vmware view architecture planning guide · 4 architecture design elements and planning guidelines...

VMware View Architecture PlanningGuide

View 4.0View Manager 4.0

View Composer 2.0

This document supports the version of each product listed andsupports all subsequent versions until the document is replacedby a new edition. To check for more recent editions of thisdocument, see http://www.vmware.com/support/pubs.

EN-000241-01

http://www.vmware.com/support/pubs

VMware View Architecture Planning Guide

2 VMware, Inc.

You can find the most up-to-date technical documentation on the VMware Web site at:

http://www.vmware.com/support/

The VMware Web site also provides the latest product updates.

If you have comments about this documentation, submit your feedback to:

[email protected]

Copyright © 2010 VMware, Inc. All rights reserved. This product is protected by U.S. and international copyright and intellectualproperty laws. VMware products are covered by one or more patents listed at http://www.vmware.com/go/patents.

VMware is a registered trademark or trademark of VMware, Inc. in the United States and/or other jurisdictions. All other marksand names mentioned herein may be trademarks of their respective companies.

VMware, Inc.3401 Hillview Ave.Palo Alto, CA 94304www.vmware.com

http://www.vmware.com/support/

mailto:[email protected]

http://www.vmware.com/go/patents

Contents

About This Book 5

1 Introduction to VMware View 7

Advantages of Using VMware View 7VMware View Features 8How the VMware View Components Fit Together 9

2 Planning a Rich User Experience 15

Feature Support Matrix 15Choosing a Display Protocol 16Accessing USB Devices Connected to a Local Computer 18Printing from a View Desktop 18Streaming Multimedia to a View Desktop 19Using Single Sign-On for Logging In to a View Desktop 19Using Multiple Monitors with a View Desktop 19

3 Managing Desktop Pools from a Central Location 21

Advantages of Desktop Pools 21Reducing and Managing Storage Requirements 22Application Provisioning 23Using Active Directory GPOs to Manage Users and Desktops 24

4 Architecture Design Elements and Planning Guidelines 25

Desktop Virtual Machine Configuration 25vCenter and View Composer Virtual Machine Configuration and Desktop Pool Maximums 30Connection Server Virtual Machine Configuration and Maximums 31VMware View Node 32vSphere Clusters 33VMware View Building Blocks 34VMware View Pod 37

5 Planning for Security Features 39

Understanding Client Connections 39Choosing a User Authentication Method 41Preparing to Use a Security Server 43Restricting View Desktop Access 51

6 Overview of Steps to Setting Up a VMware View Environment 53

Index 55

VMware, Inc. 3


4 VMware, Inc.

About This Book

The VMware View Architecture Planning Guide provides an introduction to VMware® View, including adescription of its major features and deployment options and an overview of how VMware View componentsare typically set up in a production environment. To help you protect your VMware View installation, the bookalso provides a discussion of security features. This guide answers the following questions:

n Does VMware View solve the problems you need it to solve?

n Would it be feasible and cost-effective to implement a VMware View solution in your enterprise?

Intended AudienceThis information is intended for IT decision makers, architects, administrators, and others who need tofamiliarize themselves with the components and capabilities of VMware View. With this information,architects and planners can determine whether VMware View satisfies the requirements of their enterprise forefficiently and securely delivering Windows desktops and applications to their end users. The examplearchitecture helps planners understand the hardware requirements and setup effort required for a large-scaleVMware View deployment.

Document FeedbackVMware welcomes your suggestions for improving our documentation. If you have comments, send yourfeedback to [email protected].

Technical Support and Education ResourcesThe following technical support resources are available to you. To access the current version of this book andother books, go to http://www.vmware.com/support/pubs.

Online and TelephoneSupport

To use online support to submit technical support requests, view your productand contract information, and register your products, go to http://www.vmware.com/support.

Customers with appropriate support contracts should use telephone supportfor the fastest response on priority 1 issues. Go to http://www.vmware.com/support/phone_support.html.

Support Offerings To find out how VMware support offerings can help meet your business needs,go to http://www.vmware.com/support/services.

VMware ProfessionalServices

VMware Education Services courses offer extensive hands-on labs, case studyexamples, and course materials designed to be used as on-the-job referencetools. Courses are available onsite, in the classroom, and live online. For onsitepilot programs and implementation best practices, VMware Consulting

VMware, Inc. 5

mailto:[email protected]

http://www.vmware.com/support/pubs

http://www.vmware.com/support

http://www.vmware.com/support/phone_support.html

http://www.vmware.com/support/services

Services provides offerings to help you assess, plan, build, and manage yourvirtual environment. To access information about education classes,certification programs, and consulting services, go to http://www.vmware.com/services.


6 VMware, Inc.

http://www.vmware.com/services

Introduction to VMware View 1VMware View lets IT departments run virtual desktops in the datacenter and deliver desktops to employeesas a managed service. End users gain a familiar, personalized environment that they can access from anynumber of devices anywhere throughout the enterprise or from home. Administrators gain centralized control,efficiency, and security by having desktop data in the datacenter.

This chapter includes the following topics:

n “Advantages of Using VMware View,” on page 7

n “VMware View Features,” on page 8

n “How the VMware View Components Fit Together,” on page 9

Advantages of Using VMware ViewWhen you manage enterprise desktops with VMware View, the benefits include increased reliability, security,hardware independence, and convenience.

Reliability and SecurityVirtual desktops can be centralized by integrating with VMware vSphere and virtualizing server, storage, andnetworking resources. Placing desktop operating systems and applications on a server in the datacenterprovides the following advantages:

n Access to data can easily be restricted. Sensitive data can be prevented from being copied onto a remoteemployee's home computer.

n Data backups can be scheduled without considering when end users' systems might be turned off.

n Virtual desktops that are hosted in a datacenter experience little or no downtime. Virtual machines canreside on high-availability clusters of VMware servers.

Virtual desktops can also connect to back-end physical systems and Windows Terminal Services servers.

ConvenienceVMware View PC-over-IP Protocol delivers an end-user experience equal to the current experience of using aphysical PC:

n On LANs, the display is faster and smoother than traditional remote displays.

n On WANs, the protocol can compensate for an increase in latency or a reduction in bandwidth, ensuringthat end users can remain productive regardless of network conditions.

VMware, Inc. 7

ManageabilityProvisioning desktops for end users is a quick process. Rather than installing applications one by one on eachend user's physical PC, the end user connects to a virtual desktop complete with applications. End users canaccess their same virtual desktop from various devices at various locations.

Using VMware vSphere to host virtual desktops provides the following benefits:

n Administration tasks and management chores are reduced. Administrators can patch and upgradeapplications and operating systems without touching a user's physical PC.

n Storage management is simplified. Using VMware vSphere, you can virtualize volumes and file systemsto avoid managing separate storage devices.

Hardware IndependenceVirtual machines are hardware-independent. Because a View desktop runs on a server in the datacenter andis only accessed from a client device, a View desktop can use operating systems that might not be compatiblewith the hardware of the client device.

For example, although Windows Vista can run only on Vista-enabled PCs, you can install Windows Vista ina virtual machine and use that virtual machine on a PC that is not Vista-enabled. Virtual desktops run on PCs,thin clients, and PCs that have been repurposed as thin clients.

VMware View FeaturesFeatures included in VMware View support usability, security, centralized control, and scalability.

The following features provide a familiar experience for the end user:

n Print from a virtual desktop to any local or networked printer that is defined on the client device. Thevirtual printer feature solves compatibility issues and does not require you to install additional printdrivers in a virtual machine.

n Use multiple monitors. With PCoIP multiple-monitor support, you can adjust the display resolution androtation separately for each monitor.

n Access USB devices and other peripherals that are connected to the local device that displays your virtualdesktop.

VMware View offers the following security features, among others:

n Use RSA SecurID two-factor authentication or smart cards to log in.

n Use SSL tunneling to ensure that all connections are completely encrypted.

n Use VMware High Availability to host desktops and to ensure automatic failover.

The following features provide centralized administration and management:

n Use Microsoft Active Directory to manage access to virtual desktops and to manage policies.

n Use the Web-based administrative console to manage virtual desktops from any location.

n Use a template, or master image, to quickly create and provision pools of desktops.

n Send updates and patches to virtual desktops without affecting user settings, data, or preferences.


8 VMware, Inc.

Scalability features depend on the VMware virtualization platform to manage both desktops and servers:

n Integrate with VMware vSphere to achieve cost-effective densities, high levels of availability, andadvanced resource allocation control for your virtual desktops.

n Configure View Connection Server to broker connections between end users and the virtual desktops thatthey are authorized to access.

n Use View Composer to quickly create desktop images that share virtual disks with a master image. Usinglinked clones in this way conserves disk space and simplifies the management of patches and updates tothe operating system.

How the VMware View Components Fit TogetherEnd users start View Client or use View Portal to log in to View Connection Server. This server, which integrateswith Windows Active Directory, provides access to a virtual desktop hosted on a VMware ESX server, a bladeor physical PC, or a Windows Terminal Services server.

Figure 1-1 shows the relationship between the major components of a VMware View deployment.

Chapter 1 Introduction to VMware View

VMware, Inc. 9

Figure 1-1. High-Level Example of a VMware View Environment

network

ESX hosts runningVirtual Desktop VMs

ViewConnection

Server

ViewAdministrator

(browser)

VMware vCenter Serverwith View Composer

network

WindowsView Client

MacView Portal

LinuxView Portal Thin Client

virtual desktops

ESX host

VM VM VM

VM VM VM

virtual machine

desktop OS

app app app

View Agent

MicrosoftActive Directory

VM

Terminal Servers

Blade PCs

Physical PCs

Non-vCenter VMs

View Agent

Client DevicesA major advantage of using VMware View is that desktops follow the end user regardless of device or location.Users can access their personalized virtual desktop from a company laptop, their home PC, a thin client device,or a Mac.

From laptops and Windows PCs, end users open View Client to display their View desktop. From a Mac orLinux PC, end users open a Web browser and use View Portal to display their View desktop. Windows devicescan also use View Portal, but some functionality is not supported.

Thin client devices use View thin client software and can be configured so that the only application that userscan launch directly on the device is View Thin Client. Repurposing a legacy PC into a thin client desktop canextend the life of the hardware by three to five years. For example, by using VMware View on a thin desktop,you can use a newer operating system such as Windows Vista on older desktop hardware.


10 VMware, Inc.

View Connection ServerThis software service acts as a broker for client connections. View Connection Server authenticates usersthrough Windows Active Directory and directs the request to the appropriate virtual machine, physical orblade PC, or Windows Terminal Services server.

View Connection Server provides the following management capabilities:

n Authenticating users

n Entitling users to specific desktops and pools

n Managing desktop sessions

n Establishing secure connections between users and desktops

n Enabling single sign-on

n Setting and applying policies

Inside the corporate firewall, you install and configure a group of two or more View Connection Serverinstances. Their configuration data is stored in an embedded LDAP directory and is replicated among membersof the group.

Outside the corporate firewall, in the DMZ, you can install and configure View Connection Server as a securityserver. Security servers in the DMZ communicate with View Connection Servers inside the corporate firewall.Security servers offer a subset of functionality and are not required to be in an Active Directory domain.

You install View Connection Server in a Windows Server 2003 server, preferably on a VMware virtual machine.

View ClientThe client software for accessing View desktops runs either on a Windows PC as a native Windows applicationor on a thin client if you have View Client for Linux.

After logging in, users select from a list of virtual desktops that they are authorized to use. Authorization canrequire Active Directory credentials, a UPN, a smart card PIN, or an RSA SecurID token.

An administrator can configure View Client to allow end users to select a display protocol. Protocols includePCoIP, Microsoft RDP, and HP RGS for View desktops that are hosted on HP Blades. The PCoIP displayprotocol is now available with VMware View 4. The speed and display quality of PCoIP rival that of a physicalPC.

View Client with Offline Desktop is a version of View Client that has been extended to support the experimentalOffline Desktop feature. This feature allows end users to download virtual machines and use them on theirlocal systems.

Features differ according to which View Client you use. This guide focuses on View Client and View Portalfor Microsoft Windows. The following types of clients are not described in detail in this guide:

n View Portal for Linux (experimental) and View Portal for Mac OS X (experimental).

n View Client for Linux, available only through certified partners.

n Various third-party clients, available only through certified partners.

n View Open Client, which supports the VMware partner certification program. View Open Client is notan official View client and is not supported as such.


VMware, Inc. 11

View PortalFrom a Mac, Windows, or Linux PC, end users can open a Web browser and use View Portal to display theirView desktop. This Web-based version of View Client installs all necessary View software on a client device,but some extensions, such as those for connecting USB devices, might not be installed.

To use View Portal, end users open a Firefox, Internet Explorer, or Safari browser and enter the URL of a ViewConnection Server instance. View Portal prompts users for permission to install the required View Clientcomponents. On Linux clients, View Portal requires rdesktop to display virtual desktops, and on Mac OS/X,View Portal requires Microsoft Remote Desktop Connection Client for Mac to display virtual desktops.

View AgentYou install the View Agent service on all virtual machines, physical systems, and Terminal Service servers thatyou use as sources for View desktops. This agent communicates with View Client to provide features such asconnection monitoring, virtual printing, and access to locally connected USB devices.

If the desktop source is a virtual machine, you first install the View Agent service on that virtual machine andthen use the virtual machine as a template or as a parent of linked clones. When you create a pool from thisvirtual machine, the agent is automatically installed on every virtual desktop.

You can install the agent with an option for single sign-on. With single sign-on, users are prompted to log inonly when they connect to View Connection Server and are not prompted a second time to connect to a virtualdesktop.

View AdministratorThis Web-based application allows administrators to configure View Connection Server, deploy and manageView desktops, control user authentication, and troubleshoot end user issues.

When you install a View Connection Server instance, the View Administrator application is also installed. Thisapplication allows administrators to manage View Connection Server instances from anywhere without havingto install an application on their local computer.

View ComposerYou install this software service on a vCenter Server instance that manages virtual machines. View Composercan then create a pool of linked clones from a specified parent virtual machine. This strategy reduces storagecosts by up to 90 percent.

Each linked clone acts like an independent desktop, with a unique host name and IP address, yet the linkedclone requires significantly less storage because it shares a base image with the parent.

Because linked-clone desktop pools share a base image, you can quickly deploy updates and patches byupdating only the parent virtual machine. End users' settings, data, and applications are not affected.

vCenter ServerThis service acts as a central administrator for VMware ESX servers that are connected on a network. vCenterServer, formerly called VMware VirtualCenter, provides the central point for configuring, provisioning, andmanaging virtual machines in the datacenter.

In addition to using these virtual machines as sources for View desktop pools, you can use virtual machinesto host the server components of VMware View, including Connection Server instances, Active Directoryservers, and vCenter Server instances.


12 VMware, Inc.

You can install View Composer on the same server as vCenter Server to create linked-clone desktop pools.vCenter Server then manages the assignment of the virtual machines to physical servers and storage andmanages the assignment of CPU and memory resources to virtual machines.

You install vCenter Server in a Windows Server 2003 server, preferably on a VMware virtual machine.


VMware, Inc. 13


14 VMware, Inc.

Planning a Rich User Experience 2VMware View provides the familiar, personalized desktop environment that end users expect. End users canaccess USB and other devices connected to their local computer, send documents to any printer that their localcomputer can detect, authenticate with smart cards, and use multiple display monitors.

VMware View includes many features that you might want to make available to your end users. Before youdecide which features to use, however, you must understand the limitations and restrictions of each feature


n “Feature Support Matrix,” on page 15

n “Choosing a Display Protocol,” on page 16

n “Accessing USB Devices Connected to a Local Computer,” on page 18

n “Printing from a View Desktop,” on page 18

n “Streaming Multimedia to a View Desktop,” on page 19

n “Using Single Sign-On for Logging In to a View Desktop,” on page 19

n “Using Multiple Monitors with a View Desktop,” on page 19

Feature Support MatrixMost features, such as access to local USB devices, virtual printing, Wyse multimedia redirection (MMR), andPCoIP and Microsoft RDP display protocols, are supported on most client operating systems.

When planning which display protocol and features to make available to your end users, use Table 2-1 todetermine which client operating systems support the feature.

Table 2-1. Features Supported on 32-Bit Windows Clients

Feature Win 2000 Win XP Pro Win XP HomeVista BusSP1, SP2

Vista Ult SP1,SP2 Vista Ent SP2

USB access X X X X X

RDP displayprotocol

X X X X X X

PCoIP displayprotocol

X X SP2 only SP2 only X

HP RGSdisplayprotocol

X X SP2 only X

Wyse MMR X X SP1 only

VMware, Inc. 15

Table 2-1. Features Supported on 32-Bit Windows Clients (Continued)

Feature Win 2000 Win XP Pro Win XP HomeVista BusSP1, SP2

Vista Ult SP1,SP2 Vista Ent SP2

Virtualprinting

X X X SP1 only

OfflineDesktop

X

NOTE The HP RGS and PCoIP display protocols are not available if you use the Web Portal instead of thenative View Client. For information about client hardware requirements and View destkop requirements forPCoIP, see “VMware View with PCoIP,” on page 17.

As Table 2-2 shows, options are limited for Linux and Mac clients that are experimentally supported throughWeb Portal.

Table 2-2. Features That Web Portal Supports for Mac OS X and 32-Bit Linux Clients

FeatureRed Hat EntLinux 5.1

SUSE Linux EntDesktop 10

Ubuntu Linux8.04 Mac OS X (10.5) Mac OS X (10.4)

USB access

RDP displayprotocol

X X X X X

PCoIP displayprotocol

HP RGS displayprotocol

Wyse MMR

Virtual printing

Offline Desktop

In addition, several VMware partners offer thin client devices for VMware View deployments. The featuresthat are available for each thin client device are determined by the vendor and model and the configurationthat an enterprise chooses to use. For information about the vendors and models for thin client devices, see theThin Client Compatibility Guide, available on the VMware Web site.

Choosing a Display ProtocolA display protocol provides end users with a graphical interface to a View desktop that resides in thedatacenter. You can use Microsoft RDP (Remote Desktop Protocol), HP RGS for HP physical machines, orPCoIP (PC-over-IP).

You can set policies to control which protocol is used or to let end users choose the protocol when they log into a desktop.


16 VMware, Inc.

VMware View with PCoIPPCoIP is a new high-performance remote display protocol provided by VMware. This protocol is available forView desktops that are sourced from virtual machines, Teradici clients, and physical machines that haveTeradici-enabled host cards.

PCoIP can compensate for an increase in latency or a reduction in bandwidth, to ensure that end users canremain productive regardless of network conditions. PCoIP is optimized for delivery of images, audio, andvideo content for a wide range of users on the LAN or across the WAN. PCoIP provides the following features:

n You can use up to 4 monitors and adjust the resolution for each monitor separately, up to 1920 x 1200resolution per display.

n You can copy and paste text between the local system and the View desktop, but you cannot copy andpaste system objects such as folders and files between systems.

n You can configure the amount of bandwidth used by Adobe Flash content to improve the overall Webbrowsing experience and make other applications more responsive.

n PCoIP supports 32-bit color.

n PCoIP supports 128-bit encryption.

n PCoIP supports Advanced Encryption Standard (AES) encryption, which is turned on by default.

n You can use this protocol with your company's virtual private network.

PCoIP has the following limitations:

n The operating system on the View desktop must be Windows XP Professional SP 2 or 3, or Windows VistaSP 1 or 2.

n You cannot use the virtual printing feature with PCoIP.

n Using smart cards is not supported if you use PCoIP.

n Users who access their virtual desktops with View Portal cannot use PCoIP.

Client hardware requirements include the following:

n 800Mhz or higher processor speed

n x86-based processor with SSE2 extensions

View clients that use PCoIP can connect to View security servers, but PCoIP sessions with the virtual desktopignore the security server. PCoIP uses the User Datagram Protocol (UDP) for streaming audio and video.Security servers support only TCP.

Microsoft RDPRemote Desktop Protocol is the same protocol many people already use to access their work computer fromtheir home computer. RDP provides access to all the applications, files, and network resources on a remotecomputer.

Microsoft RDP provides the following features:

n You can use multiple monitors in span mode.

n You can copy and paste text between the local system and the View desktop, but you cannot copy andpaste system objects such as folders and files between systems.


n RDP supports 32-bit color.

Chapter 2 Planning a Rich User Experience

VMware, Inc. 17

n RDP supports 128-bit encryption.

n You can use this protocol for making secure, encrypted connections to a View security server in thecorporate DMZ.

HP RGS ProtocolRGS is a display protocol from HP that allows users to access the desktop of a remote physical computer overa standard network.

You can use HP RGS as the display protocol when connecting HP Blade PCs, HP Workstations, and HP BladeWorkstations. Connections to virtual machines that run on VMware ESX servers are not supported.

HP RGS provides the following features:

n You can use multiple monitors in span mode.


VMware does not bundle or license HP RGS with VMware View. Contact HP to license a copy of HP RGSversion 5.2.5 to use with VMware View. For information about how to install and configure HP RGScomponents, see the HP RGS documentation available at http://www.hp.com.

Accessing USB Devices Connected to a Local ComputerAdministrators can configure the ability to use USB devices, such as thumb flash drives, VoIP (voice-over-IP)devices, and printers, from a View desktop. This feature is called USB redirection.

When you use this feature, most USB devices that are attached to the local client system become available froma menu in View Client. You use the menu to connect and disconnect the devices.

USB devices that do not appear in the menu, but are available in a View desktop, include smart card readersand human interface devices such as keyboards and pointing devices. The View desktop and the local computeruse these devices at the same time.

This feature has the following limitations:

n When you access a USB device from a menu in View Client and use the device in a View desktop, youcannot access the device on the local computer.

n USB redirection is not supported on Windows 2000 systems.

n If you use View Portal to access a View desktop, this feature is available only on Windows clients andthen only if you first install View Client on the local Windows system with the optional USB redirectioncomponent.

n To use a USB printer in a View desktop, you must install the required print drivers in the View desktop.

Printing from a View DesktopThe virtual printing feature allows end users to use local or network printers from a View desktop withoutrequiring that additional print drivers be installed in the View desktop. For each printer available through thisfeature, you can set preferences for data compression, print quality, double-sided printing, color, and so on.

After a printer is added on the local computer, View adds that printer to the list of available printers on theView desktop. No further configuration is required. Users who have administrator privileges can still installprinter drivers on the View desktop without creating a conflict with the virtual printing component.


18 VMware, Inc.

http://www.hp.com

The virtual printing feature has the following limitations:

n This feature is not available if you use PCoIP.

n If you use View Portal to access a View desktop, this feature is available only on Windows clients andthen only if you first install View Client on the local Windows system with the optional USB redirectioncomponent.

n This feature is not available for USB printers. To use a USB printer in a View desktop, you must install therequired print drivers in the View desktop.

Streaming Multimedia to a View DesktopWyse MMR (multimedia redirection) enables full-fidelity playback when multimedia files are streamed to aView desktop.

The MMR feature supports the following media file formats:

n AC3

n MP3

n MPEG-1, MPEG-2, MPEG-4-part2

n WMA

n WMV 7, 8, and 9


n For best quality, use Windows Media Player 10 or later, and install it on both the local computer, or clientaccess device, and the View desktop.

n The Wyse MMR port, which is 9427 by default, must be added as a firewall exception in the View desktop.

Using Single Sign-On for Logging In to a View DesktopThe single-sign-on (SSO) feature allows you to configure View Manager so that end users are prompted to login only once.

If you do not use the single-sign-on feature, end users must log in twice. They are first prompted to log in toView Connection Server and then are prompted log in to their View desktop. If smart cards are also used, endusers must sign in three times because users must also log in when the smart card reader prompts them for aPIN.

SSO is implemented as an optional component that you can select when you install the View Agent on a desktopsource. This feature includes the Graphical Identification and Authentication (GINA) dynamic-link library forWindows XP and a credential provider dynamic-link library for Windows Vista.

Using Multiple Monitors with a View DesktopRegardless of the display protocol, you can use multiple monitors with a View desktop.

If you use PCoIP, the display protocol from VMware, you can adjust the display resolution and rotationseparately for each monitor. PCoIP allows a true multiple-monitor session rather than a span mode session.

A span mode remote session is actually a single-monitor session. The monitors must be the same size andresolution, and the monitor layout must fit within a bounding box. If you maximize an application window,the window spans across all monitors.

In a true multiple-monitor session, monitors can have different resolutions and sizes, and a monitor can bepivoted. If you maximize an application window, the window expands to the full screen of only the monitorthat contains it.

Chapter 2 Planning a Rich User Experience

VMware, Inc. 19


n The maximum number of monitors that you can use to display a View desktop is 10 if you use the RDPdisplay protocol and 4 if you use PCoIP.

n If you use Microsoft RDP display protocol, you must have Microsoft Remote Desktop Connection (RDC)6.0 or higher installed in the View desktop.


20 VMware, Inc.

Managing Desktop Pools from aCentral Location 3

You can create pools that include one or hundreds of virtual desktops. As a desktop source, you can use virtualmachines, physical machines, and Windows Terminal Services servers. Create one virtual machine as a baseimage, and VMware View can generate a pool of virtual desktops from that image.


n “Advantages of Desktop Pools,” on page 21

n “Reducing and Managing Storage Requirements,” on page 22

n “Application Provisioning,” on page 23

n “Using Active Directory GPOs to Manage Users and Desktops,” on page 24

Advantages of Desktop PoolsVMware View offers the ability to create and provision pools of desktops as its basis of centralizedmanagement.

You create a virtual desktop pool from one of the following sources:

n A physical system such as a physical desktop PC or a Windows Terminal Services server

n A virtual machine that is hosted on an ESX server and managed by vCenter Server

n A virtual machine that runs on VMware Server or some other virtualization platform that supports ViewAgent

If you use a vCenter virtual machine as a desktop source, you can automate the process of making as manyidentical virtual desktops as you need. You can set a minimum and maximum number of virtual desktops tobe generated for the pool. Setting these parameters ensures that you always have enough View desktopsavailable for immediate use but not so many that you overuse available resources.

Using pools to manage desktops allows you to apply settings to all virtual desktops in a pool. The followingexamples show some of the settings available:

n Specify which display protocol to use as the default for the View desktop and whether to let end usersoverride the default.

n Configure the display quality and bandwidth throttling of Adobe Flash animations.

n If using a virtual machine, specify whether to power off the virtual machine when it is not in use andwhether to delete it altogether.

VMware, Inc. 21

In addition, using desktop pools provides many conveniences.

Persistent pools Each user is assigned a particular View desktop and returns to the same virtualdesktop at each login. Users can personalize their desktops, install applications,and store data.

Nonpersistent pools The virtual desktop is optionally deleted and re-created after each use, offeringa highly controlled environment. A nonpersistent desktop is like a computerlab or kiosk environment where each desktop is loaded with the necessaryapplications and all desktops have access to necessary data.

Using nonpersistent pools also allows you to create a pool of desktops that canbe used by shifts of users. For example, a pool of 100 desktops could be usedby 300 users if they worked in shifts of 100 users at a time.

Reducing and Managing Storage RequirementsUsing virtual desktops that are managed by vCenter provides all the storage efficiencies that were previouslyavailable only for virtualized servers. Using View Composer increases the storage savings because all desktopsin a pool share a virtual disk with a base image.

n Managing Storage with vSphere on page 22VMware vSphere lets you virtualize disk volumes and file systems so that you can manage and configurestorage without having to consider where the data is physically stored.

n Reducing Storage Requirements with View Composer on page 22Because View Composer creates desktop images that share virtual disks with a base image, you canreduce the required storage capacity by 50 to 90 percent.

Managing Storage with vSphereVMware vSphere lets you virtualize disk volumes and file systems so that you can manage and configurestorage without having to consider where the data is physically stored.

Fibre Channel SAN arrays, iSCSI SAN arrays, and NAS arrays are widely used storage technologies supportedby VMware vSphere to meet different datacenter storage needs. The storage arrays are connected to and sharedbetween groups of servers through storage area networks. This arrangement allows aggregation of the storageresources and provides more flexibility in provisioning them to virtual machines.

Reducing Storage Requirements with View ComposerBecause View Composer creates desktop images that share virtual disks with a base image, you can reducethe required storage capacity by 50 to 90 percent.

View Composer uses a base image, or parent virtual machine, and creates a pool of up to 512 linked-clonevirtual machines. Each linked clone acts like an independent desktop, with a unique host name and IP address,yet the linked clone requires significantly less storage.

When you create a linked-clone desktop pool, a full clone is first made from the parent virtual machine. Thefull clone, or replica, and the clones linked to it are placed on the same data store, or LUN (logical unit number).If necessary, you can use the rebalance feature to move the replica and linked clones from one LUN to another.

When you create persistent desktop pools, View Composer also creates a separate user data disk for eachvirtual desktop. The end user's profile and application data are saved on the user data disk. VMwarerecommends that you keep user data disks on a separate datastore. You can then back up the whole LUN thatholds user data disks.


22 VMware, Inc.

Application ProvisioningWith VMware View, you can use traditional application provisioning techniques, you can virtualizeapplications with VMware ThinApp, or you can you can deploy applications as part of a View Composer baseimage.

n Deploying Applications and System Updates with View Composer on page 23Because linked-clone desktop pools share a base image, you can quickly deploy updates and patches byupdating the parent virtual machine.

n Virtualizing Applications with VMware ThinApp on page 23ThinApp™ lets you package an application into a single file that runs in a virtualized applicationsandbox. This strategy results in flexible, conflict-free application provisioning.

n Using Existing Processes for Application Provisioning on page 24With VMware View, you can continue to use the application provisioning techniques that your companycurrently uses. Two additional considerations include managing server CPU usage and storage I/O anddetermining whether users are permitted to install applications.

Deploying Applications and System Updates with View ComposerBecause linked-clone desktop pools share a base image, you can quickly deploy updates and patches byupdating the parent virtual machine.

The recompose feature allows you to make changes to the parent virtual machine, take a snapshot of the newstate, and push the new version of the image to all, or a subset of, users and desktops. You can use this featurefor the following tasks:

n Applying operating system and software patches and upgrades

n Applying service packs

n Adding applications

n Adding virtual devices

n Changing other virtual machine settings, such as available memory

If you want to disallow users from adding or removing software or changing settings, you can use the refreshfeature to bring the desktop back to its default values. This feature also reduces the size of linked clones, whichtend to grow over time.

Virtualizing Applications with VMware ThinAppThinApp™ lets you package an application into a single file that runs in a virtualized application sandbox.This strategy results in flexible, conflict-free application provisioning.

When you create a virtualized application with ThinApp, users can either stream the application from a sharedfile server or copy the application to their virtual desktops. If you configure the virtualized application forstreaming, you must address the following architectural considerations:

n Access for specific user groups to specific applications

n Storage configuration for the shared repository

n Network traffic generated by streaming, which depends largely on the type of application

For streamed applications, users can launch the applications directly from the shared file server, or indirectly,by using a desktop shortcut.

If you configure a ThinApp package file so that it is copied to a virtual desktop and run there, the architecturalconsiderations are similar to those that you address when you use traditional MSI-based software provisioning.

Chapter 3 Managing Desktop Pools from a Central Location

VMware, Inc. 23

Using Existing Processes for Application ProvisioningWith VMware View, you can continue to use the application provisioning techniques that your companycurrently uses. Two additional considerations include managing server CPU usage and storage I/O anddetermining whether users are permitted to install applications.

If you push applications out to large numbers of virtual desktops at exactly the same time, you might seesignificant spikes in CPU usage and storage I/O. These peak workloads can have noticeable effects on desktopperformance. As a best practice, schedule application updates to occur during off-peak hours and staggerupdates to desktops if possible. You must also verify that your storage solution is designed to support suchworkloads.

If your company allows users to install applications, you can continue your current policies, but you cannottake advantage of View Composer features. With View Composer, if an application is not virtualized orotherwise included in the user's profile or data settings, that application is discarded whenever a ViewComposer refresh, recompose, or rebalance operation occurs. In many cases, this ability to tightly control whichapplications are installed is a benefit. View Composer desktops are easy to support because they are kept closeto a known good configuration.

If users have firm requirements for installing their own applications and having those applications persist forthe lifetime of the virtual desktop, instead of using View Composer for application provisioning, you can createfull persistent desktops and allow users to install applications.

Using Active Directory GPOs to Manage Users and DesktopsVMware View includes many Group Policy Object (GPO) templates for centralizing the management andconfiguration of View Manager and View desktops.

After you import these templates into Active Directory, you can use them to set policies that apply to thefollowing groups and components:

n All systems regardless of which user logs in

n All users regardless of the system they log in to

n View Connection Server configuration

n View Client configuration

n View Agent configuration

After a GPO is applied, properties are stored in the local Windows registry of the specified component.

You can use GPOs to set all the policies that are available from the View Administrator user interface (UI). Youcan also use GPOs to set policies that are not available from the UI. For a complete list and description of thesettings available through GPO templates, see the View Manager Administration Guide.


24 VMware, Inc.

Architecture Design Elements andPlanning Guidelines 4

A typical VMware View architecture design uses a building block strategy to achieve scalability. Each buildingblock consists of components that support up to 1,000 virtual desktops. The overall design integrates 5 of thesebuilding blocks.

This architecture provides a standard, scalable design that you can adapt to your enterprise environment andspecial requirements. This chapter includes enough details about requirements for memory, CPU, storagecapacity, network components, and hardware to give IT architects and planners a practical understanding ofwhat is involved in deploying a VMware View solution.


n “Desktop Virtual Machine Configuration,” on page 25

n “vCenter and View Composer Virtual Machine Configuration and Desktop Pool Maximums,” onpage 30

n “Connection Server Virtual Machine Configuration and Maximums,” on page 31

n “VMware View Node,” on page 32

n “vSphere Clusters,” on page 33

n “VMware View Building Blocks,” on page 34

n “VMware View Pod,” on page 37

Desktop Virtual Machine ConfigurationVirtual machines that are used as View desktops for end users do not require as much disk space and processingresources as server virtual machines.

When you create a virtual machine that is to be used as a View desktop, the choices that you make regardingRAM, CPU, and disk space have a significant effect on your choices for server hardware and expenditures.

n Planning Based on Types of Workers on page 26For many configuration elements, including RAM, CPU, and storage sizing, requirements depend largelyon the type of worker who uses the virtual desktop and on the applications that must be installed.

n Allocating Memory to a Guest Operating System on page 26RAM costs more for servers than it does for PCs. Because the cost of RAM is a high percentage of overallserver hardware costs, determining the correct memory allocation is crucial to planning your desktopdeployment.

VMware, Inc. 25

n Estimating CPU Requirements for Virtual Desktops on page 28When estimating CPU, you must gather information about the average CPU utilization for various typesof workers in your enterprise. In addition, calculate that another 10 to 25 percent of processing power isrequired for virtualization overhead and peak periods of usage.

n Choosing the Appropriate System Disk Size on page 29When allocating disk space, provide only enough space for the operating system, applications, andadditional content that users might install or generate. Usually this amount is smaller than the size ofthe disk that is included on a physical PC.

n Example Configuration for a Virtual Machine Desktop on page 29Because the amount of RAM, CPU, and disk space that virtual desktops require depend on the guestoperating system, separate configuration examples are provided for Windows XP and Windows Vistavirtual desktops.

Planning Based on Types of WorkersFor many configuration elements, including RAM, CPU, and storage sizing, requirements depend largely onthe type of worker who uses the virtual desktop and on the applications that must be installed.

For architecture planning, workers can be categorized into several types.

Task workers Task workers and administrative workers perform repetitive tasks within asmall set of applications, usually at a stationary computer. The applications areusually not as CPU- and memory-intensive as those used by knowledgeworkers. Task workers who work specific shifts might all log in to their virtualdesktop at the same time. Task workers include call center analysts, retailemployees, warehouse workers, and so on.

Knowledge workers Knowledge workers' daily tasks include accessing the Internet, using email,and creating complex documents, presentations, and spreadsheets. Knowledgeworkers include accountants, sales managers, marketing research analysts, andso on.

Power users Power users include application developers and people who use graphics-intensive applications.

Allocating Memory to a Guest Operating SystemRAM costs more for servers than it does for PCs. Because the cost of RAM is a high percentage of overall serverhardware costs, determining the correct memory allocation is crucial to planning your desktop deployment.

If the RAM allocation is too low, storage I/O can be negatively affected because too much memory swappingoccurs. If the RAM allocation is too high, storage capacity can be negatively affected because the paging filein the guest operating system and the swap and suspend files for each virtual machine grow too large.


26 VMware, Inc.

RAM Sizing Impact on PerformanceWhen allocating RAM, avoid choosing an overly conservative setting. Take the following considerations intoaccount:

n Insufficient RAM allocations can cause excessive guest swapping, which can generate I/O that causessignificant performance degradations and increases storage I/O load.

n VMware ESX supports sophisticated memory resource management algorithms such as transparentmemory sharing and memory ballooning, which can significantly reduce the physical RAM needed tosupport a given guest RAM allocation. For example, even though 2GB might be allocated to a virtualdesktop, only a fraction of that number is consumed in physical RAM.

n Because virtual desktop performance is sensitive to response times, on the ESX server, you must setnonzero values for RAM reservation settings. Reserving some RAM guarantees that idle but in-usedesktops are never completely swapped out to disk. However, higher reservation settings affect yourability to overcommit memory on an ESX server and might affect VMotion maintenance operations.

RAM Sizing Impact on StorageThe amount of RAM that you allocate to a virtual machine is directly related to the size of the certain files thatthe virtual machine uses.

Windows page file By default, this file is sized at 150 percent of guest RAM. This file, which isusually located at C:\pagefile.sys, causes linked-clone virtual machines andthin-provisioned storage to grow because it is accessed frequently. Reducingthe size of the page file often reduces the size of virtual disks (.vmdk files) forlinked clones. Although you can adjust the size from within Windows, doingso might have a negative effect on application performance.

Windows hibernate filefor laptops

This file can equal 100 percent of guest RAM. You can safely delete this filebecause it is not needed in View deployments, even if you use View Client withOffline Desktop.

ESX swap file This file, which has a .vswp extension, is created if you reserve less than 100percent of a virtual machine's RAM. The size of the swap file is equal to theunreserved portion of guest RAM. For example, if 50 percent of guest RAM isreserved and guest RAM is 2GB, the ESX swap file is 1GB.

ESX suspend file This file, which has a .vmss extension, is created if you set the desktop poollogoff policy so that the virtual desktop is suspended when the end user logsoff. The size of this file is equal to the size of guest RAM.

RAM Sizing for Specific Monitor Configurations When Using PCoIPIf you use PCoIP, the display protocol from VMware, the amount of memory required depends in part on thenumber of monitors configured for end users and on the display resolution. Table 4-1 lists the amount ofmemory required for various configurations. The amounts of memory listed in the columns are in addition tothe amount of memory required for other PCoIP functionality.

Because you allocate RAM in increments, the table shows which increment to use. For example, a single-monitor configuration that uses VGA requires 37.03MB, but the smallest RAM increment is 64MB.

Chapter 4 Architecture Design Elements and Planning Guidelines

VMware, Inc. 27

Table 4-1. PCoIP Client Display Overhead

DisplayResolutionStandard Width, in Pixels Height, in Pixels

1-MonitorOverhead (RAMIncrements)



VGA 640 480 37.03MB (64MB) 44.06MB (64MB) 58.13MB (64MB)

SVGA 800 600 40.06MB (64MB) 51.97MB (64MB) 73.95MB (96MB)

720p 1280 720 51.09MB (64MB) 72.19MB (96MB) 114.38MB (128MB)

UXGA 1600 1200 73.95MB (96MB) 117.89MB(128MB)

205.78MB (256MB)

1080p 1920 1080 77.46MB (96MB) 124.92MB(128MB)

219.84MB (256MB)

WUXGA 1920 1200 82.73MB (96MB) 135.47MB(196MB)

240.94MB (256MB)

QXGA 2048 1536 102.00MB(128MB)

174.00MB(196MB)

318.00MB (384MB)

WQXGA 2560 1600 123.75MB(128MB)

217.50MB(256MB)

405.00MB (512MB)

RAM Sizing for Specific Workloads and Operating SystemsBecause the amount of RAM required can vary widely, depending on the type of worker, many companiesconduct a pilot phase to determine the correct setting for various pools of workers in their enterprise.

A good starting point is to allocate 1024MB for Windows XP desktops and 1536MB for Windows Vista desktops.During a pilot, monitor the performance and disk space used with various types of workers and makeadjustments until you find the optimal setting for each pool of workers.

Estimating CPU Requirements for Virtual DesktopsWhen estimating CPU, you must gather information about the average CPU utilization for various types ofworkers in your enterprise. In addition, calculate that another 10 to 25 percent of processing power is requiredfor virtualization overhead and peak periods of usage.

CPU requirements vary by worker type. Software developers or other power uses with high-performanceneeds might have much higher CPU requirements than knowledge workers. Knowledge workers, in turn,might have higher CPU requirements than data-entry task workers. During your pilot phase, use aperformance monitoring tool, such as Perfmon, to understand both the average and peak CPU use levels forthese groups of workers.

Because many virtual machines run on one server, CPU can spike if agents such as antivirus agents all checkfor updates at exactly the same time. Determine which agents and how many agents could cause performanceissues and adopt a strategy for addressing these issues. For example, the following strategies might be helpfulin your enterprise:

n Use View Composer to update images rather than having software management agents downloadsoftware updates to each individual virtual desktop.

n Schedule antivirus and software updates to run at nonpeak hours, when few users are likely to be loggedin.

n Stagger or randomize when updates occur.


28 VMware, Inc.

As a sizing approach, VMware recommends that you determine how many virtual desktops can beaccommodated per CPU core. A good starting point is to pilot 8 virtual machines per core. For example, if youmonitor a single-core, 2.2GHz processor, physical PC and find that average CPU use is 2.79 percent, the amountof CPU is 130MHz. If you have a 2-socket quad core ESX server, you can host 64 virtual machines on the serverduring the pilot. Allocating 130MHz to each of the 64 virtual machines means that the total average CPUrequired is 8.3GHz.

In addition to the CPU required for the guest operating system and applications, you must also consider theadditional processing power required for virtualizing the desktop and for utilization spikes. This overheadamounts to 10 to 25 percent of the average CPU. For this example, a conservative estimate of CPU requiredwould be 25 percent of 8.3GHz. Therefore, the total CPU speed of the ESX server would have to be 10.38GHz.

Choosing the Appropriate System Disk SizeWhen allocating disk space, provide only enough space for the operating system, applications, and additionalcontent that users might install or generate. Usually this amount is smaller than the size of the disk that isincluded on a physical PC.

Because datacenter disk space usually costs more per gigabyte than desktop or laptop disk space in a traditionalPC deployment, optimize the operating system image size. The following suggestions might help optimizeimage size:

n Remove unnecessary files. For example, reduce the quotas on temporary Internet files.

n Choose a virtual disk size that is sufficient to allow for future growth, but is not unrealistically large.

n Use centralized file shares or a VMware View user data disk for user-generated content and user-installedapplications.

The amount of storage space required must take into account the following files for each virtual desktop:

n The ESX suspend file is equivalent to the amount of RAM allocated to the virtual machine.

n The Windows page file is equivalent to 150 percent of RAM.

n Log files take up approximately 100MB for each virtual machine.

n The virtual disk, or .vmdk file, must accommodate the operating system, applications, and futureapplications and software updates. the virtual disk must also accommodate local user data and user-installed applications if they are located on the virtual desktop rather than on file shares.

If you use View Composer, the .vmdk files grow over time, but you can control the amount of growth byscheduling View Composer refresh operations and setting a storage over-commit policy for View desktoppools.

You can also add 15 percent to this estimate to be sure that users do not run out of disk space.

Example Configuration for a Virtual Machine DesktopBecause the amount of RAM, CPU, and disk space that virtual desktops require depend on the guest operatingsystem, separate configuration examples are provided for Windows XP and Windows Vista virtual desktops.

The example settings for virtual machines such as memory, number of virtual processors, and disk space areVMware View-specific and are based on information that was collected while validating the VMware ViewReference Architecture: A Guide to Large-scale Enterprise VMware View Deployments. This architecture usedVMware Infrastructure 3.5 to host and manage virtual machines. For information about limits of virtualmachines in vSphere, see the VMware vSphere Configuration Maximums document.

The guidelines listed in Table 4-2 are for a standard Windows XP virtual desktop.


VMware, Inc. 29

Table 4-2. Desktop Virtual Machine Example for Windows XP

Item Example

Operating system 32-bit Windows XP (with the latest service pack)

RAM 1024MB (512MB low end, 2048 high end)

Virtual CPU 1

System disk capacity 16GB (8GB low end, 40GB high end)

User data capacity (either as a user data disk or as aredirected profile)

5GB (starting point)

Virtual SCSI adapter type Use LSI Logic, which is not the default

Virtual network adapter Use the default, which is operating system dependent

The amount of system disk space required depends on the number of applications required in the base image.The View reference architecture validated a setup that included 8GB of disk space. Applications includedMicrosoft Word, Excel, PowerPoint, Adobe Reader, Internet Explorer, McAfee Antivirus, and PKZIP.

The amount of disk space required for user data depends on the role of the end user and organizational policiesfor data storage. If you use View Composer, this data is kept on a user data disk. If you use a third-party profilemanagement product, this data can be redirected in a Windows roaming profile to a CIFS file system.

The guidelines listed in Table 4-3 are for a standard Windows Vista virtual desktop.

Table 4-3. Desktop Virtual Machine Example for Windows Vista

Item Example

Operating system 32-bit Windows Vista (with the latest service pack)

RAM 1536MB (standard)

Virtual CPU 1

System disk capacity 20GB (standard)

User data capacity (either as a user data disk or as aredirected profile)

5GB (starting point)

Virtual SCSI adapter type Use the default, which is LSI Logic

Virtual network adapter Use the default, which is operating system dependent

vCenter and View Composer Virtual Machine Configuration andDesktop Pool Maximums

You install both vCenter and View Composer on the same virtual machine. Because this virtual machine is aserver, it requires much more memory and processing power than a desktop virtual machine.

View Composer can create and provision up to 512 desktops per pool. View Composer can also perform arecompose operation on up to 512 desktops at a time.

Although you can install vCenter and View Composer on a physical machine, this example uses virtualmachines with the specifications listed in Table 4-4. The ESX server that hosts these virtual machines can bepart of a VMware HA cluster to guard against physical server failures.

Table 4-4. vCenter Virtual Machine Example and Pool Size Maximum

Item Example

Operating system 32-bit Windows Server 2003 (with the latest service pack)

RAM 4 GB

Virtual CPU 2


30 VMware, Inc.

Table 4-4. vCenter Virtual Machine Example and Pool Size Maximum (Continued)

Item Example

System disk capacity 20GB

SCSI type LSI Logic (the default for Windows Server 2003)

Network adapter VM Network (the default)

Maximum View Composer pool size 512 desktops

IMPORTANT Place the database to which vCenter and View Composer connect on a separate virtual machine.For guidance about database sizing, see http://www.vmware.com/support/vi3/doc/vc_db_calculator.xls.

Connection Server Virtual Machine Configuration and MaximumsWhen you install View Connection Server, the View Administrator user interface is also installed. This serverrequires the same amount of memory and processing resources as a vCenter Server instance.

View Connection Server ConfigurationAlthough you can install View Connection Server on a physical machine, this example uses virtual machineswith the specifications listed in Table 4-5. The ESX server that hosts these virtual machines can be part of aVMware HA cluster to guard against physical server failures.

Table 4-5. Connection Server Virtual Machine Example

Item Example

Operating system 32-bit Windows Server 2003 (with the latest service pack)

RAM 4GB

Virtual CPU 2 or 4

System disk capacity 20GB

SCSI type LSI Logic (the default for Windows Server 2003)

Network adapter VM Network (the default)

1 NIC 1 Gigabit

Maximum Connections for View Connection ServerTable 4-6 provides information about the maximum number of simultaneous connections that a VMware Viewdeployment can accommodate.

Table 4-6. View Desktop Connections

Connection Servers per Deployment Connection TypeMaximum Number of SimultaneousConnections

1 Connection Server Direct connection, RDP 2,000

5 Connection Servers Direct connection, RDP 5,000

3 Connection Servers Tunneled connection, RDP 2,000

1 Connection Server Direct connection, PCoIP 2,000


VMware, Inc. 31

http://www.vmware.com/support/vi3/doc/vc_db_calculator.xls

Table 4-6. View Desktop Connections (Continued)

Connection Servers per Deployment Connection TypeMaximum Number of SimultaneousConnections

1 Connection Server Unified Access to physical PCs 100

1 Connection Server Unified Access to terminal servers 200

Tunneled connections are required if you use security servers for RDP connections from outside the internalcorporate network.

VMware View NodeA node is a single VMware ESX server that hosts virtual machine desktops in a VMware View deployment. Anode can host 8 virtual machines per core and 64 virtual machines per LUN.

VMware View is most cost-effective when you maximize the number of desktops hosted on an ESX server.Although many factors affect server selection, if you are optimizing strictly for acquisition price, you must findserver configurations that are not excessively limited by either CPU cores or RAM.

Generally, you can have 8 virtual machines per CPU core, but you must also consider physical RAMrequirements. After you estimate how much RAM to allocate to each virtual machine, you can determinewhether a given ESX server configuration is core limited or RAM limited. If a server is core limited, it has excessRAM when it runs at the maximum number of virtual machines per core. If a server is RAM limited, the physicalRAM is consumed before the target number of virtual machines per core is achieved.

For information about calculating CPU requirements for each virtual machine, see “Estimating CPURequirements for Virtual Desktops,” on page 28. For information about calculating the amount of RAMrequired per virtual machine, see “Allocating Memory to a Guest Operating System,” on page 26. Also considerthat physical RAM costs are not linear and that in some situations, it can be cost-effective to purchase moresmaller servers that do not use expensive DIMM chips. In other cases, rack density, storage connectivity,manageability and other considerations can make minimizing the number of servers in a deployment a betterchoice.

Recommendations for ESX 3.5 node components in Table 4-7 are VMware View-specific. For generalinformation about limits of ESX hosts in vSphere, see the VMware vSphere Configuration Maximums document.

Table 4-7. VMware View Node Example for an ESX Server

Item Example

ESX version ESX 3.5 U4 or ESX 4.0 U1

Chassis type Blade or rack

CPU 2- or 4-socket quad core

CPU speed 3.0GHz per core

RAM 128GB

Ethernet port 1 Gigabit

Virtual machines per core 8

Cores per node 8 for ESX 3.5, 16 for ESX 4.0 U1

NICs 4 (32 virtual machines per NIC)

View desktop storage density, in virtual machines per LUN 64

Fiber Channel adapter ports 0 or more

NOTE VMware View 3.x is not supported to run on vSphere 4.


32 VMware, Inc.

vSphere ClustersVMware View deployments can use VMware HA clusters to guard against physical server failures. Becauseeach ESX server in a View cluster hosts more than 40 virtual machines, and because of View Composerlimitations, the cluster must contain no more than 8 servers, or nodes.

VMware vSphere and vCenter provide a rich set of features for managing clusters of servers that host Viewdesktops. The cluster configuration is also important because each View desktop pool must be associated witha vCenter resource pool. Therefore, the maximum number of desktops per pool is related to the number ofservers and virtual machines that you plan to run per cluster.

In very large VMware View deployments, vCenter performance and responsiveness can be improved byhaving only one cluster object per datacenter object, which is not the default behavior. By default, VMwarevCenter creates new clusters within the same datacenter object.

Determining Requirements for High AvailabilityVMware vSphere, through its efficiency and resource management, lets you achieve industry-leading levelsof virtual machines per server. But achieving a higher density of virtual machines per server means that moreusers are affected if a server fails.

Requirements for high availability can differ substantially based on the purpose of the desktop pool. Forexample, a nonpersistent pool might have different recovery point objective (RPO) requirements than apersistent pool. For a nonpersistent pool, an acceptable solution might be to have users log in to a differentdesktop if the desktop they are using becomes unavailable.

In cases where availability requirements are high, proper configuration of VMware HA is essential. If you useVMware HA and are planning for a fixed number of desktops per server, run each server at a reduced capacity.If a server fails, the capacity of desktops per server is not exceeded when the desktops are restarted on a differenthost.

For example, in an 8-host cluster, where each host is capable of running 128 desktops, and the goal is to toleratea single server failure, make sure that no more than 128 * (8 - 1) = 896 desktops are running on that cluster. Youcan also use VMware DRS (Distributed Resource Scheduler) to help balance the desktops among all 8 hosts.You get full use of the extra server capacity without letting any hot-spare resources sit idle. Additionally, DRScan help rebalance the cluster after a failed server is restored to service.

You must also make sure that storage is properly configured to support the I/O load that results from manyvirtual machines restarting at once in response to a server failure. Storage IOPS has the most effect on howquickly desktops recover from a server failure.

Example 4-1. Cluster Configuration Example

The settings listed in Table 4-8 are VMware View-specific. For information about limits of HA clusters invSphere, see the VMware vSphere Configuration Maximums document.

Table 4-8. HA Cluster Example

Item Example

Nodes (ESX servers) 8 (including 1 hot spare)

Cluster type DRS (Distributed Resource Scheduler)/HA

Networking component Standard ESX 3.5 or 4 cluster network

Switch ports 48 Managed GigE for ESX 3.5 or 80 for ESX 4

Networking requirements depend on the type of server, the number of network adapters, and the way in whichvMotion is configured.


VMware, Inc. 33

VMware View Building BlocksA 1,000-user building block consists of physical servers, a VMware vSphere infrastructure, VMware Viewservers, shared storage, and 1,000 virtual machine desktops. You can include up to five building blocks in aView pod.

Table 4-9. Example of a LAN-Based View Building Block

Item Example

vSphere clusters 2 (with 8 ESX hosts in each cluster)

48-port network switch 1

Shared network storage component 1

vCenter Server with View Composer 1 (can be run in the block itself)

Database MS 2005 SQL Server or Oracle database server (can be run inthe block itself)

Shared storage component 1 (with 64 virtual machines per LUN)

Networks 3 (a 1Gbit Ethernet network for each: management network,storage network, and VMotion network)

If you have only one building block in a pod, use two View Connection Server instances for redundancy.

This information was taken from the VMware View Reference Architecture: A Guide to Large-scale EnterpriseVMware View Deployments.

Figure 4-1 shows the components of a View building block.

Figure 4-1. VMware View Guilding Block

2 VMwareESX clusters

VMware vCenter Server

8 hosts 8 hosts

shared storage

1000 users

Shared Storage for View Building BlocksStorage considerations are one of the main reasons that enterprises adopt virtualization technology. Thedecision that has the greatest architectural impact is whether to use View Composer desktops, which uselinked-clone technology.

The external storage system that VMware vSphere uses can be a Fibre Channel or iSCSI SAN (storage areanetwork), or an NFS (Network File System) or CIFS (Common Internet File System) NAS (network-attachedstorage). The ESX binaries, virtual machine swap files, and View Composer replicas of parent virtual machinesare stored on this system.


34 VMware, Inc.

From an architectural perspective, the decision about whether to use View Composer has the biggest impacton storage planning. View Composer creates desktop images that share a base image, which can reduce storagerequirements by 50 percent or more. You can further reduce storage requirements by setting a refresh policythat periodically returns the desktop to its original state and reclaims space that is used to track changes sincethe last refresh operation.

You can also reduce operating system disk space by using View Composer user data disks or a shared fileserver as the primary repository for the user profile and user documents. Because View Composer lets youseparate user data from the operating system, you might find that only the user data disk needs to be backedup or replicated, which further reduces storage requirements. For more information, see “Reducing StorageRequirements with View Composer,” on page 22.

Example 4-2. Storage Example

As a storage example, Table 4-10 lists the storage components published in the VMware View ReferenceArchitecture: A Guide to Large-scale Enterprise VMware View Deployments. This table provides some idea of thestorage configuration required for a View building block that can accommodate 1,000 users.

Table 4-10. Example of an EMC NS20FC Storage Configuration

Item Number

Celerra NS20FC with a CLARiiON CX3-10F back-end array 1

CLARiiON write cache 259MB

X-Blade 20 configurations 2

2.8GBz Pentium IV CPUs 2

Double-data rate RAM (266MHz) 4

Fibre Channel ports for back-end storage connectivity 2

10/100/1000 BaseT Ethernet ports 4

300GB/15K 2/4-GB Fibre Channel disks 30

Hardware Examples for View Building Blocks and PodsThe virtual infrastructure for a pod of VMware View building blocks resides on physical servers. VMwareused blade server chassis to validate its building-block architecture, but you can use any type of server withthe same hardware specifications.

Example 4-3. VMware View Infrastructure Hardware

Hardware similar to that shown in Table 4-11 is capable of hosting infrastructure components for a Viewbuilding block. Infrastructure components include virtual machine servers that host Active Directory, DNS,DHCP, View Connection Server instances, vCenter with View Composer, and the database for vCenter.

Table 4-11. Hardware Example for a Building Block with Infrastructure Components

Item Number

16-slot blade chassis 1

Blade servers 4

Quad-core 2.66 GHz processors 4

RAM 32GB

72GB SAS drive 1

Broadcom Gb Ethernet adapters 4

Of the 4 blade servers, 2 are for load clients, 1 is for a View Connection Server instance, and 1 is for ActiveDirectory, DNS, and DHCP.


VMware, Inc. 35

Example 4-4. VMware View Desktop-Hosting Hardware

Hardware similar to that shown in Table 4-12 is capable of hosting the virtual desktops for a View buildingblock that accommodates 1,000 users.

Table 4-12. Hardware Example for a VMware View Building Block

Item Number

16-slot blade chassis 1 for 2 building blocks

Blade servers 16 (8 for each cluster)

Quad-core 2.66 GHz processors 4

RAM 64GB (32GB for each cluster)

72GB SAS drive 2

Broadcom Gb Ethernet adapters 12 (6 for each cluster)

4-port gigabit uplink modules 12 (6 for each cluster)

Cisco 6500 core networking switch 1

Both the infrastructure components and the View desktops are part of VMware HA clusters to protect themfrom physical server failures.

This information was taken fromVMware View Reference Architecture: A Guide to Large-scale Enterprise VMwareView Deployments.

Bandwidth Considerations for a View Building BlockAlthough many elements are important to designing a storage system that supports a VMware Viewenvironment, from a server configuration perspective, planning for proper bandwidth is essential. You mustalso consider the effects of port consolidation hardware.

Peak WorkloadsVMware View environments can occasionally experience I/O storm loads, during which all virtual machinesundertake an activity at the same time. I/O storms can be triggered by guest-based agents such as antivirussoftware or software-update agents. I/O storms can also be triggered by human behavior, such as when allemployees log in at nearly the same time in the morning.

You can minimize these storm workloads through operational best practices, such as staggering updates todifferent virtual machines. You can also test various log-out policies during a pilot phase to determine whethersuspending or powering off virtual machines when users log out causes an I/O storm.

In addition to determining best practices, VMware recommends that you provide bandwidth of 1Gbps per 100virtual machines, even though average bandwidth might be 10 times less than that. Such conservative planningguarantees sufficient storage connectivity for peak loads.

Display TrafficFor display traffic, many elements can affect network bandwidth, such as protocol used, monitor resolutionand configuration, and the amount of multimedia content in the workload. Concurrent launches of streamedapplications can also cause usage spikes.

Because the effects of these issues can vary widely, many companies monitor bandwidth consumption as partof a pilot project. As a starting point for a pilot, plan for 150 to 200Kbps of capacity for a typical knowledgeworker.


36 VMware, Inc.

WAN SupportFor wide-area networks (WANs), you must consider bandwidth constraints and latency issues.

If you use the RDP display protocol, you must have a WAN optimization product to accelerate applicationsfor users in branch offices or small offices.

Table 4-13. Support for Small and Midsize Offices with WAN Optimization

Item Small Office Midsize Branch Office

Number of users Up to 15 Up to 100

Link type T1 10Mbps

Bandwidth 1.544Mbps 10Mbps

Latency Up to 100ms Up to 100ms

Users who access a View desktop with RDP display protocol from home by using a DSL or cable modem mightnot use a WAN optimizer. In this case, the network can accommodate 3 to 5 users.

This information was taken from the VMware View WAN Reference Architecture.

VMware View PodA VMware View pod integrates five 1,000-user building blocks into a View Manager installation that you canmanage as one entity.

A pod is a unit of organization determined by VMware View scalability limits. Table 4-14 lists the componentsof a View pod.

Table 4-14. Example of a VMware View Pod

Item Number

View building blocks 5

View Connection Servers 5 (one for each building block)

View Security Servers 2 - 5 (load-balanced in the DMZ)

10Gb Ethernet module 1

Modular core networking switch 1

Load-balancing module 1

VPN for WAN 1 (optional)

WAN accelerator if using RDP 1 (optional)

The network core load balances incoming requests across View Connection Server instances. Support for aredundancy and failover mechanism, usually at the network level, prevents the load balancer from becominga single point of failure. For example, the Virtual Router Redundancy Protocol (VRRP) communicates with theload balancer to add redundancy and failover capability.

If a View Connection Server instance fails or becomes unresponsive during an active session, users do not losedata. Desktop states are preserved in the virtual machine desktop so that users can connect to a different ViewConnection Server instance and their desktop session resumes from where it was when the failure occurred.

Figure 4-2 shows how all the components can be integrated into one manageable entity.


VMware, Inc. 37

Figure 4-2. Pod Diagram for 5,000 View Desktops

switched networks

VMware ViewConnection Servers

VMware Viewbuilding blocks

load balancing

network core

Each switched network connects to each View Connection Server


38 VMware, Inc.

Planning for Security Features 5View Manager offers strong network security to protect sensitive corporate data. For added security, you canintegrate View Manager with certain third-party user-authentication solutions, use a security server, andimplement the restricted entitlements feature.


n “Understanding Client Connections,” on page 39

n “Choosing a User Authentication Method,” on page 41

n “Preparing to Use a Security Server,” on page 43

n “Restricting View Desktop Access,” on page 51

Understanding Client ConnectionsView Client and View Administrator communicate with a View Connection Server host over secure HTTPSconnections.

The initial View Client connection, which is used for user authentication and View desktop selection, is createdwhen a user provides an IP address to View Client. The View Administrator connection is created when anadministrator types the View Administrator URL into a Web browser.

View Manager includes a default self-signed SSL certificate that clients can use when they connect to a ViewConnection Server host. By default, clients are presented with this self-signed SSL certificate when they visita secure page such as View Administrator.

You can use the default SSL certificate for testing. Because it is not trusted by clients and does not have thecorrect name for the service, you must replace the default SSL certificate. You can create your own self-signedcertificate, obtain a signed certificate from a Certificate Authority (CA), or use a SSL certificate that you alreadyhave.

n Tunneled Client Connections with Microsoft RDP on page 40When users connect to a View desktop with the Microsoft RDP display protocol, View Client makes asecond HTTPS connection to the View Connection Server host. This connection is called the tunnelconnection because it provides a tunnel for carrying RDP data.

n Direct Client Connections with PCoIP and HP RGS on page 40Administrators can configure View Connection Server settings so that View desktop sessions areestablished directly between the client system and the View desktop virtual machine, bypassing the ViewConnection Server host. This type of connection is called a direct client connection.

n View Client with Offline Desktop Client Connections on page 41View Client with Offline Desktop is an experimental feature that offers mobile users the ability to checkout a cloned instance of certain types of View desktops onto their local computer.

VMware, Inc. 39

Tunneled Client Connections with Microsoft RDPWhen users connect to a View desktop with the Microsoft RDP display protocol, View Client makes a secondHTTPS connection to the View Connection Server host. This connection is called the tunnel connection becauseit provides a tunnel for carrying RDP data.

The tunnel connection offers the following advantages:

n RDP data is tunneled through HTTPS and is encrypted using SSL. This powerful security protocol isconsistent with the security provided by other secure Web sites, such as those that are used for onlinebanking and credit card payments.

n A client can access multiple desktops over a single HTTPS connection, which reduces the overall protocoloverhead.

n Because View Manager manages the HTTPS connection, the reliability of the underlying protocols issignificantly improved. If a user temporarily loses a network connection, the HTTP connection isreestablished after the network connection is restored and the RDP connection automatically resumeswithout requiring the user to reconnect and log in again.

In a standard deployment of View Connection Server instances, the HTTPS secure connection terminates atthe View Connection Server. In a DMZ deployment, the HTTPS secure connection terminates at a securityserver. See “Preparing to Use a Security Server,” on page 43 for information on DMZ deployments andsecurity servers.

Clients that use the PCoIP or HP RGS display protocols do not use the tunnel connection. See “Direct ClientConnections with PCoIP and HP RGS,” on page 40 for more information.

Direct Client Connections with PCoIP and HP RGSAdministrators can configure View Connection Server settings so that View desktop sessions are establisheddirectly between the client system and the View desktop virtual machine, bypassing the View ConnectionServer host. This type of connection is called a direct client connection.

With direct client connections, an HTTPS connection is still made between the client and the View ConnectionServer host for users to authenticate and select View desktops, but the second HTTPS connection (the tunnelconnection) is not used.

If clients use the PCoIP or HP RGS display protocols, you must enable direct client connections.

PCoIP connections include the following built-in security features:

n PCoIP supports Advanced Encryption Standard (AES) encryption, which is turned on by default.

n The hardware implementation of PCoIP uses both AES and IP Security (IPsec).

n PCoIP works with third-party VPN clients.

For clients that use the Microsoft RDP display protocol, direct client connections are appropriate only if yourdeployment is inside a corporate network. With direct client connections, RDP traffic is sent unencrypted overthe connection between the client and the View desktop virtual machine. See “Tunneled Client Connectionswith Microsoft RDP,” on page 40 for more information.


40 VMware, Inc.

View Client with Offline Desktop Client ConnectionsView Client with Offline Desktop is an experimental feature that offers mobile users the ability to check out acloned instance of certain types of View desktops onto their local computer.

View Client with Offline Desktop supports both tunneled and nontunneled communications for LAN-baseddata transfers. With tunneled communications, all traffic is routed through the View Connection Server host,and you can specify whether to encrypt communications and data transfers. With nontunneledcommunications, unencrypted data is transferred directly between the Offline Desktop client system and theView desktop virtual machine.

Offline data is always encrypted on the user's computer, regardless of whether you configure tunneled ornontunneled communications.

Choosing a User Authentication MethodView Manager uses your existing Active Directory infrastructure for user authentication and management bydefault. For added security, you can integrate View Manager with RSA SecurID and smart card authenticationsolutions.

n Active Directory Authentication on page 41Each View Connection Server instance is joined to an Active Directory domain, and users areauthenticated against Active Directory for the joined domain.

n RSA SecurID Authentication on page 42RSA SecurID provides enhanced security with two-factor authentication, which requires knowledge ofthe user's PIN and token code. The token code is only available on the physical SecurID token.

n Smart Card Authentication on page 42A smart card is a small plastic card that is embedded with a computer chip. Many government agenciesand large enterprises use smart cards to authenticate users who access their computer networks. A smartcard is also referred to as a Common Access Card (CAC).

n Log In as Current User Feature on page 43When View Client users select the Log in as current User check box, the credentials that they providedwhen logging in to the client system are used to authenticate to the View Connection Server instance andto the View desktop. No further user authentication is required.

Active Directory AuthenticationEach View Connection Server instance is joined to an Active Directory domain, and users are authenticatedagainst Active Directory for the joined domain.

Users are also authenticated against any additional user domains with which a trust agreement exists.

For example, if a View Connection Server instance is a member of Domain A and a trust agreement existsbetween Domain A and Domain B, users from both Domain A and Domain B can connect to the ViewConnection Server instance with View Client.

Similarly, if a trust agreement exists between Domain A and an MIT Kerberos realm in a mixed domainenvironment, users from the Kerberos realm can select the Kerberos realm name when connecting to the ViewConnection Server instance with View Client.

View Connection Server determines which domains are accessible by traversing trust relationships, startingwith the domain in which the host resides. For a small, well-connected set of domains, View Connection Servercan quickly determine a full list of domains, but the time that it takes increases as the number of domainsincreases or as the connectivity between the domains decreases. The list might also include domains that youwould prefer not to offer to users when they log in to their desktops.

Chapter 5 Planning for Security Features

VMware, Inc. 41

Administrators can use the vdmadmin command to configure domain filtering, which limits the domains that aView Connection Server instance or security server searches, and that it displays to users. See the Command-Line Tool for View Manager technical note for more information.

Policies, such as restricting permitted hours to log in and setting the expiration date for passwords, are alsohandled through existing Active Directory operational procedures.

RSA SecurID AuthenticationRSA SecurID provides enhanced security with two-factor authentication, which requires knowledge of theuser's PIN and token code. The token code is only available on the physical SecurID token.

Administrators can enable individual View Connection Server instances for RSA SecurID authentication byinstalling the RSA SecurID software on the View Connection Server host and modifying View ConnectionServer settings.

When users log in through a View Connection Server instance that is enabled for RSA SecurID authentication,they are first required to authenticate with their RSA user name and passcode. If they are not authenticated atthis level, access is denied. If they are correctly authenticated with RSA SecurID, they continue as normal andare then required to enter their Active Directory credentials.

If you have multiple View Connection Server instances, you can configure RSA SecurID authentication onsome instances and configure a different user authentication method on others. For example, you can configureRSA SecurID authentication only for users that access View desktops remotely over the Internet.

View Manager is certified through the RSA SecurID Ready program and supports the full range of SecurIDcapabilities, including New PIN Mode, Next Token Code Mode, RSA Authentication Manager, and loadbalancing.

Smart Card AuthenticationA smart card is a small plastic card that is embedded with a computer chip. Many government agencies andlarge enterprises use smart cards to authenticate users who access their computer networks. A smart card isalso referred to as a Common Access Card (CAC).

Administrators can enable individual View Connection Server instances for smart card authentication.Enabling a View Connection Server instance to use smart card authentication typically involves adding yourroot certificate to a truststore file and then modifying View Connection Server settings.

Client connections that use smart card authentication must be SSL enabled. Administrators can enable SSL forclient connections by setting a global parameter in View Administrator.

Each client system that uses smart card authentication must have a Windows-compatible smart card readerand product-specific application drivers.

Smart card authentication is supported by View Client only. It is not supported by View Client with OfflineDesktop, View Portal, or View Administrator.

Smart card authentication is not supported for clients that use the PCoIP display protocol.


42 VMware, Inc.

Log In as Current User FeatureWhen View Client users select the Log in as current User check box, the credentials that they provided whenlogging in to the client system are used to authenticate to the View Connection Server instance and to the Viewdesktop. No further user authentication is required.

To support this feature, user credentials are stored on both the View Connection Server instance and on theclient system.

n On the View Connection Server instance, user credentials are encrypted and stored in the user sessionalong with the username, domain, and optional UPN. The credentials are added when authenticationoccurs and are purged when the session object is destroyed. The session object is destroyed when the userlogs out, the session times out, or authentication fails. The session object resides in volatile memory andis not stored in LDAP or in a disk file.

n On the client system, user credentials are encrypted and stored in a table in the Authentication Package,which is a component of View Client. The credentials are added to the table when the user logs in and areremoved from the table when the user logs out. The table resides in volatile memory.

Administrators can use View Client group policy settings to control the availability of the Log in as current usercheck box and to specify its default value.

NOTE When smart card authentication is required, authentication fails for users who select the Log in ascurrent user check box. These users must reauthenticate with their smart card and PIN when logging in to aView desktop.

Preparing to Use a Security ServerA security server is a special instance of View Connection Server that runs a subset of View Connection Serverfunctions. You can use a security server to provide an additional layer of security between the Internet andyour internal network.

A security server resides within a demilitarized zone (DMZ) and acts as a proxy host for connections insideyour trusted network. Each security server is paired with an instance of View Connection Server and forwardsall traffic to that instance. This design provides an additional layer of security by shielding the View ConnectionServer instance from the public-facing Internet and by forcing all unprotected session requests through thesecurity server.

A DMZ deployment requires a few ports to be opened on the firewall to allow clients to connect with securityservers inside the DMZ. You must also configure a few ports for communication between security servers andthe View Connection Server instances in the internal network. See “Firewall Rules for DMZ-Based SecurityServers,” on page 50 for information on specific ports.

Because users can connect directly with any View Connection Server instance from within their internalnetwork, you do not need to implement a security server in a LAN-based deployment.

View clients that use PCoIP can connect to View security servers, but PCoIP sessions with the virtual desktopignore the security server. PCoIP uses the User Datagram Protocol (UDP) for streaming audio and video.Security servers support only TCP.

Security Server TopologiesYou can implement several different security server topologies.

The topology illustrated in Figure 5-1 shows a high-availability environment that includes two load-balancedsecurity servers in a DMZ. The security servers communicate with two View Connection Server instancesinside the internal network.


VMware, Inc. 43

Figure 5-1. Load-Balanced Security Servers in a DMZ

vCenterManagement Server

MicrosoftActive Directory

ViewConnection

Servers

load balancing

ViewSecurityServers

DMZ

external network

remoteView Client

ESX hosts running Virtual Desktop

virtual machines

When remote users connect to a security server, they must successfully authenticate before they can accessView desktops. With appropriate firewall rules on both sides of the DMZ, this topology is suitable for accessingView desktops from client devices located on the Internet.

You can connect multiple security servers to each instance of View Connection Server. You can also combinea DMZ deployment with a standard deployment to offer access for internal users and external users.

The topology illustrated in Figure 5-2 shows an environment where four instances of View Connection Serveract as one group. The instances in the internal network are dedicated to users of the internal network, and theinstances in the external network are dedicated to users of the external network. If the View Connection Serverinstances paired with the security servers are enabled for RSA SecurID authentication, all external networkusers are required to authenticate by using RSA SecurID tokens.


44 VMware, Inc.

Figure 5-2. Multiple Security Servers

vCenterManagement ServerMicrosoft

Active Directory

ViewConnection

Servers

load balancing

ViewSecurityServers

DMZ

external network

remoteView Client

load balancing

internal network

View Client

ESX hosts running Virtual Desktop

virtual machines

You must implement a hardware or software load balancing solution if you install more than one securityserver. View Connection Server works with standard third-party load balancing solutions. View ConnectionServer does not provide its own load balancing functionality.

Firewalls for DMZ-Based Security ServersA DMZ-based security server deployment must include two firewalls.

n An external network-facing, front-end firewall is required to protect both the DMZ and the internalnetwork. You configure this firewall to allow external network traffic to reach the DMZ.

n A back-end firewall, between the DMZ and the internal network, is required to provide a second tier ofsecurity. You configure this firewall to accept only traffic that originates from the services within the DMZ.

Firewall policy strictly controls inbound communications from DMZ services, which greatly reduces the riskof compromising your internal network.

Figure 5-3 shows an example of a configuration that includes front-end and back-end firewalls.


VMware, Inc. 45

Figure 5-3. Dual Firewall TopologyView Client View Portal

HTTPStraffic

HTTPStraffic

fault-tolerantload balancingmechanism

ViewSecurity

Server

DMZ

internalnetwork

ViewConnection

Server

ViewConnectionServer

VMware vCenter

ActiveDirectory

VMware ESX servers

View SecurityServer

firewall

firewall

View Manager Components and ProtocolsView Manager components exchange messages by using several different protocols.

Figure 5-4 illustrates the relationships between the View Manager components, including the protocols thateach component uses for communication, when a security server is not configured.


46 VMware, Inc.

Figure 5-4. View Manager Components and Protocols without a Security Server

ViewAdministrator

ViewMessaging

View SecureGW Server

View Broker &Admin Server

View SecureGW Client

View Agent

View Client

Windows and Linux Clients Web Client Thin Client

ViewConnection

Server

View desktopvirtual machine

View ManagerLDAP

HTTP(S)

HTTP(S)

HTTP(S)

HTTP(S) HTTP(S)

HTTP(S)

JMS

RDP

RDP Client

RDP Client

browser

RDP

PCoIP

PCoIP

vCenterServer

thin clientoperating system

SOAP

RDP RDP

See Table 5-1 for the default ports that are used for each protocol.

Figure 5-5 illustrates the relationships between the security server and all other View Manager components,including the protocols that each component uses for communication, when a security server is configured.


VMware, Inc. 47

Figure 5-5. View Manager Components and Protocols with a Security Server

ViewAdministrator

ViewMessaging


View Broker &Admin Server

View SecureGW Client

View Agent


View Client

Windows and Linux Clients Web Client Thin Client

ViewSecurityServer

ViewConnection

Server

View desktopvirtual machine

View ManagerLDAP

HTTP(S)

HTTP(S)

HTTP(S)

HTTP(S) HTTP(S)

JMS AJP13

HTTP(S)

JMS

RDP

RDP Client

RDP Client

browser

RDP

PCoIP

PCoIP

vCenterServer

thin clientoperating system

SOAP

RDP RDP

Table 5-1 lists the default ports that are used for each protocol.

Table 5-1. Default Ports

Protocol Port

JMS TCP port 4001

AJP13 TCP port 8009NOTE AJP13 is used in a security server configuration only.

HTTP TCP port 80

HTTPS TCP port 443

RDP TCP port 3389For USB redirection, TCP port 32111 is used alongside RDP.For MMR, TCP port 9427 is used alongside RDP.NOTE If the View Connection Server instance is configuredfor direct client connections, these protocols connect directlyfrom the client to the View desktop and are not tunneledthrough the View Secure GW Server component.


48 VMware, Inc.

Table 5-1. Default Ports (Continued)

Protocol Port

SOAP TCP port 80 or 443

PCoIP TCP port 50002 from View Client to the View desktop.PCoIP also uses UDP port 50002 in both directions.For USB redirection, TCP port 32111 is used alongside PCoIPfrom the client to the View desktop.

View Broker and Administration ServerThe View Broker component, which is the core of View Connection Server, is responsible for all user interactionbetween View clients and View Connection Server. View Broker also includes the Administration Server thatis used by the View Administrator Web client.

View Broker works closely with vCenter Server to provide advanced management of View desktops, includingvirtual machine creation and power operations.

View Secure Gateway ServerView Secure Gateway Server is the server-side component for the secure HTTPS connection between Viewclients and a security server or View Connection Server instance.

When you configure the tunnel connection for View Connection Server, RDP, USB, and MultimediaRedirection (MMR) traffic is tunneled through the View Secure Gateway component. When you configuredirect client connections, these protocols connect directly from the client to the View desktop and are nottunneled through the View Secure Gateway Server component.

NOTE PCoIP and HP RGS do not use the tunnel connection.

View Secure Gateway Server is also responsible for forwarding other Web traffic, including user authenticationand desktop selection traffic, from View clients to the View Broker component. View Secure Gateway Serveralso passes View Administrator client Web traffic to the Administration Server component.

View LDAPView LDAP is an embedded LDAP directory in View Connection Server and is the configuration repositoryfor all View configuration data.

View LDAP contains entries that represent each View desktop, each accessible View desktop, multiple Viewdesktops that are managed together, and View component configuration settings.

View LDAP also includes a set of View plug-in DLLs to provide automation and notification services for otherView components.

View MessagingThe View Messaging component provides the messaging router for communication between View ConnectionServer components and between View Agent and View Connection Server.

It supports the Java Message Service (JMS) API, which is used for messaging in View.


VMware, Inc. 49

Firewall Rules for DMZ-Based Security ServersDMZ-based security servers require certain firewall rules on the front-end and back-end firewalls.

Front-End Firewall RulesTo allow external client devices to connect to a security server within the DMZ, the front-end firewall mustallow inbound traffic on certain TCP ports. Table 5-2 summarizes the front-end firewall rules.

Table 5-2. Front-End Firewall Rules

Source Protocol Port Destination Notes

Any HTTP 80 Security server External client devices use port 80 to connect to asecurity server within the DMZ when SSL isdisabled.

Any HTTPS 443 Security server External client devices use port 443 to connect to asecurity server within the DMZ when SSL isenabled (the default).

Back-End Firewall RulesTo allow a security server to communicate with each View Connection Server instance that resides within theinternal network, the back-end firewall must allow inbound traffic on certain TCP ports. Behind the back-endfirewall, internal firewalls must be similarly configured to allow View desktops and View Connection Serverinstances to communicate with each other. Table 5-3 summarizes the back-end firewall rules.

Table 5-3. Back-End Firewall Rules

Source Protocol Port Destination Notes

Security server AJP13 8009 View Connection Server Security servers use port 8009 totransmit AJP13-forwarded Web trafficto View Connection Server instances.

Security server JMS 4001 View Connection Server Security servers use port 4001 totransmit Java Message Service (JMS)traffic to View Connection Serverinstances.

Security server RDP 3389 View desktop Security servers use port 3389 totransmit RDP traffic to View desktops.NOTE For USB redirection, TCP port32111 is used alongside RDP. For MMR,TCP port 9427 is used alongside RDP.

TCP Ports for View Connection Server CommunicationGroups of View Connection Server instances use additional TCP ports to communicate with each other. Forexample, View Connection Server instances use port 4100 to transmit JMS inter-router traffic to each other.

Because firewalls are generally not used between the View Connection Server instances in a group, those TCPports are not described here.

General Firewall Rules for View Manager ComponentsIn any firewall configuration, TCP ports must be opened to allow traffic between certain View Managercomponents.

See “Firewall Rules for DMZ-Based Security Servers,” on page 50 for firewall rules that are specific to securityserver implementations.


50 VMware, Inc.

Firewall Rules for View AgentTable 5-4 lists the TCP ports that are opened on the firewall by the View Agent installation program. Ports areincoming TCP ports unless otherwise noted. See “View Manager Components and Protocols,” on page 46 forinformation on protocol direction.

Table 5-4. TCP Ports Opened During View Agent Installation

Protocol Ports

RDP 3389

USB redirection 32111

MMR 9427

PCoIP 50002 (TCP and UDP)

HP RGS 42966

The View Agent installer configures the local firewall rule for inbound RDP connections to match the currentRDP port of the host operating system, which is typically 3389. If you change the RDP port number, you mustchange the associated firewall rules.

The HP RGS Sender application is the server-side component of the HP RGS remote display protocol and usesport 42966 by default.

If you use a virtual machine template as a desktop source, firewall exceptions carry over to deployed desktopsonly if the template is a member of the desktop domain. You can use Microsoft group policy settings to managelocal firewall exceptions. See the Microsoft Knowledge Base (KB) article 875357 for more information.

Firewall Rules for Active DirectoryIf you have a firewall between your View environment and your Active Directory server, you must make surethat all of the necessary ports are opened. For example, View Connection Server must be able to access theActive Directory Global Catalog and Lightweight Directory Access Protocol (LDAP) servers. If the GlobalCatalog and LDAP ports are blocked by your firewall software, administrators will have problems configuringuser entitlements.

See the Microsoft documentation for your Active Directory server version for information about the ports thatmust be opened for Active Directory to function correctly through a firewall.

Firewall Rules for View Client with Offline DesktopView Client with Offline Desktop data is downloaded and uploaded through port 902. If you intend to use theView Client with Offline Desktop feature, this port must be accessible to your ESX host.

Restricting View Desktop AccessYou can use the restricted entitlements feature to restrict View desktop access based on the View ConnectionServer instance that a user connects to.

With restricted entitlements, you assign one or more tags to a View Connection Server instance. Then, whenconfiguring a desktop or desktop pool, you select the tags of the View Connection Server instances that youwant to be able to access the desktop or desktop pool. When users log in through a tagged View ConnectionServer instance, they can access only those desktops and desktop pools that have at least one matching tag orno tags.


VMware, Inc. 51

For example, your deployment might include two View Connection Server instances. The first instancesupports your internal users. The second instance is paired with a security server and supports your externalusers. To prevent external users from accessing certain desktops, you could set up restricted entitlements asfollows:

n Assign the tag "Internal" to the View Connection Server instance that supports your internal users.

n Assign the tag "External" to the View Connection Server instance that is paired with the security serverand supports your external users.

n Assign the "Internal" tag to the desktops and desktop pools that should be accessible only to internal users.

n Assign the "External" tag to the desktops and desktop pools that should be accessible only to externalusers.

External users cannot see the desktops and desktop pools tagged as Internal because they log in through theView Connection Server tagged as External, and internal users cannot see the desktops and desktop poolstagged as External because they log in through the View Connection Server tagged as Internal. Figure 5-6illustrates this configuration.

Figure 5-6. Restricted Entitlements Example

DMZ

external network

remoteView Client

ViewConnection

ServerTag: “External”

desktop pool ATag: “External”

ViewSecurityServer

VM VM

VM VM

localView Client

ViewConnection

ServerTag: “Internal”

desktop pool BTag: “Internal”

VM VM

VM VM

You can also use restricted entitlements to control desktop access based on the user-authentication methodthat you configure for a particular View Connection Server instance. For example, you can make certaindesktops available only to users who have authenticated with a smart card.

The restricted entitlements feature only enforces tag matching. You must design your network topology toforce certain clients to connect through a particular View Connection Server instance.


52 VMware, Inc.

Overview of Steps to Setting Up aVMware View Environment 6

The View Installation and Setup check list shows you all the high-level tasks for creating a View deployment,tells what order to do them in, and specifies which documents provide instructions.

Table 6-1. View Installation and Setup Check List

Step Task

1 Set up the required administrator users and groups in Active Directory.Instructions: VMware View Manager Administration Guide and the vSphere documentation

2 (Optional) Install and set up VMware ESX servers and vCenter ServerInstructions: vSphere documentation, Documentation Roadmap

3 (Optional) Install View Composer on vCenter Server.Instructions: VMware View Manager Administration Guide

4 Install View Connection Server.Instructions: VMware View Manager Administration Guide

5 Copy the Active Directory GPO templates from the View Connection Server machine to the Active Directoryserver and import them.Instructions: VMware View Manager Administration Guide

6 Do an initial configuration of View Connection Server.Instructions: VMware View Manager Administration Guide

7 Create one or more virtual machines that can be used as a template for full-clone desktop pools or for as aparent for linked-clone desktop pools. Install the desired applications or VMware ThinApp applications.Instructions: vSphere documentation, Documentation Roadmap, and the Windows XP Deployment Guide forVMware View

8 Install View Agent on the virtual machines and physical machines you want to use as desktop sources.Instructions: VMware View Manager Administration Guide

9 Create an individual View desktop or a View Desktop Pool, or both.Instructions: VMware View Manager Administration Guide

19 Entitle users or user groups or both to desktops.Instructions: VMware View Manager Administration Guide

11 Set desktop policies.Instructions: VMware View Manager Administration Guide

12 Install View Client on end users' machines or direct them to use View Portal to install the requiredcomponents.Instructions: VMware View Manager Administration Guide

VMware, Inc. 53

Table 6-1. View Installation and Setup Check List (Continued)

Step Task

13 Have end users access their View desktops.Instructions: VMware View Manager Administration Guide

14 Manage and monitor users and desktops.Instructions: VMware View Manager Administration Guide


54 VMware, Inc.

Index

AActive Directory 8, 24, 41Administration Server 49Adobe Flash 21agent, View 12AJP13 protocol 46, 50application virtualization and provisioning 23, 24architectural design elements 25

Bback-end firewall

configuring 45rules 50

bandwidth 36, 37base image for virtual desktops 22blade servers 35browsers, supported 12

Cchecklist for setting up VMware VIew 53client connections

direct 40tunnel 40

clones, linked 12, 23cluster, vSphere 33communication protocols, understanding 46connection types

client 39direct 40external client 43tunnel 40

cores, virtual machines density 28CPU estimates 28, 29credentials, user 43

Ddatabase sizing 30database types 34datastores 22demilitarized zone 43, 45desktop as a managed service (DAAS) 7desktop pools 12, 21, 22desktop sources 21diagram of a View deployment 9direct client connections 31, 40

disk space allocation for virtual desktops 29display protocols

defined 16HP RGS 15, 18, 40Microsoft RDP 15, 17, 40PCoIP 40, 43View PCoIP 8, 15, 17

Distributed Resource Scheduler (DRS) 33DMZ 11, 43, 45dual-firewall topology 45

Eencryption

of user credentials 43supported by Microsoft RDP 17supported with PCoIP 17

entitlements, restricted 51ESX hosts 32

Ffeature support matrix 15Fibre Channel SAN arrays 22firewalls

back-end 45front-end 45rules 50

front-end firewallconfiguring 45rules 50

Ggateway server 49GPOs 24

HHA cluster 30, 31, 33, 35HP RGS 15, 18, 40

II/O storms 36iSCSI SAN arrays 22

JJava Message Service 49Java Message Service protocol 50JMS protocol 46, 50

VMware, Inc. 55

Kknowledge workers 26

Llatency 37LDAP directory 11, 49legacy PCs 10linked clones 12, 22, 23, 31, 34Linux clients 12load balancing, View Connection Server 37, 43Log in as current user feature 19, 43LUNs 22

MMac clients 10, 12media file formats supported 19memory allocation for virtual machines 26, 29messaging router 49Microsoft RDP 15, 17, 19, 40Microsoft Remote Desktop Connection Client for

Mac 12multimedia streaming 19multiple monitors 8, 17, 19

NNAS arrays 22network bandwidth 36nonpersistent desktop pools 21

Pparent virtual machine 22, 23PCoIP 7, 8, 15, 17, 40, 43persistent desktop pools 21, 22physical PCs 31policies, desktop 24pools, desktop 12, 21, 22power users 26printing, virtual 18processing requirements 28provisioning desktops 7

RRAM allocation for virtual machines 26, 29rdesktop 12rebalance feature 22recompose feature 23refresh feature 23, 29replicas 22restricted entitlements 51RSA SecurID authentication 42

Sscalability, planning for 25SCSI adapter types 29security features, planning 39security servers

implementing 43load balancing 43overview 11

setup, VMware VIew 53shared storage 22, 34single sign-on (SSO) 12, 19, 43smart card authentication 42smart card readers 18, 42snapshots 23software provisioning 23, 24storage, reducing, with View Composer 22storage configurations 34streaming applications 23streaming multimedia 19suspend files 26, 29swap files 26

Ttask workers 26TCP ports 50templates, GPO 24terminal servers 31thin client support 10, 15ThinApp 23tunnel connection 31, 40tunneled communications 41, 49

UUnified Access 31USB devices, using with View desktops 8, 15,

18user authentication

Active Directory 41methods 41RSA SecurID 42smart cards 42

user data disks 22user types 26

VvCenter, configuration 30vCenter Server 12, 21View Administrator 12, 24View Agent 12, 24View Broker 49View building block 34View Client 11, 24


56 VMware, Inc.

View Client for Linux 11View Client with Offline Desktop, connections 41View Composer, operations 31, 34View Connection Server

configuration 12, 31grouping 43load balancing 43overview 11RSA SecurID authentication 42smart card authentication 42

View deployment diagram 9View desktop configurations 25View Messaging 49View node configuration 32View Offline Client 15View Open Client 11View pod 35, 37View Portal 10, 12View Portal for Linux 11View Portal for Mac OS X 11

View Secure Gateway Server 49virtual machine configuration

for vCenter 30for View Composer 30for View Connection Server 31for View desktops 25

virtual printing feature 8, 15, 18virtual private networks 17, 43.vmdk files 29VMotion 33vSphere 7, 8, 22vSphere cluster 33, 34

WWAN configurations 34WAN support 37Windows page file 29worker types 25, 26, 28Wyse MMR 15, 19

Index

VMware, Inc. 57


58 VMware, Inc.

vmware view architecture planning guide · 4 architecture design elements and planning guidelines...

Documents