VMware Site Recovery Manager 5.1 FAQ Explanation

Was asked by few customers confused on Site Recovery Manager (SRM) compatibility with vSphere Essential Plus.  And I thought I do make a explanation to clear this confusion which I was able to find the documents stating it.  Also refer to my previous post on vCenter Editions to understand the different editions of vCenter.

First and foremost,  the current release of SRM at the time of writing is 5.1.1.  SRM must work with same version of vCenter.  So if your vCenter is 5.0, you can only run SRM 5.0.  In order to run SRM 5.1, you need to upgrade only your vCenter to 5.1 while vSphere can remain existing version as long it is supported by SRM 5.1.  In this case, vSphere 4.x and above.  You can check out the interoperability using the site here.  Here is an example:

Next, we know that SRM 5.1 support vSphere Essential Plus.  That is true however if you are using a lower version of SRM, vSphere Essential Plus is not supported.  ONLY SRM 5.1 supports vSphere Essential Plus.  Read the SRM FAQ guide on page 3 and page 5.

To find out the vSphere edition supported, you can refer to this site.  Below is an example:

With the vSphere supported, there is the question that goes to vCenter edition.  As we know there are 3 favours of vCenter, Essential (from Essential or Essential Plus kit), Foundation (limited to 3 hosts) and Standard (no limitation).  SRM 5.1 will support all 3 editions of vCenter but any version of SRM prior to 5.1, will only support vCenter Foundation and Standard Edition ONLY.  This is due to the support form SRM 5.1 on vSphere Essential Plus for that vCenter Essential is supported.

If you are run Essential Plus at both Protected and Recovery site, this is supported on SRM 5.1 with vCenter 5.1.

VMware Horizon View 5.2 Transfer Server Repository Setup

It has been sometimes that I last setup my Horizon View Transfer server back when it was in version 5.0.

Today as I need to setup in a Horizon View 5.2, I have to start creating.  So my setup was pretty simple, I have a share drive on the Transfer Server (this can be anywhere), and the binary installation was smooth.

I couldn't find any much details of the restriction from the installation guide, but I did remember version 5.2 support Hardware version 9 which was previously not supported.  Also PVSCI was also supported for the virtual SCSI controller for the disk.

After logging into Horizon View Administrator portal, I added the Transfer Server.  It was then rebooted with configuration to add in 4 virtual SCSI controllers.

Now come the exciting part.  I could not add in the respository and keey getting error:
"Error: 59 - Problem verifying information for an image repository"

I was stuck!  Doing a Google returns me the closest KB but with a different error code.  Decide to give it a go and Wala!

It still applies for Horizon View 5.2 even though the KB states till 5.0.x.   We should add the repository first before adding the Transfer server into the Administrator portal.

Another catcha which is if the repository is on the Transfer Server itself, do not use the Network Share location setting use the Local filesystem.

 

VMware Converter Standalone 5.1 with support for GPT and UEFI

With the release of vSphere 5.1 Update 1, all components that has a dependency with vCenter would be updated.  That would include vCenter Heartbeat, Site Recovery Manager, vCenter Orchestrator, vSphere Storage Appliance, vCloud Director, vSphere Data Protection and not forgeting VMware Converter Standalone.

As we all know that VMware Converter Standalone is free comparing with other Converter products which are chargeable by per system/VM.  But the reason that most of us would go to other solutions because we have systems with GPT disks or UEFI firmware interface.

With the release of VMware Converter Standalone 5.1, it now has new features with the support of UEFI source machines as well as GPT support and many other which you can refer to the Release Notes.  Of course with the new release it will also support the latest OS like Windows 8 and Windows 2012 and file format EXT4.

Though this support came a little bit late, but at least now we are able to save a little bit of cost.


Vmware Converter Standalone Documentation is located here.
Download VMware Converter Standalone 5.1 binary from here.

VMware Horizon Workspace Folder and File Sharing Detailed Walkthrough

I have many people asking me how to share or what can I share to a user on Horizon Workspace.  So Here I am going to share with you some screenshot and understand what can or cannot be done.

We will be able to have a preview of normal office documents, pictures as well as PDF files in Horizon Workspace.  However if its a unknown format or files that cannot be display per se e.g. zip files, it will not be display.

Now let's talk about sharing of files and folder.

First of all, you are able to share file or folder to outside external parties from your domain.  This enable users to share file with third parties outside the domain.  External party will not be able to install the Horizon Workspace client as his account are not connected to the internal Horizon Workspace server.

Below is a screenshot on the context menu you will see when you click to share a Folder or a File.

Sharing a Folder

Sharing a File

When you share a File you will be provided with a URL Link which you can send to your user.  Anyone if that link will be able to access the file.  If you decide to stop sharing, you can do so too by clicking on Stop Sharing as shown below.

For Folder Sharing, you will have more options as show below.  Also you can see that if you try to Invite to edit to external party, this will not be possible.  Simple to understand as this type of user are not part of your domain so its not possible for them to use your internal SMTP server to send the invite.  That would be security flaw!

If you click on the expansion, you will be able to change any sharing rights or Stop Sharing completely.

If you decide to change a invited user rights from e.g.view to view and edit, you will see the confirmation on clicking Share.

When you share a Folder, the user will receive an email just like below.

If you remove the user the rights, he will also receive an email on his rights been revoked.

Interestingly, the picture of the user if he did set it up in his Horizonworkspace account will be displayed when emails are triggered to the sharing users.

Once the user click on the link for the first time, he will be bought to the site to setup the password for future access.  A virtual user will be created and the Administrator will be able to see the user been created once he has created his password.

The look and feel for the invited users looks exactly the same other than he cannot do invite any users.  He will be able to edit if he has the rights for it.  Of course if he is an internal user, his Horizon Workspace will be just adding the folder into own Workspace.

What if the invited user forgot his password?  Here he can Reset his password by clicking on "Forgot password?".  You would need to enter the username which is his email else he will see the error message "You must enter a username".  Once the email is sent, you will see the message "An email has been sent to your email address with information regarding resetting your password".

This is the email the invited user will received.  This reset do have a expiry as well just in case the user forgot to use it.

On clicking the link you will be bought to the site again to key in a new password.

For the invited users, once he is log into Horizon Workspace, with a View rights, he will see as below.

If the invited user has Edit rights, he will have additional options namely delete, move and rename.

To remove any virtual users, the Horizon Workspace Administrator will need to log into the Admin portal to remove the users.  The administrator will not be able to reset the password from the portal.  Though there is a way to do that via command but I find that the rational is there, since the invited users can do the reset of password themselves and sending password over email isn't secure in the first place.

Here you have it.  A detail walkthrough on how Folder and File sharing look like in Horizon Workspace.

VMware Data Protection (VDP) 5.1.10 Release!

As stated in my previous post,  there was a bug in the Vmware Data Protection (VDP) which was release with vSphere 5.1 in backing up Windows 2008 R2 OS VM.

As of today, a new release of VDP 5.1.10 is been release as stated here.  There are also some added enhancement which you can read about.  You may refer to the release notes here. 

With this release, the VDR to VDP migration utility is now make available.  I would like to stress this again, the migration only migrate the data and restore points and NO backup jobs are migrated.  Backup jobs need to be recreated in VDP.  There is no migration utility in VDP Advanced.  The correct way is to migrate from VDR to VDP then to VDP Advance.

VMware vSphere 5.1 Hardening Guide release!

From the announcement of vSphere 5.1 in Aug 2012 to it's GA in October, it been a short period of time that VMware has managed to release in merely 6 months.

Here is the vSphere 5.1 Hardening Guide.  In case you are looking for the rest of the hardening guides for the other versions, you can locate them here.

VMware Compatibility Guides Know How

References:
VMware Compatiblity Guide
VMware Product Interoperability Matrixes
Business Applications on VMware Platform

I have been asked many times if this hardware will support that hardware or does this solution support the other solution?  What are the databases supported?  Which storage support VMware Site Recovery Manager?

It's pretty easy to find this out but if you do not know how to you might end up goggling and find yourself with lots of links but not very closed to your expected results.  Reason is these are all based on search engines so unless someone posted that on the internet else it would be hard to come by.

Below is a video on how you can easily navigate on VMware website to look for the compatibility matrix that you are looking for.  Do not that as not all hardware are send in for certification, the newest and greatest might not be listed in the database.  For that, you will need to check back with the respective hardware vendor.

VMware Horizon View HTML5 Blast Desktop Access Timeout

Today I encounter a problem with my Home lab.  As you know I have set up Horizon Workspace with Horizon View integration completed.  Horizon View with Feature Pack 1.  Everything was working fine I was able to access via PCoIP via the Horizon View client as well as via HTML5 via the Blast protocol.

However yesterday, I did a re-installation of my Horizon View Security Server.  Today when I was trying to access my desktop via HTML5 or via Horizon Workspace through HTML it all fail.

I receive timeout on connecting to the desktop.  So I tested with Horizon View Client and it works.  So I have isolate this to be Blast connection related only.

Here you see on my browser I enabled Firebug to trace the connection and realize it stop there with a blank screen of the Blast.

After few seconds later, I get a connection time out.

I decide to recall what has changed in my environment and notice what I did yesterday.  So what connect back to my Horizon View Security Server and check on the Firewall rules and saw the below:

That is the problem!  If you refer to my previous post VMware Horizon View 5.2 Feature Pack 1, I mentioned about the firewall rules.

So what happen when you do a re-installation of Horizon View Security binary, the firewall rule will be disabled which is the setup default for Blast when doing installation.

So now you know Horizon View binary does not keep your firewall rules, it overrides to the binary default.  So next time if you do a re-installation, please remember to check the firewall rules again.

VMware Horizon Mirage Installation

Below is an video on how you can install and setup a VMware Horizon Mirage server.  Do note that this video was done using Mirage 3.6 SP1.  The installation does not change however the installation interface but differ just a little bit.

You may refer to the Administration Guide for the installation guide found here.

Please note that you can configure the server after all are installed instead of what I did in the video to have license imported before carrying on the installation of Mirage Server.

Make sure your Mirage Server do have enough space for storing the images and cache.  I have to do that in the middle of the video as I forgot about it.

The installation order should be as follows:

1. Mirage Management Server
2. Mirage Management Console
3. Mirage Server
4. Mirage Web Access (optional)

For SQL database, if you are using the default instance name, you do not have to fill in the sql instance name else you would hit an error.

If you are doing Windows upgrade migration from XP to 7, you would need the USMT 3.0.

VMware Horizon Workspace Reviewer's Guide Gotcha!

On my previous post on VMware Horizon Suite, in it I provided some of the articles and one of them is a Reviewer's Guide.

Going through the guide you might hit some hiccups.  Here I have show some of the resolution to get around it.

Before we start, I assume you would have done your VMware Horizon View 5.2 if you are keen to integrate with Horizon Workspace.

An overview before configuring the vApp.

• Make sure you do have the resources stated to run the Horizon Workspace vApp.  Do not downsize the resources as this will results in unexpected errors.
• Prior to setup, make sure you have create all entry for Forward and Reverse DNS and as well as SMTP server.
• Create IP Pool under vSphere Client under Datacenter.

On Page 30, for Base DN,m its best to put the domain that you are going to work with entitling the user.  If you use a Group, the user can only below within that group.

On Page 31, include all the groups and OU where the users will be located.  That includes user of the View pools.  In my case, I have create an OU named View Users which I have included in.

By default, Horizon Workspace is able to preview PDF files but not Microsoft Office documents.  On page 49, the instruction show you to install LibreOffice to enable preview of Microsoft Office Documents.  Please note that your data-va must be able to access internet else you will have to download the package and SCP it into data-va and install offline.

Follow the instruction to call the command, do not call the command within the folder.  You can see what I have did and the download will never be completed.

Next page 50,to restart the service the command would be without '-' not as stated in the document.
> su zimbra 

If you browse to the download Horizon Workspace client after you login, you will be provided with the link for the respective end points you are log in on.  However the clients are older version than the ones provided on VMware site.  You can see the original version and the updated one.
E.g. The default in Horizon Workspace 1.0 for Windows client Build 1017077 while the latest is Build 1028171.

To install Horizon Workspace client make sure you do have at least .Net Framework 3.5.

To update the clients, you would need to follow the instruction from Horizon Workspace Installation Guide, Page 32 to amend the clients files correctly.

You might want to upload the client files into the data-va using WINSCP, however you would need to enable root account for SSH.  You can do this by opening the console using vSphere Client, log in using the root and the global password you specify during the initial configuration of the Horizon Workspace vApp.  Type the following commands:

>vi /etc/ssh/sshd_config

You will see the screen below.  Go to the line that state PermitRootLogin and change the word from no to yes.
To do this, type 'i' to go into insert mode.  Delete the word no and insert yes, press the Esc button to exit insert mode, type ":wq!".  What this do is to write and quit immediately.  Just restart the ssh service using the command below:

>service sshd restart.

To manage Horizon Workspace you would need to keep the following URL at hand on Page 31 of the Installation Guide.

VMware vExpert 2013 Application is now open

And yes the VMware vExpert 2013 application is now open!  Last year I did a post on what you can do and how I achieve without having the intention to receive any accreditation.

You can also get yourself accredited if you do contribute back to the communities related to virtualization and cloud computing.

To apply for it go here and remember the closing date is April 15, 2013 Midnight PDT.

VMware Horizon Suite License - All You Need to Know

With the launch of VMware Horizon Suite, arises many questions on licensing.  Here I have summarize some of the scenarios of licensing which will help you understand better.

First we need to understand what is in the Suite.  VMware Horizon Suite comprises of Horizon Workspace, Horizon View and Horizon Mirage.  Each has its own licensing if purchase ala cart.

Horizon Workspace - Named User
Horizon View - Concurrent User
Horizon Mirage - Named User

Named User - Specific user that is assigned to the license.  No sharing licenses among users.

Concurrent User - Irregardless who is the user as long the number of concurrent user at one time does not exceed the number purchased.

To better understand here is an example:
If you have 300 users in your environment, but only 150 users are log on anyone time.  You will need:
Named User = 300 users.
Concurrent User = 150 users.

Current customer who are using Horizon App Manager, VMware Mirage VMware View and VMware Thinapp, has an option to upgrade which can be found in this whitepaper.  The only different here is VMware View customer can trade up from one concurrent user to two named users licenses when upgrading to Horizon Suite.

Do note that Thinapp is no longer selling as an ala cart option.  It is now bundle with Horizon Suite or any of the three bundle within the Suite.  VMware workstation in Horizon Suite/Workspace/View is licensed to just do Thinapp packaging.  While VMware Fusion Pro in Horizon Mirage is used end point management for Mac end point running a copy of Windows that is managed by Horizon Mirage.

You can refer to this site.

Bundle or Suite	Components	Type of License
Horizon View	Horizon View ThinApp Workstation * vSphere vCenter	Concurrent User
Horizon Mirage	Horizon Mirage ThinApp Workstation * Fusion Pro	Named User
Horizon Workspace	Horizon Workspace ThinApp Workstation * Horizon Mobile for Android	Named User
Horizon Suite	All three smaller bundles: Horizon View Horizon Mirage Horizon Workspace	Named User
* In all Horizon bundles and the suite, VMware Workstation is licensed for the creation of virtual machines for the ThinApp capture-and-build process. Workstation is not licensed for creating virtual machines for users. VMware Fusion Pro in the Horizon Mirage bundle is intended for the creation of virtual machines for users, and Horizon Mirage can manage those Fusion virtual machines.

A KB relating to Horizon Suite licensing can also be found here.


Scenario 1
10 users who need Horizon Workspace or Horizon Mirage or Horizon View only.

You can purchase 10 named users of Horizon Workspace/Mirage/View or Horizon Suite.

Scenario 2
10 users who need Horizon Workspace and also using Horizon View.

You need 10 named users of Horizon Suite OR you can purchase 10 named users for Horizon Workspace and 10 concurrent users of Horizon View.  Definitely going Horizon Suite will be cheaper only caveat is Horizon View will be changed from Concurrent User to Named User.

Scenario 3
10 users who need Horizon Workspace and 5 users using Horizon View and 5 users using Horizon Mirage.

If all the 10 users are the same for the Horizon View and Horizon Mirage users, then you can use 10 Named Users of Horizon Suite.  If either of the users who are not part of the 10 users using Horizon Workspace, then you need to get 10 Named Users for Horizon Suite/Workspace plus the number of users for Horizon View/Mirage.

Scenario 4
10 users using Horizon Workspace.  10 of these users will be using Horizon View where 5 of them are using dedicated persistent desktop and will be manage by Horizon Mirage and rest are using Floating Pool desktops.

You would only need 10 Named Users for Horizon Suite.  The 10 users are allowed to use either or all of the 3 components of Horizon Suite.


In summary, the named users in Horizon Suite all or part of the Suite.   If users are not part of the Named Users licensed, then additional license need to be purchase for the Suite or separate bundle.

For Horizon Suite, each Named User consist of 1 license for Horizon Workspace, Horizon View, Horizon Mirage and Thinapp for that particular Named User.  It cannot be separated for different user.

Lastly where should I run all the management workload?  If you are only implementing everything other than Horizon View, you would need to host this in server vSphere.  However if you have purchase the suite or you have vSphere for Desktop, you are allow to host any portion of the Horizon Suite in vSphere for Desktop.  This can be read from the document here in page 14.


Update 19th Apr 2013
Added and example to explain Named and Concurrent user.

Update 3rd May 2013
Update with vSphere for Desktop licensing.

VMware Horizon View 5.2 Feature Pack 1: Web Access & Utility Touch

With the release of VMware Horizon View 5.2, comes the Feature Pack 1 which allows Web Access through browsers and as well as Touch Utility found on Horizon View mobile client on Android and Apple.  You can view all these nice features from my previous post on Horizon Suite.

Today I will summarize some of the requirements to get the Feature Pack 1 installed.  I would not go into much details as the documentation provided on Horizon View are sufficient to do any simple installation and as my previous post there reviewer's guide provide a very detailed step by step which you can refer to.

Please note that HTML Access is only enabled for all PC and Mac specific browsers supporting HTML5.  iPad running iOS6 or higher with Safari is also possible however if your iPad is installed with mobile Horizon View Client, the default action is to use the Horizon View Client instead unless it is not available

Also HTML Access has only image projection, there is no audio.  Functions and features e.g. USB redirection and audio requires the use of Horizon View Client.

To know the end points supported with which browsers, please refer to this  document.
To get Feature Pack 1 working, you would need the below:

1. Horizon View 5.2 (You need to be at this version)
2. Install Feature Pack 1 HTML Access on Horizon View Connection Servers
3. Feature Pack 1 agent to be installed on all master VM/Desktop used in desktop pools
4. Enable HTML Access in Desktop Pools settings
5. Enable Inbound Windows Firewall rules 8443 on Security Server (which is precreated when you install Security Server 5.2)
6. Edit Blast Secure Gateway on both Connection and Security Server if it differs from what is entered by default during installation

After completion of installation, you can see the better improved web interface of Horizon View 5.2 with improved performance.

As mentioned on Step 4 above, you will see the option as show below:

If you did not enable this checkbox, you will only be able to access the Desktop via the client but not via HTML.

Step 5, three inbound Windows firewall rules greyed out showing its disabled.  You would just need to enable it on the Security Server.  It is recommended to check that the Connection Server has the inbound rules enabled as well.  You will realize the description is "Blast-in".

Step 6, You find a new Blast External URL gateway for both on Connection and Security Server.

A view of Utility touch on my Samsung Note II mobile phone allows the ease of using Windows and access the Start Menu more efficiently.  Do note that Utility Touch is only supported on mobile Horizon View Client for Apple and Android.

Utility Touch on Windows XP

Utility Touch on Windows 7

There is also included policy which can use to configure some parameters for Blast.  You can see from the screenshot below.  Import just like View policy for persona and PCoIP.

At the time of writing, I have tested the HTML Access using Windows 7 to work successfully.  Windows XP seems to have some issues and encounter this error message when using HTML Access

An error has occurred: {"code":"ECONNRESET"}

On a side note learned from my Home Lab
I set this up in my Home Lab and have used all the internal IP and FQDN for the Connection Server External URL and IP and for the Security Server, I have used the public IP and DNS.

I was able to perform all client access however I encounter HTML access from WAN failed with timeout after selecting a desktop via the Security Server.  I know the connection to Connection Server was successful because I was provided with the front facing page of HTML Access since that package is installed only on Connection Server.

I have directed 443, 4172 and 8443 to my Security Server which is facing my router which is internet facing.  After analyzing again, your internal network which is your Connection Server must be able to recognize the external URL/IP of the Security Server.  This is something which my internal network gateway is unable to resolve.  I added another gateway which is public DNS aware and this resolve.

What was learned from this is that 8443 need to be dual directional.  Meaning that Security Server will pass the traffic to Connection Server who will redirect this back to Security Server.  Connection Server must be able to resolve the External URL of the Security Server.