is to use an existing customization specification. The same customization
specification can be used with multiple pools and multiple templates, if the templates are based on
the same operating system that the customization is based on. The customization selected here is
WinXP Spec file. A good description on the customization would have helped identify the correct
file to use.
View Administrator
Customization specifications that do not specify DHCP for network configuration cannot be used
and are not shown. The IP address for each desktop must be dynamically assigned.
331
Ready to Complete Summary

Slide 6-69
The final steps are:

1. Review the
information on the
Ready to Complete
page.
2 If the information is
2.
correct, click Finish.

Otherwise, go back.
begins to provision
desktops.
The slide shows the summary page. View is now ready to complete the definition for the pool.
Review the information and click Finish. Click Back to correct problems.
332
Entitling the Desktops in the Pool

Slide 6-70
After the pool has been created, you entitle it.

A best practice is to entitle an AD group to a pool.
Apply a filter. All pools with sales in any column are displayed.
Entitle the new pool. The new pool cannot be used until it is entitled. The best practice is to entitle
an AD user group to use the pool.
If you have a large number of pools, you can quickly find the one that you want by filtering on the
pool ID or some other unique text.
View Administrator
333
vCenter Server Creates Desktops

Slide 6-71
When the pool is created and the desktops are set to Enabled, the
associated vCenter Server instance begins provisioning desktops.
As soon as a pool is enabled and set to provision, View Connection Server begins creating desktops.
The number of desktops that will be created concurrently is set in the Edit vCenter Server dialog
box. (Select View Configuration > Servers, select the vCenter Server instance, and click Edit.)
The top screenshot is from the Recent Tasks pane of the vSphere Client, which shows that cloning
has begun.
Each desktop that is created has to be powered on, customized, and then restarted to join the
domain. Desktops are not available until the process is complete. Users who try to access desktops
before the pool is ready are informed that the desktop is not available. After provisioning has
completed, the View Client connects to the virtual desktop.
334
New Desktop Is Available to View Client

Slide 6-72
The desktop pool is now visible in the View Client. A user does not
know that it is a pool, not a desktop.
The user sees the
Th
th display
di l name that
th t you entered
t
d on the
th Pool
P l
Identification page of the Add Pool wizard.
335
View Administrator
The display name of the pool is displayed in the View Client for all users who are entitled to use it.
The user does not know anything about a desktop pool, so it is prudent to use display names that are
meaningful to the user. For example, a display name like Windows XP desktop might be more
meaningful than WinXP-pool. If a display name is not entered in the Pool ID page of the Add Pool
wizard, the pool ID is used.
Desktop Problems
Slide 6-73
In dedicated-assignment pools, desktops are permanently assigned.

If more people are in the pool than the maximum number of desktops
specified on the Pool Settings page
page, the n+1 user is locked out
out.
Desktop destroyed after allocated:
View Connection
Vi
C
ti S
Server creates
t a new d
desktop
kt tto kkeep pooll sizing
i i correct.
t
Desktop is assigned to first new user who requests one.
Two problem scenarios are common:

You have more people entitled than you have desktops in the pool. If a dedicated-assignment
pool has 20 desktops in it and 20 users log in, those 20 users are assigned a desktop. When the
21st entitled user logs in, that user receives an error message: All available desktop resources
are currently busy. Please try connecting later or contact your system administrator.
If a desktop is deleted from disk (only a View administrator can delete a desktop), the View
Connection Server creates a new one. The first user who requests a desktop and does not
already have one gets the new one, even if the request comes from the user whose desktop was
destroyed. If the new user is the first one to request a desktop, he or she gets the available
desktop. The original user is locked out of the pool until a new desktop becomes available.
336
Floating-Assignment Pools
Slide 6-74
Floating-assignment pools have the following characteristics:
Desktops are available to users when they log in.
Desktops are returned to the pool (or are deleted) when users log out
out.
A user might be logged in to a different desktop each time.
Users should not save documents or files on the desktop.
User data is lost if the desktop is deleted after logout.

User data is lost if the desktop is a linked clone and it is recomposed,
refreshed, or rebalanced.
U a network
Use
t
k fil
file share
h
or Vi
View P
Persona M
Management.
t
Floating-assignment pools are ideal for any department or group that:
Uses the same software tools

Does not need to save data locally or customize desktops
Floating-assignment desktops are stateless desktops.
Call center desktops

Service kiosks
Public desktops
Any department or group that uses the same software tools and does not need to save data locally or
customize desktops is a candidate for floating-assignment pools.
337
View Administrator
Nonpersistent desktops are ideal for:
A floating-assignment pool makes desktops available to users when they log in. These desktops are
returned to the pool when users log out. Users might log in to a different desktop each time. Thus,
users should not save documents or files on the desktop and should not be able to customize the
desktop in any way. These changes would be present when the next user connects to the desktop. At
the View administrators option, a virtual desktop can be destroyed when the user logs out. If the
option is enabled, each user connects to a fresh copy of the desktop at each login.
Floating-Assignment Pool Settings

Slide 6-75
T
Two
additional
dditi
l pooll settings
tti
are available
il bl for
f floating-assignment
fl ti
i
t
pools:
Allow multiple sessions per user User can concurrently connect to

multiple desktops in the pool.
pool
Delete desktop after logoff
If Delete desktop after logoff is set to Yes, after a user logs out:
The virtual machine is powered off and deleted from the disk
A new desktop is provisioned to return the pool to its configured size
A floating-assignment pool is created the same way as a dedicatedassignment pool

pool.
Little difference exists between dedicated-assignment and floating-assignment pools in terms of

creating and managing them with View Administrator. The type of assignment is shown in the User
Assignment column on the Pools page (Inventory > Pools).
Two additional settings exist in the Remote Settings panel in the Pool Settings page of the Add or
Edit Pool wizard:
Allow multiple sessions per user Allows a user to connect to multiple desktops in the
floating-assignment pool at the same time.
Delete desktop after logoff Selecting Yes causes View Connection Server to power off and
delete the virtual machine from the disk as soon as the user logs out. A new desktop is created
to replace it. Thus, you do not have to worry about using GPOs or roaming profiles to lock
down the desktop. Anything that the user does is removed. But you should still prevent the user
from changing the desktop in ways that might reduce the virtual machines performance.
The virtual machine is destroyed only if the user logs out. If the user disconnects, the virtual
desktop remains powered on and available for reconnection.
The virtual desktops in a floating-assignment pool are excellent candidates for management in
restricted resource pools, for example, resource pools with low RAM or CPU limits, low share
values, and no reservations.
338
Lab 7
Slide 6-76
In this lab, you will create and use an automated pool.

1. Set up a vCenter Server folder for virtual desktops in a pool.
2. Create an automated pool with dedicated-assignment desktops.
3. Verify the creation of the pool by connecting to a desktop.
4. Test a second concurrent connection to a desktop
p in the p
pool.
5. Delete the automated pool.
6
View Administrator
339

Slide 6-77
340
Describe how an automated pool operates.

Compare dedicated-assignment and floating-assignment pools.
Outline the steps to create an automated pool.
Explain
p
the entitlement of desktops
p in automated p
pools.
Lesson 4: Role-Based Delegated Administration

Slide 6-78
Lesson 4:
Role-Based Delegated Administration
6
View Administrator
341
Learner Objectives
Slide 6-79
342
Explain the purpose of roles and privileges in View.

Explain how folders are used to delegate pool administration.
Describe a permission and its components.
Outline the steps
p to create a View administrator.
List the management options for permissions and folders.
List two common predefined roles.
O tli th
Outline
the steps
t
to
t create
t a custom
t
role.
l
List some of the best practices for configuring View administrators.
View Connection Server Roles and Privileges

Slide 6-80
Use role-based delegated administration to selectively assign

administrative rights to specific AD users or groups.
The View
Th
Vi
access and
d control
t l system
t
is
i similar
i il to
t the
th vCenter
C t Server
S
access control system.
An administrator role is a collection of privileges that:
Control the ability to perform specific actions

Control what an administrator can see in View Administrator
P i il
Privileges
are either
ith global
l b l or object-specific
bj t
ifi (f
(for example,
l inventory
i
t
objects like pools and desktops).
Privileges can be assigned only through roles.
Predefined roles can be assigned to users or groups. Or you can

create custom roles to assign.
The ability to perform tasks in View Administrator is governed by an access control system that
consists of administrator roles and privileges. This system is similar to the vCenter Server access
control system.
An administrator role is a collection of privileges. Privileges grant the ability to perform specific
actions, such as entitling a user to a desktop pool. Privileges also control what an administrator can
see in View Administrator. For example, if an administrator lacks privileges to view or modify
global policies, the Global Policies setting is not visible in the navigation panel when the
administrator logs in to View Administrator.
Administrator privileges are either global or object-specific. Global privileges control system-wide
operations, such as viewing and changing global settings. Object-specific privileges control
operations on specific types of inventory objects, such as pools and desktops.
343
View Administrator
Entitlements determine who can connect to a desktop in a pool. View Connection Server roles and
privileges apply only to administrators of the View environment when using View Administrator.
A key management task in a View environment is to determine who can use View Administrator and
which tasks that those users are authorized to do. With role-based delegated administration, you can
selectively assign administrative rights by assigning administrator roles to specific AD users and
groups.
Administrator roles typically combine all of the individual privileges required to perform a higherlevel administration task. View Administrator includes predefined roles that contain the privileges
required to do common administration tasks. You can assign these predefined roles to your
administrator users and groups, or you can create your own roles by combining selected privileges.
You cannot modify the predefined roles.
To create administrators, you select users and groups from your AD users and groups and assign
administrator roles. Administrators obtain privileges through their role assignments. You cannot
assign privileges directly to administrators. An administrator who has multiple role assignments
acquires the sum of all the privileges contained in those roles.
In addition to managing View privileges and permissions, you must manage vCenter Server
permissions and Windows permissions. For example, the permissions granted through the View
Administrator role does not extend to the vCenter Server Administrator role or the local Windows
Administrator permissions.
344
Using Folders to Delegate Pool Administration

Slide 6-81
You can create folders

f
under the root folder
f
(/) to subdivide desktops
pools:
You can delegate different folders to different administrators.

Maximum of 99 folders under the root folder
Folders cannot be nested.
Configure administrator access by assigning a role to an

administrator on that folder.
An administrator can access the pool resources that reside in the folder.
An administrator with multiple roles acquires the sum of all privileges.
Other considerations:
Roles are inherited from the root folder.
If a role is to apply to a folder, the role must contain at least one object-specific
privilege.
Roles that contain only global privileges cannot be applied to folders
folders.
Folders are available in View to subdivide pools for administrative purposes.
A desktop inherits the folder from its pool. A persistent disk that is attached to a linked clone
inherits the folder from its desktop.
You configure administrator access to the resources in a folder by assigning a role to an
administrator on that folder. Administrators can access only the resources that reside in folders for
which they have assigned roles. The role that an administrator has on a folder determines the level
of access that the administrator has to the resources in that folder.
Because roles are inherited from the root folder, an administrator that has a role on the root folder
has that role on all folders. Administrators that have the Administrators role on the root folder are
super administrators because they have full access to all of the inventory objects in the system.
A role must contain at least one object-specific privilege to apply to a folder. Roles that contain only
global privileges cannot be applied to folders.
345
View Administrator
By default, desktop pools are created in the root folder, which appears as / or Root(/) in View
Administrator. You can create folders under the root folder to subdivide your desktop pools and then
delegate the administration of specific desktop pools to different administrators. You can have a
maximum of 100 folders, including the root folder.
You can use View Administrator to create folders and to move existing pools to folders. You can
also select a folder when you create a desktop pool. If you do not select a folder during pool
creation, the pool is created in the root folder by default.
346
Example: Different Administrators for Different Folders

Slide 6-82
pool administrator = user name + role + folder
viewadmin1 has the Inventory

Administrators privileges for only the
pools in the SalesDesktops folder.
viewadmin1
Predefined roles:
Administrators
Inventory
Administrators
I
t
Ad i i t t
Global Configuration and
Policy Administrators
Folders for pools:

/SalesDesktops
/DeveloperDesktops
/FinanceDesktops
viewadmin2
i
d i 2
viewadmin2 has the Inventory Administrators privileges for only the
pools in the FinanceDesktops folder, but also has global configuration
and policy privileges
privileges.
To assign administrative responsibility for pools in the DeveloperDesktops folder to viewadmin1,

the Inventory Administrators role would have to be assigned on this folder to viewadmin1.
Multiple administrators can manage the same folder. For example, an administrator might have
configuration privileges on a folder while another administrator has read-only privileges on the
same folder. A typical role assignment is to assign the read-only Inventory Administrators role on
the root folder to the group that contains all View administrators. Then all view administrators can
display any of the View Administrator objects but can configure only their assigned objects.
347
View Administrator
The viewadmin2 user is assigned responsibility for the pools in the folder called FinanceDesktops,
so the Inventory Administrators role is assigned on the FinanceDesktops folder. Additionally, the
viewadmin2 user has global privileges that allow him or her to configure global settings (View
Configuration > Global Settings) and global policies (Policies > Global Policies).
In the example, three roles have been defined and each of three folders contains one or more pools.
To allocate the administrative responsibilities for the pools between two administrative users, the
viewadmin1 user is assigned the Inventory Administrators role on only the folder called
SalesDesktops. The Inventory Administrators role has all possible configuration privileges for
inventory objects pools, desktops, persistent disks, and ThinApp applications. The viewadmin1
user cannot read or change inventory objects associated with pools in either of the other folders.
View Connection Server Permissions

Slide 6-83
The combination of a role, an administrator user or group, and a

folder is a permission:
The role defines the actions that can be performed

performed.
The user/group indicates who can perform the action
The folder contains the objects that are the target of the action.
Permissions appear differently for users/groups, folders, or roles:
For users and groups, for each administrator the role and folder are
displayed.
For folders, the assigned administrators and the role are displayed.
For roles, the assigned administrators and their assigned folders are
displayed.
displayed
For any one of the three elements that make up a permission, you
can quickly learn what the other two combinations are.
View Administrator presents the combination of a role, an administrator user or group, and a folder
as a permission. The role defines the actions that can be performed. The user or group indicates who
can perform the action. The folder contains the objects that are the target of the action.
Permissions appear differently in View Administrator depending on whether you select an
administrator user or group, a folder, or a role. Examples of permissions are shown on the next slide.
348
Examples of Permissions
Slide 6-84
For each user, the role

and folder are shown.
For each role, the user

or group and folder are
shown.
For each folder, the user or

group and role are shown.
The Roles tab shows all predefined and custom roles. If a role is part of a permission the other
two components are shown: the user or group and the assigned folder. You use the Roles tab to
add roles.
The Folders tab shows the user or group and role associated with each folder.
349
View Administrator
The Administrators and Groups tab shows all users and groups who have View permissions.
In this case the role and folder that are associated with each user or group is shown.
The Global Administrators View page has three tabs: Administrators and Groups, Roles, and
Folders. A View permission is the combination of a user or group name, a role, and a folder. The
left panel of each tab shows all items in the tabs category. The right panel shows the other two
components that are make up the permission for that item:
Predefined Roles
Slide 6-85
The following roles are predefined:
Administrators Applies to a folder:
P f
Perform
allll administrative
d i i t ti ffunctions
ti
Administrators (Read only) Applies to a folder

Agent Registration Administrators:
Register unmanaged desktop sources
Global Configuration and Policy Administrators:
View and modify

yg
global p
policies and settings
g
Global Configuration and Policy Administrators (Read only)

Inventory Administrators Applies to a folder:
Perform all desktop

desktop, session,
session and pool
pool-related
related operations
Manage persistent disks
Inventory Administrators (Read only) Applies to a folder
The predefined administrator roles combine all of the individual privileges required to do common
administration tasks. You cannot modify the predefined roles.
Administrators Perform all administrator operations, including creating additional administrator
users and groups. Administrators that have the Administrators role on the root folder are super
administrators because they have full access to all of the inventory objects in the system. Because
the Administrators role contains all privileges, you should assign it to a limited set of users. Initially,
members of the local Administrators group on your View Connection Server host are given this role
on the root folder. An administrator must have the Administrators role on the root folder to do the
following tasks:
Adding and deleting folders
Managing ThinApp applications and configuration settings in View Administrator
Viewing and modifying View Transfer Server instances and the Transfer Server repository
Using the vdmadmin and vdmimport commands
The Windows administrator who installs a replica connection server instance or a View Transport
Server instance must be a domain user and must have the View Administrators role. The installer for
350
View Connection Server verifies that the Windows administrator is an authorized View
administrator with the View Administrators role.
Administrators (Read only) The role can do the following:
View, but not modify, global settings and inventory objects.
View, but not modify, ThinApp applications and settings, View Transfer Server instances, and
the Transfer Server repository.
Use Windows PowerShell commands and command-line utilities, including vdmexport
command but excluding the vdmadmin and vdmimport commands.
When administrators have this role on a folder, they can only view the inventory objects in that
folder.
Agent Registration Administrators Allows this user to install View Agent on unmanaged
desktop sources like physical systems, standalone virtual machines, and terminal servers. During
View Agent installation, the user must provide administrator login credentials to register the
unmanaged desktop source with the View Connection Server instance. Not only must the user have
local administrator privileges to install View Agent, but the user must also have the View
Connection Server privilege to register the desktop.
Global Configuration and Policy Administrators View and modify global policies and
configuration settings except for administrator roles and permissions, ThinApp applications and
settings, View Transfer Server instances, and the Transfer Server repository.
Perform all desktop, session, and pool-related operations.

Manage persistent disks.
Recompose, refresh, and rebalance linked-clone pools and change the default pool image.
When administrators have this role on a folder, they can only perform these operations on the
inventory objects in that folder.
Inventory Administrators (Read only) View, but not modify, inventory objects. When
administrators have this role on a folder, they can only view the inventory objects in that folder.
351
View Administrator
Inventory Administrators The role can do the following:
Global Configuration and Policy Administrators (Read only) View and modify global policies
and configuration settings except for administrator roles and permissions, ThinApp applications and
settings, View Transfer Server instances, and the Transfer Server repository.
Creating an Administrative User

Slide 6-86
1. Select View Configuration >
Administrators and click Add

User or Group.
p
2. Find the user.
3. Select the role.
4 Select
4.
S l t th
the ffolder.
ld
To create an administrator, you select a user or group from your AD users and groups in View
Administrator and assign an administrator role.
To create an administrative user:
1. In View Administrator, select View Configuration > Administrators.
2. On the Administrators and Groups tab, click Add User or Group.
3. In the Add User and Group dialog box, use Find to find the AD users or groups.
4. Select the AD user or group that you want to be an administrator user or group.
5. Select a role to assign to the administrator user or group. The Apply to Folder column indicates
whether a role applies to folders. Only roles that contain object-specific privileges apply to
folders. Roles that contain only global privileges do not apply to folders.
352
Adding Permissions
Slide 6-87
After a permission has been created, you can add permissions from
each of the three tabs on the Global Administrators View page (View
Configuration
g
> Administrators).
)
The selected user already has a permission: Inventory

Administrators for the Sales desktops folder.
Click Add Permission to add permissions.
In the wizard pages, select the role (Inventory Administrators or a

different role) and the folder
folder.
You can use View Administrator to add, delete, and review permissions for specific administrator
users and groups, for specific roles, and for specific folders.
You can add a permission that includes a specific administrator user or group, a specific role, or a
specific folder. You might want to add a permission in three cases:
View Administrator
Create a permission that includes a specific administrator user or group On the

Administrators and Groups tab, select the administrator or group and click Add Permission.
Select a role and, if the role requires a folder, select a folder.
Create a permission that includes a specific role On the Roles tab, select the role, click
Permissions, and click Add Permission. Find a user or group and, if the role requires a folder,
select a folder.
Create a permission that includes a specific folder On the Folders tab, select the folder and
click Add Permission. Find a user or group and select a role.
If you remove the last permission for an administrator user or group, that administrator user or
group is also removed. Because at least one administrator must have the Administrators role on the
root folder, you cannot remove a permission that would cause that administrator to be removed. You
cannot delete an inherited permission.
353
Adding a Pool to a New Folder

Slide 6-88

2. From the Folder drop-down menu on the command bar, select New
Folder.
Folder
3 From the Folder drop-down menu,

3.
menu select Change Folder and select
the new folder name.
To delegate the administration of specific desktops or pools to different administrators, you must
create folders to subdivide your desktops or pools. If you do not create folders, all desktops and
pools reside in the root folder. You can have a maximum of 100 folders, including the root folder.
After you create a folder to subdivide your desktop pools, you must manually move desktop pools to
the new folder unless you assigned a folder during the Add Pool or Edit Pool wizard. If you decide
to change the way your desktop pools are subdivided, you can move existing pools from one folder
to another.
To create a folder:
2. From the Folder drop-down menu on the command bar, select New Folder.
3. Enter a name and description for the folder. The description is optional.
After you create a folder to subdivide your desktop pools, you must manually move desktop pools to
the new folder.
354
To move a pool to a different folder:

1. In View Administrator, select Inventory > Pools and select the pool.
2. From the Folder drop-down menu, select Change Folder.
3. Select the folder.
View Administrator moves the pool to the folder.
6
View Administrator
355
Adding a Custom Role

Slide 6-89
To add a custom role, select View Configuration > Administrators, click

the Roles tab, and click Add Role.
Th Roles
The
R l tab
t b displays
di l
the
th privileges
i il
for
f each
h role.
l
If the predefined administrator roles do not meet your needs, you can combine specific privileges to
create your own roles in View Administrator.
To add a role:
1. In View Administrator, select View Configuration > Administrators.
2. On the Roles tab, click Add Role.
3. Enter a name and description for the new role and select one or more privileges.
The new role is displayed in the left pane of the Global Administrators View page. An example is
shown on the next slide.
356
Selecting Privileges for a Custom Role

Slide 6-90
In the Add Role dialog box, select the

privileges.
Th new role
The
l is
i now available
il bl tto create
t a
permission.
The right pane shows the type of each privilege: global or object-oriented.
The Contractors role must be applied to a folder.
In the Add Role dialog box, enter a name and description for the new role and select one or more
privileges.
For a complete list of privileges, see VMware View Administration at http://www.vmware.com/

support/pubs/view_pubs.html.
357
View Administrator
After completing the dialog box, the new role is displayed in the left pane of the Global
Administrators View page. The role can be used to create a permission with a user or group name
and a folder. Because at least one of the privileges applies to an inventory object the role must be
assigned to a folder.
Best Practices for Administrator Users and Groups

Slide 6-91
Because the View Administrators role contains all privileges, assign it

to a limited set of users.
Choose a local Windows user or g
group
p to have the View
Administrators role:
Necessary for replica server installation

Might
g be necessary
y for registration
g
of unmanaged
g desktops
p
Create new user groups for administrators.
Avoid using Windows built-in groups or other groups that might contain
additional users or groups.
Avoid using the name Administrator when creating administrator users

and groups.
Create
C
eate folders
o de s to seg
segregate
egate se
sensitive
s t e des
desktops.
tops
Delegate the administration of those folders to a limited set of users.
Create separate administrators who can modify global policies and

View configuration settings.
To increase the security and manageability of your View environment, you should follow best
practices when managing administrator users and groups.
Because the View Administrators role contains all privileges, assign it to a single user or to a
limited set of users.
Select a local Windows user or group to have the View Administrators role. A Windows
administrator must have the Administrators role in View to install a replica server instance on a
Windows Server host. Otherwise, the installation fails. A local administrator for an unmanaged
desktop must have at least the Agent Registration Administrators role to install View Agent and
register the desktop. View administrators must be domain user accounts.
Create user groups for administrators. Avoid using Windows built-in groups or other existing
groups that might contain additional users or groups.
Because it is highly visible and easily guessed, avoid using the name Administrator when
creating administrator users and groups.
Create folders to segregate sensitive desktops. Delegate the administration of those folders to a
limited set of users.
Create separate administrators that can modify global policies and View configuration settings.
358
Lab 8
Slide 6-92
In this lab, you will create View user permissions.

1. Create a View folder.
2. Move a pool into a new folder.
3. Modify permissions on a folder.
4. Verify
y permissions
p
on a folder.
5. Use global permissions to allow a user or group limited access to the
View environment.
6 Remove all administrator permissions
6.
permissions.
6
View Administrator
359

Slide 6-93
360
Explain the purpose of roles and privileges in View.

Explain how folders are used to delegate pool administration.
Describe a permission and its components.
Outline the steps
p to create a View administrator.
List the management options for permissions and folders.
List two common predefined roles.
O tli th
Outline
the steps
t
to
t create
t a custom
t
role.
l
List some of the best practices for configuring View administrators.
Lesson 5: Monitoring the View Deployment

Slide 6-94
Lesson 5:
Monitoring the View Deployment
6
View Administrator
361
Learner Objectives
Slide 6-95
362
Describe the capabilities that View Administrator provides for

monitoring the health of a View deployment:
The dashboard for the overall status of the View deployment

Monitoring events, remote sessions, and local sessions
Monitoring pools and initiating certain actions for a specific pool
Monitoring desktops and initiating certain actions for a specific desktop
Explain how the dashboard can be used to quickly focus on the details
of a problem.
problem
Show how to access the settings and status of a particular pool.
Show how to access the settings and status of a specific desktop and
the
h resources controlled
ll d b
by vCenter
C
S
Server that
h the
h d
desktop
k
uses.
Describe the types of PCoIP session statistics that you can monitor.
View Administrator Dashboard

Slide 6-96
Displays status of View Connection Server and VMware vSphere

components
Di l
Displays
monitoring
it i information
i f
ti for:
f
View components:
View Connection Server instances

The event database
Security servers
View Composer services
T
Transfer
f Servers
S
vSphere components:
Datastores
ESX/ESXi hosts
h t
vCenter Server instances
Domains
You can quickly survey the status of the View Connection Server and vSphere components in your
View deployment by using the View Administrator dashboard.
View Administrator displays monitoring information about View Connection Server instances, the
event database, security servers, View Composer services, transfer servers, datastores, ESX/ESXi
hosts, vCenter Server instances, and domains.
View Administrator
View Connection Server cannot determine status information about Kerberos domains. View
Administrator displays Kerberos domain status as unknown, even when a domain is configured and
working.
363
Dashboard Page
Slide 6-97
In View Administrator, click Dashboard.
The dashboard shows on one page a visual status of each of the components in a View environment.
For example, in the upper-left portion of the window, the date and time of the last dashboard update
are displayed with indicators of the following:
Desktops with problems
Error events or warning events that should be evaluated
View or vCenter Server components that are either not functioning or are not available
Clicking the number next to the item opens a page that shows the components status.
The global status area in the upper-left corner is always visible.
If enabled, the global status area automatically updates every few minutes. The Dashboard page is
also updated every few minutes when the page is active.
Idle session timeouts for View Administrator do not occur when automatic updates are enabled,
causing View Administrator to remain active until the browser is closed or an explicit logout is
done. Allowing View Administrator to remain active indefinitely can be a security consideration.
364
Examining Component Details

Slide 6-98
Status indicators in the System Health pane:
Green up arrow No problems.

Red down arrow Component is unavailable or not functioning.
Yellow arrow Warning state.
Question mark Status is unknown.
Click the indicator to view the status and details of the object.
The Desktop Status pane:
Categories Preparing, Problem Desktops, and Prepared for Use

Expand the category for the list of possible states.
Click the number to view a filtered list of desktops
p in the selected state.
The Datastores pane:
Double-click the datastore name to see details of pools using the datastore.
The Dashboard page has three panes.

In the System Health pane, expand View components, vSphere components, or Other components.
View Administrator
A green up arrow indicates that a component has no problems.

A red down arrow indicates that a component is unavailable or not functioning.
A yellow double arrow indicates that a component is in a warning state.
A question mark indicates that the status of a component is unknown.
Click a component name to open a dialog box that displays the name, version, status, and other
component information.
In the Desktop Status pane, expand the three categories of desktops to see the number of desktops
in each of these categories:
Preparing states, such as Provisioning, Customizing, or Startup
Problems states, such as Agent unreachable or Provisioning error.
Prepared for use states, such as Provisioned, Available, Connected, or disconnected
In the Datastores pane, click each datastore for a list of pools that are using the datastore.
365
Desktop Status from the Dashboard

Slide 6-99
Quickly examine a problem desktop

by clicking the number next to Error.
The Desktops page is displayed with
Error in the Filter box.
The example shows how you can quickly determine the error condition with a problem desktop:
1. In the Desktop Status pane of the Dashboard page, expand the desktop categories.
2. Click the highlighted number, which is a link, that is next to the error state. This action opens
the Desktops page with the filter specification set to Error. Desktops with Error in the
database record are displayed in the list. Expect to see only one desktop.
3. Click the ellipsis icon in the Status column to see the error specifics.
Clicking the highlighted number to the right of Problem Desktops in the Dashboard Status pane
(upper-left corner of View Administrator) would show all desktops in any of the error states.
366
Monitoring Sessions and Events

Slide 6-100
The classes of objects in the Monitoring category:
Events Events for all View actions and tasks:
Events
E
t are stored
t d in
i a separate
t database.
d t b
Events can be filtered.
Remote sessions All online desktop sessions:
Disconnect the session.

Log out of the session.
Reset the virtual machine.
Send a message to the desktop.
Local sessions Displays all local-mode desktop sessions:
Display
p y the details of the local-mode desktop
p and session.
Roll back the local-mode desktop (discard the local desktop image).
Start a replication (backup) of the local-mode desktop.
In View Administrator, the set of objects in the Monitoring category are:
Remote sessions Opens the Remote Sessions page, which shows all active remote sessions
that are prepared for use. Depending on the session state of each desktop, you can disconnect it,
log it out, reset the virtual machine (done by a vCenter Server instance), or send a message to
the desktop.
Local sessions Opens the Local Sessions page, which shows sessions that are checked-out
local-mode desktops. Depending on the session state of a local desktop you can rollback or
replicate the desktop. You can always display the details and status of the desktop.
The next slides show examples of each of these View Administrator pages.
The terms remote and local are from the perspective of the View Client.
367
View Administrator
Events Opens the Events page, which shows all events for a designated period. All events for
all View components are stored in an event database. The event database is configured through
View Configuration > Event Configuration. Events can be filtered.
Events Page
Slide 6-101
Filter on any text in the database record for a selected time period.
Regardless of the selection for Time period, View Administrator

displays a maximum of 2,000 events, by default.
The Events page displays all events in the designated time period, which can be the last two days
(the default), the last week, the last month, or since the event database was configured.
You can enter a word or phrase to be used as a text string for subsetting the number of records. The
phrase is not case-sensitive. For example, you can search for all records that contain audit success,
server, or dt2 anywhere in the record.
To improve performance, View Administrator displays only the most recent 2,000 events from the
event and event_data tables. You can change the limit by adjusting the value of an attribute in
ADAM. If you increase the limit, View Administrator requires more time and system resources to
find and display the records. For more details, see VMware knowledge base article 1026196 at http:/
/kb.vmware.com/kb/1026196.
368
Remote Sessions
Slide 6-102
Remote sessions are online sessions established through the

connection server with:
vCenter Server virtual machines

Other desktops, such as physical desktops
p is disconnected but not logged

gg out, so it is displayed.
p y
XP-desktop-1
Remote sessions are View Client online sessions with either a vCenter Server version of a virtual
desktop, a physical desktop, or a virtual desktop from other sources.
The other desktop is disconnected but not logged out, so the only active options are to log out the
session or reset the virtual machine.
369
View Administrator
In the example, the Payroll-XP desktop is connected, so all four options are active. The desktop can
be disconnected, logged out, or reset. And, you can send a message to the user.
Local Sessions
Slide 6-103
Local sessions are local-mode desktops.

A View administrator can control the local-mode operations.
Local sessions are local-mode desktops. View Client with Local Mode is connecting to a local
version of the desktop, which has been checked out. View Connection Server periodically monitors
the status of the local desktop. The Details dialog box shows session characteristics, such as the time
of last server contact and last backup (replication).
You can roll back the local-mode desktop, which discards the local version, or initiate a replication,
which copies changes that were made in the local version to the vCenter Server version. Replication
and backup perform the same operations.
Do not delve into Local Mode now. The content is here only for completeness and for comparison with remote
sessions information.
370
Monitoring a Pool
Slide 6-104
In View Administrator, select Inventory > Pools and double-click a

pool ID. The pools details, such as its desktops, are shown.
This desktop is a linked-clone desktop, so the Persistent Disks link is active and shows the
persistent disks that are attached to this desktop. Usually, only one persistent disk is attached. But it
is possible to have persistent disks attached that came from deleted linked-clone desktops.
The ThinApps link shows the ThinApp applications assigned to this desktop and status of each.
Each tab displays the name information as it applies to this pool.
371
View Administrator
The More Commands menu is available only on the Inventory tab because most of these
commands apply to specific desktops.
You use View Administrator pages to perform View Connection Server or View Composer
operations on specific pools. You go to the page for a pool by selecting Inventory > Pools and
double-clicking the ID of row with the name of the pool. The first click selects the row. The second
click activates the link to the <pool_ID> page. The example shows the page for the XP-Desktops
pool. Every action from this page applies to only this pool or objects in this pool. For example,
Actions selected from the Inventory tab apply to only the selected desktops in the inventory. If the
pool is for linked clones, you can select View Composer to select a View Composer operation for
the highlighted desktops in the inventory. Although not shown, multiple desktops can be selected.
To perform a View Composer operation on all desktops in a pool you make a selection from the
View Composer menu in the Settings tab.
Monitoring a Desktop: Summary Tab

Slide 6-105
In View Administrator, select Inventory > Desktops and double-click a

desktop name. Only this desktops details are shown.
The View Composer and More

Commands menus apply to only this
p
desktop.
The ThinApp applications and the View
Composer settings for this desktop are
shown.
shown
You can navigate to pages with information that pertains to a single desktop. Select Inventory >
Desktops and double-click a desktop name to display the <desktop_name> page. These pages allow
you to select operations for only that desktop. Many of the options on a <desktop_name> page can
also be performed from the Inventory tab on a pool page. For example the View Composer
operations are the same in both locations.
The ThinApps link shows the ThinApp applications assigned to this desktop and status of each.
vCenter Server settings that apply to desktops are available only from this page. An example is
shown on the next slide.
372
Monitoring a Desktop: vCenter Settings Tab

Slide 6-106
Displays the vCenter Server information for this desktop, such as the
virtual disks associated with this linked-clone desktop
373
View Administrator
Selecting the vCenter Settings tab in the <desktop_name> page displays vCenter Server settings
and resources that pertain to this desktop. In the example, the desktop is a linked-clone desktop, so
the virtual disk list shows four disks: a system disk, a disposable disk, a persistent disk, and the
internal disk.
Monitoring PCoIP Session Statistics

Slide 6-107
PCoIP session statistics enable:
Detailed network performance monitoring

Troubleshooting of PCoIP sessions
Twenty-three statistics are available in five categories:
General session statistics

A di statistics
Audio
t ti ti
Imaging statistics
Network statistics
USB statistics
t ti ti
The PCoIP session statistics are available for virtual desktops running
View Agent 5.0 and later.
With PCoIP session statistics, you can monitor performance and troubleshoot PCoIP sessions in a
VDI environment. The PCoIP session statistics capability delivers the detailed PCoIP metrics that
are needed by the IT management to ensure smooth network and easy troubleshooting.
The PCoIP session statistics that you can monitor include general session statistics, audio statistics,
imaging statistics, network statistics, and USB statistics.
The PCoIP session statistics are available for virtual desktops running View Agent 5.0 or later.
Availability of PCoIP session statistics, reduces reliance on log files for monitoring performance and
troubleshooting PCoIP sessions.
374
Windows Management Instrumentation

Slide 6-108
Use Windows Management Instrumentation (WMI) to monitor PCoIP

session statistics.
WMI can be used with any of the following supported programming
interfaces to monitor the statistics:
C#
C++
Windows PowerShell
VBScript
WMI Code Creator
VB .NET
Windows Management Instrumentation Command-line (WMIC)
Teradici provides a PCoIP Session Statistics Viewer program that can

be used to display the statistics in real time.
Teradici offers the PCoIP Session Statistics Viewer program to display the PCoIP session statistics
that are retrieved from one or more virtual desktops. The program has two modes:
Graphing from real-time data
Graphing from PCoIP session server log files
In these graphing modes you can do the following:
Add and remove multiple virtual desktops
Switch views instantly
Set the sampling time
Set the graph duration
375
View Administrator
WMI-based tools might include C#, C++, Windows PowerShell, VBScript, WMI Code Creator, VB
.NET, and Windows Management Instrumentation Command-line.
Tools supported by Windows Management Instrumentation (WMI) can be used to monitor PCoIP
session statistics. WMI-based tools can collect more than 20 session statistics for monitoring,
trending, and troubleshooting end-user support issues.
Expand or collapse all graphs

Retrieve PCoIP session server log files by selecting files or folders
The PCoIP Session Statistics Viewer can be downloaded by going to http://techsupport.teradici.com
and searching for Teradici KB article 15134-742.
Another third-party PCoIP monitoring tool is from Xangati. The tool is called Xangati Management
Dashboard (XMD). It enables users to monitor PCoIP session statistics in real time.
376
Commonly Used PCoIP Statistics (1)

Slide 6-109
PCoIP session statistic
Definition
AudioRXBWkbitPersec
Bandwidth for incoming audio packets

averaged over the sampling period, in
kilobits per second
AudioTXBWkbitPersec
g g audio p
packets
Bandwidth for outgoing
averaged over the sampling period, in
kilobits per second
SessionDurationSeconds
Total number of seconds that the PCoIP

session has been open
ImagingEncodedFramesPersec
Number of imaging frames that were

encoded over a one-second sampling
period
i d
RoundTripLatencyms
Round-trip latency in milliseconds between

the desktop and the PCoIP client
What is the current audio receive and transmit bandwidth that is being used?
What is the network transmit and receive bandwidth?
What is the network latency?
What is the image encoding rate, in frames per second?
How long has the session been connected?
377
View Administrator
The PCoIP session statistics help answer questions like:
The PCoIP sessions statistics help monitor PCoIP's effect on the network and conversely how the
network is affecting PCoIP performance and user perception. Twenty-three individual statistics can
be collected into a WMI-based tool for monitoring, trending, and proactive troubleshooting. The
most commonly used statistics are shown on this slide and the next slide.
Commonly Used PCoIP Statistics (2)

Slide 6-110
378
PCoIP session statistic
Definition
RXBWkbitP
RXBWkbitPersec
O
Overall
ll b
bandwidth
d idth ffor iincoming
i PC
PCoIP
IP
packets averaged over the sampling
period, in kilobits per second
TXBWkbitPersec
Overall bandwidth for outgoing PCoIP

packets averaged over the sampling
period, in kilobits per second
TXPacketLossPercent
Percentage of transmitted packets lost

during a sampling period
RXPacketLossPercent
g of received p
packets lost
Percentage
during a sampling period

Slide 6-111
Describe the capabilities that View Administrator provides for

monitoring the health of a View deployment:
The dashboard for the overall status of the View deployment

Monitoring events, remote sessions, and local sessions
Monitoring pools and initiating certain actions for a specific pool
Monitoring desktops and initiating certain actions for a specific desktop
Explain how the dashboard can be used to quickly focus on the details
of a problem.
problem
Show how to access the settings and status of a particular pool.
Show how to access the settings and status of a specific desktop and
the
h resources controlled
ll d b
by vCenter
C
S
Server that
h the
h d
desktop
k
uses.
Describe the types of PCoIP session statistics that you can monitor.
6
View Administrator
379
Key Points
Slide 6-112
380
View Administrator is the Web-based configuration and management

interface for View administrators.
View Connection Server provisions dedicated-assignment or floatingassignment desktops in automated pools, based on demand and
provisioning parameters.
Dedicated-assignment
Dedicated
assignment desktops retain an association with a user
user.
Floating-assignment desktops do not retain a user association and can
be deleted after logout. They are stateless desktops.
View Administrator permissions can be assigned to a custom role
role,
which is then associated with a user name.
View Administrator enables you to monitor the health of the View
deployment and to quickly analyze problem areas
areas.
PCoIP session statistics can be captured and analyzed to help tune
PCoIP performance and troubleshoot PCoIP problems.

Student Guide (1 of 2)

Diunggah oleh

Informasi Dokumen

Hak Cipta

Format Tersedia

Bagikan dokumen Ini

Bagikan atau Tanam Dokumen

Opsi Berbagi

Apakah menurut Anda dokumen ini bermanfaat?

Apakah konten ini tidak pantas?

Hak Cipta:

Format Tersedia

Student Guide (1 of 2)

Diunggah oleh

Hak Cipta:

Format Tersedia

VMware View 5.

VMware View 5.0:

Use of this material to deliver training without

View5ICMGuideVol1.book Page 1 Monday, December 19, 2011 4:41 PM

VMware Education Services

View5ICMGuideVol1.book Page 2 Monday, December 19, 2011 4:41 PM

View5ICMGuideVol1.book Page i Monday, December 19, 2011 4:41 PM

Introduction to VMware View . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7

View Connection Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .41

VMware View: Install, Configure, Manage

View5ICMGuideVol1.book Page ii Monday, December 19, 2011 4:41 PM

View Connection Server Requirements . . . . . . . . . . . . . . . . . . . . . . . . .50

View Desktops. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .83

View5ICMGuideVol1.book Page iii Monday, December 19, 2011 4:41 PM

Group Policy Objects and Roaming Profiles. . . . . . . . . . . . . . . . . . . . .100

View5ICMGuideVol1.book Page iv Monday, December 19, 2011 4:41 PM

View Agent on Virtual Machines with Multiple NICs . . . . . . . . . . . . .148

VMware View: Install, Configure, Manage

View5ICMGuideVol1.book Page v Monday, December 19, 2011 4:41 PM

View Client Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .191

View5ICMGuideVol1.book Page vi Monday, December 19, 2011 4:41 PM

Reinstalling Virtual Printing on the Client System . . . . . . . . . . . . . . . .241

View Administrator . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .251

View5ICMGuideVol1.book Page vii Monday, December 19, 2011 4:41 PM

Entitlements Tab for a Selected Group . . . . . . . . . . . . . . . . . . . . . . . . .290

View5ICMGuideVol1.book Page viii Monday, December 19, 2011 4:41 PM

Review of Learner Objectives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .340

VMware View: Install, Configure, Manage

View5ICMGuideVol1.book Page 1 Monday, December 19, 2011 4:41 PM

VMware View: Install, Configure, Manage

View5ICMGuideVol1.book Page 2 Monday, December 19, 2011 4:41 PM

Server-oriented system administrators should be equipped with the

VMware View: Install, Configure, Manage

View5ICMGuideVol1.book Page 3 Monday, December 19, 2011 4:41 PM

After this course, you should be able to do the following:

Identify the View components.

Module 1 Course Introduction

View5ICMGuideVol1.book Page 4 Monday, December 19, 2011 4:41 PM

You Are Here

Configuring and Managing Linked Clones

View Connection Server

Managing View Security

View Virtual Desktops

VMware View: Install, Configure, Manage

View5ICMGuideVol1.book Page 5 Monday, December 19, 2011 4:41 PM

The following typographical conventions are used in this course:

Filenames, folder names

What the user types:

Graphical user interface items:

Book titles and emphasis:

Module 1 Course Introduction

View5ICMGuideVol1.book Page 6 Monday, December 19, 2011 4:41 PM

VMware View: Install, Configure, Manage

Introduction to VMware View

View5ICMGuideVol1.book Page 7 Monday, December 19, 2011 4:41 PM

VMware View: Install, Configure, Manage

View5ICMGuideVol1.book Page 8 Monday, December 19, 2011 4:41 PM

You Are Here

Configuring and Managing Linked Clones

View Connection Server

Managing View Security

View Virtual Desktops

VMware View: Install, Configure, Manage

View5ICMGuideVol1.book Page 9 Monday, December 19, 2011 4:41 PM